diff --git a/.gitignore b/.gitignore index 7688fd758..d0c69f81d 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ /unbound.h /asynclook /delayer +/dohclient /lock-verify /memstats /perf diff --git a/Makefile.in b/Makefile.in index 51a13836b..99943a650 100644 --- a/Makefile.in +++ b/Makefile.in @@ -25,6 +25,7 @@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ +WITH_DYNLIBMODULE=@WITH_DYNLIBMODULE@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ WITH_PYUNBOUND=@WITH_PYUNBOUND@ PY_MAJOR_VERSION=@PY_MAJOR_VERSION@ @@ -87,6 +88,12 @@ LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=i INSTALL=$(SHELL) $(srcdir)/install-sh +DYNLIBMOD_SRC=dynlibmod/dynlibmod.c +DYNLIBMOD_OBJ=@DYNLIBMOD_OBJ@ +DYNLIBMOD_HEADER=@DYNLIBMOD_HEADER@ +DYNLIBMOD_EXTRALIBS=@DYNLIBMOD_EXTRALIBS@ + + #pythonmod.c is not here, it is mentioned by itself in its own rules, #makedepend fails on missing interface.h otherwise. PYTHONMOD_SRC=pythonmod/pythonmod_utils.c @@ -140,7 +147,7 @@ autotrust.lo val_anchor.lo rpz.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -224,6 +231,10 @@ STREAMTCP_SRC=testcode/streamtcp.c STREAMTCP_OBJ=streamtcp.lo STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) +DOHCLIENT_SRC=testcode/dohclient.c +DOHCLIENT_OBJ=dohclient.lo +DOHCLIENT_OBJ_LINK=$(DOHCLIENT_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ +$(SLDNS_OBJ) PERF_SRC=testcode/perf.c PERF_OBJ=perf.lo PERF_OBJ_LINK=$(PERF_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ) @@ -265,7 +276,8 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \ $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\ $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \ - $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) + $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \ + $(DOHCLIENT_SRC) ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ @@ -273,7 +285,8 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(ASYNCLOOK_OBJ) $(STREAMTCP_OBJ) $(PERF_OBJ) $(DELAYER_OBJ) \ $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\ $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \ - $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) + $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \ + $(DOHCLIENT_OBJ) COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) @@ -310,7 +323,7 @@ rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ - unbound-dnstap-socket$(EXEEXT) \ + unbound-dnstap-socket$(EXEEXT) dohclient$(EXEEXT) \ testbound$(EXEEXT) unittest$(EXEEXT) tests: all $(TEST_BIN) @@ -333,7 +346,7 @@ libunbound.la: $(LIBUNBOUND_OBJ_LINK) $(LINK_LIB) $(UBSYMS) -o $@ $(LIBUNBOUND_OBJ_LINK) -rpath $(libdir) $(SSLLIB) $(LIBS) unbound$(EXEEXT): $(DAEMON_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) + $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) unbound-checkconf$(EXEEXT): $(CHECKCONF_OBJ_LINK) libunbound.la $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) @@ -380,6 +393,9 @@ asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) +dohclient$(EXEEXT): $(DOHCLIENT_OBJ_LINK) + $(LINK) -o $@ $(DOHCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS) + perf$(EXEEXT): $(PERF_OBJ_LINK) $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) @@ -413,6 +429,7 @@ dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h $(srcdir)/dnstap/dtstream.h +dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -466,6 +483,7 @@ clean: rm -f unbound$(EXEEXT) unbound-checkconf$(EXEEXT) unbound-host$(EXEEXT) unbound-control$(EXEEXT) unbound-anchor$(EXEEXT) unbound-control-setup libunbound.la unbound.h rm -f $(ALL_SRC:.c=.lint) rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py + rm -f libunbound.a rm -rf autom4te.cache .libs build doc/html doc/xml distclean: clean @@ -640,6 +658,7 @@ depend: -e 's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \ -e 's?$$(srcdir)/edns-subnet/subnetmod.h $$(srcdir)/edns-subnet/subnet-whitelist.h $$(srcdir)/edns-subnet/edns-subnet.h $$(srcdir)/edns-subnet/addrtree.h?$$(SUBNET_HEADER)?g' \ -e 's?$$(srcdir)/ipsecmod/ipsecmod.h $$(srcdir)/ipsecmod/ipsecmod-whitelist.h?$$(IPSECMOD_HEADER)?g' \ + -e 's?$$(srcdir)/dynlibmod/dynlibmod.h?$$(DYNLIBMOD_HEADER)?g' \ -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \ > $(DEPEND_TMP) cp $(DEPEND_TARGET) $(DEPEND_TMP2) @@ -663,7 +682,7 @@ dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_de $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \ @@ -704,10 +723,11 @@ msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/d $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/respip/respip.h -packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h +packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ @@ -776,7 +796,7 @@ listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ @@ -799,10 +819,10 @@ mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(s $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h \ - $(srcdir)/services/listen_dnsport.h + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h $(srcdir)/services/listen_dnsport.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -812,7 +832,11 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h + $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \ + $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -843,7 +867,8 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/dnstap/dnstap.h + $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \ + alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -864,7 +889,8 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -893,8 +919,8 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_secalgo.h + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ @@ -903,7 +929,7 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \ $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ @@ -911,18 +937,13 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h + $(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \ + $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h @@ -935,12 +956,14 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \ + net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ + random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -956,11 +979,11 @@ rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/itera $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h -edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h +edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/net_help.h @@ -994,7 +1017,8 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/util/tube.h \ + ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ @@ -1004,7 +1028,8 @@ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -1017,7 +1042,8 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h + $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ + val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \ @@ -1047,11 +1073,13 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/ val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + +val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ + $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ @@ -1069,15 +1097,17 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/sldns/sbuffer.h \ + val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ + val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -1098,15 +1128,43 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ + $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h -cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h -redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ + $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h +cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h +redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \ + $(srcdir)/sldns/sbuffer.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ @@ -1119,8 +1177,42 @@ respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localz $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h -ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h +dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h +dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ + +dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h +dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/sldns/sbuffer.h \ + +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ + $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ + $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h +ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -1129,7 +1221,8 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ +unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ @@ -1137,7 +1230,8 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/services/outside_network.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -1167,8 +1261,15 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/parseutil.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ + $(srcdir)/edns-subnet/edns-subnet.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -1185,40 +1286,43 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ +cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ + $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/str2wire.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ $(srcdir)/sldns/keyraw.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ +remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1243,19 +1347,21 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/ub_event.h + $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -1263,22 +1369,24 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ - $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1297,33 +1405,35 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ @@ -1341,7 +1451,9 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ @@ -1351,13 +1463,14 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ @@ -1392,7 +1505,8 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ + $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1413,70 +1527,83 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h + $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/util/edns.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/str2wire.h +libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ + $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ + asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \ + streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ + perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ +unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ + +petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ + +unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \ + $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \ + $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ + dnstap/dnstap.pb-c.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ + win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h \ @@ -1484,8 +1611,8 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ - $(srcdir)/util/net_help.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1493,18 +1620,26 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/rrdef.h \ + sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h + $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h rrdef.lo rrdef.o: $(srcdir)/sldns/rrdef.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h str2wire.lo str2wire.o: $(srcdir)/sldns/str2wire.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h +dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \ + ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h @@ -1519,9 +1654,11 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h +getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ + getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c -getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h +getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ + getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h diff --git a/README.md b/README.md index 7120d486f..3e11ce58c 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Don’t hesitate to [create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users). -You can lean more about Unbound by reading our +You can learn more about Unbound by reading our [documentation](https://nlnetlabs.nl/documentation/unbound/). ## Compiling diff --git a/aclocal.m4 b/aclocal.m4 index dd1b8658c..2fedf028c 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -736,7 +736,6 @@ _LT_CONFIG_SAVE_COMMANDS([ cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. @@ -1048,8 +1047,8 @@ int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1499,7 +1498,7 @@ need_locks=$enable_libtool_lock m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) @@ -2873,9 +2872,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # before this can be enabled. hardcode_into_libs=yes - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command @@ -2884,7 +2880,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -2896,6 +2892,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -3555,7 +3563,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -4061,7 +4069,8 @@ _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -4433,7 +4442,7 @@ m4_if([$1], [CXX], [ ;; esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -4701,6 +4710,12 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -4945,6 +4960,9 @@ m4_if([$1], [CXX], [ ;; esac ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -5007,6 +5025,9 @@ dnl Note also adjust exclude_expsyms for C++ above. openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes @@ -5261,7 +5282,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -5782,6 +5803,7 @@ _LT_EOF if test yes = "$lt_cv_irix_exported_symbol"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -5803,7 +5825,7 @@ _LT_EOF esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -6425,7 +6447,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else GXX=no @@ -6800,7 +6822,7 @@ if test yes != "$_lt_caught_CXX_error"; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -6865,7 +6887,7 @@ if test yes != "$_lt_caught_CXX_error"; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -7204,7 +7226,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # FIXME: insert proper C++ library support @@ -7288,7 +7310,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. @@ -7299,7 +7321,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' @@ -9044,9 +9066,9 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 11 (pkg-config-0.29.1) - +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29.1) +dnl dnl Copyright © 2004 Scott James Remnant . dnl Copyright © 2012-2015 Dan Nicholson dnl @@ -9320,74 +9342,6 @@ AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl ])dnl PKG_CHECK_VAR -dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES, -dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND], -dnl [DESCRIPTION], [DEFAULT]) -dnl ------------------------------------------ -dnl -dnl Prepare a "--with-" configure option using the lowercase -dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and -dnl PKG_CHECK_MODULES in a single macro. -AC_DEFUN([PKG_WITH_MODULES], -[ -m4_pushdef([with_arg], m4_tolower([$1])) - -m4_pushdef([description], - [m4_default([$5], [build with ]with_arg[ support])]) - -m4_pushdef([def_arg], [m4_default([$6], [auto])]) -m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes]) -m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no]) - -m4_case(def_arg, - [yes],[m4_pushdef([with_without], [--without-]with_arg)], - [m4_pushdef([with_without],[--with-]with_arg)]) - -AC_ARG_WITH(with_arg, - AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),, - [AS_TR_SH([with_]with_arg)=def_arg]) - -AS_CASE([$AS_TR_SH([with_]with_arg)], - [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)], - [auto],[PKG_CHECK_MODULES([$1],[$2], - [m4_n([def_action_if_found]) $3], - [m4_n([def_action_if_not_found]) $4])]) - -m4_popdef([with_arg]) -m4_popdef([description]) -m4_popdef([def_arg]) - -])dnl PKG_WITH_MODULES - -dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES, -dnl [DESCRIPTION], [DEFAULT]) -dnl ----------------------------------------------- -dnl -dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES -dnl check._[VARIABLE-PREFIX] is exported as make variable. -AC_DEFUN([PKG_HAVE_WITH_MODULES], -[ -PKG_WITH_MODULES([$1],[$2],,,[$3],[$4]) - -AM_CONDITIONAL([HAVE_][$1], - [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"]) -])dnl PKG_HAVE_WITH_MODULES - -dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES, -dnl [DESCRIPTION], [DEFAULT]) -dnl ------------------------------------------------------ -dnl -dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after -dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make -dnl and preprocessor variable. -AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES], -[ -PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4]) - -AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"], - [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])]) -])dnl PKG_HAVE_DEFINE_WITH_MODULES - # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2018 Free Software Foundation, Inc. diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index 8eccc15b0..d33352f17 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,10 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 34 +# Version 37 +# 2021-01-05 fix defun for aclocal +# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE +# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 @@ -446,15 +449,12 @@ AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute) AC_CACHE_VAL(ac_cv_c_format_attribute, [ac_cv_c_format_attribute=no -AC_TRY_COMPILE( -[#include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); -], [ +]], [[ f ("%s", "str"); -], -[ac_cv_c_format_attribute="yes"], -[ac_cv_c_format_attribute="no"]) +]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_format_attribute) @@ -483,14 +483,11 @@ AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute) AC_CACHE_VAL(ac_cv_c_unused_attribute, [ac_cv_c_unused_attribute=no -AC_TRY_COMPILE( -[#include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include void f (char *u __attribute__((unused))); -], [ +]], [[ f ("x"); -], -[ac_cv_c_unused_attribute="yes"], -[ac_cv_c_unused_attribute="no"]) +]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"]) ]) dnl Setup ATTR_UNUSED config.h parts. @@ -547,7 +544,7 @@ dnl as a requirement so that is gets called before LIBTOOL dnl because libtools 'AC_REQUIRE' names are right after this one, before dnl this function contents. AC_REQUIRE([ACX_LIBTOOL_C_PRE]) -AC_PROG_LIBTOOL +LT_INIT ]) dnl Detect if u_char type is defined, otherwise define it. @@ -673,17 +670,17 @@ AC_DEFUN([ACX_SSL_CHECKS], [ ACX_RUNTIME_PATH_ADD([$ssldir/lib]) fi - AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) + AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" - AC_TRY_LINK(, [ - int HMAC_Update(void); - (void)HMAC_Update(); - ], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - ], [ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + ],[ AC_MSG_RESULT(no) # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" @@ -691,12 +688,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$LIBS -lgdi32 -lws2_32" LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -705,12 +702,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$LIBS -ldl" LIBSSL_LIBS="$LIBSSL_LIBS -ldl" AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -719,12 +716,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$LIBS -ldl -pthread" LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -749,8 +746,7 @@ dnl Checks main header files of SSL. dnl AC_DEFUN([ACX_WITH_SSL], [ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ ],[ withval="yes" @@ -768,8 +764,7 @@ dnl Checks main header files of SSL. dnl AC_DEFUN([ACX_WITH_SSL_OPTIONAL], [ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ ],[ withval="yes" @@ -1061,7 +1056,7 @@ dnl defines MKDIR_HAS_ONE_ARG AC_DEFUN([ACX_MKDIR_ONE_ARG], [ AC_MSG_CHECKING([whether mkdir has one arg]) -AC_TRY_COMPILE([ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #ifdef HAVE_WINSOCK2_H @@ -1070,14 +1065,12 @@ AC_TRY_COMPILE([ #ifdef HAVE_SYS_STAT_H #include #endif -], [ +]], [[ (void)mkdir("directory"); -], -AC_MSG_RESULT(yes) +]])],[AC_MSG_RESULT(yes) AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.]) -, -AC_MSG_RESULT(no) -) +],[AC_MSG_RESULT(no) +]) ])dnl end of ACX_MKDIR_ONE_ARG dnl Check for ioctlsocket function. works on mingw32 too. diff --git a/acx_python.m4 b/acx_python.m4 index 2940971f1..767db5b65 100644 --- a/acx_python.m4 +++ b/acx_python.m4 @@ -58,6 +58,11 @@ $ac_distutils_result]) AC_MSG_RESULT([$PYTHON_LDFLAGS]) AC_SUBST([PYTHON_LDFLAGS]) + if test -z "$PYTHON_LIBDIR"; then + PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \ + print(get_config_var('LIBDIR'));"` + fi + # # Check for site packages # @@ -80,11 +85,11 @@ $ac_distutils_result]) LIBS="$LIBS $PYTHON_LDFLAGS" CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" - AC_TRY_LINK([ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include - ],[ + ]],[[ Py_Initialize(); - ],[pythonexists=yes],[pythonexists=no]) + ]])],[pythonexists=yes],[pythonexists=no]) AC_MSG_RESULT([$pythonexists]) diff --git a/config.h.in b/config.h.in index bd9b38bc0..103ad9f00 100644 --- a/config.h.in +++ b/config.h.in @@ -113,6 +113,10 @@ don't. */ #undef HAVE_DECL_INET_PTON +/* Define to 1 if you have the declaration of `nghttp2_session_server_new', + and to 0 if you don't. */ +#undef HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW + /* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you don't. */ #undef HAVE_DECL_NID_ED25519 @@ -221,6 +225,9 @@ /* Define to 1 if you have the `EVP_EncryptInit_ex' function. */ #undef HAVE_EVP_ENCRYPTINIT_EX +/* Define to 1 if you have the `EVP_MAC_CTX_set_params' function. */ +#undef HAVE_EVP_MAC_CTX_SET_PARAMS + /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ #undef HAVE_EVP_MD_CTX_NEW @@ -269,6 +276,9 @@ /* Define to 1 if you have the `getentropy' function. */ #undef HAVE_GETENTROPY +/* Define to 1 if you have the `getifaddrs' function. */ +#undef HAVE_GETIFADDRS + /* Define to 1 if you have the header file. */ #undef HAVE_GETOPT_H @@ -296,12 +306,12 @@ /* Define to 1 if you have the `HMAC_Init_ex' function. */ #undef HAVE_HMAC_INIT_EX -/* If you have HMAC_Update */ -#undef HAVE_HMAC_UPDATE - /* If we have htobe64 */ #undef HAVE_HTOBE64 +/* Define to 1 if you have the header file. */ +#undef HAVE_IFADDRS_H + /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON @@ -371,6 +381,15 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NETTLE_EDDSA_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_IF_H + +/* Define this to use nghttp2 client. */ +#undef HAVE_NGHTTP2 + +/* Define to 1 if you have the header file. */ +#undef HAVE_NGHTTP2_NGHTTP2_H + /* Use libnss for crypto */ #undef HAVE_NSS @@ -386,6 +405,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_CONF_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_CORE_NAMES_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_DH_H @@ -494,14 +516,18 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB + /* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ #undef HAVE_SSL_CTX_SET_CIPHERSUITES /* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL -/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_cb' function. */ -#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_CB +/* Define to 1 if you have the `SSL_CTX_set_tlsext_ticket_key_evp_cb' + function. */ +#undef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB /* Define to 1 if you have the `SSL_get0_peername' function. */ #undef HAVE_SSL_GET0_PEERNAME @@ -569,6 +595,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_RESOURCE_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SHA2_H @@ -718,7 +747,8 @@ your system. */ #undef PTHREAD_CREATE_JOINABLE -/* Define as the return type of signal handlers (`int' or `void'). */ +/* Return type of signal handlers, but autoconf 2.70 says 'your code may + safely assume C89 semantics that RETSIGTYPE is void.' */ #undef RETSIGTYPE /* if REUSEPORT is enabled by default */ @@ -866,6 +896,9 @@ /* the version of the windows API enabled */ #undef WINVER +/* Define if you want dynlib module. */ +#undef WITH_DYNLIBMODULE + /* Define if you want Python module. */ #undef WITH_PYTHONMODULE @@ -1351,6 +1384,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, #define UNBOUND_DNS_PORT 53 /** default port for DNS over TLS traffic. */ #define UNBOUND_DNS_OVER_TLS_PORT 853 +/** default port for DNS over HTTPS traffic. */ +#define UNBOUND_DNS_OVER_HTTPS_PORT 443 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 diff --git a/configure b/configure index 595c156b8..7957f0dd6 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.10.1. +# Generated by GNU Autoconf 2.69 for unbound 1.13.1. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.10.1' -PACKAGE_STRING='unbound 1.10.1' +PACKAGE_VERSION='1.13.1' +PACKAGE_STRING='unbound 1.13.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -700,6 +700,10 @@ PYTHON_LDFLAGS PYTHON_CPPFLAGS PYTHON PYTHON_VERSION +DYNLIBMOD_EXTRALIBS +DYNLIBMOD_HEADER +DYNLIBMOD_OBJ +WITH_DYNLIBMODULE PTHREAD_CFLAGS_ONLY PTHREAD_CFLAGS PTHREAD_LIBS @@ -856,6 +860,7 @@ enable_alloc_nonregional with_pthreads with_solaris_threads with_syslog_facility +with_dynlibmodule with_pyunbound with_pythonmodule enable_swig_version_check @@ -877,6 +882,7 @@ enable_tfo_server with_libevent with_libexpat with_libhiredis +with_libnghttp2 enable_static_exe enable_fully_static enable_lock_checks @@ -1453,7 +1459,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.10.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.13.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1518,7 +1524,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.10.1:";; + short | recursive ) echo "Configuration of unbound 1.13.1:";; esac cat <<\_ACEOF @@ -1618,6 +1624,8 @@ Optional Packages: --with-solaris-threads use solaris native thread library. --with-syslog-facility=LOCAL0 - LOCAL7 set SYSLOG_FACILITY, default DAEMON + --with-dynlibmodule build dynamic library module, or + --without-dynlibmodule to disable it. (default=no) --with-pyunbound build PyUnbound, or --without-pyunbound to skip it. (default=no) --with-pythonmodule build Python module, or --without-pythonmodule to @@ -1635,6 +1643,7 @@ Optional Packages: outgoing port ranges. --with-libexpat=path specify explicit path for libexpat. --with-libhiredis=path specify explicit path for libhiredis. + --with-libnghttp2=path specify explicit path for libnghttp2. --with-dnstap-socket-path=pathname set default dnstap socket path --with-protobuf-c=path Path where protobuf-c is installed, for dnstap @@ -1743,7 +1752,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.10.1 +unbound configure 1.13.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2452,7 +2461,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.10.1, which was +It was created by unbound $as_me 1.13.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2802,13 +2811,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=10 +UNBOUND_VERSION_MINOR=13 UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=12 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2884,6 +2893,10 @@ LIBUNBOUND_AGE=1 # 1.9.6 had 9:6:1 # 1.10.0 had 9:7:1 # 1.10.1 had 9:8:1 +# 1.11.0 had 9:9:1 +# 1.12.0 had 9:10:1 +# 1.13.0 had 9:11:1 +# 1.13.1 had 9:12:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4164,7 +4177,6 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h - if test "$ac_cv_header_minix_config_h" = "yes"; then $as_echo "#define _NETBSD_SOURCE 1" >>confdefs.h @@ -8058,7 +8070,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else @@ -8420,7 +8432,7 @@ esac fi : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} @@ -8963,11 +8975,8 @@ _LT_EOF test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 - (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5 + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -10186,8 +10195,8 @@ int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cru libconftest.a conftest.o" >&5 - $AR cru libconftest.a conftest.o 2>&5 + echo "$AR cr libconftest.a conftest.o" >&5 + $AR cr libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF @@ -11047,6 +11056,12 @@ lt_prog_compiler_static= lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -11523,6 +11538,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs=no + ;; esac ld_shlibs=yes @@ -11777,7 +11795,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -12447,6 +12465,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + link_all_deplibs=no else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -12468,7 +12487,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -13563,9 +13582,6 @@ fi # before this can be enabled. hardcode_into_libs=yes - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command @@ -13574,7 +13590,7 @@ fi # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -13586,6 +13602,18 @@ fi dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -14717,7 +14745,7 @@ $as_echo "no" >&6; } fi # Checks for header files. -for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h +for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -14731,6 +14759,34 @@ fi done +# net/if.h portability for Darwin see: +# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html +for ac_header in net/if.h +do : + ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" " +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + +" +if test "x$ac_cv_header_net_if_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NET_IF_H 1 +_ACEOF + +fi + +done + # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH for ac_header in TargetConditionals.h @@ -15539,38 +15595,8 @@ $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -$as_echo_n "checking return type of signal handlers... " >&6; } -if ${ac_cv_type_signal+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_type_signal=int -else - ac_cv_type_signal=void -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -$as_echo "$ac_cv_type_signal" >&6; } - -cat >>confdefs.h <<_ACEOF -#define RETSIGTYPE $ac_cv_type_signal -_ACEOF +$as_echo "#define RETSIGTYPE void" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 $as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } @@ -17188,6 +17214,34 @@ cat >>confdefs.h <<_ACEOF _ACEOF +# Check for dynamic library module + +# Check whether --with-dynlibmodule was given. +if test "${with_dynlibmodule+set}" = set; then : + withval=$with_dynlibmodule; +else + withval="no" +fi + + +if test x_$withval != x_no; then + +$as_echo "#define WITH_DYNLIBMODULE 1" >>confdefs.h + + WITH_DYNLIBMODULE=yes + + DYNLIBMOD_OBJ="dynlibmod.lo" + + DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h' + + if test $on_mingw = "no"; then + DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" + else + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a" + fi + +fi + # Check for PyUnbound # Check whether --with-pyunbound was given. @@ -17329,6 +17383,11 @@ $as_echo_n "checking for Python library path... " >&6; } $as_echo "$PYTHON_LDFLAGS" >&6; } + if test -z "$PYTHON_LIBDIR"; then + PYTHON_LIBDIR=`$PYTHON -c "from distutils.sysconfig import *; \ + print(get_config_var('LIBDIR'));"` + fi + # # Check for site packages # @@ -17434,6 +17493,15 @@ $as_echo "#define HAVE_PYTHON 1" >>confdefs.h else CPPFLAGS="$PYTHON_CPPFLAGS" fi + if test "$PYTHON_LIBDIR" != "/usr/lib" -a "$PYTHON_LIBDIR" != "" -a "$PYTHON_LIBDIR" != "/usr/lib64"; then + + if test "x$enable_rpath" = xyes; then + if echo "$PYTHON_LIBDIR" | grep "^/" >/dev/null; then + RUNTIME_PATH="$RUNTIME_PATH -R$PYTHON_LIBDIR" + fi + fi + + fi ub_have_python=yes if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\"python\${PY_MAJOR_VERSION}\"\""; } >&5 @@ -17892,8 +17960,8 @@ $as_echo "found in $ssldir" >&6; } fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5 -$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5 +$as_echo_n "checking for EVP_sha256 in -lcrypto... " >&6; } LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -17903,8 +17971,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -17915,7 +17983,7 @@ if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h else @@ -17936,8 +18004,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -17946,7 +18014,7 @@ _ACEOF if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -17968,8 +18036,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -17978,7 +18046,7 @@ _ACEOF if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -18000,8 +18068,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18010,7 +18078,7 @@ _ACEOF if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -18189,17 +18257,13 @@ $as_echo_n "checking if libssl needs -lcrypt32... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char HMAC_Update (); int main () { -return HMAC_Update (); + + int EVP_sha256(void); + (void)EVP_sha256(); + ; return 0; } @@ -18276,7 +18340,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h +for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -18290,7 +18354,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18306,7 +18370,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19618,6 +19682,70 @@ _ACEOF fi +# nghttp2 + +# Check whether --with-libnghttp2 was given. +if test "${with_libnghttp2+set}" = set; then : + withval=$with_libnghttp2; +else + withval="no" +fi + +found_libnghttp2="no" +if test x_$withval = x_yes -o x_$withval != x_no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnghttp2" >&5 +$as_echo_n "checking for libnghttp2... " >&6; } + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/nghttp2/nghttp2.h"; then + found_libnghttp2="yes" + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 +$as_echo "found in $dir" >&6; } + +$as_echo "#define HAVE_NGHTTP2 1" >>confdefs.h + + LIBS="$LIBS -lnghttp2" + break; + fi + done + if test x_$found_libnghttp2 != x_yes; then + as_fn_error $? "Could not find libnghttp2, nghttp2.h" "$LINENO" 5 + fi + for ac_header in nghttp2/nghttp2.h +do : + ac_fn_c_check_header_compile "$LINENO" "nghttp2/nghttp2.h" "ac_cv_header_nghttp2_nghttp2_h" "$ac_includes_default +" +if test "x$ac_cv_header_nghttp2_nghttp2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NGHTTP2_NGHTTP2_H 1 +_ACEOF + +fi + +done + + ac_fn_c_check_decl "$LINENO" "nghttp2_session_server_new" "ac_cv_have_decl_nghttp2_session_server_new" "$ac_includes_default + #include + +" +if test "x$ac_cv_have_decl_nghttp2_session_server_new" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW $ac_have_decl +_ACEOF + +fi + # set static linking for uninstalled libraries if requested staticexe="" @@ -20173,7 +20301,7 @@ if test "$ac_res" != no; then : fi -for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 +for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -21569,7 +21697,7 @@ _ACEOF -version=1.10.1 +version=1.13.1 date=`date +'%b %e, %Y'` @@ -22088,7 +22216,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.10.1, which was +This file was extended by unbound $as_me 1.13.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22154,7 +22282,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.10.1 +unbound config.status 1.13.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -23147,7 +23275,6 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. diff --git a/configure.ac b/configure.ac index e71bc5888..3e872bca9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_PREREQ(2.56) +AC_PREREQ([2.56]) sinclude(acx_nlnetlabs.m4) sinclude(ax_pthread.m4) sinclude(acx_python.m4) @@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[10]) +m4_define([VERSION_MINOR],[13]) m4_define([VERSION_MICRO],[1]) -AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) +AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=8 +LIBUNBOUND_REVISION=12 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -94,6 +94,10 @@ LIBUNBOUND_AGE=1 # 1.9.6 had 9:6:1 # 1.10.0 had 9:7:1 # 1.10.1 had 9:8:1 +# 1.11.0 had 9:9:1 +# 1.12.0 had 9:10:1 +# 1.13.0 had 9:11:1 +# 1.13.1 had 9:12:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -122,7 +126,7 @@ cmdln="`echo $@ | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/'g`" AC_DEFINE_UNQUOTED(CONFCMDLINE, ["$cmdln"], [Command line arguments used with configure]) CFLAGS="$CFLAGS" -AC_AIX +AC_USE_SYSTEM_EXTENSIONS if test "$ac_cv_header_minix_config_h" = "yes"; then AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix]) fi @@ -163,8 +167,7 @@ else ub_conf_file="C:\\Program Files\\Unbound\\service.conf" fi AC_ARG_WITH([conf_file], - AC_HELP_STRING([--with-conf-file=path], - [Pathname to the Unbound configuration file]), + AS_HELP_STRING([--with-conf-file=path],[Pathname to the Unbound configuration file]), [ub_conf_file="$withval"]) AC_SUBST(ub_conf_file) ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config) @@ -174,8 +177,7 @@ AC_SUBST(ub_conf_dir) # Determine run, chroot directory and pidfile locations AC_ARG_WITH(run-dir, - AC_HELP_STRING([--with-run-dir=path], - [set default directory to chdir to (by default dir part of cfg file)]), + AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]), UNBOUND_RUN_DIR="$withval", if test $on_mingw = no; then UNBOUND_RUN_DIR=`dirname "$ub_conf_file"` @@ -188,8 +190,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run) AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to]) AC_ARG_WITH(chroot-dir, - AC_HELP_STRING([--with-chroot-dir=path], - [set default directory to chroot to (by default same as run-dir)]), + AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]), UNBOUND_CHROOT_DIR="$withval", if test $on_mingw = no; then UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR" @@ -202,16 +203,14 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_CHROOT_DIR, hdr_chroot) AC_DEFINE_UNQUOTED(CHROOT_DIR, ["$hdr_chroot"], [Directory to chroot to]) AC_ARG_WITH(share-dir, - AC_HELP_STRING([--with-share-dir=path], - [set default directory with shared data (by default same as share/unbound)]), + AS_HELP_STRING([--with-share-dir=path],[set default directory with shared data (by default same as share/unbound)]), UNBOUND_SHARE_DIR="$withval", UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR") AC_SUBST(UNBOUND_SHARE_DIR) AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data]) AC_ARG_WITH(pidfile, - AC_HELP_STRING([--with-pidfile=filename], - [set default pathname to unbound pidfile (default run-dir/unbound.pid)]), + AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]), UNBOUND_PIDFILE="$withval", if test $on_mingw = no; then UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid" @@ -224,8 +223,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid) AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location]) AC_ARG_WITH(rootkey-file, - AC_HELP_STRING([--with-rootkey-file=filename], - [set default pathname to root key file (default run-dir/root.key). This file is read and written.]), + AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]), UNBOUND_ROOTKEY_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" @@ -238,8 +236,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey) AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location]) AC_ARG_WITH(rootcert-file, - AC_HELP_STRING([--with-rootcert-file=filename], - [set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), + AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), UNBOUND_ROOTCERT_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" @@ -252,8 +249,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem) AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location]) AC_ARG_WITH(username, - AC_HELP_STRING([--with-username=user], - [set default user that unbound changes to (default user is unbound)]), + AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]), UNBOUND_USERNAME="$withval", UNBOUND_USERNAME="unbound") AC_SUBST(UNBOUND_USERNAME) @@ -265,7 +261,7 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST -AC_LANG_C +AC_LANG([C]) # allow user to override the -g -O2 flags. default_cflags=no if test "x$CFLAGS" = "x" ; then @@ -278,8 +274,8 @@ ACX_DEPFLAG ACX_DETERMINE_EXT_FLAGS_UNBOUND # debug mode flags warnings -AC_ARG_ENABLE(checking, AC_HELP_STRING([--enable-checking], [Enable warnings, asserts, makefile-dependencies])) -AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [same as enable-checking])) +AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable warnings, asserts, makefile-dependencies])) +AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[same as enable-checking])) if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; else debug_enabled="$enable_checking"; fi AC_SUBST(debug_enabled) @@ -313,14 +309,11 @@ AC_DEFUN([CHECK_WEAK_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "weak" attribute) AC_CACHE_VAL(ac_cv_c_weak_attribute, [ac_cv_c_weak_attribute=no -AC_TRY_COMPILE( -[ #include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include __attribute__((weak)) void f(int x) { printf("%d", x); } -], [ +]], [[ f(1); -], -[ac_cv_c_weak_attribute="yes"], -[ac_cv_c_weak_attribute="no"]) +]])],[ac_cv_c_weak_attribute="yes"],[ac_cv_c_weak_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_weak_attribute) @@ -337,14 +330,11 @@ AC_DEFUN([CHECK_NORETURN_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute) AC_CACHE_VAL(ac_cv_c_noreturn_attribute, [ac_cv_c_noreturn_attribute=no -AC_TRY_COMPILE( -[ #include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include __attribute__((noreturn)) void f(int x) { printf("%d", x); } -], [ +]], [[ f(1); -], -[ac_cv_c_noreturn_attribute="yes"], -[ac_cv_c_noreturn_attribute="no"]) +]])],[ac_cv_c_noreturn_attribute="yes"],[ac_cv_c_noreturn_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_noreturn_attribute) @@ -382,7 +372,7 @@ EOF fi ]) -AC_PROG_LEX +AC_PROG_LEX([noyywrap]) if test "$LEX" != "" -a "$LEX" != ":"; then ACX_YYLEX_DESTROY fi @@ -397,7 +387,23 @@ ACX_LIBTOOL_C_ONLY PKG_PROG_PKG_CONFIG # Checks for header files. -AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT]) +# net/if.h portability for Darwin see: +# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html +AC_CHECK_HEADERS([net/if.h],,, [ +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +]) # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH AC_CHECK_HEADERS([TargetConditionals.h]) @@ -475,7 +481,7 @@ fi # check some functions of the OS before linking libs (while still runnable). AC_FUNC_CHOWN AC_FUNC_FORK -AC_TYPE_SIGNAL +AC_DEFINE(RETSIGTYPE,void,[Return type of signal handlers, but autoconf 2.70 says 'your code may safely assume C89 semantics that RETSIGTYPE is void.']) AC_FUNC_FSEEKO ACX_SYS_LARGEFILE ACX_CHECK_NONBLOCKING_BROKEN @@ -494,14 +500,11 @@ sinclude(systemd.m4) # Include systemd.m4 - end # set memory allocation checking if requested -AC_ARG_ENABLE(alloc-checks, AC_HELP_STRING([--enable-alloc-checks], - [ enable to memory allocation statistics, for debug purposes ]), +AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-lite, AC_HELP_STRING([--enable-alloc-lite], - [ enable for lightweight alloc assertions, for debug purposes ]), +AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-nonregional, AC_HELP_STRING([--enable-alloc-nonregional], - [ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), +AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), , ) if test x_$enable_alloc_nonregional = x_yes; then AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use]) @@ -545,8 +548,7 @@ else # check this first, so that the pthread lib does not get linked in via # libssl or libpython, and thus distorts the tests, and we end up using # the non-threadsafe C libraries. -AC_ARG_WITH(pthreads, AC_HELP_STRING([--with-pthreads], - [use pthreads library, or --without-pthreads to disable threading support.]), +AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]), [ ],[ withval="yes" ]) ub_have_pthreads=no if test x_$withval != x_no; then @@ -593,12 +595,11 @@ int main(void) {return 0;} fi # check solaris thread library -AC_ARG_WITH(solaris-threads, AC_HELP_STRING([--with-solaris-threads], - [use solaris native thread library.]), [ ],[ withval="no" ]) +AC_ARG_WITH(solaris-threads, AS_HELP_STRING([--with-solaris-threads],[use solaris native thread library.]), [ ],[ withval="no" ]) ub_have_sol_threads=no if test x_$withval != x_no; then if test x_$ub_have_pthreads != x_no; then - AC_WARN([Have pthreads already, ignoring --with-solaris-threads]) + AC_MSG_WARN([Have pthreads already, ignoring --with-solaris-threads]) else AC_SEARCH_LIBS(thr_create, [thread], [ @@ -608,7 +609,7 @@ if test x_$withval != x_no; then [CFLAGS="$CFLAGS -D_REENTRANT"]) ub_have_sol_threads=yes ] , [ - AC_ERROR([no solaris threads found.]) + AC_MSG_ERROR([no solaris threads found.]) ]) fi fi @@ -616,7 +617,7 @@ fi fi # end of non-mingw check of thread libraries # Check for SYSLOG_FACILITY -AC_ARG_WITH(syslog-facility, AC_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7], [ set SYSLOG_FACILITY, default DAEMON ]), +AC_ARG_WITH(syslog-facility, AS_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7],[ set SYSLOG_FACILITY, default DAEMON ]), [ UNBOUND_SYSLOG_FACILITY="$withval" ], []) case "${UNBOUND_SYSLOG_FACILITY}" in @@ -627,10 +628,30 @@ case "${UNBOUND_SYSLOG_FACILITY}" in esac AC_DEFINE_UNQUOTED(UB_SYSLOG_FACILITY,${UNBOUND_SYSLOG_FACILITY},[the SYSLOG_FACILITY to use, default LOG_DAEMON]) +# Check for dynamic library module +AC_ARG_WITH(dynlibmodule, + AS_HELP_STRING([--with-dynlibmodule],[build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]), + [], [ withval="no" ]) + +if test x_$withval != x_no; then + AC_DEFINE(WITH_DYNLIBMODULE, 1, [Define if you want dynlib module.]) + WITH_DYNLIBMODULE=yes + AC_SUBST(WITH_DYNLIBMODULE) + DYNLIBMOD_OBJ="dynlibmod.lo" + AC_SUBST(DYNLIBMOD_OBJ) + DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h' + AC_SUBST(DYNLIBMOD_HEADER) + if test $on_mingw = "no"; then + DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" + else + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a" + fi + AC_SUBST(DYNLIBMOD_EXTRALIBS) +fi + # Check for PyUnbound AC_ARG_WITH(pyunbound, - AC_HELP_STRING([--with-pyunbound], - [build PyUnbound, or --without-pyunbound to skip it. (default=no)]), + AS_HELP_STRING([--with-pyunbound],[build PyUnbound, or --without-pyunbound to skip it. (default=no)]), [], [ withval="no" ]) ub_test_python=no @@ -642,8 +663,7 @@ fi # Check for Python module AC_ARG_WITH(pythonmodule, - AC_HELP_STRING([--with-pythonmodule], - [build Python module, or --without-pythonmodule to disable script engine. (default=no)]), + AS_HELP_STRING([--with-pythonmodule],[build Python module, or --without-pythonmodule to disable script engine. (default=no)]), [], [ withval="no" ]) ub_with_pythonmod=no @@ -661,7 +681,7 @@ if test x_$ub_test_python != x_no; then AC_PYTHON_DEVEL if test ! -z "$PYTHON_VERSION"; then if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then - AC_ERROR([Python version >= 2.4.0 is required]) + AC_MSG_ERROR([Python version >= 2.4.0 is required]) fi [PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"] @@ -678,6 +698,9 @@ if test x_$ub_test_python != x_no; then else CPPFLAGS="$PYTHON_CPPFLAGS" fi + if test "$PYTHON_LIBDIR" != "/usr/lib" -a "$PYTHON_LIBDIR" != "" -a "$PYTHON_LIBDIR" != "/usr/lib64"; then + ACX_RUNTIME_PATH_ADD([$PYTHON_LIBDIR]) + fi ub_have_python=yes PKG_CHECK_EXISTS(["python${PY_MAJOR_VERSION}"], [PC_PY_DEPENDENCY="python${PY_MAJOR_VERSION}"], @@ -686,7 +709,7 @@ if test x_$ub_test_python != x_no; then # Check for SWIG ub_have_swig=no - AC_ARG_ENABLE(swig-version-check, AC_HELP_STRING([--disable-swig-version-check], [Disable swig version check to build python modules with older swig even though that is unreliable])) + AC_ARG_ENABLE(swig-version-check, AS_HELP_STRING([--disable-swig-version-check],[Disable swig version check to build python modules with older swig even though that is unreliable])) if test "$enable_swig_version_check" = "yes"; then AC_PROG_SWIG(2.0.1) else @@ -694,7 +717,7 @@ if test x_$ub_test_python != x_no; then fi AC_MSG_CHECKING(SWIG) if test ! -x "$SWIG"; then - AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) + AC_MSG_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) else AC_DEFINE(HAVE_SWIG, 1, [Define if you have Swig libraries and header files.]) AC_SUBST(swig, "$SWIG") @@ -749,8 +772,7 @@ AC_SUBST(CONFIG_DATE) # libnss USE_NSS="no" -AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], - [use libnss instead of openssl, installed at path.]), +AC_ARG_WITH([nss], AS_HELP_STRING([--with-nss=path],[use libnss instead of openssl, installed at path.]), [ USE_NSS="yes" AC_DEFINE(HAVE_NSS, 1, [Use libnss for crypto]) @@ -772,8 +794,7 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], # libnettle USE_NETTLE="no" -AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path], - [use libnettle as crypto library, installed at path.]), +AC_ARG_WITH([nettle], AS_HELP_STRING([--with-nettle=path],[use libnettle as crypto library, installed at path.]), [ USE_NETTLE="yes" AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto]) @@ -805,7 +826,10 @@ AC_SUBST(PC_CRYPTO_DEPENDENCY) BAKLIBS="$LIBS" LIBS="-lssl $LIBS" AC_MSG_CHECKING([if libssl needs -lcrypt32]) -AC_TRY_LINK_FUNC([HMAC_Update], [ +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); +]])], [ AC_MSG_RESULT([no]) LIBS="$BAKLIBS" ], [ @@ -824,13 +848,13 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ else AC_MSG_RESULT([no]) fi -AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback]) +AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params]) # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ @@ -893,7 +917,7 @@ fi AC_SUBST(SSLLIB) # libbsd -AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd functions]), [ +AC_ARG_WITH([libbsd], AS_HELP_STRING([--with-libbsd],[Use portable libbsd functions]), [ AC_CHECK_HEADERS([bsd/string.h bsd/stdlib.h],,, [AC_INCLUDES_DEFAULT]) if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do @@ -906,7 +930,7 @@ AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd funct fi ]) -AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) +AC_ARG_ENABLE(sha1, AS_HELP_STRING([--disable-sha1],[Disable SHA1 RRSIG support, does not disable nsec3 support])) case "$enable_sha1" in no) ;; @@ -916,7 +940,7 @@ case "$enable_sha1" in esac -AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) +AC_ARG_ENABLE(sha2, AS_HELP_STRING([--disable-sha2],[Disable SHA256 and SHA512 RRSIG support])) case "$enable_sha2" in no) ;; @@ -925,7 +949,7 @@ case "$enable_sha2" in ;; esac -AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet])) +AC_ARG_ENABLE(subnet, AS_HELP_STRING([--enable-subnet],[Enable client subnet])) case "$enable_subnet" in yes) AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.]) @@ -1036,7 +1060,7 @@ fi AC_MSG_RESULT($ac_cv_c_gost_works) ])dnl -AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support])) +AC_ARG_ENABLE(gost, AS_HELP_STRING([--disable-gost],[Disable GOST support])) use_gost="no" if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then case "$enable_gost" in @@ -1054,7 +1078,7 @@ case "$enable_gost" in esac fi dnl !USE_NSS && !USE_NETTLE -AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support])) +AC_ARG_ENABLE(ecdsa, AS_HELP_STRING([--disable-ecdsa],[Disable ECDSA support])) use_ecdsa="no" case "$enable_ecdsa" in no) @@ -1086,7 +1110,7 @@ case "$enable_ecdsa" in ;; esac -AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) +AC_ARG_ENABLE(dsa, AS_HELP_STRING([--disable-dsa],[Disable DSA support])) use_dsa="no" case "$enable_dsa" in yes) @@ -1126,7 +1150,7 @@ AC_INCLUDES_DEFAULT ;; esac -AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support])) +AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable ED25519 support])) use_ed25519="no" case "$enable_ed25519" in no) @@ -1149,7 +1173,7 @@ case "$enable_ed25519" in ;; esac -AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable ED448 support])) +AC_ARG_ENABLE(ed448, AS_HELP_STRING([--disable-ed448],[Disable ED448 support])) use_ed448="no" case "$enable_ed448" in no) @@ -1169,7 +1193,7 @@ case "$enable_ed448" in ;; esac -AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) +AC_ARG_ENABLE(event-api, AS_HELP_STRING([--enable-event-api],[Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) case "$enable_event_api" in yes) AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install]) @@ -1179,7 +1203,7 @@ case "$enable_event_api" in ;; esac -AC_ARG_ENABLE(tfo-client, AC_HELP_STRING([--enable-tfo-client], [Enable TCP Fast Open for client mode])) +AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode])) case "$enable_tfo_client" in yes) case `uname` in @@ -1203,7 +1227,7 @@ case "$enable_tfo_client" in ;; esac -AC_ARG_ENABLE(tfo-server, AC_HELP_STRING([--enable-tfo-server], [Enable TCP Fast Open for server mode])) +AC_ARG_ENABLE(tfo-server, AS_HELP_STRING([--enable-tfo-server],[Enable TCP Fast Open for server mode])) case "$enable_tfo_server" in yes) AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT @@ -1216,8 +1240,7 @@ case "$enable_tfo_server" in esac # check for libevent -AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname], - [use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), +AC_ARG_WITH(libevent, AS_HELP_STRING([--with-libevent=pathname],[use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), [ ],[ with_libevent="no" ]) if test "x_$with_libevent" != x_no; then AC_DEFINE([USE_LIBEVENT], [1], [Define if you enable libevent]) @@ -1311,8 +1334,7 @@ else fi # check for libexpat -AC_ARG_WITH(libexpat, AC_HELP_STRING([--with-libexpat=path], - [specify explicit path for libexpat.]), +AC_ARG_WITH(libexpat, AS_HELP_STRING([--with-libexpat=path],[specify explicit path for libexpat.]), [ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ]) AC_MSG_CHECKING(for libexpat) found_libexpat="no" @@ -1329,7 +1351,7 @@ for dir in $withval ; do fi done if test x_$found_libexpat != x_yes; then - AC_ERROR([Could not find libexpat, expat.h]) + AC_MSG_ERROR([Could not find libexpat, expat.h]) fi AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT @@ -1337,8 +1359,7 @@ AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT ]) # hiredis (redis C client for cachedb) -AC_ARG_WITH(libhiredis, AC_HELP_STRING([--with-libhiredis=path], - [specify explicit path for libhiredis.]), +AC_ARG_WITH(libhiredis, AS_HELP_STRING([--with-libhiredis=path],[specify explicit path for libhiredis.]), [ ],[ withval="no" ]) found_libhiredis="no" if test x_$withval = x_yes -o x_$withval != x_no; then @@ -1361,7 +1382,7 @@ if test x_$withval = x_yes -o x_$withval != x_no; then fi done if test x_$found_libhiredis != x_yes; then - AC_ERROR([Could not find libhiredis, hiredis.h]) + AC_MSG_ERROR([Could not find libhiredis, hiredis.h]) fi AC_CHECK_HEADERS([hiredis/hiredis.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_DECLS([redisConnect], [], [], [AC_INCLUDES_DEFAULT @@ -1369,11 +1390,42 @@ if test x_$withval = x_yes -o x_$withval != x_no; then ]) fi +# nghttp2 +AC_ARG_WITH(libnghttp2, AS_HELP_STRING([--with-libnghttp2=path],[specify explicit path for libnghttp2.]), + [ ],[ withval="no" ]) +found_libnghttp2="no" +if test x_$withval = x_yes -o x_$withval != x_no; then + AC_MSG_CHECKING(for libnghttp2) + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/nghttp2/nghttp2.h"; then + found_libnghttp2="yes" + dnl assume /usr is in default path. + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + AC_MSG_RESULT(found in $dir) + AC_DEFINE([HAVE_NGHTTP2], [1], [Define this to use nghttp2 client.]) + LIBS="$LIBS -lnghttp2" + break; + fi + done + if test x_$found_libnghttp2 != x_yes; then + AC_MSG_ERROR([Could not find libnghttp2, nghttp2.h]) + fi + AC_CHECK_HEADERS([nghttp2/nghttp2.h],,, [AC_INCLUDES_DEFAULT]) + AC_CHECK_DECLS([nghttp2_session_server_new], [], [], [AC_INCLUDES_DEFAULT + #include + ]) +fi + # set static linking for uninstalled libraries if requested AC_SUBST(staticexe) staticexe="" -AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe], - [ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), +AC_ARG_ENABLE(static-exe, AS_HELP_STRING([--enable-static-exe],[ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), , ) if test x_$enable_static_exe = x_yes; then staticexe="-static" @@ -1390,8 +1442,7 @@ if test x_$enable_static_exe = x_yes; then fi # set full static linking if requested -AC_ARG_ENABLE(fully-static, AC_HELP_STRING([--enable-fully-static], - [ enable to compile fully static ]), +AC_ARG_ENABLE(fully-static, AS_HELP_STRING([--enable-fully-static],[ enable to compile fully static ]), , ) if test x_$enable_fully_static = x_yes; then staticexe="-all-static" @@ -1407,8 +1458,7 @@ if test x_$enable_fully_static = x_yes; then fi # set lock checking if requested -AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], - [ enable to check lock and unlock calls, for debug purposes ]), +AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]), , ) if test x_$enable_lock_checks = x_yes; then AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).]) @@ -1525,7 +1575,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([ AC_MSG_RESULT(no)) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) @@ -1650,7 +1700,7 @@ AC_SUBST(LIBOBJ_WITHOUT_CTIME) AC_REPLACE_FUNCS(ctime_r) AC_REPLACE_FUNCS(strsep) -AC_ARG_ENABLE(allsymbols, AC_HELP_STRING([--enable-allsymbols], [export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols])) +AC_ARG_ENABLE(allsymbols, AS_HELP_STRING([--enable-allsymbols],[export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols])) case "$enable_allsymbols" in yes) COMMON_OBJ_ALL_SYMBOLS="" @@ -1716,7 +1766,7 @@ dnsc_DNSCRYPT([ ) # check for cachedb if requested -AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) +AC_ARG_ENABLE(cachedb, AS_HELP_STRING([--enable-cachedb],[enable cachedb module that can use external cache storage])) # turn on cachedb when hiredis support is enabled. if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi case "$enable_cachedb" in @@ -1729,7 +1779,7 @@ case "$enable_cachedb" in esac # check for ipsecmod if requested -AC_ARG_ENABLE(ipsecmod, AC_HELP_STRING([--enable-ipsecmod], [Enable ipsecmod module that facilitates opportunistic IPsec])) +AC_ARG_ENABLE(ipsecmod, AS_HELP_STRING([--enable-ipsecmod],[Enable ipsecmod module that facilitates opportunistic IPsec])) case "$enable_ipsecmod" in yes) AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.]) @@ -1744,7 +1794,7 @@ case "$enable_ipsecmod" in esac # check for ipset if requested -AC_ARG_ENABLE(ipset, AC_HELP_STRING([--enable-ipset], [enable ipset module])) +AC_ARG_ENABLE(ipset, AS_HELP_STRING([--enable-ipset],[enable ipset module])) case "$enable_ipset" in yes) AC_DEFINE([USE_IPSET], [1], [Define to 1 to use ipset support]) @@ -1754,8 +1804,7 @@ case "$enable_ipset" in AC_SUBST(IPSET_OBJ) # mnl - AC_ARG_WITH(libmnl, AC_HELP_STRING([--with-libmnl=path], - [specify explicit path for libmnl.]), + AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]), [ ],[ withval="yes" ]) found_libmnl="no" AC_MSG_CHECKING(for libmnl) @@ -1776,14 +1825,14 @@ case "$enable_ipset" in fi done if test x_$found_libmnl != x_yes; then - AC_ERROR([Could not find libmnl, libmnl.h]) + AC_MSG_ERROR([Could not find libmnl, libmnl.h]) fi ;; no|*) # nothing ;; esac -AC_ARG_ENABLE(explicit-port-randomisation, AC_HELP_STRING([--disable-explicit-port-randomisation], [disable explicit source port randomisation and rely on the kernel to provide random source ports])) +AC_ARG_ENABLE(explicit-port-randomisation, AS_HELP_STRING([--disable-explicit-port-randomisation],[disable explicit source port randomisation and rely on the kernel to provide random source ports])) case "$enable_explicit_port_randomisation" in no) AC_DEFINE([DISABLE_EXPLICIT_PORT_RANDOMISATION], [1], [Define this to enable kernel based UDP source port randomization.]) @@ -1831,8 +1880,7 @@ AC_SUBST(SOURCEFILE) # see if we want to build the library or everything ALLTARGET="alltargets" INSTALLTARGET="install-all" -AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], - [do not build daemon and tool programs]), +AC_ARG_WITH(libunbound-only, AS_HELP_STRING([--with-libunbound-only],[do not build daemon and tool programs]), [ if test "$withval" = "yes"; then ALLTARGET="lib" @@ -1841,10 +1889,10 @@ AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], ]) if test $ALLTARGET = "alltargets"; then if test $USE_NSS = "yes"; then - AC_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) + AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) fi if test $USE_NETTLE = "yes"; then - AC_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) + AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) fi fi @@ -2105,6 +2153,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, #define UNBOUND_DNS_PORT 53 /** default port for DNS over TLS traffic. */ #define UNBOUND_DNS_OVER_TLS_PORT 853 +/** default port for DNS over HTTPS traffic. */ +#define UNBOUND_DNS_OVER_HTTPS_PORT 443 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 @@ -2119,5 +2169,5 @@ AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_portable.service]) -AC_CONFIG_HEADER([config.h]) +AC_CONFIG_HEADERS([config.h]) AC_OUTPUT diff --git a/contrib/README b/contrib/README index 9db078e56..ef2a0ab88 100644 --- a/contrib/README +++ b/contrib/README @@ -53,3 +53,5 @@ distribution but may be helpful. lookups for downstream clients. * drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format, contributed by Andreas Schulze. +* metrics.awk: awk script that can convert unbound-control stats to + Prometheus metrics format output. diff --git a/contrib/aaaa-filter-iterator.patch b/contrib/aaaa-filter-iterator.patch index b5c526822..f51de2a40 100644 --- a/contrib/aaaa-filter-iterator.patch +++ b/contrib/aaaa-filter-iterator.patch @@ -1,10 +1,10 @@ -Index: trunk/doc/unbound.conf.5.in -=================================================================== ---- trunk/doc/unbound.conf.5.in (revision 4357) -+++ trunk/doc/unbound.conf.5.in (working copy) -@@ -701,6 +701,13 @@ +diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in +index f426ac5f..147fbfa9 100644 +--- a/doc/unbound.conf.5.in ++++ b/doc/unbound.conf.5.in +@@ -872,6 +872,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when this option in enabled. Only use if you know what you are doing. - This option only has effect when qname-minimisation is enabled. Default is off. + This option only has effect when qname-minimisation is enabled. Default is no. .TP +.B aaaa\-filter: \fI +Activate behavior similar to BIND's AAAA-filter. @@ -13,17 +13,18 @@ Index: trunk/doc/unbound.conf.5.in +This also causes an additional A query to be sent for each AAAA query. +This breaks DNSSEC! +.TP - .B private\-address: \fI - Give IPv4 of IPv6 addresses or classless subnets. These are addresses - on your private network, and are not allowed to be returned for -Index: trunk/iterator/iter_scrub.c -=================================================================== ---- trunk/iterator/iter_scrub.c (revision 4357) -+++ trunk/iterator/iter_scrub.c (working copy) -@@ -617,6 +617,32 @@ + .B aggressive\-nsec: \fI + Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN + and other denials, using information from previous NXDOMAINs answers. +diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c +index aae934dd..55c55de0 100644 +--- a/iterator/iter_scrub.c ++++ b/iterator/iter_scrub.c +@@ -667,6 +667,32 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset, + return 0; } - /** ++/** + * ASN: Lookup A records from rrset cache. + * @param qinfo: the question originally asked. + * @param env: module environment with config and cache. @@ -49,11 +50,10 @@ Index: trunk/iterator/iter_scrub.c + return 0; +} + -+/** + /** * Given a response event, remove suspect RRsets from the response. * "Suspect" rrsets are potentially poison. Note that this routine expects - * the response to be in a "normalized" state -- that is, all "irrelevant" -@@ -635,6 +661,7 @@ +@@ -686,6 +712,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, struct query_info* qinfo, uint8_t* zonename, struct module_env* env, struct iter_env* ie) { @@ -61,7 +61,7 @@ Index: trunk/iterator/iter_scrub.c int del_addi = 0; /* if additional-holding rrsets are deleted, we do not trust the normalized additional-A-AAAA any more */ struct rrset_parse* rrset, *prev; -@@ -670,6 +697,13 @@ +@@ -721,6 +748,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, rrset = rrset->rrset_all_next; } @@ -75,11 +75,10 @@ Index: trunk/iterator/iter_scrub.c /* At this point, we brutally remove ALL rrsets that aren't * children of the originating zone. The idea here is that, * as far as we know, the server that we contacted is ONLY -@@ -680,6 +714,24 @@ - prev = NULL; +@@ -732,6 +766,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, rrset = msg->rrset_first; while(rrset) { -+ + + /* ASN: For AAAA records only... */ + if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) { + /* ASN: If this is not a AAAA query, then remove AAAA @@ -97,14 +96,15 @@ Index: trunk/iterator/iter_scrub.c + LDNS_RR_TYPE_AAAA, qinfo->qclass); + } + /* ASN: End of added code */ - ++ /* remove private addresses */ if( (rrset->type == LDNS_RR_TYPE_A || -Index: trunk/iterator/iter_utils.c -=================================================================== ---- trunk/iterator/iter_utils.c (revision 4357) -+++ trunk/iterator/iter_utils.c (working copy) -@@ -175,6 +175,7 @@ + rrset->type == LDNS_RR_TYPE_AAAA)) { +diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c +index 7bc67da6..e10f547a 100644 +--- a/iterator/iter_utils.c ++++ b/iterator/iter_utils.c +@@ -175,6 +175,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) } iter_env->supports_ipv6 = cfg->do_ip6; iter_env->supports_ipv4 = cfg->do_ip4; @@ -112,11 +112,11 @@ Index: trunk/iterator/iter_utils.c return 1; } -Index: trunk/iterator/iterator.c -=================================================================== ---- trunk/iterator/iterator.c (revision 4357) -+++ trunk/iterator/iterator.c (working copy) -@@ -1847,6 +1847,53 @@ +diff --git a/iterator/iterator.c b/iterator/iterator.c +index 23b07ea9..ca29b48c 100644 +--- a/iterator/iterator.c ++++ b/iterator/iterator.c +@@ -2127,6 +2127,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) return 0; } @@ -125,7 +125,7 @@ Index: trunk/iterator/iterator.c + * ASN: This event state was added as an intermediary step between + * QUERYTARGETS_STATE and the next step, in order to cast a subquery for the + * purpose of caching A records for the queried name. -+ * ++ * + * @param qstate: query state. + * @param iq: iterator query state. + * @param ie: iterator shared global environment. @@ -147,9 +147,9 @@ Index: trunk/iterator/iterator.c + + /* re-throw same query, but with a different type */ + if(!generate_sub_request(iq->qchase.qname, -+ iq->qchase.qname_len, LDNS_RR_TYPE_A, ++ iq->qchase.qname_len, LDNS_RR_TYPE_A, + iq->qchase.qclass, qstate, id, iq, -+ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { ++ INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { + log_nametypeclass(VERB_ALGO, "ASN-AAAA-filter: failed " + "preloading of A record for", + iq->qchase.qname, LDNS_RR_TYPE_A, @@ -170,7 +170,7 @@ Index: trunk/iterator/iterator.c /** * This is the request event state where the request will be sent to one of -@@ -1894,6 +1941,13 @@ +@@ -2186,6 +2233,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } @@ -184,11 +184,11 @@ Index: trunk/iterator/iterator.c /* Make sure we have a delegation point, otherwise priming failed * or another failure occurred */ if(!iq->dp) { -@@ -3095,6 +3149,61 @@ +@@ -3574,6 +3628,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, return 0; } -+/** ++/** + * ASN: Do final processing on responses to A queries originated from AAAA + * queries. Events reach this state after the iterative resolution algorithm + * terminates. @@ -246,7 +246,7 @@ Index: trunk/iterator/iterator.c /* * Return priming query results to interested super querystates. * -@@ -3114,6 +3223,9 @@ +@@ -3593,6 +3702,9 @@ iter_inform_super(struct module_qstate* qstate, int id, else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*) super->minfo[id])->state == DSNS_FIND_STATE) processDSNSResponse(qstate, id, super); @@ -256,7 +256,7 @@ Index: trunk/iterator/iterator.c else if(qstate->return_rcode != LDNS_RCODE_NOERROR) error_supers(qstate, id, super); else if(qstate->is_priming) -@@ -3151,6 +3263,9 @@ +@@ -3630,6 +3742,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq, case INIT_REQUEST_3_STATE: cont = processInitRequest3(qstate, iq, id); break; @@ -266,7 +266,7 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE: cont = processQueryTargets(qstate, iq, ie, id); break; -@@ -3460,6 +3575,8 @@ +@@ -3961,6 +4076,8 @@ iter_state_to_string(enum iter_state state) return "INIT REQUEST STATE (stage 2)"; case INIT_REQUEST_3_STATE: return "INIT REQUEST STATE (stage 3)"; @@ -275,7 +275,7 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE : return "QUERY TARGETS STATE"; case PRIME_RESP_STATE : -@@ -3484,6 +3601,7 @@ +@@ -3985,6 +4102,7 @@ iter_state_is_responsestate(enum iter_state s) case INIT_REQUEST_STATE : case INIT_REQUEST_2_STATE : case INIT_REQUEST_3_STATE : @@ -283,11 +283,11 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE : case COLLECT_CLASS_STATE : return 0; -Index: trunk/iterator/iterator.h -=================================================================== ---- trunk/iterator/iterator.h (revision 4357) -+++ trunk/iterator/iterator.h (working copy) -@@ -130,6 +130,9 @@ +diff --git a/iterator/iterator.h b/iterator/iterator.h +index 342ac207..731948d1 100644 +--- a/iterator/iterator.h ++++ b/iterator/iterator.h +@@ -135,6 +135,9 @@ struct iter_env { */ int* target_fetch_policy; @@ -297,10 +297,11 @@ Index: trunk/iterator/iterator.h /** lock on ratelimit counter */ lock_basic_type queries_ratelimit_lock; /** number of queries that have been ratelimited */ -@@ -182,6 +185,14 @@ +@@ -186,6 +189,14 @@ enum iter_state { + */ INIT_REQUEST_3_STATE, - /** ++ /** + * This state is responsible for intercepting AAAA queries, + * and launch a A subquery on the same target, to populate the + * cache with A records, so the AAAA filter scrubbing logic can @@ -308,29 +309,28 @@ Index: trunk/iterator/iterator.h + */ + ASN_FETCH_A_FOR_AAAA_STATE, + -+ /** + /** * Each time a delegation point changes for a given query or a * query times out and/or wakes up, this state is (re)visited. - * This state is responsible for iterating through a list of -@@ -364,6 +375,13 @@ - * be used when creating the state. A higher one will be attempted. +@@ -375,6 +386,13 @@ struct iter_qstate { */ int refetch_glue; -+ + + /** + * ASN: This is a flag that, if true, means that this query is + * for fetching A records to populate cache and determine if we must + * return AAAA records or not. + */ + int fetch_a_for_aaaa; - ++ /** list of pending queries to authoritative servers. */ struct outbound_list outlist; -Index: trunk/pythonmod/interface.i -=================================================================== ---- trunk/pythonmod/interface.i (revision 4357) -+++ trunk/pythonmod/interface.i (working copy) -@@ -851,6 +851,7 @@ + +diff --git a/pythonmod/interface.i b/pythonmod/interface.i +index f08b575d..47f1bb2e 100644 +--- a/pythonmod/interface.i ++++ b/pythonmod/interface.i +@@ -975,6 +975,7 @@ struct config_file { int harden_dnssec_stripped; int harden_referral_path; int use_caps_bits_for_id; @@ -338,11 +338,11 @@ Index: trunk/pythonmod/interface.i struct config_strlist* private_address; struct config_strlist* private_domain; size_t unwanted_threshold; -Index: trunk/util/config_file.c -=================================================================== ---- trunk/util/config_file.c (revision 4357) -+++ trunk/util/config_file.c (working copy) -@@ -195,6 +195,7 @@ +diff --git a/util/config_file.c b/util/config_file.c +index 0ab8614a..729fb147 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -218,6 +218,7 @@ config_create(void) cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; cfg->use_caps_bits_for_id = 0; @@ -350,11 +350,11 @@ Index: trunk/util/config_file.c cfg->caps_whitelist = NULL; cfg->private_address = NULL; cfg->private_domain = NULL; -Index: trunk/util/config_file.h -=================================================================== ---- trunk/util/config_file.h (revision 4357) -+++ trunk/util/config_file.h (working copy) -@@ -209,6 +209,8 @@ +diff --git a/util/config_file.h b/util/config_file.h +index e61257a3..dabaa7bb 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -260,6 +260,8 @@ struct config_file { int harden_algo_downgrade; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; @@ -363,11 +363,11 @@ Index: trunk/util/config_file.h /** 0x20 whitelist, domains that do not use capsforid */ struct config_strlist* caps_whitelist; /** strip away these private addrs from answers, no DNS Rebinding */ -Index: trunk/util/configlexer.lex -=================================================================== ---- trunk/util/configlexer.lex (revision 4357) -+++ trunk/util/configlexer.lex (working copy) -@@ -279,6 +279,7 @@ +diff --git a/util/configlexer.lex b/util/configlexer.lex +index 79a0edca..4eaec678 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -304,6 +304,7 @@ harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } @@ -375,11 +375,11 @@ Index: trunk/util/configlexer.lex private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } -Index: trunk/util/configparser.y -=================================================================== ---- trunk/util/configparser.y (revision 4357) -+++ trunk/util/configparser.y (working copy) -@@ -95,6 +95,7 @@ +diff --git a/util/configparser.y b/util/configparser.y +index 1d0e8658..f284dd43 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -97,6 +97,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS @@ -387,7 +387,7 @@ Index: trunk/util/configparser.y %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -@@ -203,6 +204,7 @@ +@@ -233,6 +234,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | server_harden_referral_path | server_private_address | server_private_domain | server_extended_statistics | @@ -395,12 +395,10 @@ Index: trunk/util/configparser.y server_local_data_ptr | server_jostle_timeout | server_unwanted_reply_threshold | server_log_time_ascii | server_domain_insecure | server_val_sig_skew_min | -@@ -1183,6 +1185,15 @@ - OUTYY(("P(server_caps_whitelist:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2)) +@@ -1563,6 +1565,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG yyerror("out of memory"); -+ } -+ ; + } + ; +server_aaaa_filter: VAR_AAAA_FILTER STRING_ARG + { + OUTYY(("P(server_aaaa_filter:%s)\n", $2)); @@ -408,6 +406,8 @@ Index: trunk/util/configparser.y + yyerror("expected yes or no."); + else cfg_parser->cfg->aaaa_filter = (strcmp($2, "yes")==0); + free($2); - } - ; ++ } ++ ; server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG + { + OUTYY(("P(server_private_address:%s)\n", $2)); diff --git a/contrib/fastrpz.patch b/contrib/fastrpz.patch index aacd5ab82..5b3c18a7c 100644 --- a/contrib/fastrpz.patch +++ b/contrib/fastrpz.patch @@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- diff --git a/Makefile.in b/Makefile.in -index a20058cc..495779cc 100644 +index bac212df..4824927f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c @@ -13,8 +13,8 @@ index a20058cc..495779cc 100644 +FASTRPZ_OBJ=@FASTRPZ_OBJ@ DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ - WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ -@@ -127,7 +129,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ + WITH_DYNLIBMODULE=@WITH_DYNLIBMODULE@ +@@ -134,7 +136,7 @@ validator/val_sigcrypt.c validator/val_utils.c dns64/dns64.c \ edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c cachedb/redis.c respip/respip.c $(CHECKLOCK_SRC) \ @@ -23,16 +23,16 @@ index a20058cc..495779cc 100644 COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -@@ -140,7 +142,7 @@ autotrust.lo val_anchor.lo rpz.lo \ +@@ -147,7 +149,7 @@ autotrust.lo val_anchor.lo rpz.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo redis.lo authzone.lo \ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ --$(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo -+$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) respip.lo +-$(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo ++$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) $(IPSET_OBJ) $(DYNLIBMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -@@ -410,6 +412,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ +@@ -428,6 +430,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -45,10 +45,10 @@ index a20058cc..495779cc 100644 pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ diff --git a/config.h.in b/config.h.in -index 78d47fed..e33073e4 100644 +index f7a4095e..d5a4fa01 100644 --- a/config.h.in +++ b/config.h.in -@@ -1345,4 +1345,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, +@@ -1364,4 +1364,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -62,7 +62,7 @@ index 78d47fed..e33073e4 100644 +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ diff --git a/configure.ac b/configure.ac -index 2b91dd3c..e6063d17 100644 +index 5c373d9d..e45abd89 100644 --- a/configure.ac +++ b/configure.ac @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) @@ -73,10 +73,10 @@ index 2b91dd3c..e6063d17 100644 sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1778,6 +1779,9 @@ case "$enable_ipset" in - ;; +@@ -1819,6 +1820,9 @@ case "$enable_explicit_port_randomisation" in esac + +# check for Fastrpz with fastrpz/rpz.m4 +ck_FASTRPZ + @@ -84,7 +84,7 @@ index 2b91dd3c..e6063d17 100644 # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). diff --git a/daemon/daemon.c b/daemon/daemon.c -index 8b0fc348..7ffb9221 100644 +index 5d427925..f89f1437 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -91,6 +91,9 @@ @@ -97,8 +97,8 @@ index 8b0fc348..7ffb9221 100644 #ifdef HAVE_SYSTEMD #include -@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon) - dt_apply_cfg(daemon->dtenv, daemon->cfg); +@@ -456,6 +459,14 @@ daemon_create_workers(struct daemon* daemon) + fatal_exit("dt_create failed"); #else fatal_exit("dnstap enabled in config but not built with dnstap support"); +#endif @@ -112,7 +112,7 @@ index 8b0fc348..7ffb9221 100644 #endif } for(i=0; inum; i++) { -@@ -731,6 +742,9 @@ daemon_cleanup(struct daemon* daemon) +@@ -729,6 +740,9 @@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); daemon->dnscenv = NULL; @@ -139,7 +139,7 @@ index 3effbafb..4d4c34da 100644 /** diff --git a/daemon/worker.c b/daemon/worker.c -index eb7fdf2f..1982228d 100644 +index 23e3244c..b63d49b7 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -76,6 +76,9 @@ @@ -152,7 +152,7 @@ index eb7fdf2f..1982228d 100644 #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" -@@ -534,8 +537,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, +@@ -535,8 +538,27 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, /* not secure */ secure = 0; break; @@ -180,7 +180,7 @@ index eb7fdf2f..1982228d 100644 /* return this delegation from the cache */ edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; -@@ -710,6 +732,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, +@@ -711,6 +733,23 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, *is_secure_answer = 0; } } else *is_secure_answer = 0; @@ -204,7 +204,7 @@ index eb7fdf2f..1982228d 100644 edns_bak = *edns; edns->edns_version = EDNS_ADVERTISED_VERSION; -@@ -1435,6 +1474,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, +@@ -1436,6 +1475,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -220,7 +220,7 @@ index eb7fdf2f..1982228d 100644 } /* If we've found a local alias, replace the qname with the alias -@@ -1485,12 +1533,21 @@ lookup_cache: +@@ -1486,12 +1534,21 @@ lookup_cache: h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ @@ -244,7 +244,7 @@ index eb7fdf2f..1982228d 100644 /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache -@@ -1547,11 +1604,19 @@ lookup_cache: +@@ -1548,11 +1605,19 @@ lookup_cache: lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { @@ -267,10 +267,10 @@ index eb7fdf2f..1982228d 100644 } verbose(VERB_ALGO, "answer norec from cache -- " diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in -index 38c2d298..3b07f392 100644 +index cd43f04e..b92a1af8 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in -@@ -1828,6 +1828,81 @@ List domain for which the AAAA records are ignored and the A record is +@@ -1878,6 +1878,81 @@ List domain for which the AAAA records are ignored and the A record is used by dns64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given. @@ -2888,7 +2888,7 @@ index 00000000..21235355 + fi +]) diff --git a/iterator/iterator.c b/iterator/iterator.c -index 1e0113a8..2fcbf547 100644 +index 23b07ea9..c3d31a33 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -68,6 +68,9 @@ @@ -2901,7 +2901,7 @@ index 1e0113a8..2fcbf547 100644 /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; -@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -563,6 +566,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2925,7 +2925,7 @@ index 1e0113a8..2fcbf547 100644 /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -571,6 +591,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, /* Other rrsets in the section are ignored. */ } @@ -2935,7 +2935,7 @@ index 1e0113a8..2fcbf547 100644 /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; irep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1231,6 +1254,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2943,7 +2943,7 @@ index 1e0113a8..2fcbf547 100644 log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1317,8 +1341,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, } if(msg) { /* handle positive cache response */ @@ -2953,7 +2953,7 @@ index 1e0113a8..2fcbf547 100644 if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1326,7 +1349,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2976,7 +2976,7 @@ index 1e0113a8..2fcbf547 100644 if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -2801,6 +2839,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3039,7 +3039,7 @@ index 1e0113a8..2fcbf547 100644 if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != -@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -3563,12 +3657,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3085,10 +3085,10 @@ index 1e0113a8..2fcbf547 100644 qstate->return_msg = iq->response; return 0; diff --git a/iterator/iterator.h b/iterator/iterator.h -index a2f1b570..e1e4a738 100644 +index 342ac207..49b0ecdd 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h -@@ -386,6 +386,16 @@ struct iter_qstate { +@@ -396,6 +396,16 @@ struct iter_qstate { */ int minimise_count; @@ -3104,12 +3104,12 @@ index a2f1b570..e1e4a738 100644 + /** * Count number of time-outs. Used to prevent resolving failures when - * the QNAME minimisation QTYPE is blocked. */ + * the QNAME minimisation QTYPE is blocked. Used to determine if diff --git a/services/cache/dns.c b/services/cache/dns.c -index 2a5bca4a..6de8863a 100644 +index 7b6e142c..6d7449f5 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c -@@ -967,6 +967,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, +@@ -969,6 +969,14 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, struct regional* region, uint32_t flags) { struct reply_info* rep = NULL; @@ -3125,7 +3125,7 @@ index 2a5bca4a..6de8863a 100644 rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) diff --git a/services/mesh.c b/services/mesh.c -index 9114ef4c..3dc518e5 100644 +index 4b0c5db4..eb9cfa5b 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -61,6 +61,9 @@ @@ -3138,7 +3138,7 @@ index 9114ef4c..3dc518e5 100644 #include "respip/respip.h" #include "services/listen_dnsport.h" -@@ -1195,6 +1198,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, +@@ -1207,6 +1210,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; @@ -3152,7 +3152,7 @@ index 9114ef4c..3dc518e5 100644 /* send the reply */ /* We don't reuse the encoded answer if either the previous or current * response has a local alias. We could compare the alias records -@@ -1415,6 +1425,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, +@@ -1434,6 +1444,7 @@ struct mesh_state* mesh_area_find(struct mesh_area* mesh, key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; @@ -3160,7 +3160,7 @@ index 9114ef4c..3dc518e5 100644 /* We are searching for a similar mesh state when we DO want to * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ -@@ -1461,6 +1472,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, +@@ -1480,6 +1491,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, if(!r) return 0; r->query_reply = *rep; @@ -3172,11 +3172,11 @@ index 9114ef4c..3dc518e5 100644 if(edns->opt_list) { r->edns.opt_list = edns_opt_copy_region(edns->opt_list, diff --git a/util/config_file.c b/util/config_file.c -index 52ca5a18..0660248f 100644 +index 0e9ee471..a5fd72e0 100644 --- a/util/config_file.c +++ b/util/config_file.c -@@ -1460,6 +1460,8 @@ config_delete(struct config_file* cfg) - free(cfg->dnstap_socket_path); +@@ -1495,6 +1495,8 @@ config_delete(struct config_file* cfg) + free(cfg->dnstap_tls_client_cert_file); free(cfg->dnstap_identity); free(cfg->dnstap_version); + if (cfg->rpz_cstr) @@ -3185,10 +3185,10 @@ index 52ca5a18..0660248f 100644 config_deldblstrlist(cfg->ratelimit_below_domain); config_delstrlist(cfg->python_script); diff --git a/util/config_file.h b/util/config_file.h -index 8739ca2a..a2dcf215 100644 +index 66e5025d..504f4f92 100644 --- a/util/config_file.h +++ b/util/config_file.h -@@ -499,6 +499,11 @@ struct config_file { +@@ -522,6 +522,11 @@ struct config_file { /** true to disable DNSSEC lameness check in iterator */ int disable_dnssec_lame_check; @@ -3201,10 +3201,10 @@ index 8739ca2a..a2dcf215 100644 int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ diff --git a/util/configlexer.lex b/util/configlexer.lex -index deedffa5..301458a3 100644 +index 83cea4b9..9a7feea4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex -@@ -446,6 +446,10 @@ dnstap-log-forwarder-query-messages{COLON} { +@@ -467,6 +467,10 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } @@ -3216,18 +3216,18 @@ index deedffa5..301458a3 100644 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } diff --git a/util/configparser.y b/util/configparser.y -index d471babe..cb6b1d63 100644 +index fe600a99..ce43390f 100644 --- a/util/configparser.y +++ b/util/configparser.y -@@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; +@@ -128,6 +128,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES +%token VAR_RPZ VAR_RPZ_ENABLE VAR_RPZ_ZONE VAR_RPZ_OPTION %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT - %token VAR_DISABLE_DNSSEC_LAME_CHECK -@@ -173,7 +174,7 @@ extern struct config_parser_state* cfg_parser; + %token VAR_IP_DSCP +@@ -179,7 +180,7 @@ extern struct config_parser_state* cfg_parser; %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -3236,7 +3236,7 @@ index d471babe..cb6b1d63 100644 forwardstart contents_forward | pythonstart contents_py | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | -@@ -2837,6 +2838,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES +@@ -2939,6 +2940,50 @@ dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MES free($2); } ; @@ -3384,7 +3384,7 @@ index 729877ba..ccd1a0c2 100644 /** diff --git a/util/netevent.c b/util/netevent.c -index 9fe5da2d..037e70d1 100644 +index 3e7a433e..f20d806f 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -57,6 +57,9 @@ @@ -3397,7 +3397,7 @@ index 9fe5da2d..037e70d1 100644 /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ -@@ -590,6 +593,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) +@@ -596,6 +599,9 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ @@ -3407,7 +3407,7 @@ index 9fe5da2d..037e70d1 100644 rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); -@@ -679,6 +685,9 @@ comm_point_udp_callback(int fd, short event, void* arg) +@@ -685,6 +691,9 @@ comm_point_udp_callback(int fd, short event, void* arg) int i; struct sldns_buffer *buffer; @@ -3417,7 +3417,7 @@ index 9fe5da2d..037e70d1 100644 rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); -@@ -722,6 +731,9 @@ comm_point_udp_callback(int fd, short event, void* arg) +@@ -728,6 +737,9 @@ comm_point_udp_callback(int fd, short event, void* arg) (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } @@ -3427,7 +3427,7 @@ index 9fe5da2d..037e70d1 100644 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; -@@ -3192,6 +3204,9 @@ comm_point_send_reply(struct comm_reply *repinfo) +@@ -3175,6 +3187,9 @@ comm_point_send_reply(struct comm_reply *repinfo) repinfo->c->tcp_timeout_msec); } } @@ -3437,7 +3437,7 @@ index 9fe5da2d..037e70d1 100644 } void -@@ -3201,6 +3216,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) +@@ -3184,6 +3199,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; log_assert(repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); @@ -3447,7 +3447,7 @@ index 9fe5da2d..037e70d1 100644 if(repinfo->c->type == comm_udp) return; if(repinfo->c->tcp_req_info) -@@ -3222,6 +3240,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) +@@ -3205,6 +3223,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) { verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); @@ -3458,7 +3458,7 @@ index 9fe5da2d..037e70d1 100644 /* no use to start listening no free slots. */ return; diff --git a/util/netevent.h b/util/netevent.h -index d80c72b3..0233292f 100644 +index bb2cd1e5..666067e8 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -120,6 +120,10 @@ struct comm_reply { diff --git a/contrib/libunbound.pc.in b/contrib/libunbound.pc.in index 1442ed523..453bf7d4f 100644 --- a/contrib/libunbound.pc.in +++ b/contrib/libunbound.pc.in @@ -7,8 +7,7 @@ Name: unbound Description: Library with validating, recursive, and caching DNS resolver URL: http://www.unbound.net Version: @PACKAGE_VERSION@ -Requires: @PC_CRYPTO_DEPENDENCY@ @PC_LIBEVENT_DEPENDENCY@ -Requires.private: @PC_PY_DEPENDENCY@ @PC_LIBBSD_DEPENDENCY@ +Requires.private: @PC_PY_DEPENDENCY@ @PC_LIBBSD_DEPENDENCY@ @PC_CRYPTO_DEPENDENCY@ @PC_LIBEVENT_DEPENDENCY@ Libs: -L${libdir} -lunbound Libs.private: @SSLLIB@ @LIBS@ Cflags: -I${includedir} diff --git a/contrib/metrics.awk b/contrib/metrics.awk new file mode 100644 index 000000000..5a7a2569c --- /dev/null +++ b/contrib/metrics.awk @@ -0,0 +1,180 @@ +# read output of unbound-control stats +# and output prometheus metrics style output. +# use these options: +# server: extended-statistics: yes +# statistics-cumulative: no +# statistics-interval: 0 +# remote-control: control-enable: yes +# Can use it like unbound-control stats | awk -f "metrics.awk" + +BEGIN { + FS="="; +} +# everything like total.num.queries=value is put in val["total.num.queries"] +/^.*\..*=/ { + val[$1]=$2; +} +# print the output metrics +END { + print "# HELP unbound_hits_queries Unbound DNS traffic and cache hits" + print "# TYPE unbound_hits_queries gauge" + print "unbound_hits_queries{type=\"total.num.queries\"} " val["total.num.queries"]; + for (x=0; x<99; x++) { + if(val["thread" $x ".num.queries"] != "") { + print "unbound_hits_queries{type=\"thread" $x ".num.queries\"} " val["thread" $x ".num.queries"]; + } + } + print "unbound_hits_queries{type=\"total.num.cachehits\"} " val["total.num.cachehits"]; + print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"]; + print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"]; + print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"]; + print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"]; + print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"]; + print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"]; + print "unbound_hits_queries{type=\"unwanted.queries\"} " val["unwanted.queries"]; + print "" + + print "# HELP unbound_queue_queries Unbound requestlist size" + print "# TYPE unbound_queue_queries gauge" + print "unbound_queue_queries{type=\"total.requestlist.avg\"} " val["total.requestlist.avg"]; + print "unbound_queue_queries{type=\"total.requestlist.max\"} " val["total.requestlist.max"]; + print "unbound_queue_queries{type=\"total.requestlist.overwritten\"} " val["total.requestlist.overwritten"]; + print "unbound_queue_queries{type=\"total.requestlist.exceeded\"} " val["total.requestlist.exceeded"]; + print "" + + print "# HELP unbound_memory_bytes Unbound memory usage" + print "# TYPE unbound_memory_bytes gauge" + print "unbound_memory_bytes{type=\"mem.cache.rrset\"} " val["mem.cache.rrset"]; + print "unbound_memory_bytes{type=\"mem.cache.message\"} " val["mem.cache.message"]; + print "unbound_memory_bytes{type=\"mem.mod.iterator\"} " val["mem.mod.iterator"]; + if(val["mem.mod.validator"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.validator\"} " val["mem.mod.validator"]; + } + if(val["mem.mod.respip"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.respip\"} " val["mem.mod.respip"]; + } + if(val["mem.mod.subnet"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.subnet\"} " val["mem.mod.subnet"]; + } + if(val["mem.mod.ipsecmod"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.ipsecmod\"} " val["mem.mod.ipsecmod"]; + } + if(val["mem.mod.dynlibmod"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.dynlibmod\"} " val["mem.mod.dynlibmod"]; + } + print "unbound_memory_bytes{type=\"msg.cache.count\"} " val["msg.cache.count"]; + print "unbound_memory_bytes{type=\"rrset.cache.count\"} " val["rrset.cache.count"]; + print "unbound_memory_bytes{type=\"infra.cache.count\"} " val["infra.cache.count"]; + print "unbound_memory_bytes{type=\"key.cache.count\"} " val["key.cache.count"]; + print "" + + print "# HELP unbound_by_type_queries Unbound DNS queries by type" + print "# TYPE unbound_by_type_queries gauge" + for(x in val) { + if(x ~ /^num.query.type./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_type_queries{type=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_class_queries Unbound DNS queries by class" + print "# TYPE unbound_by_class_queries gauge" + for(x in val) { + if(x ~ /^num.query.class./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_class_queries{class=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_opcode_queries Unbound DNS queries by opcode" + print "# TYPE unbound_by_opcode_queries gauge" + for(x in val) { + if(x ~ /^num.query.opcode./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_opcode_queries{opcode=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_rcode_queries Unbound DNS answers by rcode" + print "# TYPE unbound_by_rcode_queries gauge" + for(x in val) { + if(x ~ /^num.answer.rcode./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_rcode_queries{rcode=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_flags_queries Unbound DNS queries by flags" + print "# TYPE unbound_by_flags_queries gauge" + for(x in val) { + if(x ~ /^num.query.flags./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_flags_queries{flag=\"" a[4] "\"} " val[x]; + } + } + } + if(val["num.query.edns.present"] != "") { + print "unbound_by_flags_queries{flag=\"num.query.edns.present\"} " val["num.query.edns.present"]; + } + if(val["num.query.edns.DO"] != "") { + print "unbound_by_flags_queries{flag=\"num.query.edns.DO\"} " val["num.query.edns.DO"]; + } + print "" + + print "# HELP unbound_histogram_seconds Unbound DNS histogram of reply time" + print "# TYPE unbound_histogram_seconds gauge" + print "unbound_histogram_seconds{bucket=\"000000.000000.to.000000.000001\"} " val["histogram.000000.000000.to.000000.000001"]; + print "unbound_histogram_seconds{bucket=\"000000.000001.to.000000.000002\"} " val["histogram.000000.000001.to.000000.000002"]; + print "unbound_histogram_seconds{bucket=\"000000.000002.to.000000.000004\"} " val["histogram.000000.000002.to.000000.000004"]; + print "unbound_histogram_seconds{bucket=\"000000.000004.to.000000.000008\"} " val["histogram.000000.000004.to.000000.000008"]; + print "unbound_histogram_seconds{bucket=\"000000.000008.to.000000.000016\"} " val["histogram.000000.000008.to.000000.000016"]; + print "unbound_histogram_seconds{bucket=\"000000.000016.to.000000.000032\"} " val["histogram.000000.000016.to.000000.000032"]; + print "unbound_histogram_seconds{bucket=\"000000.000032.to.000000.000064\"} " val["histogram.000000.000032.to.000000.000064"]; + print "unbound_histogram_seconds{bucket=\"000000.000064.to.000000.000128\"} " val["histogram.000000.000064.to.000000.000128"]; + print "unbound_histogram_seconds{bucket=\"000000.000128.to.000000.000256\"} " val["histogram.000000.000128.to.000000.000256"]; + print "unbound_histogram_seconds{bucket=\"000000.000256.to.000000.000512\"} " val["histogram.000000.000256.to.000000.000512"]; + print "unbound_histogram_seconds{bucket=\"000000.000512.to.000000.001024\"} " val["histogram.000000.000512.to.000000.001024"]; + print "unbound_histogram_seconds{bucket=\"000000.001024.to.000000.002048\"} " val["histogram.000000.001024.to.000000.002048"]; + print "unbound_histogram_seconds{bucket=\"000000.002048.to.000000.004096\"} " val["histogram.000000.002048.to.000000.004096"]; + print "unbound_histogram_seconds{bucket=\"000000.004096.to.000000.008192\"} " val["histogram.000000.004096.to.000000.008192"]; + print "unbound_histogram_seconds{bucket=\"000000.008192.to.000000.016384\"} " val["histogram.000000.008192.to.000000.016384"]; + print "unbound_histogram_seconds{bucket=\"000000.016384.to.000000.032768\"} " val["histogram.000000.016384.to.000000.032768"]; + print "unbound_histogram_seconds{bucket=\"000000.032768.to.000000.065536\"} " val["histogram.000000.032768.to.000000.065536"]; + print "unbound_histogram_seconds{bucket=\"000000.065536.to.000000.131072\"} " val["histogram.000000.065536.to.000000.131072"]; + print "unbound_histogram_seconds{bucket=\"000000.131072.to.000000.262144\"} " val["histogram.000000.131072.to.000000.262144"]; + print "unbound_histogram_seconds{bucket=\"000000.262144.to.000000.524288\"} " val["histogram.000000.262144.to.000000.524288"]; + print "unbound_histogram_seconds{bucket=\"000000.524288.to.000001.000000\"} " val["histogram.000000.524288.to.000001.000000"]; + print "unbound_histogram_seconds{bucket=\"000001.000000.to.000002.000000\"} " val["histogram.000001.000000.to.000002.000000"]; + print "unbound_histogram_seconds{bucket=\"000002.000000.to.000004.000000\"} " val["histogram.000002.000000.to.000004.000000"]; + print "unbound_histogram_seconds{bucket=\"000004.000000.to.000008.000000\"} " val["histogram.000004.000000.to.000008.000000"]; + print "unbound_histogram_seconds{bucket=\"000008.000000.to.000016.000000\"} " val["histogram.000008.000000.to.000016.000000"]; + print "unbound_histogram_seconds{bucket=\"000016.000000.to.000032.000000\"} " val["histogram.000016.000000.to.000032.000000"]; + print "unbound_histogram_seconds{bucket=\"000032.000000.to.000064.000000\"} " val["histogram.000032.000000.to.000064.000000"]; + print "unbound_histogram_seconds{bucket=\"000064.000000.to.000128.000000\"} " val["histogram.000064.000000.to.000128.000000"]; + print "unbound_histogram_seconds{bucket=\"000128.000000.to.000256.000000\"} " val["histogram.000128.000000.to.000256.000000"]; + print "unbound_histogram_seconds{bucket=\"000256.000000.to.000512.000000\"} " val["histogram.000256.000000.to.000512.000000"]; + print "unbound_histogram_seconds{bucket=\"000512.000000.to.001024.000000\"} " val["histogram.000512.000000.to.001024.000000"]; + print "unbound_histogram_seconds{bucket=\"001024.000000.to.002048.000000\"} " val["histogram.001024.000000.to.002048.000000"]; + print "unbound_histogram_seconds{bucket=\"002048.000000.to.004096.000000\"} " val["histogram.002048.000000.to.004096.000000"]; + print "unbound_histogram_seconds{bucket=\"004096.000000.to.008192.000000\"} " val["histogram.004096.000000.to.008192.000000"]; + print "unbound_histogram_seconds{bucket=\"008192.000000.to.016384.000000\"} " val["histogram.008192.000000.to.016384.000000"]; + print "unbound_histogram_seconds{bucket=\"016384.000000.to.032768.000000\"} " val["histogram.016384.000000.to.032768.000000"]; + print "unbound_histogram_seconds{bucket=\"032768.000000.to.065536.000000\"} " val["histogram.032768.000000.to.065536.000000"]; + print "unbound_histogram_seconds{bucket=\"065536.000000.to.131072.000000\"} " val["histogram.065536.000000.to.131072.000000"]; + print "unbound_histogram_seconds{bucket=\"131072.000000.to.262144.000000\"} " val["histogram.131072.000000.to.262144.000000"]; + print "unbound_histogram_seconds{bucket=\"262144.000000.to.524288.000000\"} " val["histogram.262144.000000.to.524288.000000"]; + print "" +} diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index 8ebe529c9..a4596978d 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -42,9 +42,9 @@ [Unit] Description=Validating, recursive, and caching DNS resolver Documentation=man:unbound(8) -After=network.target -Before=network-online.target nss-lookup.target -Wants=nss-lookup.target +After=network-online.target +Before=nss-lookup.target +Wants=network-online.target nss-lookup.target [Install] WantedBy=multi-user.target @@ -66,7 +66,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources diff --git a/contrib/unbound_munin_ b/contrib/unbound_munin_ index 2839cd8b5..defca291c 100755 --- a/contrib/unbound_munin_ +++ b/contrib/unbound_munin_ @@ -174,11 +174,11 @@ get_state ( ) { if test "$1" = "autoconf" ; then if test ! -f $conf; then echo no "($conf does not exist)" - exit 1 + exit 0 fi if test ! -d `dirname $state`; then echo no "(`dirname $state` directory does not exist)" - exit 1 + exit 0 fi echo yes exit 0 diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in index 998b66dec..e763763f0 100644 --- a/contrib/unbound_portable.service.in +++ b/contrib/unbound_portable.service.in @@ -38,7 +38,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources diff --git a/daemon/acl_list.c b/daemon/acl_list.c index c16a920d9..84324575e 100644 --- a/daemon/acl_list.c +++ b/daemon/acl_list.c @@ -273,7 +273,7 @@ check_data(const char* data, const struct config_strlist* head) if(res == 0) return 1; log_err("rr data [char %d] parse error %s", - (int)LDNS_WIREPARSE_OFFSET(res)-13, + (int)LDNS_WIREPARSE_OFFSET(res)-2, sldns_get_errorstr_parse(res)); return 0; } diff --git a/daemon/daemon.c b/daemon/daemon.c index 5d4279259..a11d50a9b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -77,6 +77,7 @@ #include "util/storage/lookup3.h" #include "util/storage/slabhash.h" #include "util/tcp_conn_limit.h" +#include "util/edns.h" #include "services/listen_dnsport.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" @@ -290,6 +291,15 @@ daemon_init(void) free(daemon); return NULL; } + if(!(daemon->env->edns_strings = edns_strings_create())) { + auth_zones_delete(daemon->env->auth_zones); + acl_list_delete(daemon->acl); + tcl_list_delete(daemon->tcl); + edns_known_options_delete(daemon->env); + free(daemon->env); + free(daemon); + return NULL; + } return daemon; } @@ -298,6 +308,8 @@ daemon_open_shared_ports(struct daemon* daemon) { log_assert(daemon); if(daemon->cfg->port != daemon->listening_port) { + char** resif = NULL; + int num_resif = 0; size_t i; struct listen_port* p0; daemon->reuseport = 0; @@ -308,15 +320,18 @@ daemon_open_shared_ports(struct daemon* daemon) free(daemon->ports); daemon->ports = NULL; } + if(!resolve_interface_names(daemon->cfg, &resif, &num_resif)) + return 0; /* see if we want to reuseport */ #ifdef SO_REUSEPORT if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0) daemon->reuseport = 1; #endif /* try to use reuseport */ - p0 = listening_ports_open(daemon->cfg, &daemon->reuseport); + p0 = listening_ports_open(daemon->cfg, resif, num_resif, &daemon->reuseport); if(!p0) { listening_ports_free(p0); + config_del_strarray(resif, num_resif); return 0; } if(daemon->reuseport) { @@ -330,6 +345,7 @@ daemon_open_shared_ports(struct daemon* daemon) if(!(daemon->ports = (struct listen_port**)calloc( daemon->num_ports, sizeof(*daemon->ports)))) { listening_ports_free(p0); + config_del_strarray(resif, num_resif); return 0; } daemon->ports[0] = p0; @@ -338,16 +354,19 @@ daemon_open_shared_ports(struct daemon* daemon) for(i=1; inum_ports; i++) { if(!(daemon->ports[i]= listening_ports_open(daemon->cfg, + resif, num_resif, &daemon->reuseport)) || !daemon->reuseport ) { for(i=0; inum_ports; i++) listening_ports_free(daemon->ports[i]); free(daemon->ports); daemon->ports = NULL; + config_del_strarray(resif, num_resif); return 0; } } } + config_del_strarray(resif, num_resif); daemon->listening_port = daemon->cfg->port; } if(!daemon->cfg->remote_control_enable && daemon->rc_port) { @@ -619,6 +638,10 @@ daemon_fork(struct daemon* daemon) &daemon->use_rpz)) fatal_exit("auth_zones could not be setup"); + /* Set-up EDNS strings */ + if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) + fatal_exit("Could not set up EDNS strings"); + /* setup modules */ daemon_setup_modules(daemon); @@ -750,6 +773,7 @@ daemon_delete(struct daemon* daemon) rrset_cache_delete(daemon->env->rrset_cache); infra_delete(daemon->env->infra_cache); edns_known_options_delete(daemon->env); + edns_strings_delete(daemon->env->edns_strings); auth_zones_delete(daemon->env->auth_zones); } ub_randfree(daemon->rand); diff --git a/daemon/remote.c b/daemon/remote.c index b399735c9..64057a57b 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -329,7 +329,8 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, /* open fd */ fd = create_tcp_accept_sock(res, 1, &noproto, 0, - cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd, cfg->ip_dscp); + cfg->ip_transparent, 0, 0, cfg->ip_freebind, + cfg->use_systemd, cfg->ip_dscp); freeaddrinfo(res); } @@ -348,11 +349,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, /* alloc */ n = (struct listen_port*)calloc(1, sizeof(*n)); if(!n) { -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif + sock_close(fd); log_err("out of memory"); return 0; } @@ -461,11 +458,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, if(rc->active >= rc->max_active) { log_warn("drop incoming remote control: too many connections"); close_exit: -#ifndef USE_WINSOCK - close(newfd); -#else - closesocket(newfd); -#endif + sock_close(newfd); return 0; } @@ -574,11 +567,8 @@ ssl_print_text(RES* res, const char* text) if(r == -1) { if(errno == EAGAIN || errno == EINTR) continue; -#ifndef USE_WINSOCK - log_err("could not send: %s", strerror(errno)); -#else - log_err("could not send: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("could not send: %s", + sock_strerror(errno)); return 0; } at += r; @@ -635,11 +625,8 @@ ssl_read_line(RES* res, char* buf, size_t max) } if(errno == EINTR || errno == EAGAIN) continue; -#ifndef USE_WINSOCK - log_err("could not recv: %s", strerror(errno)); -#else - log_err("could not recv: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("could not recv: %s", + sock_strerror(errno)); return 0; } break; @@ -804,6 +791,9 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, size_t dnscrypt_shared_secret = 0; size_t dnscrypt_nonce = 0; #endif /* USE_DNSCRYPT */ +#ifdef WITH_DYNLIBMODULE + size_t dynlib = 0; +#endif /* WITH_DYNLIBMODULE */ msg = slabhash_get_mem(daemon->env->msg_cache); rrset = slabhash_get_mem(&daemon->env->rrset_cache->table); val = mod_get_mem(&worker->env, "validator"); @@ -822,6 +812,9 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, dnscrypt_nonce = slabhash_get_mem(daemon->dnscenv->nonces_cache); } #endif /* USE_DNSCRYPT */ +#ifdef WITH_DYNLIBMODULE + dynlib = mod_get_mem(&worker->env, "dynlib"); +#endif /* WITH_DYNLIBMODULE */ if(!print_longnum(ssl, "mem.cache.rrset"SQ, rrset)) return 0; @@ -849,9 +842,19 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, dnscrypt_nonce)) return 0; #endif /* USE_DNSCRYPT */ +#ifdef WITH_DYNLIBMODULE + if(!print_longnum(ssl, "mem.mod.dynlibmod"SQ, dynlib)) + return 0; +#endif /* WITH_DYNLIBMODULE */ if(!print_longnum(ssl, "mem.streamwait"SQ, (size_t)s->svr.mem_stream_wait)) return 0; + if(!print_longnum(ssl, "mem.http.query_buffer"SQ, + (size_t)s->svr.mem_http2_query_buffer)) + return 0; + if(!print_longnum(ssl, "mem.http.response_buffer"SQ, + (size_t)s->svr.mem_http2_response_buffer)) + return 0; return 1; } @@ -978,6 +981,8 @@ print_ext(RES* ssl, struct ub_stats_info* s) (unsigned long)s->svr.qtls_resume)) return 0; if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", (unsigned long)s->svr.qipv6)) return 0; + if(!ssl_printf(ssl, "num.query.https"SQ"%lu\n", + (unsigned long)s->svr.qhttps)) return 0; /* flags */ if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", (unsigned long)s->svr.qbit_QR)) return 0; @@ -2855,6 +2860,57 @@ do_ip_ratelimit_list(RES* ssl, struct worker* worker, char* arg) slabhash_traverse(a.infra->client_ip_rates, 0, ip_rate_list, &a); } +/** do the rpz_enable/disable command */ +static void +do_rpz_enable_disable(RES* ssl, struct worker* worker, char* arg, int enable) { + size_t nmlen; + int nmlabs; + uint8_t *nm = NULL; + struct auth_zones *az = worker->env.auth_zones; + struct auth_zone *z = NULL; + if (!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) + return; + if (az) { + lock_rw_rdlock(&az->lock); + z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN); + if (z) { + lock_rw_wrlock(&z->lock); + } + lock_rw_unlock(&az->lock); + } + free(nm); + if (!z) { + (void) ssl_printf(ssl, "error no auth-zone %s\n", arg); + return; + } + if (!z->rpz) { + (void) ssl_printf(ssl, "error auth-zone %s not RPZ\n", arg); + lock_rw_unlock(&z->lock); + return; + } + if (enable) { + rpz_enable(z->rpz); + } else { + rpz_disable(z->rpz); + } + lock_rw_unlock(&z->lock); + send_ok(ssl); +} + +/** do the rpz_enable command */ +static void +do_rpz_enable(RES* ssl, struct worker* worker, char* arg) +{ + do_rpz_enable_disable(ssl, worker, arg, 1); +} + +/** do the rpz_disable command */ +static void +do_rpz_disable(RES* ssl, struct worker* worker, char* arg) +{ + do_rpz_enable_disable(ssl, worker, arg, 0); +} + /** tell other processes to execute the command */ static void distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd) @@ -3055,6 +3111,10 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, do_flush_bogus(ssl, worker); } else if(cmdcmp(p, "flush_negative", 14)) { do_flush_negative(ssl, worker); + } else if(cmdcmp(p, "rpz_enable", 10)) { + do_rpz_enable(ssl, worker, skipwhite(p+10)); + } else if(cmdcmp(p, "rpz_disable", 11)) { + do_rpz_disable(ssl, worker, skipwhite(p+11)); } else { (void)ssl_printf(ssl, "error unknown command '%s'\n", p); } @@ -3106,11 +3166,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) if(rr == 0) return; if(errno == EINTR || errno == EAGAIN) continue; -#ifndef USE_WINSOCK - log_err("could not recv: %s", strerror(errno)); -#else - log_err("could not recv: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("could not recv: %s", sock_strerror(errno)); return; } r = (int)rr; diff --git a/daemon/stats.c b/daemon/stats.c index a568ba070..8720a52d6 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -271,6 +271,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.ans_secure += (long long)worker->env.mesh->ans_secure; s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus; s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata; + s->svr.ans_expired += (long long)worker->env.mesh->ans_expired; for(i=0; isvr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i]; for(i=0; isvr.mem_stream_wait = (long long)tcp_req_info_get_stream_buffer_size(); + s->svr.mem_http2_query_buffer = + (long long)http2_get_query_buffer_size(); + s->svr.mem_http2_response_buffer = + (long long)http2_get_response_buffer_size(); /* Set neg cache usage numbers */ set_neg_cache_stats(worker, &s->svr, reset); @@ -421,6 +426,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.qtcp_outgoing += a->svr.qtcp_outgoing; total->svr.qtls += a->svr.qtls; total->svr.qtls_resume += a->svr.qtls_resume; + total->svr.qhttps += a->svr.qhttps; total->svr.qipv6 += a->svr.qipv6; total->svr.qbit_QR += a->svr.qbit_QR; total->svr.qbit_AA += a->svr.qbit_AA; @@ -484,6 +490,8 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, if(SSL_session_reused(c->ssl)) stats->qtls_resume++; #endif + if(c->type == comm_http) + stats->qhttps++; } } if(repinfo && addr_is_ip6(&repinfo->addr, repinfo->addrlen)) diff --git a/daemon/unbound.c b/daemon/unbound.c index ceb3da6f5..bc6d2bc9e 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -92,7 +92,7 @@ #include #endif -#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH) #undef HAVE_FORK #endif @@ -337,22 +337,44 @@ readpid (const char* file) /** write pid to file. * @param pidfile: file name of pid file. * @param pid: pid to write to file. + * @return false on failure */ -static void +static int writepid (const char* pidfile, pid_t pid) { - FILE* f; + int fd; + char pidbuf[32]; + size_t count = 0; + snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid); - if ((f = fopen(pidfile, "w")) == NULL ) { + if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + , 0644)) == -1) { log_err("cannot open pidfile %s: %s", pidfile, strerror(errno)); - return; + return 0; } - if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) { - log_err("cannot write to pidfile %s: %s", - pidfile, strerror(errno)); + while(count < strlen(pidbuf)) { + ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count); + if(r == -1) { + if(errno == EAGAIN || errno == EINTR) + continue; + log_err("cannot write to pidfile %s: %s", + pidfile, strerror(errno)); + close(fd); + return 0; + } else if(r == 0) { + log_err("cannot write any bytes to pidfile %s: " + "write returns 0 bytes written", pidfile); + close(fd); + return 0; + } + count += r; } - fclose(f); + close(fd); + return 1; } /** @@ -506,16 +528,17 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* write new pidfile (while still root, so can be outside chroot) */ #ifdef HAVE_KILL if(cfg->pidfile && cfg->pidfile[0] && need_pidfile) { - writepid(daemon->pidfile, getpid()); - if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 && - pidinchroot) { + if(writepid(daemon->pidfile, getpid())) { + if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 && + pidinchroot) { # ifdef HAVE_CHOWN - if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { - verbose(VERB_QUERY, "cannot chown %u.%u %s: %s", - (unsigned)cfg_uid, (unsigned)cfg_gid, - daemon->pidfile, strerror(errno)); - } + if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { + verbose(VERB_QUERY, "cannot chown %u.%u %s: %s", + (unsigned)cfg_uid, (unsigned)cfg_gid, + daemon->pidfile, strerror(errno)); + } # endif /* HAVE_CHOWN */ + } } } #else @@ -534,6 +557,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0) log_warn("unable to setusercontext %s: %s", cfg->username, strerror(errno)); +#else + (void)pwd; #endif /* HAVE_SETUSERCONTEXT */ } #endif /* HAVE_GETPWNAM */ diff --git a/daemon/worker.c b/daemon/worker.c index 9f8db159f..57d58a90d 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -513,7 +513,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, - msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) return 0; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); @@ -544,7 +545,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, msg->rep, - (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad)) + (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad, + worker->env.now_tv)) return 0; msg->rep->flags |= BIT_QR|BIT_RA; if(!apply_edns_options(edns, &edns_bak, worker->env.cfg, @@ -553,7 +555,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, repinfo->c->buffer, 0, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) edns->opt_list = NULL; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); @@ -576,7 +579,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset, struct reply_info** encode_repp, struct auth_zones* az) { - struct respip_action_info actinfo = {0}; + struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; actinfo.action = respip_none; if(qinfo->qtype != LDNS_RR_TYPE_A && @@ -684,7 +687,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) goto bail_out; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); @@ -718,7 +722,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, - (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad)) + (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad, + worker->env.now_tv)) goto bail_out; *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ if((worker->daemon->use_response_ip || worker->daemon->use_rpz) && @@ -754,7 +759,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, repinfo->c->buffer, timenow, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) edns->opt_list = NULL; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); @@ -842,7 +848,8 @@ chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns, edns->udp_size = EDNS_ADVERTISED_SIZE; edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL, - LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) edns->opt_list = NULL; if(sldns_buffer_capacity(pkt) >= sldns_buffer_limit(pkt)+calc_edns_field_size(edns)) @@ -1109,7 +1116,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, struct respip_client_info* cinfo = NULL, cinfo_tmp; memset(&qinfo, 0, sizeof(qinfo)); - if(error != NETEVENT_NOERROR || !repinfo) { + if((error != NETEVENT_NOERROR && error != NETEVENT_DONE)|| !repinfo) { /* some bad tcp query DNS formats give these error calls */ verbose(VERB_ALGO, "handle request called with err=%d", error); return 0; @@ -1219,7 +1226,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_FORMERR); - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(worker->env.cfg->log_queries) { @@ -1237,7 +1243,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_RCODE_REFUSED); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; - server_stats_insrcode(&worker->stats, c->buffer); } goto send_reply; } @@ -1259,7 +1264,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_RCODE_FORMERR); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; - server_stats_insrcode(&worker->stats, c->buffer); } goto send_reply; } @@ -1275,7 +1279,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); regional_free_all(worker->scratchpad); - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(edns.edns_present) { @@ -1355,7 +1358,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, edns.udp_size = 65535; /* max size for TCP replies */ if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo, &edns, repinfo, c->buffer)) { - server_stats_insrcode(&worker->stats, c->buffer); regional_free_all(worker->scratchpad); goto send_reply; } @@ -1376,7 +1378,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, comm_point_drop_reply(repinfo); return 0; } - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(worker->env.auth_zones && @@ -1388,7 +1389,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, comm_point_drop_reply(repinfo); return 0; } - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(worker->env.auth_zones && @@ -1404,7 +1404,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer)) && acl != acl_deny_non_local && acl != acl_refuse_non_local) LDNS_RA_SET(sldns_buffer_begin(c->buffer)); - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } @@ -1433,7 +1432,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), NULL); regional_free_all(worker->scratchpad); - server_stats_insrcode(&worker->stats, c->buffer); log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -1589,9 +1587,9 @@ send_reply_rc: if(is_expired_answer) { worker->stats.ans_expired++; } + server_stats_insrcode(&worker->stats, c->buffer); if(worker->stats.extended) { if(is_secure_answer) worker->stats.ans_secure++; - server_stats_insrcode(&worker->stats, repinfo->c->buffer); } #ifdef USE_DNSTAP if(worker->dtenv.log_client_response_messages) @@ -1727,14 +1725,6 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) return NULL; } explicit_bzero(&seed, sizeof(seed)); -#ifdef USE_DNSTAP - if(daemon->cfg->dnstap) { - log_assert(daemon->dtenv != NULL); - memcpy(&worker->dtenv, daemon->dtenv, sizeof(struct dt_env)); - if(!dt_init(&worker->dtenv)) - fatal_exit("dt_init failed"); - } -#endif return worker; } @@ -1793,13 +1783,22 @@ worker_init(struct worker* worker, struct config_file *cfg, } else { /* !do_sigs */ worker->comsig = NULL; } +#ifdef USE_DNSTAP + if(cfg->dnstap) { + log_assert(worker->daemon->dtenv != NULL); + memcpy(&worker->dtenv, worker->daemon->dtenv, sizeof(struct dt_env)); + if(!dt_init(&worker->dtenv, worker->base)) + fatal_exit("dt_init failed"); + } +#endif worker->front = listen_create(worker->base, ports, cfg->msg_buffer_size, (int)cfg->incoming_num_tcp, cfg->do_tcp_keepalive ? cfg->tcp_keepalive_timeout : cfg->tcp_idle_timeout, - worker->daemon->tcl, - worker->daemon->listen_sslctx, + cfg->harden_large_queries, cfg->http_max_streams, + cfg->http_endpoint, cfg->http_notls_downstream, + worker->daemon->tcl, worker->daemon->listen_sslctx, dtenv, worker_handle_request, worker); if(!worker->front) { log_err("could not create listening sockets"); @@ -1816,7 +1815,7 @@ worker_init(struct worker* worker, struct config_file *cfg, &worker_alloc_cleanup, worker, cfg->do_udp || cfg->udp_upstream_without_downstream, worker->daemon->connect_sslctx, cfg->delay_close, - dtenv); + cfg->tls_use_sni, dtenv, cfg->udp_connect); if(!worker->back) { log_err("could not create outgoing sockets"); worker_delete(worker); diff --git a/dns64/dns64.c b/dns64/dns64.c index 5c70119a5..0a40fd49e 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -198,14 +198,17 @@ uitoa(unsigned n, char* s) static uint32_t extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) { - uint32_t ipv4; + uint32_t ipv4 = 0; + int i, pos; log_assert(ipv6_len == 16); (void)ipv6_len; - ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); - if (offset/8+4 < 16) - ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); + log_assert(offset == 32 || offset == 40 || offset == 48 || offset == 56 || + offset == 64 || offset == 96); + for(i = 0, pos = offset / 8; i < 4; i++, pos++) { + if (pos == 8) + pos++; + ipv4 = ipv4 << 8; + ipv4 |= ipv6[pos]; + } return ipv4; } @@ -296,18 +299,18 @@ synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[], size_t aaaa_len) { + size_t i; + int pos; log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16); + log_assert(prefix_net == 32 || prefix_net == 40 || prefix_net == 48 || + prefix_net == 56 || prefix_net == 64 || prefix_net == 96); (void)prefix_addr_len; (void)a_len; (void)aaaa_len; memcpy(aaaa, prefix_addr, 16); - aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); - aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); - aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8); - aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8); - aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8); - aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8); - aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8); - if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */ - aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8); + for(i = 0, pos = prefix_net / 8; i < a_len; i++, pos++) { + if(pos == 8) + aaaa[pos++] = 0; + aaaa[pos] = a[i]; + } } @@ -374,8 +377,10 @@ dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg) log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix); return 0; } - if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) { - log_err("dns64-prefix length it not between 0 and 96: %s", + if (dns64_env->prefix_net != 32 && dns64_env->prefix_net != 40 && + dns64_env->prefix_net != 48 && dns64_env->prefix_net != 56 && + dns64_env->prefix_net != 64 && dns64_env->prefix_net != 96 ) { + log_err("dns64-prefix length it not 32, 40, 48, 56, 64 or 96: %s", cfg->dns64_prefix); return 0; } diff --git a/dnscrypt/dnscrypt.m4 b/dnscrypt/dnscrypt.m4 index 591bd1375..68964242a 100644 --- a/dnscrypt/dnscrypt.m4 +++ b/dnscrypt/dnscrypt.m4 @@ -11,7 +11,7 @@ AC_DEFUN([dnsc_DNSCRYPT], [opt_dnscrypt=$enableval], [opt_dnscrypt=no]) if test "x$opt_dnscrypt" != "xno"; then - AC_ARG_WITH([libsodium], AC_HELP_STRING([--with-libsodium=path], + AC_ARG_WITH([libsodium], AS_HELP_STRING([--with-libsodium=path], [Path where libsodium is installed, for dnscrypt]), [ CFLAGS="$CFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib" diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index cc5449dff..b8a321670 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -134,9 +134,13 @@ dt_create(struct config_file* cfg) if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] && (cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) { + char* p = cfg->dnstap_socket_path; + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(p, + cfg->chrootdir, strlen(cfg->chrootdir)) == 0) + p += strlen(cfg->chrootdir); verbose(VERB_OPS, "attempting to connect to dnstap socket %s", - cfg->dnstap_socket_path); - check_socket_file(cfg->dnstap_socket_path); + p); + check_socket_file(p); } env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); @@ -240,9 +244,9 @@ dt_apply_cfg(struct dt_env *env, struct config_file *cfg) } int -dt_init(struct dt_env *env) +dt_init(struct dt_env *env, struct comm_base* base) { - env->msgqueue = dt_msg_queue_create(); + env->msgqueue = dt_msg_queue_create(base); if(!env->msgqueue) { log_err("malloc failure"); return 0; diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index cfef6fc42..783b8c514 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -101,10 +101,11 @@ dt_apply_cfg(struct dt_env *env, struct config_file *cfg); /** * Initialize per-worker state in dnstap environment object. * @param env: dnstap environment object to initialize, created with dt_create(). + * @param base: event base for wakeup timer. * @return: true on success, false on failure. */ int -dt_init(struct dt_env *env); +dt_init(struct dt_env *env, struct comm_base* base); /** * Deletes the per-worker state created by dt_init diff --git a/dnstap/dnstap.m4 b/dnstap/dnstap.m4 index ba723e0be..1ff6c3fea 100644 --- a/dnstap/dnstap.m4 +++ b/dnstap/dnstap.m4 @@ -20,7 +20,7 @@ AC_DEFUN([dt_DNSTAP], if test -z "$PROTOC_C"; then AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!]) fi - AC_ARG_WITH([protobuf-c], AC_HELP_STRING([--with-protobuf-c=path], + AC_ARG_WITH([protobuf-c], AS_HELP_STRING([--with-protobuf-c=path], [Path where protobuf-c is installed, for dnstap]), [ # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 if test -f $withval/include/google/protobuf-c/protobuf-c.h; then diff --git a/dnstap/dnstap_fstrm.c b/dnstap/dnstap_fstrm.c index cce16e2e4..289e78bdf 100644 --- a/dnstap/dnstap_fstrm.c +++ b/dnstap/dnstap_fstrm.c @@ -92,6 +92,34 @@ void* fstrm_create_control_frame_stop(size_t* len) return control; } +void* fstrm_create_control_frame_ready(char* contenttype, size_t* len) +{ + uint32_t* control; + size_t n; + /* start bidirectional stream: + * 4 bytes 0 escape + * 4 bytes bigendian length of frame + * 4 bytes bigendian type READY + * 4 bytes bigendian frame option content type + * 4 bytes bigendian length of string + * string of content type. + */ + /* len includes the escape and framelength */ + n = 4+4+4+4+4+strlen(contenttype); + control = malloc(n); + if(!control) { + return NULL; + } + control[0] = 0; + control[1] = htonl(4+4+4+strlen(contenttype)); + control[2] = htonl(FSTRM_CONTROL_FRAME_READY); + control[3] = htonl(FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE); + control[4] = htonl(strlen(contenttype)); + memmove(&control[5], contenttype, strlen(contenttype)); + *len = n; + return control; +} + void* fstrm_create_control_frame_accept(char* contenttype, size_t* len) { uint32_t* control; diff --git a/dnstap/dnstap_fstrm.h b/dnstap/dnstap_fstrm.h index f0cf93628..8b37d5f9e 100644 --- a/dnstap/dnstap_fstrm.h +++ b/dnstap/dnstap_fstrm.h @@ -127,6 +127,21 @@ */ void* fstrm_create_control_frame_start(char* contenttype, size_t* len); +/** + * This creates an FSTRM control frame of type READY. + * @param contenttype: a zero delimited string with the content type. + * eg. use the constant DNSTAP_CONTENT_TYPE, which is defined as + * "protobuf:dnstap.Dnstap", for a dnstap frame stream. + * @param len: if a buffer is returned this is the length of that buffer. + * @return NULL on malloc failure. Returns a malloced buffer with the + * protocol message. The buffer starts with the 4 bytes of 0 that indicate + * a control frame. The buffer should be sent without preceding it with + * the 'len' variable (like data frames are), but straight the content of the + * buffer, because the lengths are included in the buffer. This is so that + * the zero control indicator can be included before the control frame length. + */ +void* fstrm_create_control_frame_ready(char* contenttype, size_t* len); + /** * This creates an FSTRM control frame of type STOP. * @param len: if a buffer is returned this is the length of that buffer. diff --git a/dnstap/dtstream.c b/dnstap/dtstream.c index bb862d441..f1ace3c34 100644 --- a/dnstap/dtstream.c +++ b/dnstap/dtstream.c @@ -48,6 +48,7 @@ #include "util/ub_event.h" #include "util/net_help.h" #include "services/outside_network.h" +#include "sldns/sbuffer.h" #ifdef HAVE_SYS_UN_H #include #endif @@ -67,6 +68,11 @@ #define DTIO_RECONNECT_TIMEOUT_MAX 1000 /** the msec to wait for reconnect slow, to stop busy spinning on reconnect */ #define DTIO_RECONNECT_TIMEOUT_SLOW 1000 +/** number of messages before wakeup of thread */ +#define DTIO_MSG_FOR_WAKEUP 32 + +/** maximum length of received frame */ +#define DTIO_RECV_FRAME_MAX_LEN 1000 struct stop_flush_info; /** DTIO command channel commands */ @@ -85,19 +91,28 @@ static int dtio_add_output_event_write(struct dt_io_thread* dtio); static void dtio_reconnect_enable(struct dt_io_thread* dtio); /** stop from stop_flush event loop */ static void dtio_stop_flush_exit(struct stop_flush_info* info); +/** setup a start control message */ +static int dtio_control_start_send(struct dt_io_thread* dtio); #ifdef HAVE_SSL /** enable briefly waiting for a read event, for SSL negotiation */ static int dtio_enable_brief_read(struct dt_io_thread* dtio); +/** enable briefly waiting for a write event, for SSL negotiation */ +static int dtio_enable_brief_write(struct dt_io_thread* dtio); #endif struct dt_msg_queue* -dt_msg_queue_create(void) +dt_msg_queue_create(struct comm_base* base) { struct dt_msg_queue* mq = calloc(1, sizeof(*mq)); if(!mq) return NULL; mq->maxsize = 1*1024*1024; /* set max size of buffer, per worker, about 1 M should contain 64K messages with some overhead, or a whole bunch smaller ones */ + mq->wakeup_timer = comm_timer_create(base, mq_wakeup_cb, mq); + if(!mq->wakeup_timer) { + free(mq); + return NULL; + } lock_basic_init(&mq->lock); lock_protect(&mq->lock, mq, sizeof(*mq)); return mq; @@ -117,6 +132,7 @@ dt_msg_queue_clear(struct dt_msg_queue* mq) mq->first = NULL; mq->last = NULL; mq->cursize = 0; + mq->msgcount = 0; } void @@ -125,6 +141,7 @@ dt_msg_queue_delete(struct dt_msg_queue* mq) if(!mq) return; lock_basic_destroy(&mq->lock); dt_msg_queue_clear(mq); + comm_timer_delete(mq->wakeup_timer); free(mq); } @@ -141,25 +158,71 @@ static void dtio_wakeup(struct dt_io_thread* dtio) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) continue; - log_err("dnstap io wakeup: write: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) continue; if(WSAGetLastError() == WSAEWOULDBLOCK) continue; - log_err("dnstap io stop: write: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io wakeup: write: %s", + sock_strerror(errno)); break; } break; } } +void +mq_wakeup_cb(void* arg) +{ + struct dt_msg_queue* mq = (struct dt_msg_queue*)arg; + /* even if the dtio is already active, because perhaps much + * traffic suddenly, we leave the timer running to save on + * managing it, the once a second timer is less work then + * starting and stopping the timer frequently */ + lock_basic_lock(&mq->dtio->wakeup_timer_lock); + mq->dtio->wakeup_timer_enabled = 0; + lock_basic_unlock(&mq->dtio->wakeup_timer_lock); + dtio_wakeup(mq->dtio); +} + +/** start timer to wakeup dtio because there is content in the queue */ +static void +dt_msg_queue_start_timer(struct dt_msg_queue* mq) +{ + struct timeval tv; + /* Start a timer to process messages to be logged. + * If we woke up the dtio thread for every message, the wakeup + * messages take up too much processing power. If the queue + * fills up the wakeup happens immediately. The timer wakes it up + * if there are infrequent messages to log. */ + + /* we cannot start a timer in dtio thread, because it is a different + * thread and its event base is in use by the other thread, it would + * give race conditions if we tried to modify its event base, + * and locks would wait until it woke up, and this is what we do. */ + + /* do not start the timer if a timer already exists, perhaps + * in another worker. So this variable is protected by a lock in + * dtio */ + lock_basic_lock(&mq->dtio->wakeup_timer_lock); + if(mq->dtio->wakeup_timer_enabled) { + lock_basic_unlock(&mq->dtio->wakeup_timer_lock); + return; + } + mq->dtio->wakeup_timer_enabled = 1; /* we are going to start one */ + lock_basic_unlock(&mq->dtio->wakeup_timer_lock); + + /* start the timer, in mq, in the event base of our worker */ + tv.tv_sec = 1; + tv.tv_usec = 0; + comm_timer_set(mq->wakeup_timer, &tv); +} + void dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) { - int wakeup = 0; + int wakeupnow = 0, wakeupstarttimer = 0; struct dt_msg_entry* entry; /* check conditions */ @@ -190,9 +253,15 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) /* aqcuire lock */ lock_basic_lock(&mq->lock); - /* list was empty, wakeup dtio */ + /* if list was empty, start timer for (eventual) wakeup */ if(mq->first == NULL) - wakeup = 1; + wakeupstarttimer = 1; + /* if list contains more than wakeupnum elements, wakeup now, + * or if list is (going to be) almost full */ + if(mq->msgcount == DTIO_MSG_FOR_WAKEUP || + (mq->cursize < mq->maxsize * 9 / 10 && + mq->cursize+len >= mq->maxsize * 9 / 10)) + wakeupnow = 1; /* see if it is going to fit */ if(mq->cursize + len > mq->maxsize) { /* buffer full, or congested. */ @@ -203,6 +272,7 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) return; } mq->cursize += len; + mq->msgcount ++; /* append to list */ if(mq->last) { mq->last->next = entry; @@ -213,13 +283,19 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) /* release lock */ lock_basic_unlock(&mq->lock); - if(wakeup) + if(wakeupnow) { dtio_wakeup(mq->dtio); + } else if(wakeupstarttimer) { + dt_msg_queue_start_timer(mq); + } } struct dt_io_thread* dt_io_thread_create(void) { struct dt_io_thread* dtio = calloc(1, sizeof(*dtio)); + lock_basic_init(&dtio->wakeup_timer_lock); + lock_protect(&dtio->wakeup_timer_lock, &dtio->wakeup_timer_enabled, + sizeof(dtio->wakeup_timer_enabled)); return dtio; } @@ -227,6 +303,7 @@ void dt_io_thread_delete(struct dt_io_thread* dtio) { struct dt_io_list_item* item, *nextitem; if(!dtio) return; + lock_basic_destroy(&dtio->wakeup_timer_lock); item=dtio->io_list; while(item) { nextitem = item->next; @@ -261,16 +338,22 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg) } else { dtio->upstream_is_unix = 1; } + dtio->is_bidirectional = cfg->dnstap_bidirectional; if(dtio->upstream_is_unix) { + char* nm; if(!cfg->dnstap_socket_path || cfg->dnstap_socket_path[0]==0) { log_err("dnstap setup: no dnstap-socket-path for " "socket connect"); return 0; } + nm = cfg->dnstap_socket_path; + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, + cfg->chrootdir, strlen(cfg->chrootdir)) == 0) + nm += strlen(cfg->chrootdir); free(dtio->socket_path); - dtio->socket_path = strdup(cfg->dnstap_socket_path); + dtio->socket_path = strdup(nm); if(!dtio->socket_path) { log_err("dnstap setup: malloc failure"); return 0; @@ -351,6 +434,7 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg) log_err("could not setup SSL CTX"); return 0; } + dtio->tls_use_sni = cfg->tls_use_sni; #endif /* HAVE_SSL */ } return 1; @@ -406,6 +490,7 @@ static int dt_msg_queue_pop(struct dt_msg_queue* mq, void** buf, mq->first = entry->next; if(!entry->next) mq->last = NULL; mq->cursize -= entry->len; + mq->msgcount --; lock_basic_unlock(&mq->lock); *buf = entry->buf; @@ -550,6 +635,20 @@ static void dtio_cur_msg_free(struct dt_io_thread* dtio) dtio->cur_msg_len_done = 0; } +/** delete the buffer and counters used to read frame */ +static void dtio_read_frame_free(struct dt_frame_read_buf* rb) +{ + if(rb->buf) { + free(rb->buf); + rb->buf = NULL; + } + rb->buf_count = 0; + rb->buf_cap = 0; + rb->frame_len = 0; + rb->frame_len_done = 0; + rb->control_frame = 0; +} + /** del the output file descriptor event for listening */ static void dtio_del_output_event(struct dt_io_thread* dtio) { @@ -563,11 +662,7 @@ static void dtio_del_output_event(struct dt_io_thread* dtio) /** close dtio socket and set it to -1 */ static void dtio_close_fd(struct dt_io_thread* dtio) { -#ifndef USE_WINSOCK - close(dtio->fd); -#else - closesocket(dtio->fd); -#endif + sock_close(dtio->fd); dtio->fd = -1; } @@ -593,6 +688,11 @@ static void dtio_close_output(struct dt_io_thread* dtio) if(dtio->cur_msg) { dtio_cur_msg_free(dtio); } + + dtio->ready_frame_sent = 0; + dtio->accept_frame_received = 0; + dtio_read_frame_free(&dtio->read_frame); + dtio_reconnect_enable(dtio); } @@ -630,13 +730,8 @@ static int dtio_check_nb_connect(struct dt_io_thread* dtio) char* to = dtio->socket_path; if(!to) to = dtio->ip_str; if(!to) to = ""; -#ifndef USE_WINSOCK log_err("dnstap io: failed to connect to \"%s\": %s", - to, strerror(error)); -#else - log_err("dnstap io: failed to connect to \"%s\": %s", - to, wsa_strerror(error)); -#endif + to, sock_strerror(error)); return -1; /* error, close it */ } @@ -713,7 +808,6 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf, #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 0; - log_err("dnstap io: failed send: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) return 0; @@ -723,9 +817,8 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf, UB_EV_WRITE); return 0; } - log_err("dnstap io: failed send: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io: failed send: %s", sock_strerror(errno)); return -1; } return ret; @@ -749,7 +842,6 @@ static int dtio_write_with_writev(struct dt_io_thread* dtio) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 0; - log_err("dnstap io: failed writev: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) return 0; @@ -759,9 +851,8 @@ static int dtio_write_with_writev(struct dt_io_thread* dtio) UB_EV_WRITE); return 0; } - log_err("dnstap io: failed writev: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io: failed writev: %s", sock_strerror(errno)); /* close the channel */ dtio_del_output_event(dtio); dtio_close_output(dtio); @@ -854,6 +945,94 @@ static int dtio_write_more(struct dt_io_thread* dtio) return 1; } +/** Receive bytes from dtio->fd, store in buffer. Returns 0: closed, + * -1: continue, >0: number of bytes read into buffer */ +static ssize_t receive_bytes(struct dt_io_thread* dtio, void* buf, size_t len) { + ssize_t r; + r = recv(dtio->fd, (void*)buf, len, 0); + if(r == -1) { + char* to = dtio->socket_path; + if(!to) to = dtio->ip_str; + if(!to) to = ""; +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return -1; /* try later */ +#else + if(WSAGetLastError() == WSAEINPROGRESS) { + return -1; /* try later */ + } else if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock( + (dtio->stop_flush_event? + dtio->stop_flush_event:dtio->event), + UB_EV_READ); + return -1; /* try later */ + } +#endif + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) + return 0; /* no log retries on low verbosity */ + log_err("dnstap io: output closed, recv %s: %s", to, + strerror(errno)); + /* and close below */ + return 0; + } + if(r == 0) { + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) + return 0; /* no log retries on low verbosity */ + verbose(VERB_DETAIL, "dnstap io: output closed by the other side"); + /* and close below */ + return 0; + } + /* something was received */ + return r; +} + +#ifdef HAVE_SSL +/** Receive bytes over TLS from dtio->fd, store in buffer. Returns 0: closed, + * -1: continue, >0: number of bytes read into buffer */ +static int ssl_read_bytes(struct dt_io_thread* dtio, void* buf, size_t len) +{ + int r; + ERR_clear_error(); + r = SSL_read(dtio->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(dtio->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) + return 0; /* no log retries on low verbosity */ + verbose(VERB_DETAIL, "dnstap io: output closed by the " + "other side"); + return 0; + } else if(want == SSL_ERROR_WANT_READ) { + /* continue later */ + return -1; + } else if(want == SSL_ERROR_WANT_WRITE) { + (void)dtio_enable_brief_write(dtio); + return -1; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef ECONNRESET + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + errno == ECONNRESET && verbosity < 4) + return 0; /* silence reset by peer */ +#endif + if(errno != 0) + log_err("SSL_read syscall: %s", + strerror(errno)); + verbose(VERB_DETAIL, "dnstap io: output closed by the " + "other side"); + return 0; + } + log_crypto_err("could not SSL_read"); + verbose(VERB_DETAIL, "dnstap io: output closed by the " + "other side"); + return 0; + } + return r; +} +#endif /* HAVE_SSL */ + /** check if the output fd has been closed, * it returns false if the stream is closed. */ static int dtio_check_close(struct dt_io_thread* dtio) @@ -863,44 +1042,17 @@ static int dtio_check_close(struct dt_io_thread* dtio) * packets is okay for the framestream protocol. And also, the * read call can return that the stream has been closed by the * other side. */ - ssize_t r; uint8_t buf[1024]; + int r = -1; + + if(dtio->fd == -1) return 0; - while(1) { - r = recv(dtio->fd, (void*)buf, sizeof(buf), 0); - if(r == -1) { - char* to = dtio->socket_path; - if(!to) to = dtio->ip_str; - if(!to) to = ""; -#ifndef USE_WINSOCK - if(errno == EINTR || errno == EAGAIN) - return 1; /* try later */ -#else - if(WSAGetLastError() == WSAEINPROGRESS) { - return 1; /* try later */ - } else if(WSAGetLastError() == WSAEWOULDBLOCK) { - ub_winsock_tcp_wouldblock( - (dtio->stop_flush_event? - dtio->stop_flush_event:dtio->event), - UB_EV_READ); - return 1; /* try later */ - } -#endif - if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && verbosity < 4) - break; /* no log retries on low verbosity */ - log_err("dnstap io: output closed, recv %s: %s", to, - strerror(errno)); - /* and close below */ - break; - } - if(r == 0) { - if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && verbosity < 4) - break; /* no log retries on low verbosity */ - verbose(VERB_DETAIL, "dnstap io: output closed by the other side"); - /* and close below */ - break; - } - /* something was received, ignore it */ + + while(r != 0) { + /* not interested in buffer content, overwrite */ + r = receive_bytes(dtio, (void*)buf, sizeof(buf)); + if(r == -1) + return 1; } /* the other end has been closed */ /* close the channel */ @@ -909,6 +1061,145 @@ static int dtio_check_close(struct dt_io_thread* dtio) return 0; } +/** Read accept frame. Returns -1: continue reading, 0: closed, + * 1: valid accept received. */ +static int dtio_read_accept_frame(struct dt_io_thread* dtio) +{ + int r; + size_t read_frame_done; + while(dtio->read_frame.frame_len_done < 4) { +#ifdef HAVE_SSL + if(dtio->ssl) { + r = ssl_read_bytes(dtio, + (uint8_t*)&dtio->read_frame.frame_len+ + dtio->read_frame.frame_len_done, + 4-dtio->read_frame.frame_len_done); + } else { +#endif + r = receive_bytes(dtio, + (uint8_t*)&dtio->read_frame.frame_len+ + dtio->read_frame.frame_len_done, + 4-dtio->read_frame.frame_len_done); +#ifdef HAVE_SSL + } +#endif + if(r == -1) + return -1; /* continue reading */ + if(r == 0) { + /* connection closed */ + goto close_connection; + } + dtio->read_frame.frame_len_done += r; + if(dtio->read_frame.frame_len_done < 4) + return -1; /* continue reading */ + + if(dtio->read_frame.frame_len == 0) { + dtio->read_frame.frame_len_done = 0; + dtio->read_frame.control_frame = 1; + continue; + } + dtio->read_frame.frame_len = ntohl(dtio->read_frame.frame_len); + if(dtio->read_frame.frame_len > DTIO_RECV_FRAME_MAX_LEN) { + verbose(VERB_OPS, "dnstap: received frame exceeds max " + "length of %d bytes, closing connection", + DTIO_RECV_FRAME_MAX_LEN); + goto close_connection; + } + dtio->read_frame.buf = calloc(1, dtio->read_frame.frame_len); + dtio->read_frame.buf_cap = dtio->read_frame.frame_len; + if(!dtio->read_frame.buf) { + log_err("dnstap io: out of memory (creating read " + "buffer)"); + goto close_connection; + } + } + if(dtio->read_frame.buf_count < dtio->read_frame.frame_len) { +#ifdef HAVE_SSL + if(dtio->ssl) { + r = ssl_read_bytes(dtio, dtio->read_frame.buf+ + dtio->read_frame.buf_count, + dtio->read_frame.buf_cap- + dtio->read_frame.buf_count); + } else { +#endif + r = receive_bytes(dtio, dtio->read_frame.buf+ + dtio->read_frame.buf_count, + dtio->read_frame.buf_cap- + dtio->read_frame.buf_count); +#ifdef HAVE_SSL + } +#endif + if(r == -1) + return -1; /* continue reading */ + if(r == 0) { + /* connection closed */ + goto close_connection; + } + dtio->read_frame.buf_count += r; + if(dtio->read_frame.buf_count < dtio->read_frame.frame_len) + return -1; /* continue reading */ + } + + /* Complete frame received, check if this is a valid ACCEPT control + * frame. */ + if(dtio->read_frame.frame_len < 4) { + verbose(VERB_OPS, "dnstap: invalid data received"); + goto close_connection; + } + if(sldns_read_uint32(dtio->read_frame.buf) != + FSTRM_CONTROL_FRAME_ACCEPT) { + verbose(VERB_ALGO, "dnstap: invalid control type received, " + "ignored"); + dtio->ready_frame_sent = 0; + dtio->accept_frame_received = 0; + dtio_read_frame_free(&dtio->read_frame); + return -1; + } + read_frame_done = 4; /* control frame type */ + + /* Iterate over control fields, ignore unknown types. + * Need to be able to read at least 8 bytes (control field type + + * length). */ + while(read_frame_done+8 < dtio->read_frame.frame_len) { + uint32_t type = sldns_read_uint32(dtio->read_frame.buf + + read_frame_done); + uint32_t len = sldns_read_uint32(dtio->read_frame.buf + + read_frame_done + 4); + if(type == FSTRM_CONTROL_FIELD_TYPE_CONTENT_TYPE) { + if(len == strlen(DNSTAP_CONTENT_TYPE) && + read_frame_done+8+len <= + dtio->read_frame.frame_len && + memcmp(dtio->read_frame.buf + read_frame_done + + + 8, DNSTAP_CONTENT_TYPE, len) == 0) { + if(!dtio_control_start_send(dtio)) { + verbose(VERB_OPS, "dnstap io: out of " + "memory while sending START frame"); + goto close_connection; + } + dtio->accept_frame_received = 1; + if(!dtio_add_output_event_write(dtio)) + goto close_connection; + return 1; + } else { + /* unknow content type */ + verbose(VERB_ALGO, "dnstap: ACCEPT frame " + "contains unknown content type, " + "closing connection"); + goto close_connection; + } + } + /* unknown option, try next */ + read_frame_done += 8+len; + } + + +close_connection: + dtio_del_output_event(dtio); + dtio_reconnect_slow(dtio, DTIO_RECONNECT_TIMEOUT_SLOW); + dtio_close_output(dtio); + return 0; +} + /** add the output file descriptor event for listening, read only */ static int dtio_add_output_event_read(struct dt_io_thread* dtio) { @@ -1001,6 +1292,24 @@ static int dtio_disable_brief_read(struct dt_io_thread* dtio) } #endif /* HAVE_SSL */ +#ifdef HAVE_SSL +/** enable the brief write condition */ +static int dtio_enable_brief_write(struct dt_io_thread* dtio) +{ + dtio->ssl_brief_write = 1; + return dtio_add_output_event_write(dtio); +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** disable the brief write condition */ +static int dtio_disable_brief_write(struct dt_io_thread* dtio) +{ + dtio->ssl_brief_write = 0; + return dtio_add_output_event_read(dtio); +} +#endif /* HAVE_SSL */ + #ifdef HAVE_SSL /** check peer verification after ssl handshake connection, false if closed*/ static int dtio_ssl_check_peer(struct dt_io_thread* dtio) @@ -1174,8 +1483,13 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) } #endif - if((bits&UB_EV_READ)) { - if(!dtio_check_close(dtio)) + if((bits&UB_EV_READ || dtio->ssl_brief_write)) { + if(dtio->ssl_brief_write) + (void)dtio_disable_brief_write(dtio); + if(dtio->ready_frame_sent && !dtio->accept_frame_received) { + if(dtio_read_accept_frame(dtio) <= 0) + return; + } else if(!dtio_check_close(dtio)) return; } @@ -1207,6 +1521,15 @@ void dtio_output_cb(int ATTR_UNUSED(fd), short bits, void* arg) /* done with the current message */ dtio_cur_msg_free(dtio); + + /* If this is a bidirectional stream the first message will be + * the READY control frame. We can only continue writing after + * receiving an ACCEPT control frame. */ + if(dtio->is_bidirectional && !dtio->ready_frame_sent) { + dtio->ready_frame_sent = 1; + (void)dtio_add_output_event_read(dtio); + break; + } } } @@ -1223,15 +1546,13 @@ void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return; /* ignore this */ - log_err("dnstap io: failed to read: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) return; if(WSAGetLastError() == WSAEWOULDBLOCK) return; - log_err("dnstap io: failed to read: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io: failed to read: %s", sock_strerror(errno)); /* and then fall through to quit the thread */ } else if(r == 0) { verbose(VERB_ALGO, "dnstap io: cmd channel closed"); @@ -1239,6 +1560,13 @@ void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg) verbose(VERB_ALGO, "dnstap io: cmd channel cmd quit"); } else if(r == 1 && cmd == DTIO_COMMAND_WAKEUP) { verbose(VERB_ALGO, "dnstap io: cmd channel cmd wakeup"); + + if(dtio->is_bidirectional && !dtio->accept_frame_received) { + verbose(VERB_ALGO, "dnstap io: cmd wakeup ignored, " + "waiting for ACCEPT control frame"); + return; + } + /* reregister event */ if(!dtio_add_output_event_write(dtio)) return; @@ -1560,6 +1888,25 @@ static int dtio_control_start_send(struct dt_io_thread* dtio) return 1; } +/** setup a ready control message */ +static int dtio_control_ready_send(struct dt_io_thread* dtio) +{ + log_assert(dtio->cur_msg == NULL && dtio->cur_msg_len == 0); + dtio->cur_msg = fstrm_create_control_frame_ready(DNSTAP_CONTENT_TYPE, + &dtio->cur_msg_len); + if(!dtio->cur_msg) { + return 0; + } + /* setup to send the control message */ + /* set that the buffer needs to be sent, but the length + * of that buffer is already written, that way the buffer can + * start with 0 length and then the length of the control frame + * in it */ + dtio->cur_msg_done = 0; + dtio->cur_msg_len_done = 4; + return 1; +} + /** open the output file descriptor for af_local */ static int dtio_open_output_local(struct dt_io_thread* dtio) { @@ -1567,13 +1914,8 @@ static int dtio_open_output_local(struct dt_io_thread* dtio) struct sockaddr_un s; dtio->fd = socket(AF_LOCAL, SOCK_STREAM, 0); if(dtio->fd == -1) { -#ifndef USE_WINSOCK log_err("dnstap io: failed to create socket: %s", - strerror(errno)); -#else - log_err("dnstap io: failed to create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + sock_strerror(errno)); return 0; } memset(&s, 0, sizeof(s)); @@ -1588,13 +1930,13 @@ static int dtio_open_output_local(struct dt_io_thread* dtio) if(connect(dtio->fd, (struct sockaddr*)&s, (socklen_t)sizeof(s)) == -1) { char* to = dtio->socket_path; -#ifndef USE_WINSOCK + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) { + dtio_close_fd(dtio); + return 0; /* no log retries on low verbosity */ + } log_err("dnstap io: failed to connect to \"%s\": %s", - to, strerror(errno)); -#else - log_err("dnstap io: failed to connect to \"%s\": %s", - to, wsa_strerror(WSAGetLastError())); -#endif + to, sock_strerror(errno)); dtio_close_fd(dtio); return 0; } @@ -1619,18 +1961,18 @@ static int dtio_open_output_tcp(struct dt_io_thread* dtio) } dtio->fd = socket(addr.ss_family, SOCK_STREAM, 0); if(dtio->fd == -1) { -#ifndef USE_WINSOCK - log_err("can't create socket: %s", strerror(errno)); -#else - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + log_err("can't create socket: %s", sock_strerror(errno)); return 0; } fd_set_nonblock(dtio->fd); if(connect(dtio->fd, (struct sockaddr*)&addr, addrlen) == -1) { if(errno == EINPROGRESS) return 1; /* wait until connect done*/ + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) { + dtio_close_fd(dtio); + return 0; /* no log retries on low verbosity */ + } #ifndef USE_WINSOCK if(tcp_connect_errno_needs_log( (struct sockaddr *)&addr, addrlen)) { @@ -1661,7 +2003,8 @@ static int dtio_setup_ssl(struct dt_io_thread* dtio) dtio->ssl_handshake_done = 0; dtio->ssl_brief_read = 0; - if(!set_auth_name_on_ssl(dtio->ssl, dtio->tls_server_name)) { + if(!set_auth_name_on_ssl(dtio->ssl, dtio->tls_server_name, + dtio->tls_use_sni)) { return 0; } return 1; @@ -1691,7 +2034,8 @@ static void dtio_open_output(struct dt_io_thread* dtio) } dtio->check_nb_connect = 1; - /* the EV_READ is to catch channel close, write to write packets */ + /* the EV_READ is to read ACCEPT control messages, and catch channel + * close. EV_WRITE is to write packets */ ev = ub_event_new(dtio->event_base, dtio->fd, UB_EV_READ | UB_EV_WRITE | UB_EV_PERSIST, &dtio_output_cb, dtio); @@ -1710,7 +2054,8 @@ static void dtio_open_output(struct dt_io_thread* dtio) dtio->event = ev; /* setup protocol control message to start */ - if(!dtio_control_start_send(dtio)) { + if((!dtio->is_bidirectional && !dtio_control_start_send(dtio)) || + (dtio->is_bidirectional && !dtio_control_ready_send(dtio)) ) { log_err("dnstap io: out of memory"); ub_event_free(dtio->event); dtio->event = NULL; @@ -1809,15 +2154,14 @@ void dt_io_thread_stop(struct dt_io_thread* dtio) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) continue; - log_err("dnstap io stop: write: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) continue; if(WSAGetLastError() == WSAEWOULDBLOCK) continue; - log_err("dnstap io stop: write: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io stop: write: %s", + sock_strerror(errno)); break; } break; diff --git a/dnstap/dtstream.h b/dnstap/dtstream.h index 4bb027d5b..f87d6dc8d 100644 --- a/dnstap/dtstream.h +++ b/dnstap/dtstream.h @@ -49,6 +49,7 @@ struct dt_msg_entry; struct dt_io_list_item; struct dt_io_thread; struct config_file; +struct comm_base; /** * A message buffer with dnstap messages queued up. It is per-worker. @@ -68,11 +69,15 @@ struct dt_msg_queue { /** current size of the buffer, in bytes. data bytes of messages. * If a new message make it more than maxsize, the buffer is full */ size_t cursize; + /** number of messages in the queue */ + int msgcount; /** list of messages. The messages are added to the back and taken * out from the front. */ struct dt_msg_entry* first, *last; /** reference to the io thread to wakeup */ struct dt_io_thread* dtio; + /** the wakeup timer for dtio, on worker event base */ + struct comm_timer* wakeup_timer; }; /** @@ -88,6 +93,27 @@ struct dt_msg_entry { size_t len; }; +/** + * Containing buffer and counter for reading DNSTAP frames. + */ +struct dt_frame_read_buf { + /** Buffer containing frame, except length counter(s). */ + void* buf; + /** Number of bytes written to buffer. */ + size_t buf_count; + /** Capacity of the buffer. */ + size_t buf_cap; + + /** Frame length field. Will contain the 2nd length field for control + * frames. */ + uint32_t frame_len; + /** Number of bytes that have been written to the frame_length field. */ + size_t frame_len_done; + + /** Set to 1 if this is a control frame, 0 otherwise (ie data frame). */ + int control_frame; +}; + /** * IO thread that reads from the queues and writes them. */ @@ -109,6 +135,8 @@ struct dt_io_thread { int started; /** ssl context for the io thread, for tls connections. type SSL_CTX* */ void* ssl_ctx; + /** if SNI will be used for TLS connections. */ + int tls_use_sni; /** file descriptor that the thread writes to */ int fd; @@ -128,6 +156,9 @@ struct dt_io_thread { * This happens during negotiation, we then do not want to write, * but wait for a read event. */ int ssl_brief_read; + /** true if SSL_read is waiting for a write event. Set back to 0 after + * single write event is handled. */ + int ssl_brief_write; /** the buffer that currently getting written, or NULL if no * (partial) message written now */ @@ -140,6 +171,10 @@ struct dt_io_thread { * for the current message length that precedes the frame */ size_t cur_msg_len_done; + /** lock on wakeup_timer_enabled */ + lock_basic_type wakeup_timer_lock; + /** if wakeup timer is enabled in some thread */ + int wakeup_timer_enabled; /** command pipe that stops the pipe if closed. Used to quit * the program. [0] is read, [1] is written to. */ int commandpipe[2]; @@ -169,6 +204,16 @@ struct dt_io_thread { * and client certificates can be used for authentication. */ int upstream_is_tls; + /** Perform bidirectional Frame Streams handshake before sending + * messages. */ + int is_bidirectional; + /** Set if the READY control frame has been sent. */ + int ready_frame_sent; + /** Set if valid ACCEPT frame is received. */ + int accept_frame_received; + /** (partially) read frame */ + struct dt_frame_read_buf read_frame; + /** the file path for unix socket (or NULL) */ char* socket_path; /** the ip address and port number (or NULL) */ @@ -197,9 +242,10 @@ struct dt_io_list_item { /** * Create new (empty) worker message queue. Limit set to default on max. + * @param base: event base for wakeup timer. * @return NULL on malloc failure or a new queue (not locked). */ -struct dt_msg_queue* dt_msg_queue_create(void); +struct dt_msg_queue* dt_msg_queue_create(struct comm_base* base); /** * Delete a worker message queue. It has to be unlinked from access, @@ -222,6 +268,9 @@ void dt_msg_queue_delete(struct dt_msg_queue* mq); */ void dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len); +/** timer callback to wakeup dtio thread to process messages */ +void mq_wakeup_cb(void* arg); + /** * Create IO thread. * @return new io thread object. not yet started. or NULL malloc failure. diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c index 97ed7a087..8e28be4e8 100644 --- a/dnstap/unbound-dnstap-socket.c +++ b/dnstap/unbound-dnstap-socket.c @@ -278,57 +278,31 @@ static int make_tcp_accept(char* ip) } if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) { -#ifndef USE_WINSOCK - log_err("can't create socket: %s", strerror(errno)); -#else - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + log_err("can't create socket: %s", sock_strerror(errno)); return -1; } #ifdef SO_REUSEADDR if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + sock_strerror(errno)); + sock_close(s); return -1; } #endif /* SO_REUSEADDR */ if(bind(s, (struct sockaddr*)&addr, len) != 0) { -#ifndef USE_WINSOCK - log_err_addr("can't bind socket", strerror(errno), + log_err_addr("can't bind socket", sock_strerror(errno), &addr, len); - close(s); -#else - log_err_addr("can't bind socket", - wsa_strerror(WSAGetLastError()), &addr, len); - closesocket(s); -#endif + sock_close(s); return -1; } if(!fd_set_nonblock(s)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; } if(listen(s, LISTEN_BACKLOG) == -1) { -#ifndef USE_WINSOCK - log_err("can't listen: %s", strerror(errno)); - close(s); -#else - log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + log_err("can't listen: %s", sock_strerror(errno)); + sock_close(s); return -1; } return s; @@ -654,7 +628,6 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return -1; - log_err("could not recv: %s", strerror(errno)); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAEINPROGRESS) return -1; @@ -662,9 +635,8 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ); return -1; } - log_err("could not recv: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("could not recv: %s", sock_strerror(errno)); if(verbosity) log_info("dnstap client stream closed from %s", (data->id?data->id:"")); return 0; @@ -755,7 +727,7 @@ static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) } /** delete the tap structure */ -void tap_data_free(struct tap_data* data) +static void tap_data_free(struct tap_data* data) { ub_event_del(data->ev); ub_event_free(data->ev); @@ -770,10 +742,11 @@ void tap_data_free(struct tap_data* data) /** reply with ACCEPT control frame to bidirectional client, * returns 0 on error */ -static int reply_with_accept(int fd) +static int reply_with_accept(struct tap_data* data) { #ifdef USE_DNSTAP /* len includes the escape and framelength */ + int r; size_t len = 0; void* acceptframe = fstrm_create_control_frame_accept( DNSTAP_CONTENT_TYPE, &len); @@ -782,26 +755,34 @@ static int reply_with_accept(int fd) return 0; } - fd_set_block(fd); - if(send(fd, acceptframe, len, 0) == -1) { -#ifndef USE_WINSOCK - log_err("send failed: %s", strerror(errno)); -#else - log_err("send failed: %s", wsa_strerror(WSAGetLastError())); -#endif - fd_set_nonblock(fd); - free(acceptframe); - return 0; + fd_set_block(data->fd); + if(data->ssl) { + if((r=SSL_write(data->ssl, acceptframe, len)) <= 0) { + if(SSL_get_error(data->ssl, r) == SSL_ERROR_ZERO_RETURN) + log_err("SSL_write, peer closed connection"); + else + log_err("could not SSL_write"); + fd_set_nonblock(data->fd); + free(acceptframe); + return 0; + } + } else { + if(send(data->fd, acceptframe, len, 0) == -1) { + log_err("send failed: %s", sock_strerror(errno)); + fd_set_nonblock(data->fd); + free(acceptframe); + return 0; + } } if(verbosity) log_info("sent control frame(accept) content-type:(%s)", DNSTAP_CONTENT_TYPE); - fd_set_nonblock(fd); + fd_set_nonblock(data->fd); free(acceptframe); return 1; #else log_err("no dnstap compiled, no reply"); - (void)fd; + (void)data; return 0; #endif } @@ -820,11 +801,7 @@ static int reply_with_finish(int fd) fd_set_block(fd); if(send(fd, finishframe, len, 0) == -1) { -#ifndef USE_WINSOCK - log_err("send failed: %s", strerror(errno)); -#else - log_err("send failed: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("send failed: %s", sock_strerror(errno)); fd_set_nonblock(fd); free(finishframe); return 0; @@ -1033,7 +1010,7 @@ void dtio_tap_callback(int fd, short ATTR_UNUSED(bits), void* arg) FSTRM_CONTROL_FRAME_READY) { data->is_bidirectional = 1; if(verbosity) log_info("bidirectional stream"); - if(!reply_with_accept(fd)) { + if(!reply_with_accept(data)) { tap_data_free(data); } } else if(data->len >= 4 && sldns_read_uint32(data->frame) == @@ -1080,7 +1057,6 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) #endif /* EPROTO */ ) return; - log_err_addr("accept failed", strerror(errno), &addr, addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAECONNRESET) @@ -1089,9 +1065,9 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ); return; } - log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), - &addr, addrlen); #endif + log_err_addr("accept failed", sock_strerror(errno), &addr, + addrlen); return; } fd_set_nonblock(s); @@ -1190,9 +1166,12 @@ int sig_quit = 0; /** signal handler for user quit */ static RETSIGTYPE main_sigh(int sig) { - verbose(VERB_ALGO, "exit on signal %d\n", sig); - if(sig_base) + if(!sig_quit) + fprintf(stderr, "exit on signal %d\n", sig); + if(sig_base) { ub_event_base_loopexit(sig_base); + sig_base = NULL; + } sig_quit = 1; } @@ -1233,9 +1212,9 @@ setup_and_run(struct config_strlist_head* local_list, if(verbosity) log_info("start of service"); ub_event_base_dispatch(base); + sig_base = NULL; if(verbosity) log_info("end of service"); - sig_base = NULL; tap_socket_list_delete(maindata->acceptlist); ub_event_base_free(base); free(maindata); @@ -1376,6 +1355,10 @@ int main(int argc, char** argv) struct tube; struct query_info; #include "util/data/packed_rrset.h" +#include "daemon/worker.h" +#include "daemon/remote.h" +#include "util/fptr_wlist.h" +#include "libunbound/context.h" void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), diff --git a/doc/Changelog b/doc/Changelog index 7e92f5d8a..b9774cf32 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,531 @@ +18 January 2021: Wouter + - Fix #404: DNS query with small edns bufsize fail. + - Fix declaration before statement and signed comparison warning in + dns64. + +15 January 2021: Wouter + - Merge #402 from fobser: Implement IPv4-Embedded addresses according + to RFC6052. + +14 January 2021: Wouter + - Fix for #93: dynlibmodule import library is named libunbound.dll.a. + +13 January 2021: Wouter + - Merge #399 from xiangbao227: The lock of lruhash table should + unlocked after markdel entry. + - Fix for #93: dynlibmodule link fix for Windows. + +12 January 2021: Wouter + - Fix #397: [Feature request] add new type always_null to local-zone + similar to always_nxdomain. + - Fix so local zone types always_nodata and always_deny can be used + from the config file. + +8 January 2021: Wouter + - Merge PR #391 from fhriley: Add start_time to reply callbacks so + modules can compute the response time. + - For #391: use struct timeval* start_time for callback information. + - For #391: fix indentation. + - For #391: more double casts in python start time calculation. + - Add comment documentation. + - Fix clang analysis warning. + +6 January 2021: Wouter + - Fix #379: zone loading over HTTP appears to have buffer issues. + - Merge PR #395 from mptre: add missing null check. + - Fix #387: client-subnet-always-forward seems to effectively bypass + any caching? + +5 January 2021: Wouter + - Fix #385: autoconf 2.70 impacts unbound build + - Merge PR #375 by fhriley: Add rpz_enable and rpz_disable commands + to unbound-control. + +4 January 2021: Wouter + - For #376: Fix that comm point event is not double removed or double + added to event map. + - iana portlist updated. + +16 December 2020: George + - Fix error cases when udp-connect is set and send() returns an error + (modified patch from Xin Li @delphij). + +11 December 2020: Wouter + - Fix #371: unbound-control timeout when Unbound is not running. + - Fix to squelch permission denied and other errors from remote host, + they are logged at higher verbosity but not on low verbosity. + - Merge PR #335 from fobser: Sprinkle in some static to prevent + missing prototype warnings. + - Merge PR #373 from fobser: Warning: arithmetic on a pointer to void + is a GNU extension. + - Fix missing prototypes in the code. + +3 December 2020: Wouter + - make depend. + - iana portlist updated. + +2 December 2020: Wouter + - Fix #360: for the additionally reported TCP Fast Open makes TCP + connections fail, in that case we print a hint that this is + happening with the error in the logs. + - Fix #356: deadlock when listening tcp. + - Fix unbound-dnstap-socket to not use log routine from interrupt + handler and not print so frequently when invoked in sequence. + - Fix on windows to ignore connection failure on UDP, unless verbose. + - Fix for #283: fix stream reuse and tcp fast open. + - Fix update, with write event check with streamreuse and fastopen. + +2 December 2020: Willem + - Support for RFC5001: DNS Name Server Identifier (NSID) Option + with the nsid: option in unbound.conf + +1 December 2020: Wouter + - Fix #358: Squelch udp connect 'no route to host' errors on low + verbosity. + +30 November 2020: Wouter + - Fix assertion failure on double callback when iterator loses + interest in query at head of line that then has the tcp stream + not kept for reuse. + - tag for the 1.13.0rc4 release. This also became the 1.13.0 + release version on 3 dec 2020 with the streamreuse and fastopen + fix from 2 dec 2020. The code repo continues for 1.13.1 in + development. + +27 November 2020: Wouter + - Fix compile warning for type cast in http2_submit_dns_response. + - Fix when use free buffer to initialize rbtree for stream reuse. + - Fix compile warnings for windows. + - Fix compile warnings in rpz initialization. + - Fix contrib/metrics.awk for FreeBSD awk compatibility. + - tag for the 1.13.0rc3 release. + +26 November 2020: Wouter + - Fix to omit UDP receive errors from log, if verbosity low. + These happen because of udp-connect. + - For #352: contrib/metrics.awk for Prometheus style metrics output. + - Fix that after failed read, the readagain cannot activate. + - Clear readagain upon decommission of pending tcp structure. + +25 November 2020: Wouter + - with udp-connect ignore connection refused with UDP timeouts. + - Fix udp-connect on FreeBSD, do send calls on connected UDP socket. + - Better fix for reuse tree comparison for is-tls sockets. Where + the tree key identity is preserved after cleanup of the TLS state. + - Remove debug commands from reuse tests. + - Fix memory leak for edns client tag opcode config element. + - Attempt fix for libevent state in tcp reuse cases after a packet + is written. + - Fix readagain and writeagain callback functions for comm point + cleanup. + - tag for the 1.13.0rc2 release. + +24 November 2020: Wouter + - Merge PR #283 : Stream reuse. This implements upstream stream + reuse for performing several queries over the same TCP or TLS + channel. + - set version of main branch to 1.13.0 for upcoming release. + - iana portlist updated. + - Fix one port unit test for udp-connect. + - tag for the 1.13.0rc1 release. + - Fix crash when TLS connection is closed prematurely, when + reuse tree comparison is not properly identical to insertion. + - Fix padding of struct regional for 32bit systems. + +23 November 2020: George + - Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with + edns-client-string option. + +23 November 2020: Wouter + - Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket + address families. + - Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error: + failed to list interfaces: getifaddrs: Address family not + supported by protocol. + - Fix #347: IP_DONTFRAG broken on Apple xcode 12.2. + - Option to toggle udp-connect, default is enabled. + - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. + - Further fix for it and retvalue 0 fix for it. + +12 November 2020: Wouter + - Fix to connect() to UDP destinations, default turned on, + this lowers vulnerability to ICMP side channels. + - Retry for interfaces with unused ports if possible. + +10 November 2020: Wouter + - Fix #341: fixing a possible memory leak. + - Fix memory leak after fix for possible memory leak failure. + - Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX' + undeclared. + +27 October 2020: Wouter + - In man page note that tls-cert-bundle is read before permission + drop and chroot. + +22 October 2020: Wouter + - Fix #333: Unbound Segmentation Fault w/ log_info Functions From + Python Mod. + - Fix that minimal-responses does not remove addresses from a priming + query response. + +21 October 2020: George + - Fix #327: net/if.h check fails on some darwin versions; contribution by + Joshua Root. + - Fix #320: potential memory corruption due to size miscomputation upton + custom region alloc init. + +21 October 2020: Wouter + - Merge PR #228 : infra-keep-probing option to probe hosts that are + down. Add infra-keep-probing: yes option. Hosts that are down are + probed more frequently. + With the option turned on, it probes about every 120 seconds, + eventually after exponential backoff, and that keeps that way. If + traffic keeps up for the domain. It probes with one at a time, eg. + one query is allowed to probe, other queries within that 120 second + interval are turned away. + +19 October 2020: George + - Merge PR #324 from James Renken: Add modern X.509v3 extensions to + unbound-control TLS certificates. + - Fix for PR #324 to attach the x509v3 extensions to the client + certificate. + +19 October 2020: Ralph + - local-zone regional allocations outside of chunk + +19 October 2020: Wouter + - Fix that http settings have colon in set_option, for + http-endpoint, http-max-streams, http-query-buffer-size, + http-response-buffer-size, and http-nodelay. + - Fix memory leak of https port string when reading config. + - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. + This adds the option http-notls-downstream: yesno to change that, + and the dohclient test code has the -n option. + - Fix python documentation warning on functions.rst inplace_cb_reply. + - Fix dnstap test to wait for log timer to see if queries are logged. + - Log ip address when http session recv fails, eg. due to tls fail. + - Fix to set the tcp handler event toggle flag back to default when + the handler structure is reused. + - Clean the fix for out of order TCP processing limits on number + of queries. It was tested to work. + +16 October 2020: Wouter + - Fix that the out of order TCP processing does not limit the + number of outstanding queries over a connection. + +15 October 2020: George + - Fix that if there are reply callbacks for the given rcode, those + are called per reply and a new message created if that was modified + by the call. + - Pass the comm_reply information to the inplace_cb_reply* functions + during the mesh state and update the documentation on that. + +15 October 2020: Wouter + - Merge PR #326 from netblue30: DoH: implement content-length + header field + - DoH content length, simplify code, remove declaration after + statement and fix cast warning. + +14 October 2020: Wouter + - Fix for python reply callback to see mesh state reply_list member, + it only removes it briefly for the commpoint call so that it does + not drop it and attempt to modify the reply list during reply. + - Fix that if there are on reply callbacks, those are called per + reply and a new message created if that was modified by the call. + - Free up auth zone parse region after use for lookup of host + +13 October 2020: Wouter + - Fix #323: unbound testsuite fails on mock build in systemd-nspawn + if systemd support is build. + +9 October 2020: Wouter + - Fix dnstap socket and the chroot not applied properly to the dnstap + socket path. + - Fix warning in libnss compile, nss_buf2dsa is not used without DSA. + +8 October 2020: Wouter + - Tag for 1.12.0 release. + - Current repo is version 1.12.1 in development. + - Fix #319: potential memory leak on config failure, in rpz config. + +1 October 2020: Wouter + - Current repo is version 1.12.0 for release. Tag for 1.12.0rc1. + +30 September 2020: Wouter + - Fix doh tests when not compiled in. + - Add dohclient test executable to gitignore. + - Fix stream_ssl, ssl_req_order and ssl_req_timeout tests for + alloc check debug output. + - Easier kill of unbound-dnstap-socket tool in test. + - Fix memory leak of edns tags at libunbound context delete. + - Fix double loopexit for unbound-dnstap-socket after sigterm. + +29 September 2020: Ralph + - DNS Flag Day 2020: change edns-buffer-size default to 1232. + +28 September 2020: Wouter + - Fix unit test for dnstap changes, so that it waits for the timer. + +23 September 2020: Wouter + - Fix #305: dnstap logging significantly affects unbound performance + (regression in 1.11). + - Fix #305: only wake up thread when threshold reached. + - Fix to ifdef fptr wlist item for dnstap. + +23 September 2020: Ralph + - Fix edns-client-tags get_option typo + - Add edns-client-tag-opcode option + - Use inclusive language in configuration + +21 September 2020: Ralph + - Fix #304: dnstap logging not recovering after dnstap process restarts + +21 September 2020: Wouter + - Merge PR #311 by luismerino: Dynlibmod leak. + - Error message is logged for dynlibmod malloc failures. + - iana portlist updated. + +18 September 2020: Wouter + - Fix that prefer-ip4 and prefer-ip6 can be get and set with + unbound-control, with libunbound and the unbound-checkconf option + output function. + - iana portlist updated. + +15 September 2020: George + - Introduce test for statistics. + +15 September 2020: Wouter + - Spelling fix. + +11 September 2020: Wouter + - Remove x file mode on ipset/ipset.c and h files. + +9 September 2020: Wouter + - Fix num.expired statistics output. + +31 August 2020: Wouter + - Merge PR #293: Add missing prototype. Also refactor to use the new + shorthand function to clean up the code. + - Refactor to use sock_strerr shorthand function. + - Fix #296: systemd nss-lookup.target is reached before unbound can + successfully answer queries. Changed contrib/unbound.service.in. + +27 August 2020: Wouter + - Similar to NSD PR#113, implement that interface names can be used, + eg. something like interface: eth0 is resolved at server start and + uses the IP addresses for that named interface. + - Review fix, doxygen and assign null in case of error free. + +26 August 2020: George + - Update documentation in python example code. + +24 August 2020: Wouter + - Fix that dnstap reconnects do not spam the log with the repeated + attempts. Attempts on the timer are only logged on high verbosity, + if they produce a connection failure error. + - Fix to apply chroot to dnstap-socket-path, if chroot is enabled. + - Change configure to use EVP_sha256 instead of HMAC_Update for + openssl-3.0.0. + +20 August 2020: Ralph + - Fix stats double count issue (#289). + +13 August 2020: Ralph + - Create and init edns tags data for libunbound. + +10 August 2020: Ralph + - Merge (modified) PR #277, use EVP_MAC_CTX_set_params if available, + by Vítězslav Čížek. + +10 August 2020: Wouter + - Fix #287: doc typo: "Additionaly". + - Rerun autoconf + +6 August 2020: Wouter + - Merge PR #284 and Fix #246: Remove DLV entirely from Unbound. + The DLV has been decommisioned and in unbound 1.5.4, in 2015, there + was advise to stop using it. The current code base does not contain + DLV code any more. The use of dlv options displays a warning. + +5 August 2020: Wouter + - contrib/aaaa-filter-iterator.patch file renewed diff content to + apply cleanly to the current coderepo for the current code version. + +5 August 2020: Ralph + - Merge PR #272: Add EDNS client tag functionality. + +4 August 2020: George + - Improve error log message when inserting rpz RR. + - Merge PR #280, Make tvOS & watchOS checks verify truthiness as well as + definedness, by Felipe Gasper. + +4 August 2020: Wouter + - Fix mini_event.h on OpenBSD cannot find fd_set. + +31 July 2020: Wouter + - Fix doxygen comment for no ssl for tls session ticket key callback + routine. + +27 July 2020: George + - Merge PR #268, draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on + March 2020, by and0x000. + +27 July 2020: Ralph + - Merge PR #269, Fix python module len() implementations, by Torbjörn + Lönnemark + +27 July 2020: Wouter + - branch now named 1.11.1. 1.11.0rc1 became the 1.11.0 release. + - Merge PR #270 from cgzones: munin plugin: always exit 0 in autoconf + +20 July 2020: Wouter + - Fix streamtcp to print packet data to stdout. This makes the + stdout and stderr not mix together lines, when parsing its output. + - Fix contrib/fastrpz.patch to apply cleanly. It fixes for changes + due to added libdynmod, but it does not compile, it conflicts with + new rpz code. + - branch now named 1.11.0 and 1.11.0rc1 tag. + +17 July 2020: Wouter + - Fix libnettle compile for session ticket key callback function + changes. + - Fix lock dependency cycle in rpz zone config setup. + +17 July 2020: Ralph + - Merge PR #234 - Ensure proper alignment of cmsg buffers by Jérémie + Courrèges-Anglas. + - Fix PR #234 log_assert sizeof to use union buffer. + +16 July 2020: Wouter + - Fix check conf test for referencing installation paths. + - Fix unused variable warning for clang analyzer. + +16 July 2020: George + - Introduce 'include-toplevel:' configuration option. + +16 July 2020: Ralph + - Add bidirectional frame streams support. + +8 July 2020: Wouter + - Fix add missing DSA header, for compilation without deprecated + OpenSSL APIs. + - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL + 3.0.0-alpha4. + - Longer keys for the test set, this avoids weak crypto errors. + +7 July 2020: Wouter + - Fix #259: Fix unbound-checkconf does not check view existence. + unbound-checkconf checks access-control-view, access-control-tags, + access-control-tag-actions and access-control-tag-datas. + - Fix offset of error printout for access-control-tag-datas. + - Review fixes for checkconf #259 change. + +6 July 2020: Wouter + - run_vm cleanup better and removes trailing slash on single argument. + +29 June 2020: Wouter + - Move reply list clean for serve expired mesh callback to after + the reply is sent, so that script callbacks have reply_info. + - Also move reply list clean for mesh callbacks to the scrip callback + can see the reply_info. + - Fix for mesh accounting if the reply list already empty to begin + with. + - Fix for mesh accounting when rpz decides to drop a reply with a + tcp stream waiting for it. + - Review fix for number of detached states due to use of variable + after end of loop. + - Fix tcp req info drop due to size call into mesh accounting + removal of mesh state during mesh send reply. + +24 June 2020: Wouter + - iana portlist updated. + - doxygen file comments for dynlibmodule. + +17 June 2020: Wouter + - Fix default explanation in man page for qname-minimisation-strict. + - Fix display of event loop method with libev. + +8 June 2020: Wouter + - Mention tls name possible when tls is enabled for stub-addr in the + man page. + +27 May 2020: George + - Merge PR #241 by Robert Edmonds: contrib/libunbound.pc.in: Do not use + "Requires:". + +25 May 2020: George + - Update contrib/aaaa-filter-iterator.patch for the recent + generate_sub_request() change and to apply cleanly. + +21 May 2020: George + - Fix for integer overflow when printing RDF_TYPE_TIME. + +19 May 2020: Wouter + - CVE-2020-12662 Unbound can be tricked into amplifying an incoming + query into a large number of queries directed to a target. + - CVE-2020-12663 Malformed answers from upstream name servers can be + used to make Unbound unresponsive. + - Release 1.10.1 is 1.10.0 with fixes, code repository continues, + including those fixes, towards the next release. Configure has + version 1.10.2 version number in it. + - For PR #93: windows compile warnings removal + - windows compile warnings removal for ip dscp option code. + - For PR #93: unit test for dynlib module. + +18 May 2020: Wouter + - For PR #93: dynlibmod can handle reloads and deinit and inits again, + with dlclose and dlopen of the library again. Also for multiple + modules. Fix memory leak by not closing dlopened content. Fix + to allow one dynlibmod instance by unbound-checkconf. + - For PR #93: checkconf allows multiple dynlib in module-config, for + a couple cases. + - For PR #93: checkconf allows python dynlib in module-config, for + a couple cases. + - For PR #93: man page spelling reference fix. + - For PR #93: fix link of other executables for dynlibmod dependency. + +15 May 2020: Wouter + - Merge PR #93: Add dynamic library support. + - Fixed conflicts for PR #93 and make configure, yacc, lex. + - For PR #93: Fix warnings for dynlibmodule. + +15 May 2020: Ralph + - Cache ECS answers with longest scope of CNAME chain. + +22 April 2020: George + - Explicitly use 'rrset-roundrobin: no' for test cases. + +21 April 2020: Wouter + - Merge #225 from akhait: KSK-2010 has been revoked. It removes the + KSK-2010 from the default list in unbound-anchor, now that the + revocation period is over. KSK-2017 is the only trust anchor in + the shipped default now. + +21 April 2020: George + - Change default value for 'rrset-roundrobin' to yes. + - Fix tests for new rrset-roundrobin default. + +20 April 2020: Wouter + - Fix #222: --enable-rpath, fails to rpath python lib. + - Fix for count of reply states in the mesh. + - Remove unneeded was_mesh_reply check. + +17 April 2020: George + - Add SNI support on more TLS connections (fixes #193). + - Add SNI support to unbound-anchor. + +16 April 2020: George + - Add doxygen documentation for DSCP. + +16 April 2020: Wouter + - Fix help return code in unbound-control-setup script. + - Fix for posix shell syntax for trap in nsd-control-setup. + - Fix for posix shell syntax for trap in run_msg.sh test script. + +15 April 2020: George + - Fix #220: auth-zone section in config may lead to segfault. + 7 April 2020: Wouter - Merge PR #214 from gearnode: unbound-control-setup recreate certificates. With the -r option the certificates are created diff --git a/doc/FEATURES b/doc/FEATURES index 076988ea9..8d69aba9b 100644 --- a/doc/FEATURES +++ b/doc/FEATURES @@ -39,6 +39,7 @@ RFC 4343: case insensitive handling of domain names. RFC 4509: SHA256 DS hash. RFC 4592: wildcards. RFC 4697: No DNS Resolution Misbehavior. +RFC 5001: DNS Name Server Identifier (NSID) Option RFC 5011: update of trust anchors with timers. RFC 5155: NSEC3, NSEC3PARAM types RFC 5358: reflectors-are-evil: access control list for recursive diff --git a/doc/TODO b/doc/TODO index a2690451a..839656154 100644 --- a/doc/TODO +++ b/doc/TODO @@ -14,7 +14,6 @@ o (option) store primed key data in a overlaid keyhints file (sort of like draft o windows version, auto update feature, a query to check for the version. o command the server with TSIG inband. get-config, clearcache, get stats, get memstats, get ..., reload, clear one zone from cache -o NSID rfc 5001 support. o timers rfc 5011 support. o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. o make timeout backoffs randomized (a couple percent random) to spread traffic. diff --git a/doc/example.conf.in b/doc/example.conf.in index ac282950f..b9b1c0525 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -5,9 +5,13 @@ # # this is a comment. -#Use this to include other text into the file. +# Use this anywhere in the file to include other text into this file. #include: "otherfile.conf" +# Use this anywhere in the file to include other text, that explicitly starts a +# clause, into this file. Text after this directive needs to start a clause. +#include-toplevel: "otherfile.conf" + # The server clause sets the main parameters. server: # whitespace is not necessary, but looks cleaner. @@ -125,8 +129,8 @@ server: # ip-dscp: 0 # EDNS reassembly buffer to advertise to UDP peers (the actual buffer - # is set with msg-buffer-size). 1472 can solve fragmentation (timeouts) - # edns-buffer-size: 4096 + # is set with msg-buffer-size). + # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). # Suggested values are 512 to 4096. Default is 4096. 65536 disables it. @@ -157,6 +161,9 @@ server: # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 + # perform connect for UDP sockets to mitigate ICMP side channel. + # udp-connect: yes + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 @@ -188,6 +195,9 @@ server: # minimum wait time for responses, increase if uplink is long. In msec. # infra-cache-min-rtt: 50 + # enable to make server probe down hosts more frequently. + # infra-keep-probing: no + # the number of slabs to use for the Infrastructure cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. @@ -367,6 +377,9 @@ server: # the version to report. Leave "" or default to return package version. # version: "" + # NSID identity (hex string, or "ascii_somestring"). default disabled. + # nsid: "aabbccdd" + # the target fetch policy. # series of integers describing the policy per dependency depth. # The number of values in the list determines the maximum dependency @@ -378,7 +391,7 @@ server: # target-fetch-policy: "3 2 1 0 0" # Harden against very small EDNS buffer sizes. - # harden-short-bufsize: no + # harden-short-bufsize: yes # Harden against unseemly large queries. # harden-large-queries: no @@ -427,8 +440,8 @@ server: # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. - # caps-whitelist: "licdn.com" - # caps-whitelist: "senderbase.org" + # caps-exempt: "licdn.com" + # caps-exempt: "senderbase.org" # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. @@ -473,7 +486,7 @@ server: # deny-any: no # if yes, Unbound rotates RRSet order in response. - # rrset-roundrobin: no + # rrset-roundrobin: yes # if yes, Unbound doesn't insert authority/additional sections # into response messages when those sections are not required. @@ -505,11 +518,6 @@ server: # Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel) # root-key-sentinel: yes - # File with DLV trusted keys. Same format as trust-anchor-file. - # There can be only one DLV configured, it is trusted from root down. - # DLV is going to be decommissioned. Please do not use it any more. - # dlv-anchor-file: "dlv.isc.org.key" - # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. @@ -585,7 +593,7 @@ server: # # Time in milliseconds before replying to the client with expired data. # This essentially enables the serve-stale behavior as specified in - # draft-ietf-dnsop-serve-stale-10 that first tries to resolve before + # RFC 8767 that first tries to resolve before # immediately responding with expired data. 0 disables this behavior. # A recommended value is 1800. # serve-expired-client-timeout: 0 @@ -623,7 +631,7 @@ server: # more slabs reduce lock contention, but fragment memory usage. # key-cache-slabs: 4 - # the amount of memory to use for the negative cache (used for DLV). + # the amount of memory to use for the negative cache. # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m @@ -699,8 +707,10 @@ server: # o inform acts like transparent, but logs client IP address # o inform_deny drops queries and logs client IP address # o inform_redirect redirects queries and logs client IP address - # o always_transparent, always_refuse, always_nxdomain, resolve in - # that way but ignore local data for that name + # o always_transparent, always_refuse, always_nxdomain, always_nodata, + # always_deny resolve in that way but ignore local data for + # that name + # o always_null returns 0.0.0.0 or ::0 for any name in the zone. # o noview breaks out of that view towards global local-zones. # # defaults are localhost address, reverse for 127.0.0.1 and ::1 @@ -734,12 +744,14 @@ server: # add a netblock specific override to a localzone, with zone type # local-zone-override: "example.com" 192.0.2.0/24 refuse - # service clients over TLS (on the TCP sockets), with plain DNS inside - # the TLS stream. Give the certificate to use and private key. + # service clients over TLS (on the TCP sockets) with plain DNS inside + # the TLS stream, and over HTTPS using HTTP/2 as specified in RFC8484. + # Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. # tls-service-key: "path/to/privatekeyfile.key" # tls-service-pem: "path/to/publiccertfile.pem" # tls-port: 853 + # https-port: 443 # cipher setting for TLSv1.2 # tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256" @@ -752,6 +764,10 @@ server: # Padded responses will be padded to the closest multiple of this size. # pad-responses-block-size: 468 + # Use the SNI extension for TLS connections. Default is yes. + # Changing the value requires a reload. + # tls-use-sni: yes + # Add the secret file for TLS Session Ticket. # Secret file must be 80 bytes of random data. # First key use to encrypt and decrypt TLS session tickets. @@ -779,6 +795,25 @@ server: # Also serve tls on these port numbers (eg. 443, ...), by listing # tls-additional-port: portno for each of the port numbers. + # HTTP endpoint to provide DNS-over-HTTPS service on. + # http-endpoint: "/dns-query" + + # HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use. + # http-max-streams: 100 + + # Maximum number of bytes used for all HTTP/2 query buffers. + # http-query-buffer-size: 4m + + # Maximum number of bytes used for all HTTP/2 response buffers. + # http-response-buffer-size: 4m + + # Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS + # service. + # http-nodelay: yes + + # Disable TLS for DNS-over-HTTP downstream service. + # http-notls-downstream: no + # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96 @@ -852,9 +887,9 @@ server: # ipsecmod-ignore-bogus: no # # Domains for which ipsecmod will be triggered. If not defined (default) - # all domains are treated as being whitelisted. - # ipsecmod-whitelist: "example.com" - # ipsecmod-whitelist: "nlnetlabs.nl" + # all domains are treated as being allowed. + # ipsecmod-allow: "example.com" + # ipsecmod-allow: "nlnetlabs.nl" # Python config section. To enable: @@ -867,6 +902,17 @@ python: # Script file to load # python-script: "@UNBOUND_SHARE_DIR@/ubmodule-tst.py" +# Dynamic library config section. To enable: +# o use --with-dynlibmodule to configure before compiling. +# o list dynlib in the module-config string (above) to enable. +# It can be placed anywhere, the dynlib module is only a very thin wrapper +# to load modules dynamically. +# o and give a dynlib-file to run. If more than one dynlib entry is listed in +# the module-config then you need one dynlib-file per instance. +dynlib: + # Script file to load + # dynlib-file: "@UNBOUND_SHARE_DIR@/dynlib.so" + # Remote control config section. remote-control: # Enable remote control with unbound-control(8) here. @@ -941,27 +987,27 @@ remote-control: # upstream (which saves a lookup to the upstream). The first example # has a copy of the root for local usage. The second serves example.org # authoritatively. zonefile: reads from file (and writes to it if you also -# download it), master: fetches with AXFR and IXFR, or url to zonefile. -# With allow-notify: you can give additional (apart from masters) sources of +# download it), primary: fetches with AXFR and IXFR, or url to zonefile. +# With allow-notify: you can give additional (apart from primaries) sources of # notifies. # auth-zone: # name: "." -# master: 199.9.14.201 # b.root-servers.net -# master: 192.33.4.12 # c.root-servers.net -# master: 199.7.91.13 # d.root-servers.net -# master: 192.5.5.241 # f.root-servers.net -# master: 192.112.36.4 # g.root-servers.net -# master: 193.0.14.129 # k.root-servers.net -# master: 192.0.47.132 # xfr.cjr.dns.icann.org -# master: 192.0.32.132 # xfr.lax.dns.icann.org -# master: 2001:500:200::b # b.root-servers.net -# master: 2001:500:2::c # c.root-servers.net -# master: 2001:500:2d::d # d.root-servers.net -# master: 2001:500:2f::f # f.root-servers.net -# master: 2001:500:12::d0d # g.root-servers.net -# master: 2001:7fd::1 # k.root-servers.net -# master: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org -# master: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org +# primary: 199.9.14.201 # b.root-servers.net +# primary: 192.33.4.12 # c.root-servers.net +# primary: 199.7.91.13 # d.root-servers.net +# primary: 192.5.5.241 # f.root-servers.net +# primary: 192.112.36.4 # g.root-servers.net +# primary: 193.0.14.129 # k.root-servers.net +# primary: 192.0.47.132 # xfr.cjr.dns.icann.org +# primary: 192.0.32.132 # xfr.lax.dns.icann.org +# primary: 2001:500:200::b # b.root-servers.net +# primary: 2001:500:2::c # c.root-servers.net +# primary: 2001:500:2d::d # d.root-servers.net +# primary: 2001:500:2f::f # f.root-servers.net +# primary: 2001:500:12::d0d # g.root-servers.net +# primary: 2001:7fd::1 # k.root-servers.net +# primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org +# primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org # fallback-enabled: yes # for-downstream: no # for-upstream: yes @@ -1043,6 +1089,8 @@ remote-control: # upstream log destination, by socket path, TCP or TLS destination. # dnstap: # dnstap-enable: no +# # if set to yes frame streams will be used in bidirectional mode +# dnstap-bidirectional: yes # dnstap-socket-path: "@DNSTAP_SOCKET_PATH@" # # if "" use the unix socket in dnstap-socket-path, otherwise, # # set it to "IPaddress[@port]" of the destination. @@ -1079,7 +1127,7 @@ remote-control: # rpz: # name: "rpz.example.com" # zonefile: "rpz.example.com" -# master: 192.0.2.0 +# primary: 192.0.2.0 # allow-notify: 192.0.2.0/32 # url: http://www.example.com/rpz.example.org.zone # rpz-action-override: cname diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index bccd33161..b0d8302c4 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -69,6 +69,9 @@ The server name, it connects to https://name. Specify without https:// prefix. The default is "data.iana.org". It connects to the port specified with \-P. You can pass an IPv4 address or IPv6 address (no brackets) if you want. .TP +.B \-S +Do not use SNI for the HTTPS connection. Default is to use SNI. +.TP .B \-b \fIaddress The source address to bind to for domain resolution and contacting the server on https. May be either an IPv4 address or IPv6 address (no brackets). diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 74d06cfd9..20325abf2 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -305,6 +305,12 @@ Transfer the auth zone from master. The auth zone probe sequence is started, where the masters are probed to see if they have an updated zone (with the SOA serial check). And then the zone is transferred for a newer zone version. .TP +.B rpz_enable \fIzone\fR +Enable the RPZ zone if it had previously been disabled. +.TP +.B rpz_enable \fIzone\fR +Disable the RPZ zone. +.TP .B view_list_local_zones \fIview\fR \fIlist_local_zones\fR for given view. .TP @@ -506,6 +512,14 @@ negative cache. Memory in bytes in used by the TCP and TLS stream wait buffers. These are answers waiting to be written back to the clients. .TP +.I mem.http.query_buffer +Memory in bytes used by the HTTP/2 query buffers. Containing (partial) DNS +queries waiting for request stream completion. +.TP +.I mem.http.response_buffer +Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses +waiting to be written back to the clients. +.TP .I histogram...to.. Shows a histogram, summed over all threads. Every element counts the recursive queries whose reply time fit between the lower and upper bound. @@ -545,6 +559,11 @@ These are also counted in num.query.tcp, because TLS uses TCP. Number of TLS session resumptions, these are queries over TLS towards the unbound server where the client negotiated a TLS session resumption key. .TP +.I num.query.https +Number of queries that were made using HTTPS towards the unbound server. +These are also counted in num.query.tcp and num.query.tls, because HTTPS +uses TLS and TCP. +.TP .I num.query.ipv6 Number of queries that were made using IPv6 towards the unbound server. .TP diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 107ccb938..e60ab6993 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -77,6 +77,12 @@ for the included files works, relative pathnames for the included names work if the directory where the daemon is started equals its chroot/working directory or is specified before the include statement with directory: dir. Wildcards can be used to include multiple files, see \fIglob\fR(7). +.P +For a more structural include option, the +.B include\-toplevel: +directive can be used. This closes whatever clause is currently active (if any) +and forces the use of clauses in the included files and right after this +directive. .SS "Server Options" These options are part of the .B server: @@ -116,7 +122,8 @@ The port number, default 53, on which the server responds to queries. Interface to use to connect to the network. This interface is listened to for queries from clients, and answers to clients are given from it. Can be given multiple times to work on several interfaces. If none are -given the default is to listen to localhost. +given the default is to listen to localhost. If an interface name is used +instead of an ip address, the list of ip addresses on that interface are used. The interfaces are not changed on a reload (kill \-HUP) but only on restart. A port number can be specified with @port (without spaces between interface and port number), if not specified the default port (from @@ -200,12 +207,11 @@ accepted. For larger installations increasing this value is a good idea. Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value put into datagrams over UDP towards peers. The actual buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do -not set higher than that value. Default is 4096 which is RFC recommended. -If you have fragmentation reassembly problems, usually seen as timeouts, -then a value of 1472 can fix it. Setting to 512 bypasses even the most -stringent path MTU problems, but is seen as extreme, since the amount -of TCP fallback generated is excessive (probably also for this resolver, -consider tuning the outgoing tcp number). +not set higher than that value. Default is 1232 which is the DNS Flag Day 2020 +recommendation. Setting to 512 bypasses even the most stringent path MTU +problems, but is seen as extreme, since the amount of TCP fallback generated is +excessive (probably also for this resolver, consider tuning the outgoing tcp +number). .TP .B max\-udp\-size: \fI Maximum UDP response size (not applied to TCP response). 65536 disables the @@ -268,6 +274,10 @@ eg. 1500 msec. When timeouts happen you need extra sockets, it checks the ID and remote IP of packets, and unwanted packets are added to the unwanted packet counter. .TP +.B udp\-connect: \fI +Perform connect for UDP sockets that mitigates ICMP side channel leakage. +Default is yes. +.TP .B unknown\-server\-time\-limit: \fI The wait time in msec for waiting for an unknown server to reply. Increase this if you are behind a slow satellite link, to eg. 1128. @@ -376,6 +386,12 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure cache. Default is 50 milliseconds. Increase this value if using forwarders needing more time to do recursive name resolution. .TP +.B infra\-keep\-probing: \fI +If enabled the server keeps probing hosts that are down, in the one probe +at a time regime. Default is no. Hosts that are down, eg. they did +not respond during the one probe at a time period, are marked as down and +it may take \fBinfra\-host\-ttl\fR time to get probed again. +.TP .B define\-tag: \fI<"list of tags"> Define the tags that can be used with local\-zone and access\-control. Enclose the list between quotes ("") and put spaces between tags. @@ -478,15 +494,16 @@ Alternate syntax for \fBtls\-upstream\fR. If both are present in the config file the last is used. .TP .B tls\-service\-key: \fI -If enabled, the server provides TLS service on the TCP ports marked -implicitly or explicitly for TLS service with tls\-port. The file must -contain the private key for the TLS session, the public certificate is in -the tls\-service\-pem file and it must also be specified if tls\-service\-key -is specified. The default is "", turned off. Enabling or disabling -this service requires a restart (a reload is not enough), because the -key is read while root permissions are held and before chroot (if any). -The ports enabled implicitly or explicitly via \fBtls\-port:\fR do not provide -normal DNS TCP service. +If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on the +TCP ports marked implicitly or explicitly for these services with tls\-port or +https\-port. The file must contain the private key for the TLS session, the +public certificate is in the tls\-service\-pem file and it must also be +specified if tls\-service\-key is specified. The default is "", turned off. +Enabling or disabling this service requires a restart (a reload is not enough), +because the key is read while root permissions are held and before chroot (if any). +The ports enabled implicitly or explicitly via \fBtls\-port:\fR and +\fBhttps\-port:\fR do not provide normal DNS TCP service. Unbound needs to be +compiled with libnghttp2 in order to provide DNS-over-HTTPS. .TP .B ssl\-service\-key: \fI Alternate syntax for \fBtls\-service\-key\fR. @@ -509,7 +526,8 @@ Alternate syntax for \fBtls\-port\fR. If null or "", no file is used. Set it to the certificate bundle file, for example "/etc/pki/tls/certs/ca\-bundle.crt". These certificates are used for authenticating connections made to outside peers. For example auth\-zone -urls, and also DNS over TLS connections. +urls, and also DNS over TLS connections. It is read at start up before +permission drop and chroot. .TP .B ssl\-cert\-bundle: \fI Alternate syntax for \fBtls\-cert\-bundle\fR. @@ -565,6 +583,43 @@ Default is yes. .B pad\-queries\-block\-size: \fI The block size with which to pad queries sent over TLS upstreams. Default is 128. +.B tls\-use\-sni: \fI +Enable or disable sending the SNI extension on TLS connections. +Default is yes. +Changing the value requires a reload. +.TP +.B https\-port: \fI +The port number on which to provide DNS-over-HTTPS service, default 443, only +interfaces configured with that port number as @number get the HTTPS service. +.TP +.B http\-endpoint: \fI +The HTTP endpoint to provide DNS-over-HTTPS service on. Default "/dns-query". +.TP +.B http\-max\-streams: \fI +Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2 +SETTINGS frame for DNS-over-HTTPS connections. Default 100. +.TP +.B http\-query\-buffer\-size: \fI +Maximum number of bytes used for all HTTP/2 query buffers combined. These +buffers contain (partial) DNS queries waiting for request stream completion. +An RST_STREAM frame will be send to streams exceeding this limit. Default is 4 +megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, +megabytes or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B http\-response\-buffer\-size: \fI +Maximum number of bytes used for all HTTP/2 response buffers combined. These +buffers contain DNS responses waiting to be written back to the clients. +An RST_STREAM frame will be send to streams exceeding this limit. Default is 4 +megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, +megabytes or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B http\-nodelay: \fI +Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service. +Ignored if the option is not available. Default is yes. +.TP +.B http\-notls\-downstream: \fI +Disable use of TLS for the downstream DNS-over-HTTP connections. Useful for +local back end servers. Default is no. .TP .B use\-systemd: \fI Enable or disable systemd socket activation. @@ -783,6 +838,11 @@ If enabled version.server and version.bind queries are refused. Set the version to report. If set to "", the default, then the package version is returned. .TP +.B nsid:\fR +Add the specified nsid to the EDNS section of the answer when queried +with an NSID EDNS enabled packet. As a sequence of hex characters or +with ascii_ prefix and then an ascii string. +.TP .B hide\-trustanchor: \fI If enabled trustanchor.unbound queries are refused. .TP @@ -803,9 +863,8 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour rumoured to be closer to that of BIND 8. .TP .B harden\-short\-bufsize: \fI -Very small EDNS buffer sizes from queries are ignored. Default is off, since -it is legal protocol wise to send these, and unbound tries to give very -small answers to these queries, where possible. +Very small EDNS buffer sizes from queries are ignored. Default is on, as +described in the standard. .TP .B harden\-large\-queries: \fI Very large queries are ignored. Default is off, since it is legal protocol @@ -862,12 +921,15 @@ authority servers and checks if the reply still has the correct casing. Disabled by default. This feature is an experimental implementation of draft dns\-0x20. .TP -.B caps\-whitelist: \fI -Whitelist the domain so that it does not receive caps\-for\-id perturbed +.B caps\-exempt: \fI +Exempt the domain so that it does not receive caps\-for\-id perturbed queries. For domains that do not support 0x20 and also fail with fallback because they keep sending different answers, like some load balancers. Can be given multiple times, for different domains. .TP +.B caps\-whitelist: \fI +Alternate syntax for \fBcaps\-exempt\fR. +.TP .B qname\-minimisation: \fI Send minimum amount of information to upstream servers to enhance privacy. Only send minimum required labels of the QNAME and set QTYPE to A when @@ -879,7 +941,7 @@ NXDOMAIN from a DNSSEC signed zone. Default is yes. QNAME minimisation in strict mode. Do not fall-back to sending full QNAME to potentially broken nameservers. A lot of domains will not be resolvable when this option in enabled. Only use if you know what you are doing. -This option only has effect when qname-minimisation is enabled. Default is off. +This option only has effect when qname-minimisation is enabled. Default is no. .TP .B aggressive\-nsec: \fI Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN @@ -947,7 +1009,7 @@ are none. .TP .B rrset\-roundrobin: \fI If yes, Unbound rotates RRSet order in response (the random number is taken -from the query ID, for speed and thread safety). Default is no. +from the query ID, for speed and thread safety). Default is yes. .TP .B minimal-responses: \fI If yes, Unbound doesn't insert authority/additional sections into response @@ -978,7 +1040,9 @@ EDNS client subnet support the default is "subnetcache validator iterator". Most modules that need to be listed here have to be listed at the beginning of the line. The cachedb module has to be listed just before the iterator. The python module can be listed in different places, it then processes the -output of the module it is just before. +output of the module it is just before. The dynlib module can be listed pretty +much anywhere, it is only a very thin wrapper that allows dynamic libraries to +run in its place. .TP .B trust\-anchor\-file: \fI File with trusted keys for validation. Both DS and DNSKEY entries can appear @@ -1017,26 +1081,11 @@ Send RFC8145 key tag query after trust anchor priming. Default is yes. .B root\-key\-sentinel: \fI Root key trust anchor sentinel. Default is yes. .TP -.B dlv\-anchor\-file: \fI -This option was used during early days DNSSEC deployment when no parent-side -DS record registrations were easily available. Nowadays, it is best to have -DS records registered with the parent zone (many top level zones are signed). -File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and -DNSKEY entries can be used in the file, in the same format as for -\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more -would be slow. The DLV configured is used as a root trusted DLV, this -means that it is a lookaside for the root. Default is "", or no dlv anchor -file. DLV is going to be decommissioned. Please do not use it any more. -.TP -.B dlv\-anchor: \fI<"Resource Record"> -Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. -DLV is going to be decommissioned. Please do not use it any more. -.TP .B domain\-insecure: \fI Sets domain name to be insecure, DNSSEC chain of trust is ignored towards the domain name. So a trust anchor above the domain name can not make the domain secure with a DS record, such a DS record is then ignored. -Also keys from DLV are ignored for the domain. Can be given multiple times +Can be given multiple times to specify multiple domains that are treated as if unsigned. If you set trust anchors for the domain they override this setting (and the domain is secured). @@ -1115,7 +1164,7 @@ later on. Default is "no". .B serve\-expired\-ttl: \fI Limit serving of expired responses to configured seconds after expiration. 0 disables the limit. This option only applies when \fBserve\-expired\fR is -enabled. A suggested value per draft-ietf-dnsop-serve-stale-10 is between +enabled. A suggested value per RFC 8767 is between 86400 (1 day) and 259200 (3 days). The default is 0. .TP .B serve\-expired\-ttl\-reset: \fI @@ -1127,14 +1176,14 @@ expired records will be served as long as there are queries for it. Default is .B serve\-expired\-reply\-ttl: \fI TTL value to use when replying with expired data. If \fBserve\-expired\-client\-timeout\fR is also used then it is RECOMMENDED to -use 30 as the value (draft-ietf-dnsop-serve-stale-10). The default is 30. +use 30 as the value (RFC 8767). The default is 30. .TP .B serve\-expired\-client\-timeout: \fI Time in milliseconds before replying to the client with expired data. This essentially enables the serve-stale behavior as specified in -draft-ietf-dnsop-serve-stale-10 that first tries to resolve before immediately +RFC 8767 that first tries to resolve before immediately responding with expired data. A recommended value per -draft-ietf-dnsop-serve-stale-10 is 1800. Setting this to 0 will disable this +RFC 8767 is 1800. Setting this to 0 will disable this behavior. Default is 0. .TP .B val\-nsec3\-keysize\-iterations: \fI<"list of values"> @@ -1205,7 +1254,7 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -inform_redirect, always_transparent, always_refuse, always_nxdomain, noview, +inform_redirect, always_transparent, always_refuse, always_nxdomain, always_null, noview, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -1279,6 +1328,17 @@ Like refuse, but ignores local data and refuses the query. \h'5'\fIalways_nxdomain\fR Like static, but ignores local data and returns nxdomain for the query. .TP 10 +\h'5'\fIalways_nodata\fR +Like static, but ignores local data and returns nodata for the query. +.TP 10 +\h'5'\fIalways_deny\fR +Like deny, but ignores local data and drops the query. +.TP 10 +\h'5'\fIalways_null\fR +Always returns 0.0.0.0 or ::0 for every name in the zone. Like redirect +with zero data for A and AAAA. Ignores local data in the zone. Used for +some block lists. +.TP 10 \h'5'\fInoview\fR Breaks out of that view and moves towards the global local zones for answer to the query. If the view first is no, it'll resolve normally. If view first @@ -1523,6 +1583,16 @@ servers set. The default for fast\-server\-permil is 0. Set the number of servers that should be used for fast server selection. Only use the fastest specified number of servers with the fast\-server\-permil option, that turns this on or off. The default is to use the fastest 3 servers. +.TP 5 +.B edns\-client\-string: \fI +Include an EDNS0 option containing configured ascii string in queries with +destination address matching the configured IP netblock. This configuration +option can be used multiple times. The most specific match will be used. +.TP 5 +.B edns\-client\-string\-opcode: \fI +EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535. +A value from the `Reserved for Local/Experimental` range (65001-65534) should +be used. Default is 65001. .SS "Remote Control Options" In the .B remote\-control: @@ -1627,6 +1697,9 @@ Name of stub zone nameserver. Is itself resolved before it is used. .B stub\-addr: \fI IP address of stub zone nameserver. Can be IP 4 or IP 6. To use a nondefault port for DNS communication append '@' with the port number. +If tls is enabled, then you can append a '#' and a name, then it'll check +the tls authentication certificates with that name. If you combine +the '@' and '#', the '@' comes first. .TP .B stub\-prime: \fI This option is by default no. If enabled it performs NS set priming, @@ -1722,16 +1795,16 @@ uses the SOA timer values and performs SOA UDP queries to detect zone changes. If the update fetch fails, the timers in the SOA record are used to time another fetch attempt. Until the SOA expiry timer is reached. Then the zone is expired. When a zone is expired, queries are SERVFAIL, and -any new serial number is accepted from the master (even if older), and if +any new serial number is accepted from the primary (even if older), and if fallback is enabled, the fallback activates to fetch from the upstream instead of the SERVFAIL. .TP .B name: \fI Name of the authority zone. .TP -.B master: \fI +.B primary: \fI Where to download a copy of the zone from, with AXFR and IXFR. Multiple -masters can be specified. They are all tried if one fails. +primaries can be specified. They are all tried if one fails. With the "ip#name" notation a AXFR over TLS can be used. If you point it at another Unbound instance, it would not work because that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download @@ -1740,27 +1813,31 @@ If you specify the hostname, you cannot use the domain from the zonefile, because it may not have that when retrieving that data, instead use a plain IP address to avoid a circular dependency on retrieving that IP address. .TP +.B master: \fI +Alternate syntax for \fBprimary\fR. +.TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example for the url is "http://www.example.com/example.org.zone". Multiple url statements can be given, they are tried in turn. If only urls are given the SOA refresh timer is used to wait for making new downloads. If also -masters are listed, the masters are first probed with UDP SOA queries to +primaries are listed, the primaries are first probed with UDP SOA queries to see if the SOA serial number has changed, reducing the number of downloads. -If none of the urls work, the masters are tried with IXFR and AXFR. +If none of the urls work, the primaries are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. If you specify a hostname in the URL, you cannot use the domain from the zonefile, because it may not have that when retrieving that data, instead use a plain IP address to avoid a circular dependency on retrieving that IP -address. Avoid dependencies on name lookups by using a notation like "http://192.0.2.1/unbound-master/example.com.zone", with an explicit IP address. +address. Avoid dependencies on name lookups by using a notation like +"http://192.0.2.1/unbound-primaries/example.com.zone", with an explicit IP address. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. -If the notify is from a master, it first attempts that master. Otherwise -other masters are attempted. If there are no masters, but only urls, the -file is downloaded when notified. The masters from master: statements are +If the notify is from a primary, it first attempts that primary. Otherwise +other primaries are attempted. If there are no primaries, but only urls, the +file is downloaded when notified. The primaries from primary: statements are allowed notify by default. .TP .B fallback\-enabled: \fI @@ -1788,7 +1865,7 @@ downstream clients, and use the zone data as a local copy to speed up lookups. .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, unbound will attempt to fetch zone -data (eg. from the master servers). +data (eg. from the primary servers). .SS "View Options" .LP There may be multiple @@ -1845,6 +1922,24 @@ directory. .B python\-script: \fI\fR The script file to load. Repeat this option for every python module instance added to the \fBmodule\-config:\fR option. +.SS "Dynamic Library Module Options" +.LP +The +.B dynlib: +clause gives the settings for the \fIdynlib\fR module. This module is only +a very small wrapper that allows dynamic modules to be loaded on runtime +instead of being compiled into the application. To enable the dynlib module it +has to be compiled into the daemon, and the word "dynlib" has to be put in the +\fBmodule\-config:\fR option. Multiple instances of dynamic libraries are +supported by adding the word "dynlib" more than once. +.LP +The \fBdynlib\-file:\fR path should be specified as an absolute path relative +to the new path set by \fBchroot:\fR option, or as a relative path to the +working directory. +.TP +.B dynlib\-file: \fI\fR +The dynamic library file to load. Repeat this option for every dynlib module +instance added to the \fBmodule\-config:\fR option. .SS "DNS64 Module Options" .LP The dns64 module must be configured in the \fBmodule\-config:\fR "dns64 @@ -1937,14 +2032,16 @@ The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache validator iterator" directive and be compiled into the daemon to be enabled. These settings go in the \fBserver:\fR section. .LP -If the destination address is whitelisted with Unbound will add the EDNS0 -option to the query containing the relevant part of the client's address. When -an answer contains the ECS option the response and the option are placed in a -specialized cache. If the authority indicated no support, the response is +If the destination address is allowed in the configuration Unbound will add the +EDNS0 option to the query containing the relevant part of the client's address. +When an answer contains the ECS option the response and the option are placed in +a specialized cache. If the authority indicated no support, the response is stored in the regular cache. .LP Additionally, when a client includes the option in its queries, Unbound will -forward the option to the authority if present in the whitelist, or +forward the option when sending the query to addresses that are explicitly +allowed in the configuration using \fBsend\-client\-subnet\fR. The option will +always be forwarded, regardless the allowed addresses, if \fBclient\-subnet\-always\-forward\fR is set to yes. In this case the lookup in the regular cache is skipped. .LP @@ -1965,12 +2062,13 @@ given multiple times. Zones not listed will not receive edns-subnet information, unless hosted by authority specified in \fBsend\-client\-subnet\fR. .TP .B client\-subnet\-always\-forward: \fI\fR -Specify whether the ECS whitelist check (configured using +Specify whether the ECS address check (configured using \fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering query contains an ECS record, or only for queries for which the ECS record is generated using the querier address (and therefore did not contain ECS data in -the client query). If enabled, the whitelist check is skipped when the client -query contains an ECS record. Default is no. +the client query). If enabled, the address check is skipped when the client +query contains an ECS record. And the lookup in the regular cache is skipped. +Default is no. .TP .B max\-client\-subnet\-ipv6: \fI\fR Specifies the maximum prefix length of the client source address we are willing @@ -2059,10 +2157,13 @@ to yes, the hook will be called and the A/AAAA answer will be returned to the client. If set to no, the hook will not be called and the answer to the A/AAAA query will be SERVFAIL. Mainly used for testing. Defaults to no. .TP -.B ipsecmod\-whitelist: \fI\fR -Whitelist the domain so that the module logic will be executed. Can -be given multiple times, for different domains. If the option is not -specified, all domains are treated as being whitelisted (default). +.B ipsecmod\-allow: \fI\fR +Allow the ipsecmod functionality for the domain so that the module logic will be +executed. Can be given multiple times, for different domains. If the option is +not specified, all domains are treated as being allowed (default). +.TP +.B ipsecmod\-whitelist: \fI +Alternate syntax for \fBipsecmod\-allow\fR. .SS "Cache DB Module Options" .LP The Cache DB module must be configured in the \fBmodule\-config:\fR @@ -2096,7 +2197,7 @@ even if some data have expired in terms of DNS TTL or the Redis server has cached too much data; if necessary the Redis server must be configured to limit the cache size, preferably with some kind of least-recently-used eviction policy. -Additionaly, the \fBredis\-expire\-records\fR option can be used in order to +Additionally, the \fBredis\-expire\-records\fR option can be used in order to set the relative DNS TTL of the message as timeout to the Redis records; keep in mind that some additional memory is used per key and that the expire information is stored as absolute Unix timestamps in Redis (computer time must @@ -2175,6 +2276,10 @@ If dnstap is enabled. Default no. If yes, it connects to the dnstap server and if any of the dnstap-log-..-messages options is enabled it sends logs for those messages to the server. .TP +.B dnstap-bidirectional: \fI +Use frame streams in bidirectional mode to transfer DNSTAP messages. Default is +yes. +.TP .B dnstap-socket-path: \fI Sets the unix socket file name for connecting to the server that is listening on that socket. Default is "@DNSTAP_SOCKET_PATH@". @@ -2255,33 +2360,36 @@ are applied after .B name: \fI Name of the authority zone. .TP -.B master: \fI +.B primary: \fI Where to download a copy of the zone from, with AXFR and IXFR. Multiple -masters can be specified. They are all tried if one fails. +primaries can be specified. They are all tried if one fails. +.TP +.B master: \fI +Alternate syntax for \fBprimary\fR. .TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example for the url is "http://www.example.com/example.org.zone". Multiple url statements can be given, they are tried in turn. If only urls are given the SOA refresh timer is used to wait for making new downloads. If also -masters are listed, the masters are first probed with UDP SOA queries to +primaries are listed, the primaries are first probed with UDP SOA queries to see if the SOA serial number has changed, reducing the number of downloads. -If none of the urls work, the masters are tried with IXFR and AXFR. +If none of the urls work, the primaries are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. -If the notify is from a master, it first attempts that master. Otherwise -other masters are attempted. If there are no masters, but only urls, the -file is downloaded when notified. The masters from master: statements are +If the notify is from a primary, it first attempts that primary. Otherwise +other primaries are attempted. If there are no primaries, but only urls, the +file is downloaded when notified. The primaries from primary: statements are allowed notify by default. .TP .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, unbound will attempt to fetch zone -data (eg. from the master servers). +data (eg. from the primary servers). .TP .B rpz\-action\-override: \fI Always use this RPZ action for matching triggers from this zone. Possible action diff --git a/dynlibmod/dynlibmod.c b/dynlibmod/dynlibmod.c new file mode 100644 index 000000000..ffac7ff30 --- /dev/null +++ b/dynlibmod/dynlibmod.c @@ -0,0 +1,306 @@ +/** + * \file + * This file contains the dynamic library module for Unbound. + * This loads a dynamic library (.dll, .so) and calls that for the + * module actions. + */ +#include "config.h" +#include "dynlibmod/dynlibmod.h" +#include "util/module.h" +#include "util/config_file.h" + +#if HAVE_WINDOWS_H +#include +#define __DYNMOD HMODULE +#define __DYNSYM FARPROC +#define __LOADSYM GetProcAddress +static void log_dlerror() { + DWORD dwLastError = GetLastError(); + LPSTR MessageBuffer; + DWORD dwBufferLength; + DWORD dwFormatFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER | + FORMAT_MESSAGE_IGNORE_INSERTS | + FORMAT_MESSAGE_FROM_SYSTEM ; + if((dwBufferLength = FormatMessageA( + dwFormatFlags, + NULL, // module to get message from (NULL == system) + dwLastError, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // default language + (LPSTR) &MessageBuffer, + 0, + NULL + ))) + { + log_err("dynlibmod: %s (%ld)", MessageBuffer, dwLastError); + LocalFree(MessageBuffer); + } + +} + +static HMODULE open_library(const char* fname) { + return LoadLibrary(fname); +} + +static void close_library(const char* fname, __DYNMOD handle) { + (void)fname; + (void)handle; +} +#else +#include +#define __DYNMOD void* +#define __DYNSYM void* +#define __LOADSYM dlsym +static void log_dlerror() { + log_err("dynlibmod: %s", dlerror()); +} + +static void* open_library(const char* fname) { + return dlopen(fname, RTLD_LAZY | RTLD_GLOBAL); +} + +static void close_library(const char* fname, __DYNMOD handle) { + if(!handle) return; + if(dlclose(handle) != 0) { + log_err("dlclose %s: %s", fname, strerror(errno)); + } +} +#endif + +/** module counter for multiple dynlib modules */ +static int dynlib_mod_count = 0; + +/** dynlib module init */ +int dynlibmod_init(struct module_env* env, int id) { + int dynlib_mod_idx = dynlib_mod_count++; + struct config_strlist* cfg_item = env->cfg->dynlib_file; + struct dynlibmod_env* de = (struct dynlibmod_env*)calloc(1, sizeof(struct dynlibmod_env)); + __DYNMOD dynamic_library; + if (!de) + { + log_err("dynlibmod[%d]: malloc failure", dynlib_mod_idx); + return 0; + } + + env->modinfo[id] = (void*) de; + + de->fname = NULL; + for(int i = dynlib_mod_idx; + i != 0 && cfg_item != NULL; + i--, cfg_item = cfg_item->next) {} + + if (cfg_item == NULL || cfg_item->str == NULL || cfg_item->str[0] == 0) { + log_err("dynlibmod[%d]: no dynamic library given.", dynlib_mod_idx); + return 0; + } else { + de->fname = cfg_item->str; + } + verbose(VERB_ALGO, "dynlibmod[%d]: Trying to load library %s", dynlib_mod_idx, de->fname); + dynamic_library = open_library(de->fname); + de->dynamic_library = (void*)dynamic_library; + if (dynamic_library == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + __DYNSYM initializer; + __DYNSYM deinitializer; + __DYNSYM operate; + __DYNSYM inform; + __DYNSYM clear; + __DYNSYM get_mem; + initializer = __LOADSYM(dynamic_library,"init"); + if (initializer == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load init procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_init = (func_init_t)(void*)initializer; + } + deinitializer = __LOADSYM(dynamic_library,"deinit"); + if (deinitializer == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load deinit procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_deinit = (func_deinit_t)(void*)deinitializer; + } + operate = __LOADSYM(dynamic_library,"operate"); + if (operate == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load operate procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_operate = (func_operate_t)(void*)operate; + } + inform = __LOADSYM(dynamic_library,"inform_super"); + if (inform == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load inform_super procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_inform = (func_inform_t)(void*)inform; + } + clear = __LOADSYM(dynamic_library,"clear"); + if (clear == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load clear procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_clear = (func_clear_t)(void*)clear; + } + get_mem = __LOADSYM(dynamic_library,"get_mem"); + if (get_mem == NULL) { + log_dlerror(); + log_err("dynlibmod[%d]: unable to load get_mem procedure from dynamic library \"%s\".", dynlib_mod_idx, de->fname); + return 0; + } else { + de->func_get_mem = (func_get_mem_t)(void*)get_mem; + } + } + de->inplace_cb_delete_wrapped = &inplace_cb_delete_wrapped; + de->inplace_cb_register_wrapped = &inplace_cb_register_wrapped; + return de->func_init(env, id); +} + +/** dynlib module deinit */ +void dynlibmod_deinit(struct module_env* env, int id) { + struct dynlibmod_env* de = env->modinfo[id]; + if(de == NULL) + return; + de->func_deinit(env, id); + close_library(de->fname, (__DYNMOD)de->dynamic_library); + dynlib_mod_count--; + de->fname = NULL; + free(de); +} + +/** dynlib module operate on a query */ +void dynlibmod_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound) { + struct dynlibmod_env* de = qstate->env->modinfo[id]; + + de->func_operate(qstate, event, id, outbound); +} + +/** dynlib module */ +void dynlibmod_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super) { + struct dynlibmod_env* de = qstate->env->modinfo[id]; + + de->func_inform(qstate, id, super); +} + +/** dynlib module cleanup query state */ +void dynlibmod_clear(struct module_qstate* qstate, int id) { + struct dynlibmod_env* de = qstate->env->modinfo[id]; + + de->func_clear(qstate, id); +} + +/** dynlib module alloc size routine */ +size_t dynlibmod_get_mem(struct module_env* env, int id) { + struct dynlibmod_env* de = (struct dynlibmod_env*)env->modinfo[id]; + size_t size; + verbose(VERB_ALGO, "dynlibmod: get_mem, id: %d, de:%p", id, de); + if(!de) + return 0; + + size = de->func_get_mem(env, id); + return size + sizeof(*de); +} + +int dynlib_inplace_cb_reply_generic(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback) { + struct cb_pair* cb_pair = (struct cb_pair*) callback; + return ((inplace_cb_reply_func_type*) cb_pair->cb)(qinfo, qstate, rep, rcode, edns, opt_list_out, repinfo, region, start_time, id, cb_pair->cb_arg); +} + +int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags, + struct module_qstate* qstate, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, + int id, void* callback) { + struct cb_pair* cb_pair = (struct cb_pair*) callback; + return ((inplace_cb_query_func_type*) cb_pair->cb)(qinfo, flags, qstate, addr, addrlen, zone, zonelen, region, id, cb_pair->cb_arg); +} + +int dynlib_inplace_cb_edns_back_parsed(struct module_qstate* qstate, + int id, void* cb_args) { + struct cb_pair* cb_pair = (struct cb_pair*) cb_args; + return ((inplace_cb_edns_back_parsed_func_type*) cb_pair->cb)(qstate, id, cb_pair->cb_arg); +} + +int dynlib_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* cb_args) { + struct cb_pair* cb_pair = (struct cb_pair*) cb_args; + return ((inplace_cb_query_response_func_type*) cb_pair->cb)(qstate, response, id, cb_pair->cb_arg); +} + +int +inplace_cb_register_wrapped(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id) { + struct cb_pair* cb_pair = malloc(sizeof(struct cb_pair)); + if(cb_pair == NULL) { + log_err("dynlibmod[%d]: malloc failure", id); + return 0; + } + cb_pair->cb = cb; + cb_pair->cb_arg = cbarg; + if(type >= inplace_cb_reply && type <= inplace_cb_reply_servfail) { + return inplace_cb_register(&dynlib_inplace_cb_reply_generic, type, (void*) cb_pair, env, id); + } else if(type == inplace_cb_query) { + return inplace_cb_register(&dynlib_inplace_cb_query_generic, type, (void*) cb_pair, env, id); + } else if(type == inplace_cb_query_response) { + return inplace_cb_register(&dynlib_inplace_cb_query_response, type, (void*) cb_pair, env, id); + } else if(type == inplace_cb_edns_back_parsed) { + return inplace_cb_register(&dynlib_inplace_cb_edns_back_parsed, type, (void*) cb_pair, env, id); + } else { + free(cb_pair); + return 0; + } +} + +void +inplace_cb_delete_wrapped(struct module_env* env, enum inplace_cb_list_type type, + int id) { + struct inplace_cb* temp = env->inplace_cb_lists[type]; + struct inplace_cb* prev = NULL; + + while(temp) { + if(temp->id == id) { + if(!prev) { + env->inplace_cb_lists[type] = temp->next; + free(temp->cb_arg); + free(temp); + temp = env->inplace_cb_lists[type]; + } + else { + prev->next = temp->next; + free(temp->cb_arg); + free(temp); + temp = prev->next; + } + } + else { + prev = temp; + temp = temp->next; + } + } +} + + +/** + * The module function block + */ +static struct module_func_block dynlibmod_block = { + "dynlib", + &dynlibmod_init, &dynlibmod_deinit, &dynlibmod_operate, &dynlibmod_inform_super, + &dynlibmod_clear, &dynlibmod_get_mem +}; + +struct module_func_block* dynlibmod_get_funcblock(void) +{ + return &dynlibmod_block; +} diff --git a/dynlibmod/dynlibmod.h b/dynlibmod/dynlibmod.h new file mode 100644 index 000000000..321f4f693 --- /dev/null +++ b/dynlibmod/dynlibmod.h @@ -0,0 +1,139 @@ +/* + * dynlibmod.h: module header file + * + * Copyright (c) 2019, Peter Munch-Ellingsen (peterme AT peterme.net) + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +/** + * \file + * Dynamic loading module for unbound. Loads dynamic library. + */ +#ifndef DYNLIBMOD_H +#define DYNLIBMOD_H +#include "util/module.h" +#include "services/outbound_list.h" + +/** + * Get the module function block. + * @return: function block with function pointers to module methods. + */ +struct module_func_block* dynlibmod_get_funcblock(void); + +/** dynlib module init */ +int dynlibmod_init(struct module_env* env, int id); + +/** dynlib module deinit */ +void dynlibmod_deinit(struct module_env* env, int id); + +/** dynlib module operate on a query */ +void dynlibmod_operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* outbound); + +/** dynlib module */ +void dynlibmod_inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super); + +/** dynlib module cleanup query state */ +void dynlibmod_clear(struct module_qstate* qstate, int id); + +/** dynlib module alloc size routine */ +size_t dynlibmod_get_mem(struct module_env* env, int id); + +int dynlib_inplace_cb_reply_generic(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback); + +int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags, + struct module_qstate* qstate, struct sockaddr_storage* addr, + socklen_t addrlen, uint8_t* zone, size_t zonelen, struct regional* region, + int id, void* callback); + +int dynlib_inplace_cb_edns_back_parsed(struct module_qstate* qstate, + int id, void* cb_args); + +int dynlib_inplace_cb_query_response(struct module_qstate* qstate, + struct dns_msg* response, int id, void* cb_args); + +int +inplace_cb_register_wrapped(void* cb, enum inplace_cb_list_type type, void* cbarg, + struct module_env* env, int id); + +void +inplace_cb_delete_wrapped(struct module_env* env, enum inplace_cb_list_type type, + int id); + +struct cb_pair { + void *cb; + void *cb_arg; +}; + +/** + * Global state for the module. + */ + +typedef int (*func_init_t)(struct module_env*, int); +typedef void (*func_deinit_t)(struct module_env*, int); +typedef void (*func_operate_t)(struct module_qstate*, enum module_ev, int, struct outbound_entry*); +typedef void (*func_inform_t)(struct module_qstate*, int, struct module_qstate*); +typedef void (*func_clear_t)(struct module_qstate*, int); +typedef size_t (*func_get_mem_t)(struct module_env*, int); +typedef void (*inplace_cb_delete_wrapped_t)(struct module_env*, enum inplace_cb_list_type, int); +typedef int (*inplace_cb_register_wrapped_t)(void*, enum inplace_cb_list_type, void*, struct module_env*, int); + + +struct dynlibmod_env { + /** Dynamic library filename. */ + const char* fname; + /** dynamic library handle */ + void* dynamic_library; + /** Module init function */ + func_init_t func_init; + /** Module deinit function */ + func_deinit_t func_deinit; + /** Module operate function */ + func_operate_t func_operate; + /** Module super_inform function */ + func_inform_t func_inform; + /** Module clear function */ + func_clear_t func_clear; + /** Module get_mem function */ + func_get_mem_t func_get_mem; + /** Wrapped inplace callback functions to circumvent callback whitelisting */ + inplace_cb_delete_wrapped_t inplace_cb_delete_wrapped; + inplace_cb_register_wrapped_t inplace_cb_register_wrapped; + /** Pointer to any data the dynamic library might want to keep */ + void *dyn_env; +}; + + +#endif /* DYNLIBMOD_H */ diff --git a/dynlibmod/examples/helloworld.c b/dynlibmod/examples/helloworld.c new file mode 100644 index 000000000..be2116843 --- /dev/null +++ b/dynlibmod/examples/helloworld.c @@ -0,0 +1,132 @@ +/** + * \file + * + * This is an example to show how dynamic libraries can be made to work with + * unbound. To build a .so file simply run: + * gcc -I../.. -shared -Wall -Werror -fpic -o helloworld.so helloworld.c + * And to build for windows, first make unbound with the --with-dynlibmod + * switch, then use this command: + * x86_64-w64-mingw32-gcc -m64 -I../.. -shared -Wall -Werror -fpic + * -o helloworld.dll helloworld.c -L../.. -l:libunbound.dll.a + * to cross-compile a 64-bit Windows DLL. The libunbound.dll.a is produced + * by the compile step that makes unbound.exe and allows the dynlib dll to + * access definitions in unbound.exe. + */ + +#include "../../config.h" +#include "../../util/module.h" +#include "../../sldns/parseutil.h" +#include "../dynlibmod.h" + +/* Declare the EXPORT macro that expands to exporting the symbol for DLLs when + * compiling for Windows. All procedures marked with EXPORT in this example are + * called directly by the dynlib module and must be present for the module to + * load correctly. */ +#ifdef HAVE_WINDOWS_H +#define EXPORT __declspec(dllexport) +#else +#define EXPORT +#endif + +/* Forward declare a callback, implemented at the bottom of this file */ +int reply_callback(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback); + +/* Init is called when the module is first loaded. It should be used to set up + * the environment for this module and do any other initialisation required. */ +EXPORT int init(struct module_env* env, int id) { + log_info("dynlib: hello world from init"); + struct dynlibmod_env* de = (struct dynlibmod_env*) env->modinfo[id]; + de->inplace_cb_register_wrapped(&reply_callback, + inplace_cb_reply, + NULL, env, id); + struct dynlibmod_env* local_env = env->modinfo[id]; + local_env->dyn_env = NULL; + return 1; +} + +/* Deinit is run as the program is shutting down. It should be used to clean up + * the environment and any left over data. */ +EXPORT void deinit(struct module_env* env, int id) { + log_info("dynlib: hello world from deinit"); + struct dynlibmod_env* de = (struct dynlibmod_env*) env->modinfo[id]; + de->inplace_cb_delete_wrapped(env, inplace_cb_reply, id); + if (de->dyn_env != NULL) free(de->dyn_env); +} + +/* Operate is called every time a query passes by this module. The event can be + * used to determine which direction in the module chain it came from. */ +EXPORT void operate(struct module_qstate* qstate, enum module_ev event, + int id, struct outbound_entry* entry) { + log_info("dynlib: hello world from operate"); + log_info("dynlib: incoming query: %s %s(%d) %s(%d)", + qstate->qinfo.qname, + sldns_lookup_by_id(sldns_rr_classes, qstate->qinfo.qclass)->name, + qstate->qinfo.qclass, + sldns_rr_descript(qstate->qinfo.qtype)->_name, + qstate->qinfo.qtype); + if (event == module_event_new || event == module_event_pass) { + qstate->ext_state[id] = module_wait_module; + struct dynlibmod_env* env = qstate->env->modinfo[id]; + if (env->dyn_env == NULL) { + env->dyn_env = calloc(3, sizeof(int)); + ((int *)env->dyn_env)[0] = 42; + ((int *)env->dyn_env)[1] = 102; + ((int *)env->dyn_env)[2] = 192; + } else { + log_err("dynlib: already has data!"); + qstate->ext_state[id] = module_error; + } + } else if (event == module_event_moddone) { + qstate->ext_state[id] = module_finished; + } else { + qstate->ext_state[id] = module_error; + } +} + +/* Inform super is called when a query is completed or errors out, but only if + * a sub-query has been registered to it by this module. Look at + * mesh_attach_sub in services/mesh.h to see how this is done. */ +EXPORT void inform_super(struct module_qstate* qstate, int id, + struct module_qstate* super) { + log_info("dynlib: hello world from inform_super"); +} + +/* Clear is called once a query is complete and the response has been sent + * back. It is used to clear up any per-query allocations. */ +EXPORT void clear(struct module_qstate* qstate, int id) { + log_info("dynlib: hello world from clear"); + struct dynlibmod_env* env = qstate->env->modinfo[id]; + if (env->dyn_env != NULL) { + free(env->dyn_env); + env->dyn_env = NULL; + } +} + +/* Get mem is called when Unbound is printing performance information. This + * only happens explicitly and is only used to show memory usage to the user. */ +EXPORT size_t get_mem(struct module_env* env, int id) { + log_info("dynlib: hello world from get_mem"); + return 0; +} + +/* The callback that was forward declared earlier. It is registered in the init + * procedure to run when a query is being replied to. */ +int reply_callback(struct query_info* qinfo, + struct module_qstate* qstate, struct reply_info* rep, int rcode, + struct edns_data* edns, struct edns_option** opt_list_out, + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback) { + log_info("dynlib: hello world from callback"); + struct dynlibmod_env* env = qstate->env->modinfo[id]; + if (env->dyn_env != NULL) { + log_info("dynlib: numbers gotten from query: %d, %d, and %d", + ((int *)env->dyn_env)[0], + ((int *)env->dyn_env)[1], + ((int *)env->dyn_env)[2]); + } + return 0; +} diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index 37dc550cd..f1b401b90 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -386,8 +386,7 @@ update_cache(struct module_qstate *qstate, int id) rep->flags |= (BIT_RA | BIT_QR); /* fix flags to be sensible for */ rep->flags &= ~(BIT_AA | BIT_CD);/* a reply based on the cache */ addrtree_insert(tree, (addrkey_t*)edns->subnet_addr, - edns->subnet_source_mask, - sq->ecs_server_in.subnet_scope_mask, rep, + edns->subnet_source_mask, sq->max_scope, rep, rep->ttl, *qstate->env->now); lock_rw_unlock(&lru_entry->lock); @@ -543,7 +542,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) c_out->subnet_addr_fam = c_in->subnet_addr_fam; c_out->subnet_source_mask = c_in->subnet_source_mask; memcpy(&c_out->subnet_addr, &c_in->subnet_addr, INET6_SIZE); - c_out->subnet_scope_mask = s_in->subnet_scope_mask; + c_out->subnet_scope_mask = sq->max_scope; /* Limit scope returned to client to scope used for caching. */ if(c_out->subnet_addr_fam == EDNSSUBNET_ADDRFAM_IP4) { if(c_out->subnet_scope_mask > @@ -648,6 +647,19 @@ ecs_query_response(struct module_qstate* qstate, struct dns_msg* response, qstate->env->cfg->client_subnet_opcode); sq->subnet_sent = 0; memset(&sq->ecs_server_out, 0, sizeof(sq->ecs_server_out)); + } else if (!sq->track_max_scope && + FLAGS_GET_RCODE(response->rep->flags) == LDNS_RCODE_NOERROR && + response->rep->an_numrrsets > 0 + ) { + struct ub_packed_rrset_key* s = response->rep->rrsets[0]; + if(ntohs(s->rk.type) == LDNS_RR_TYPE_CNAME && + query_dname_compare(qstate->qinfo.qname, + s->rk.dname) == 0) { + /* CNAME response for QNAME. From now on keep track of + * longest received ECS prefix for all queries on this + * qstate. */ + sq->track_max_scope = 1; + } } return 1; } @@ -663,16 +675,19 @@ ecs_edns_back_parsed(struct module_qstate* qstate, int id, return 1; if((ecs_opt = edns_opt_list_find( qstate->edns_opts_back_in, - qstate->env->cfg->client_subnet_opcode))) { - if(parse_subnet_option(ecs_opt, &sq->ecs_server_in) && - sq->subnet_sent && - sq->ecs_server_in.subnet_validdata) + qstate->env->cfg->client_subnet_opcode)) && + parse_subnet_option(ecs_opt, &sq->ecs_server_in) && + sq->subnet_sent && sq->ecs_server_in.subnet_validdata) { /* Only skip global cache store if we sent an ECS option * and received one back. Answers from non-whitelisted * servers will end up in global cache. Answers for * queries with 0 source will not (unless nameserver * does not support ECS). */ qstate->no_cache_store = 1; + if(!sq->track_max_scope || (sq->track_max_scope && + sq->ecs_server_in.subnet_scope_mask > + sq->max_scope)) + sq->max_scope = sq->ecs_server_in.subnet_scope_mask; } return 1; diff --git a/edns-subnet/subnetmod.h b/edns-subnet/subnetmod.h index e408627b0..27ba2ee74 100644 --- a/edns-subnet/subnetmod.h +++ b/edns-subnet/subnetmod.h @@ -45,6 +45,7 @@ #include "util/alloc.h" #include "util/net_help.h" #include "util/storage/slabhash.h" +#include "util/data/dname.h" #include "edns-subnet/addrtree.h" #include "edns-subnet/edns-subnet.h" @@ -83,6 +84,12 @@ struct subnet_qstate { struct ecs_data ecs_server_out; int subnet_downstream; int subnet_sent; + /** keep track of longest received scope, set after receiving CNAME for + * incoming QNAME. */ + int track_max_scope; + /** longest received scope mask since track_max_scope is set. This value + * is used for caching and answereing to client. */ + uint8_t max_scope; /** has the subnet module been started with no_cache_store? */ int started_no_cache_store; }; diff --git a/ipset/ipset.c b/ipset/ipset.c old mode 100755 new mode 100644 diff --git a/ipset/ipset.h b/ipset/ipset.h old mode 100755 new mode 100644 diff --git a/iterator/iter_delegpt.c b/iterator/iter_delegpt.c index f88b3e115..9a672b0af 100644 --- a/iterator/iter_delegpt.c +++ b/iterator/iter_delegpt.c @@ -84,7 +84,7 @@ struct delegpt* delegpt_copy(struct delegpt* dp, struct regional* region) } for(a = dp->target_list; a; a = a->next_target) { if(!delegpt_add_addr(copy, region, &a->addr, a->addrlen, - a->bogus, a->lame, a->tls_auth_name)) + a->bogus, a->lame, a->tls_auth_name, NULL)) return NULL; } return copy; @@ -161,7 +161,7 @@ delegpt_find_addr(struct delegpt* dp, struct sockaddr_storage* addr, int delegpt_add_target(struct delegpt* dp, struct regional* region, uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t bogus, uint8_t lame) + socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions) { struct delegpt_ns* ns = delegpt_find_ns(dp, name, namelen); log_assert(!dp->dp_type_mlc); @@ -176,13 +176,14 @@ delegpt_add_target(struct delegpt* dp, struct regional* region, if(ns->got4 && ns->got6) ns->resolved = 1; } - return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, NULL); + return delegpt_add_addr(dp, region, addr, addrlen, bogus, lame, NULL, + additions); } int delegpt_add_addr(struct delegpt* dp, struct regional* region, struct sockaddr_storage* addr, socklen_t addrlen, uint8_t bogus, - uint8_t lame, char* tls_auth_name) + uint8_t lame, char* tls_auth_name, int* additions) { struct delegpt_addr* a; log_assert(!dp->dp_type_mlc); @@ -194,6 +195,8 @@ delegpt_add_addr(struct delegpt* dp, struct regional* region, a->lame = 0; return 1; } + if(additions) + *additions = 1; a = (struct delegpt_addr*)regional_alloc(region, sizeof(struct delegpt_addr)); @@ -382,10 +385,10 @@ delegpt_from_message(struct dns_msg* msg, struct regional* region) continue; if(ntohs(s->rk.type) == LDNS_RR_TYPE_A) { - if(!delegpt_add_rrset_A(dp, region, s, 0)) + if(!delegpt_add_rrset_A(dp, region, s, 0, NULL)) return NULL; } else if(ntohs(s->rk.type) == LDNS_RR_TYPE_AAAA) { - if(!delegpt_add_rrset_AAAA(dp, region, s, 0)) + if(!delegpt_add_rrset_AAAA(dp, region, s, 0, NULL)) return NULL; } } @@ -416,7 +419,7 @@ delegpt_rrset_add_ns(struct delegpt* dp, struct regional* region, int delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, uint8_t lame) + struct ub_packed_rrset_key* ak, uint8_t lame, int* additions) { struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; size_t i; @@ -432,7 +435,7 @@ delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, memmove(&sa.sin_addr, d->rr_data[i]+2, INET_SIZE); if(!delegpt_add_target(dp, region, ak->rk.dname, ak->rk.dname_len, (struct sockaddr_storage*)&sa, - len, (d->security==sec_status_bogus), lame)) + len, (d->security==sec_status_bogus), lame, additions)) return 0; } return 1; @@ -440,7 +443,7 @@ delegpt_add_rrset_A(struct delegpt* dp, struct regional* region, int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* ak, uint8_t lame) + struct ub_packed_rrset_key* ak, uint8_t lame, int* additions) { struct packed_rrset_data* d=(struct packed_rrset_data*)ak->entry.data; size_t i; @@ -456,7 +459,7 @@ delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, memmove(&sa.sin6_addr, d->rr_data[i]+2, INET6_SIZE); if(!delegpt_add_target(dp, region, ak->rk.dname, ak->rk.dname_len, (struct sockaddr_storage*)&sa, - len, (d->security==sec_status_bogus), lame)) + len, (d->security==sec_status_bogus), lame, additions)) return 0; } return 1; @@ -464,20 +467,33 @@ delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* region, int delegpt_add_rrset(struct delegpt* dp, struct regional* region, - struct ub_packed_rrset_key* rrset, uint8_t lame) + struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions) { if(!rrset) return 1; if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_NS) return delegpt_rrset_add_ns(dp, region, rrset, lame); else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_A) - return delegpt_add_rrset_A(dp, region, rrset, lame); + return delegpt_add_rrset_A(dp, region, rrset, lame, additions); else if(ntohs(rrset->rk.type) == LDNS_RR_TYPE_AAAA) - return delegpt_add_rrset_AAAA(dp, region, rrset, lame); + return delegpt_add_rrset_AAAA(dp, region, rrset, lame, + additions); log_warn("Unknown rrset type added to delegpt"); return 1; } +void delegpt_mark_neg(struct delegpt_ns* ns, uint16_t qtype) +{ + if(ns) { + if(qtype == LDNS_RR_TYPE_A) + ns->got4 = 2; + else if(qtype == LDNS_RR_TYPE_AAAA) + ns->got6 = 2; + if(ns->got4 && ns->got6) + ns->resolved = 1; + } +} + void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) { struct reply_info* rep = (struct reply_info*)msg->entry.data; @@ -487,14 +503,7 @@ void delegpt_add_neg_msg(struct delegpt* dp, struct msgreply_entry* msg) if(FLAGS_GET_RCODE(rep->flags) != 0 || rep->an_numrrsets == 0) { struct delegpt_ns* ns = delegpt_find_ns(dp, msg->key.qname, msg->key.qname_len); - if(ns) { - if(msg->key.qtype == LDNS_RR_TYPE_A) - ns->got4 = 1; - else if(msg->key.qtype == LDNS_RR_TYPE_AAAA) - ns->got6 = 1; - if(ns->got4 && ns->got6) - ns->resolved = 1; - } + delegpt_mark_neg(ns, msg->key.qtype); } } diff --git a/iterator/iter_delegpt.h b/iterator/iter_delegpt.h index 6c0882645..138eb6e1b 100644 --- a/iterator/iter_delegpt.h +++ b/iterator/iter_delegpt.h @@ -106,9 +106,10 @@ struct delegpt_ns { * and marked true if got4 and got6 are both true. */ int resolved; - /** if the ipv4 address is in the delegpt */ + /** if the ipv4 address is in the delegpt, 0=not, 1=yes 2=negative, + * negative means it was done, but no content. */ uint8_t got4; - /** if the ipv6 address is in the delegpt */ + /** if the ipv6 address is in the delegpt, 0=not, 1=yes 2=negative */ uint8_t got6; /** * If the name is parent-side only and thus dispreferred. @@ -215,11 +216,12 @@ int delegpt_rrset_add_ns(struct delegpt* dp, struct regional* regional, * @param addrlen: the length of addr. * @param bogus: security status for the address, pass true if bogus. * @param lame: address is lame. + * @param additions: will be set to 1 if a new address is added * @return false on error. */ int delegpt_add_target(struct delegpt* dp, struct regional* regional, uint8_t* name, size_t namelen, struct sockaddr_storage* addr, - socklen_t addrlen, uint8_t bogus, uint8_t lame); + socklen_t addrlen, uint8_t bogus, uint8_t lame, int* additions); /** * Add A RRset to delegpt. @@ -227,10 +229,11 @@ int delegpt_add_target(struct delegpt* dp, struct regional* regional, * @param regional: where to allocate the info. * @param rrset: RRset A to add. * @param lame: rrset is lame, disprefer it. + * @param additions: will be set to 1 if a new address is added * @return 0 on alloc error. */ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, uint8_t lame); + struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); /** * Add AAAA RRset to delegpt. @@ -238,10 +241,11 @@ int delegpt_add_rrset_A(struct delegpt* dp, struct regional* regional, * @param regional: where to allocate the info. * @param rrset: RRset AAAA to add. * @param lame: rrset is lame, disprefer it. + * @param additions: will be set to 1 if a new address is added * @return 0 on alloc error. */ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, uint8_t lame); + struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); /** * Add any RRset to delegpt. @@ -250,10 +254,11 @@ int delegpt_add_rrset_AAAA(struct delegpt* dp, struct regional* regional, * @param regional: where to allocate the info. * @param rrset: RRset to add, NS, A, AAAA. * @param lame: rrset is lame, disprefer it. + * @param additions: will be set to 1 if a new address is added * @return 0 on alloc error. */ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, - struct ub_packed_rrset_key* rrset, uint8_t lame); + struct ub_packed_rrset_key* rrset, uint8_t lame, int* additions); /** * Add address to the delegation point. No servername is associated or checked. @@ -264,11 +269,12 @@ int delegpt_add_rrset(struct delegpt* dp, struct regional* regional, * @param bogus: if address is bogus. * @param lame: if address is lame. * @param tls_auth_name: TLS authentication name (or NULL). + * @param additions: will be set to 1 if a new address is added * @return false on error. */ int delegpt_add_addr(struct delegpt* dp, struct regional* regional, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t bogus, uint8_t lame, char* tls_auth_name); + uint8_t bogus, uint8_t lame, char* tls_auth_name, int* additions); /** * Find NS record in name list of delegation point. @@ -341,6 +347,14 @@ size_t delegpt_count_targets(struct delegpt* dp); struct delegpt* delegpt_from_message(struct dns_msg* msg, struct regional* regional); +/** + * Mark negative return in delegation point for specific nameserver. + * sets the got4 or got6 to negative, updates the ns->resolved. + * @param ns: the nameserver in the delegpt. + * @param qtype: A or AAAA (host order). + */ +void delegpt_mark_neg(struct delegpt_ns* ns, uint16_t qtype); + /** * Add negative message to delegation point. * @param dp: delegation point. diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index cceec3d56..aae934dd4 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -185,8 +185,9 @@ mark_additional_rrset(sldns_buffer* pkt, struct msg_parse* msg, /** Get target name of a CNAME */ static int parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, - size_t* snamelen) + size_t* snamelen, sldns_buffer* pkt) { + size_t oldpos, dlen; if(rrset->rr_count != 1) { struct rr_parse* sig; verbose(VERB_ALGO, "Found CNAME rrset with " @@ -204,6 +205,19 @@ parse_get_cname_target(struct rrset_parse* rrset, uint8_t** sname, *sname = rrset->rr_first->ttl_data + sizeof(uint32_t) + sizeof(uint16_t); /* skip ttl, rdatalen */ *snamelen = rrset->rr_first->size - sizeof(uint16_t); + + if(rrset->rr_first->outside_packet) { + if(!dname_valid(*sname, *snamelen)) + return 0; + return 1; + } + oldpos = sldns_buffer_position(pkt); + sldns_buffer_set_position(pkt, (size_t)(*sname - sldns_buffer_begin(pkt))); + dlen = pkt_dname_len(pkt); + sldns_buffer_set_position(pkt, oldpos); + if(dlen == 0) + return 0; /* parse fail on the rdata name */ + *snamelen = dlen; return 1; } @@ -215,7 +229,7 @@ synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, /* we already know that sname is a strict subdomain of DNAME owner */ uint8_t* dtarg = NULL; size_t dtarglen; - if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen)) + if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen, pkt)) return 0; if(qnamelen <= dname_rrset->dname_len) return 0; @@ -388,7 +402,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, /* check next cname */ uint8_t* t = NULL; size_t tlen = 0; - if(!parse_get_cname_target(nx, &t, &tlen)) + if(!parse_get_cname_target(nx, &t, &tlen, pkt)) return 0; if(dname_pkt_compare(pkt, alias, t) == 0) { /* it's OK and better capitalized */ @@ -439,7 +453,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, size_t tlen = 0; if(synth_cname(sname, snamelen, nx, alias, &aliaslen, pkt) && - parse_get_cname_target(rrset, &t, &tlen) && + parse_get_cname_target(rrset, &t, &tlen, pkt) && dname_pkt_compare(pkt, alias, t) == 0) { /* the synthesized CNAME equals the * current CNAME. This CNAME is the @@ -460,7 +474,7 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, } /* move to next name in CNAME chain */ - if(!parse_get_cname_target(rrset, &sname, &snamelen)) + if(!parse_get_cname_target(rrset, &sname, &snamelen, pkt)) return 0; prev = rrset; rrset = rrset->rrset_all_next; diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index c726ba6b3..7bc67da69 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -1199,7 +1199,7 @@ int iter_lookup_parent_glue_from_cache(struct module_env* env, log_rrset_key(VERB_ALGO, "found parent-side", akey); ns->done_pside4 = 1; /* a negative-cache-element has no addresses it adds */ - if(!delegpt_add_rrset_A(dp, region, akey, 1)) + if(!delegpt_add_rrset_A(dp, region, akey, 1, NULL)) log_err("malloc failure in lookup_parent_glue"); lock_rw_unlock(&akey->entry.lock); } @@ -1211,7 +1211,7 @@ int iter_lookup_parent_glue_from_cache(struct module_env* env, log_rrset_key(VERB_ALGO, "found parent-side", akey); ns->done_pside6 = 1; /* a negative-cache-element has no addresses it adds */ - if(!delegpt_add_rrset_AAAA(dp, region, akey, 1)) + if(!delegpt_add_rrset_AAAA(dp, region, akey, 1, NULL)) log_err("malloc failure in lookup_parent_glue"); lock_rw_unlock(&akey->entry.lock); } diff --git a/iterator/iterator.c b/iterator/iterator.c index eea2f2fb2..99d020117 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -72,6 +72,8 @@ /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; +static void target_count_increase_nx(struct iter_qstate* iq, int num); + int iter_init(struct module_env* env, int id) { @@ -150,6 +152,7 @@ iter_new(struct module_qstate* qstate, int id) iq->sent_count = 0; iq->ratelimit_ok = 0; iq->target_count = NULL; + iq->dp_target_count = 0; iq->wait_priming_stub = 0; iq->refetch_glue = 0; iq->dnssec_expected = 0; @@ -221,6 +224,7 @@ final_state(struct iter_qstate* iq) static void error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) { + struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; struct iter_qstate* super_iq = (struct iter_qstate*)super->minfo[id]; if(qstate->qinfo.qtype == LDNS_RR_TYPE_A || @@ -246,7 +250,11 @@ error_supers(struct module_qstate* qstate, int id, struct module_qstate* super) super->region, super_iq->dp)) log_err("out of memory adding missing"); } + delegpt_mark_neg(dpns, qstate->qinfo.qtype); dpns->resolved = 1; /* mark as failed */ + if((dpns->got4 == 2 || !ie->supports_ipv4) && + (dpns->got6 == 2 || !ie->supports_ipv6)) + target_count_increase_nx(super_iq, 1); } if(qstate->qinfo.qtype == LDNS_RR_TYPE_NS) { /* prime failed to get delegation */ @@ -621,7 +629,7 @@ static void target_count_create(struct iter_qstate* iq) { if(!iq->target_count) { - iq->target_count = (int*)calloc(2, sizeof(int)); + iq->target_count = (int*)calloc(3, sizeof(int)); /* if calloc fails we simply do not track this number */ if(iq->target_count) iq->target_count[0] = 1; @@ -634,6 +642,15 @@ target_count_increase(struct iter_qstate* iq, int num) target_count_create(iq); if(iq->target_count) iq->target_count[1] += num; + iq->dp_target_count++; +} + +static void +target_count_increase_nx(struct iter_qstate* iq, int num) +{ + target_count_create(iq); + if(iq->target_count) + iq->target_count[2] += num; } /** @@ -656,13 +673,15 @@ target_count_increase(struct iter_qstate* iq, int num) * @param subq_ret: if newly allocated, the subquerystate, or NULL if it does * not need initialisation. * @param v: if true, validation is done on the subquery. + * @param detached: true if this qstate should not attach to the subquery * @return false on error (malloc). */ static int generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, struct module_qstate* qstate, int id, struct iter_qstate* iq, enum iter_state initial_state, - enum iter_state finalstate, struct module_qstate** subq_ret, int v) + enum iter_state finalstate, struct module_qstate** subq_ret, int v, + int detached) { struct module_qstate* subq = NULL; struct iter_qstate* subiq = NULL; @@ -689,11 +708,23 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, valrec = 1; } - /* attach subquery, lookup existing or make a new one */ - fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); - if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, valrec, - &subq)) { - return 0; + if(detached) { + struct mesh_state* sub = NULL; + fptr_ok(fptr_whitelist_modenv_add_sub( + qstate->env->add_sub)); + if(!(*qstate->env->add_sub)(qstate, &qinf, + qflags, prime, valrec, &subq, &sub)){ + return 0; + } + } + else { + /* attach subquery, lookup existing or make a new one */ + fptr_ok(fptr_whitelist_modenv_attach_sub( + qstate->env->attach_sub)); + if(!(*qstate->env->attach_sub)(qstate, &qinf, qflags, prime, + valrec, &subq)) { + return 0; + } } *subq_ret = subq; if(subq) { @@ -716,6 +747,7 @@ generate_sub_request(uint8_t* qname, size_t qnamelen, uint16_t qtype, subiq->target_count = iq->target_count; if(iq->target_count) iq->target_count[0] ++; /* extra reference */ + subiq->dp_target_count = 0; subiq->num_current_queries = 0; subiq->depth = iq->depth+1; outbound_list_init(&subiq->outlist); @@ -759,7 +791,7 @@ prime_root(struct module_qstate* qstate, struct iter_qstate* iq, int id, * the normal INIT state logic (which would cause an infloop). */ if(!generate_sub_request((uint8_t*)"\000", 1, LDNS_RR_TYPE_NS, qclass, qstate, id, iq, QUERYTARGETS_STATE, PRIME_RESP_STATE, - &subq, 0)) { + &subq, 0, 0)) { verbose(VERB_ALGO, "could not prime root"); return 0; } @@ -850,7 +882,7 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq, int id, * redundant INIT state processing. */ if(!generate_sub_request(stub_dp->name, stub_dp->namelen, LDNS_RR_TYPE_NS, qclass, qstate, id, iq, - QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq, 0)) { + QUERYTARGETS_STATE, PRIME_RESP_STATE, &subq, 0, 0)) { verbose(VERB_ALGO, "could not prime stub"); errinf(qstate, "could not generate lookup for stub prime"); (void)error_response(qstate, id, LDNS_RCODE_SERVFAIL); @@ -1025,7 +1057,7 @@ generate_a_aaaa_check(struct module_qstate* qstate, struct iter_qstate* iq, if(!generate_sub_request(s->rk.dname, s->rk.dname_len, ntohs(s->rk.type), ntohs(s->rk.rrset_class), qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { + INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { verbose(VERB_ALGO, "could not generate addr check"); return; } @@ -1069,7 +1101,7 @@ generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id) iq->dp->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); if(!generate_sub_request(iq->dp->name, iq->dp->namelen, LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { + INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { verbose(VERB_ALGO, "could not generate ns check"); return; } @@ -1126,7 +1158,7 @@ generate_dnskey_prefetch(struct module_qstate* qstate, iq->dp->name, LDNS_RR_TYPE_DNSKEY, iq->qchase.qclass); if(!generate_sub_request(iq->dp->name, iq->dp->namelen, LDNS_RR_TYPE_DNSKEY, iq->qchase.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) { + INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) { /* we'll be slower, but it'll work */ verbose(VERB_ALGO, "could not generate dnskey prefetch"); return; @@ -1315,6 +1347,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, iq->refetch_glue = 0; iq->query_restart_count++; iq->sent_count = 0; + iq->dp_target_count = 0; sock_list_insert(&qstate->reply_origin, NULL, 0, qstate->region); if(qstate->env->cfg->qname_minimisation) iq->minimisation_state = INIT_MINIMISE_STATE; @@ -1693,7 +1726,7 @@ generate_parentside_target_query(struct module_qstate* qstate, { struct module_qstate* subq; if(!generate_sub_request(name, namelen, qtype, qclass, qstate, - id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) + id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) return 0; if(subq) { struct iter_qstate* subiq = @@ -1744,7 +1777,7 @@ generate_target_query(struct module_qstate* qstate, struct iter_qstate* iq, { struct module_qstate* subq; if(!generate_sub_request(name, namelen, qtype, qclass, qstate, - id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) + id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) return 0; log_nametypeclass(VERB_QUERY, "new target", name, qtype, qclass); return 1; @@ -1783,6 +1816,14 @@ query_for_targets(struct module_qstate* qstate, struct iter_qstate* iq, "number of glue fetches %d", s, iq->target_count[1]); return 0; } + if(iq->dp_target_count > MAX_DP_TARGET_COUNT) { + char s[LDNS_MAX_DOMAINLEN+1]; + dname_str(qstate->qinfo.qname, s); + verbose(VERB_QUERY, "request %s has exceeded the maximum " + "number of glue fetches %d to a single delegation point", + s, iq->dp_target_count); + return 0; + } iter_mark_cycle_targets(qstate, iq->dp); missing = (int)delegpt_count_missing_targets(iq->dp); @@ -1896,7 +1937,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, for(a = p->target_list; a; a=a->next_target) { (void)delegpt_add_addr(iq->dp, qstate->region, &a->addr, a->addrlen, a->bogus, - a->lame, a->tls_auth_name); + a->lame, a->tls_auth_name, NULL); } } iq->dp->has_parent_side_NS = 1; @@ -1913,6 +1954,7 @@ processLastResort(struct module_qstate* qstate, struct iter_qstate* iq, iq->refetch_glue = 1; iq->query_restart_count++; iq->sent_count = 0; + iq->dp_target_count = 0; if(qstate->env->cfg->qname_minimisation) iq->minimisation_state = INIT_MINIMISE_STATE; return next_state(iq, INIT_REQUEST_STATE); @@ -2078,7 +2120,7 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) iq->dsns_point, LDNS_RR_TYPE_NS, iq->qchase.qclass); if(!generate_sub_request(iq->dsns_point, iq->dsns_point_len, LDNS_RR_TYPE_NS, iq->qchase.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0)) { + INIT_REQUEST_STATE, FINISHED_STATE, &subq, 0, 0)) { errinf_dname(qstate, "for DS query parent-child nameserver search, could not generate NS lookup for", iq->dsns_point); return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL); } @@ -2136,6 +2178,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, errinf(qstate, "exceeded the maximum number of sends"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } + if(iq->target_count && iq->target_count[2] > MAX_TARGET_NX) { + verbose(VERB_QUERY, "request has exceeded the maximum " + " number of nxdomain nameserver lookups with %d", + iq->target_count[2]); + errinf(qstate, "exceeded the maximum nameserver nxdomains"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } /* Make sure we have a delegation point, otherwise priming failed * or another failure occurred */ @@ -2240,12 +2289,41 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->qinfo_out.qtype, iq->qinfo_out.qclass, qstate->query_flags, qstate->region, qstate->env->scratch, 0); - if(msg && msg->rep->an_numrrsets == 0 - && FLAGS_GET_RCODE(msg->rep->flags) == + if(msg && FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NOERROR) /* no need to send query if it is already - * cached as NOERROR/NODATA */ + * cached as NOERROR */ return 1; + if(msg && FLAGS_GET_RCODE(msg->rep->flags) == + LDNS_RCODE_NXDOMAIN && + qstate->env->need_to_validate && + qstate->env->cfg->harden_below_nxdomain) { + if(msg->rep->security == sec_status_secure) { + iq->response = msg; + return final_state(iq); + } + if(msg->rep->security == sec_status_unchecked) { + struct module_qstate* subq = NULL; + if(!generate_sub_request( + iq->qinfo_out.qname, + iq->qinfo_out.qname_len, + iq->qinfo_out.qtype, + iq->qinfo_out.qclass, + qstate, id, iq, + INIT_REQUEST_STATE, + FINISHED_STATE, &subq, 1, 1)) + verbose(VERB_ALGO, + "could not validate NXDOMAIN " + "response"); + } + } + if(msg && FLAGS_GET_RCODE(msg->rep->flags) == + LDNS_RCODE_NXDOMAIN) { + /* return and add a label in the next + * minimisation iteration. + */ + return 1; + } } } if(iq->minimisation_state == SKIP_MINIMISE_STATE) { @@ -2321,6 +2399,8 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, * generated query will immediately be discarded due to depth and * that servfail is cached, which is not good as opportunism goes. */ if(iq->depth < ie->max_dependency_depth + && iq->num_target_queries == 0 + && (!iq->target_count || iq->target_count[2]==0) && iq->sent_count < TARGET_FETCH_STOP) { tf_policy = ie->target_fetch_policy[iq->depth]; } @@ -2366,6 +2446,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->num_current_queries++; /* RespState decrements it*/ iq->referral_count++; /* make sure we don't loop */ iq->sent_count = 0; + iq->dp_target_count = 0; iq->state = QUERY_RESP_STATE; return 1; } @@ -2453,6 +2534,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, iq->num_current_queries++; /* RespState decrements it*/ iq->referral_count++; /* make sure we don't loop */ iq->sent_count = 0; + iq->dp_target_count = 0; iq->state = QUERY_RESP_STATE; return 1; } @@ -2748,7 +2830,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* Make subrequest to validate intermediate * NXDOMAIN if harden-below-nxdomain is * enabled. */ - if(qstate->env->cfg->harden_below_nxdomain) { + if(qstate->env->cfg->harden_below_nxdomain && + qstate->env->need_to_validate) { struct module_qstate* subq = NULL; log_query_info(VERB_QUERY, "schedule NXDOMAIN validation:", @@ -2760,16 +2843,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iq->response->qinfo.qclass, qstate, id, iq, INIT_REQUEST_STATE, - FINISHED_STATE, &subq, 1)) + FINISHED_STATE, &subq, 1, 1)) verbose(VERB_ALGO, "could not validate NXDOMAIN " "response"); - outbound_list_clear(&iq->outlist); - iq->num_current_queries = 0; - fptr_ok(fptr_whitelist_modenv_detach_subs( - qstate->env->detach_subs)); - (*qstate->env->detach_subs)(qstate); - iq->num_target_queries = 0; } } return next_state(iq, QUERYTARGETS_STATE); @@ -2853,6 +2930,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* Count this as a referral. */ iq->referral_count++; iq->sent_count = 0; + iq->dp_target_count = 0; /* see if the next dp is a trust anchor, or a DS was sent * along, indicating dnssec is expected for next zone */ iq->dnssec_expected = iter_indicates_dnssec(qstate->env, @@ -2929,6 +3007,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iq->dsns_point = NULL; iq->auth_zone_response = 0; iq->sent_count = 0; + iq->dp_target_count = 0; if(iq->minimisation_state != MINIMISE_STATE) /* Only count as query restart when it is not an extra * query as result of qname minimisation. */ @@ -3112,7 +3191,7 @@ processPrimeResponse(struct module_qstate* qstate, int id) /* validate the root or stub after priming (if enabled). * This is the same query as the prime query, but with validation. * Now that we are primed, the additional queries that validation - * may need can be resolved, such as DLV. */ + * may need can be resolved. */ if(qstate->env->cfg->harden_referral_path) { struct module_qstate* subq = NULL; log_nametypeclass(VERB_ALGO, "schedule prime validation", @@ -3121,7 +3200,7 @@ processPrimeResponse(struct module_qstate* qstate, int id) if(!generate_sub_request(qstate->qinfo.qname, qstate->qinfo.qname_len, qstate->qinfo.qtype, qstate->qinfo.qclass, qstate, id, iq, - INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1)) { + INIT_REQUEST_STATE, FINISHED_STATE, &subq, 1, 0)) { verbose(VERB_ALGO, "could not generate prime check"); } generate_a_aaaa_check(qstate, iq, id); @@ -3149,6 +3228,7 @@ static void processTargetResponse(struct module_qstate* qstate, int id, struct module_qstate* forq) { + struct iter_env* ie = (struct iter_env*)qstate->env->modinfo[id]; struct iter_qstate* iq = (struct iter_qstate*)qstate->minfo[id]; struct iter_qstate* foriq = (struct iter_qstate*)forq->minfo[id]; struct ub_packed_rrset_key* rrset; @@ -3186,7 +3266,7 @@ processTargetResponse(struct module_qstate* qstate, int id, log_rrset_key(VERB_ALGO, "add parentside glue to dp", iq->pside_glue); if(!delegpt_add_rrset(foriq->dp, forq->region, - iq->pside_glue, 1)) + iq->pside_glue, 1, NULL)) log_err("out of memory adding pside glue"); } @@ -3197,6 +3277,7 @@ processTargetResponse(struct module_qstate* qstate, int id, * response type was ANSWER. */ rrset = reply_find_answer_rrset(&iq->qchase, qstate->return_msg->rep); if(rrset) { + int additions = 0; /* if CNAMEs have been followed - add new NS to delegpt. */ /* BTW. RFC 1918 says NS should not have got CNAMEs. Robust. */ if(!delegpt_find_ns(foriq->dp, rrset->rk.dname, @@ -3208,13 +3289,23 @@ processTargetResponse(struct module_qstate* qstate, int id, } /* if dpns->lame then set the address(es) lame too */ if(!delegpt_add_rrset(foriq->dp, forq->region, rrset, - dpns->lame)) + dpns->lame, &additions)) log_err("out of memory adding targets"); + if(!additions) { + /* no new addresses, increase the nxns counter, like + * this could be a list of wildcards with no new + * addresses */ + target_count_increase_nx(foriq, 1); + } verbose(VERB_ALGO, "added target response"); delegpt_log(VERB_ALGO, foriq->dp); } else { verbose(VERB_ALGO, "iterator TargetResponse failed"); + delegpt_mark_neg(dpns, qstate->qinfo.qtype); dpns->resolved = 1; /* fail the target */ + if((dpns->got4 == 2 || !ie->supports_ipv4) && + (dpns->got6 == 2 || !ie->supports_ipv6)) + target_count_increase_nx(foriq, 1); } } @@ -3388,7 +3479,7 @@ processCollectClass(struct module_qstate* qstate, int id) qstate->qinfo.qname_len, qstate->qinfo.qtype, c, qstate, id, iq, INIT_REQUEST_STATE, FINISHED_STATE, &subq, - (int)!(qstate->query_flags&BIT_CD))) { + (int)!(qstate->query_flags&BIT_CD), 0)) { errinf(qstate, "could not generate class ANY" " lookup query"); return error_response(qstate, id, diff --git a/iterator/iterator.h b/iterator/iterator.h index 26ff39559..342ac207e 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@ -55,6 +55,11 @@ struct rbtree_type; /** max number of targets spawned for a query and its subqueries */ #define MAX_TARGET_COUNT 64 +/** max number of target lookups per qstate, per delegation point */ +#define MAX_DP_TARGET_COUNT 16 +/** max number of nxdomains allowed for target lookups for a query and + * its subqueries */ +#define MAX_TARGET_NX 5 /** max number of query restarts. Determines max number of CNAME chain. */ #define MAX_RESTART_COUNT 8 /** max number of referrals. Makes sure resolver does not run away */ @@ -305,9 +310,14 @@ struct iter_qstate { int sent_count; /** number of target queries spawned in [1], for this query and its - * subqueries, the malloced-array is shared, [0] refcount. */ + * subqueries, the malloced-array is shared, [0] refcount. + * in [2] the number of nxdomains is counted. */ int* target_count; + /** number of target lookups per delegation point. Reset to 0 after + * receiving referral answer. Not shared with subqueries. */ + int dp_target_count; + /** if true, already tested for ratelimiting and passed the test */ int ratelimit_ok; diff --git a/libunbound/context.c b/libunbound/context.c index 6d62e32b5..cff2831a7 100644 --- a/libunbound/context.c +++ b/libunbound/context.c @@ -50,6 +50,7 @@ #include "services/authzone.h" #include "util/data/msgreply.h" #include "util/storage/slabhash.h" +#include "util/edns.h" #include "sldns/sbuffer.h" int @@ -79,6 +80,8 @@ context_finalize(struct ub_ctx* ctx) return UB_INITFAIL; if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz)) return UB_INITFAIL; + if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg)) + return UB_INITFAIL; if(!slabhash_is_size(ctx->env->msg_cache, cfg->msg_cache_size, cfg->msg_cache_slabs)) { slabhash_delete(ctx->env->msg_cache); diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 3b30419b3..c9e24ba8d 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -58,6 +58,7 @@ #include "util/net_help.h" #include "util/tube.h" #include "util/ub_event.h" +#include "util/edns.h" #include "services/modstack.h" #include "services/localzone.h" #include "services/cache/infra.h" @@ -153,6 +154,18 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) errno = ENOMEM; return NULL; } + ctx->env->edns_strings = edns_strings_create(); + if(!ctx->env->edns_strings) { + auth_zones_delete(ctx->env->auth_zones); + edns_known_options_delete(ctx->env); + config_delete(ctx->env->cfg); + free(ctx->env); + ub_randfree(ctx->seed_rnd); + free(ctx); + errno = ENOMEM; + return NULL; + } + ctx->env->alloc = &ctx->superalloc; ctx->env->worker = NULL; ctx->env->need_to_validate = 0; @@ -173,6 +186,7 @@ ub_ctx_create(void) config_delete(ctx->env->cfg); modstack_desetup(&ctx->mods, ctx->env); edns_known_options_delete(ctx->env); + edns_strings_delete(ctx->env->edns_strings); free(ctx->env); free(ctx); errno = e; @@ -185,6 +199,7 @@ ub_ctx_create(void) config_delete(ctx->env->cfg); modstack_desetup(&ctx->mods, ctx->env); edns_known_options_delete(ctx->env); + edns_strings_delete(ctx->env->edns_strings); free(ctx->env); free(ctx); errno = e; @@ -323,6 +338,7 @@ ub_ctx_delete(struct ub_ctx* ctx) infra_delete(ctx->env->infra_cache); config_delete(ctx->env->cfg); edns_known_options_delete(ctx->env); + edns_strings_delete(ctx->env->edns_strings); auth_zones_delete(ctx->env->auth_zones); free(ctx->env); } diff --git a/libunbound/libworker.c b/libunbound/libworker.c index be32c3ae8..7f46df386 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -73,12 +73,15 @@ #include "iterator/iter_hints.h" #include "sldns/sbuffer.h" #include "sldns/str2wire.h" +#ifdef USE_DNSTAP +#include "dnstap/dtstream.h" +#endif #ifdef HAVE_TARGETCONDITIONALS_H #include #endif -#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH) #undef HAVE_FORK #endif @@ -238,7 +241,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) ports, numports, cfg->unwanted_threshold, cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w, cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx, - cfg->delay_close, NULL); + cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect); w->env->outnet = w->back; if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); diff --git a/libunbound/unbound.h b/libunbound/unbound.h index ca9592d62..945c17a8f 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -642,6 +642,7 @@ struct ub_shm_stat_info { long long respip; long long dnscrypt_shared_secret; long long dnscrypt_nonce; + long long dynlib; } mem; }; @@ -696,6 +697,8 @@ struct ub_server_stats { long long qtcp_outgoing; /** number of queries over (DNS over) TLS */ long long qtls; + /** number of queries over (DNS over) HTTPS */ + long long qhttps; /** number of queries over IPv6 */ long long qipv6; /** number of queries with QR bit */ @@ -786,6 +789,10 @@ struct ub_server_stats { long long num_query_subnet_cache; /** number of bytes in the stream wait buffers */ long long mem_stream_wait; + /** number of bytes in the HTTP2 query buffers */ + long long mem_http2_query_buffer; + /** number of bytes in the HTTP2 response buffers */ + long long mem_http2_response_buffer; /** number of TLS connection resume */ long long qtls_resume; /** RPZ action stats */ diff --git a/pythonmod/doc/examples/example6.rst b/pythonmod/doc/examples/example6.rst index d294fb8be..fd6caf74d 100644 --- a/pythonmod/doc/examples/example6.rst +++ b/pythonmod/doc/examples/example6.rst @@ -60,7 +60,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh states. :return: True on success, False on failure. @@ -105,8 +104,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -154,8 +151,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -201,8 +196,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. diff --git a/pythonmod/doc/modules/config.rst b/pythonmod/doc/modules/config.rst index 43333bdae..89afbef8a 100644 --- a/pythonmod/doc/modules/config.rst +++ b/pythonmod/doc/modules/config.rst @@ -256,14 +256,6 @@ config_file Files with trusted DNSKEYs in named.conf format, list. - .. attribute:: dlv_anchor_file - - DLV anchor file. - - .. attribute:: dlv_anchor_list - - DLV anchor inline. - .. attribute:: max_ttl The number of seconds maximal TTL used for RRsets and messages. diff --git a/pythonmod/doc/modules/functions.rst b/pythonmod/doc/modules/functions.rst index 43c66eb38..333f696b8 100644 --- a/pythonmod/doc/modules/functions.rst +++ b/pythonmod/doc/modules/functions.rst @@ -89,7 +89,7 @@ EDNS options Inplace callbacks ----------------- -.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region) +.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs) Function prototype for callback functions used in `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_, @@ -102,6 +102,9 @@ Inplace callbacks :param edns: :class:`edns_data` :param opt_list_out: :class:`edns_option`. EDNS option list to append options to. :param region: :class:`regional` + :param \*\*kwargs: Dictionary that may contain parameters added in a future + release. Current parameters: + ``repinfo``: :class:`comm_reply`. Reply information for a communication point. .. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region) diff --git a/pythonmod/examples/avahi-resolver.py b/pythonmod/examples/avahi-resolver.py index b1d4e36fc..497e1e74f 100644 --- a/pythonmod/examples/avahi-resolver.py +++ b/pythonmod/examples/avahi-resolver.py @@ -59,6 +59,8 @@ # | num-threads: 32 # | cache-max-negative-ttl: 60 # | cache-max-ttl: 60 +# | python: +# | python-script: path/to/this/file # # # The plugin can also be run interactively. Provide the name and diff --git a/pythonmod/examples/inplace_callbacks.py b/pythonmod/examples/inplace_callbacks.py index 768c2d013..de375b4e1 100644 --- a/pythonmod/examples/inplace_callbacks.py +++ b/pythonmod/examples/inplace_callbacks.py @@ -43,7 +43,7 @@ # This query returns SERVFAIL as the txt record of bogus.nlnetlabs.nl is # intentionally bogus. The reply will contain an empty EDNS option # with option code 65003. -# Unbound will also log the source address(es) of the client(s) that made +# Unbound will also log the source address of the client that made # the request. # (unbound needs to be validating for this example to work) @@ -91,8 +91,6 @@ def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -121,8 +119,6 @@ def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -173,8 +169,6 @@ def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -205,13 +199,11 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. For demonstration purposes we want to reply with an empty EDNS code '65003' - and log the IP address(es) of the client(s). + and log the IP address of the client. """ log_info("python: called back while servfail.") @@ -219,30 +211,14 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, b = bytearray.fromhex("") edns_opt_list_append(opt_list_out, 65003, b, region) - # Log the client(s) IP address(es) + # Log the client's IP address comm_reply = kwargs['repinfo'] if comm_reply: - # If it is not None this callback was called before the query reached - # the mesh states(modules). There is only one client associated with - # this query. addr = comm_reply.addr port = comm_reply.port addr_family = comm_reply.family log_info("python: Client IP: {}({}), port: {}" "".format(addr, addr_family, port)) - else: - # If it is not None this callback was called while the query is in the - # mesh states(modules). In this case they may be multiple clients - # waiting for this query. - # The following code is the same as with the resip.py example. - rl = qstate.mesh_info.reply_list - while (rl): - if rl.query_reply: - q = rl.query_reply - log_info("python: Client IP: {}({}), port: {}" - "".format(q.addr, q.family, q.port)) - rl = rl.next - return True diff --git a/pythonmod/interface.i b/pythonmod/interface.i index c02ebaf95..5dae04aa4 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -20,6 +20,7 @@ * called to perform operations on queries. */ #include + #include #ifdef HAVE_SYS_SOCKET_H #include #endif @@ -314,16 +315,16 @@ struct packed_rrset_data { class RRSetData_RRLen: def __init__(self, obj): self.obj = obj def __getitem__(self, index): return _unboundmodule._get_data_rr_len(self.obj, index) - def __len__(self): return obj.count + obj.rrsig_count + def __len__(self): return self.obj.count + self.obj.rrsig_count class RRSetData_RRTTL: def __init__(self, obj): self.obj = obj def __getitem__(self, index): return _unboundmodule._get_data_rr_ttl(self.obj, index) def __setitem__(self, index, value): _unboundmodule._set_data_rr_ttl(self.obj, index, value) - def __len__(self): return obj.count + obj.rrsig_count + def __len__(self): return self.obj.count + self.obj.rrsig_count class RRSetData_RRData: def __init__(self, obj): self.obj = obj def __getitem__(self, index): return _unboundmodule._get_data_rr_data(self.obj, index) - def __len__(self): return obj.count + obj.rrsig_count + def __len__(self): return self.obj.count + self.obj.rrsig_count %} %inline %{ @@ -404,12 +405,12 @@ struct dns_msg { class ReplyInfo_RRSet: def __init__(self, obj): self.obj = obj def __getitem__(self, index): return _unboundmodule._rrset_rrsets_get(self.obj, index) - def __len__(self): return obj.rrset_count + def __len__(self): return self.obj.rrset_count class ReplyInfo_Ref: def __init__(self, obj): self.obj = obj def __getitem__(self, index): return _unboundmodule._rrset_ref_get(self.obj, index) - def __len__(self): return obj.rrset_count + def __len__(self): return self.obj.rrset_count %} %inline %{ @@ -696,6 +697,8 @@ struct edns_data { /* ************************************************************************************ * Structure module_env * ************************************************************************************ */ +%rename(_now) module_env::now; +%rename(_now_tv) module_env::now_tv; struct module_env { struct config_file* cfg; struct slabhash* msg_cache; @@ -739,6 +742,19 @@ struct module_env { size_t edns_known_options_num; }; +%inline %{ + PyObject* _module_env_now_get(struct module_env* env) { + double ts = env->now_tv->tv_sec + env->now_tv->tv_usec / 1e6; + return PyFloat_FromDouble(ts); + } +%} +%extend module_env { + %pythoncode %{ + def _now_get(self): return _module_env_now_get(self) + now = property(_now_get) + %} +} + /* ************************************************************************************ * Structure module_qstate * ************************************************************************************ */ @@ -992,8 +1008,6 @@ struct config_file { struct config_strlist* trust_anchor_file_list; struct config_strlist* trust_anchor_list; struct config_strlist* trusted_keys_file_list; - char* dlv_anchor_file; - struct config_strlist* dlv_anchor_list; int max_ttl; int32_t val_date_override; int bogus_ttl; @@ -1415,6 +1429,19 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n /****************************** * Various debugging functions * ******************************/ + +/* rename the variadic functions because python does the formatting already*/ +%rename (unbound_log_info) log_info; +%rename (unbound_log_err) log_err; +%rename (unbound_log_warn) log_warn; +%rename (unbound_verbose) verbose; +/* provide functions that take one string as argument, so python can cook +the string */ +%rename (log_info) pymod_log_info; +%rename (log_warn) pymod_log_warn; +%rename (log_err) pymod_log_err; +%rename (verbose) pymod_verbose; + void verbose(enum verbosity_value level, const char* format, ...); void log_info(const char* format, ...); void log_err(const char* format, ...); @@ -1424,6 +1451,19 @@ void log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* r void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf); void regional_log_stats(struct regional *r); +/* the one argument string log functions */ +void pymod_log_info(const char* str); +void pymod_log_err(const char* str); +void pymod_log_warn(const char* str); +void pymod_verbose(enum verbosity_value level, const char* str); +%{ +void pymod_log_info(const char* str) { log_info("%s", str); } +void pymod_log_err(const char* str) { log_err("%s", str); } +void pymod_log_warn(const char* str) { log_warn("%s", str); } +void pymod_verbose(enum verbosity_value level, const char* str) { + verbose(level, "%s", str); } +%} + /*************************************************************************** * Free allocated memory from marked sources returning corresponding types * ***************************************************************************/ @@ -1501,13 +1541,14 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, int python_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* python_callback) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* python_callback) { PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; PyObject *py_rep, *py_repinfo, *py_region; PyObject *py_args, *py_kwargs, *result; int res = 0; + double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6; PyGILState_STATE gstate = PyGILState_Ensure(); func = (PyObject *) python_callback; @@ -1522,7 +1563,8 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, rcode, py_edns, py_opt_list_out, py_region); - py_kwargs = Py_BuildValue("{s:O}", "repinfo", py_repinfo); + py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", + py_start_time); result = PyObject_Call(func, py_args, py_kwargs); Py_XDECREF(py_edns); Py_XDECREF(py_qstate); diff --git a/pythonmod/pythonmod.h b/pythonmod/pythonmod.h index ae8af27eb..26d74e09f 100644 --- a/pythonmod/pythonmod.h +++ b/pythonmod/pythonmod.h @@ -72,8 +72,8 @@ size_t pythonmod_get_mem(struct module_env* env, int id); int python_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* python_callback); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* python_callback); /** Declared here for fptr_wlist access. The definition is in interface.i. */ int python_inplace_cb_query_generic( diff --git a/pythonmod/pythonmod_utils.c b/pythonmod/pythonmod_utils.c index 5d70f2b4b..9f7282540 100644 --- a/pythonmod/pythonmod_utils.c +++ b/pythonmod/pythonmod_utils.c @@ -39,6 +39,7 @@ * conversions. */ #include "config.h" +#include "pythonmod/pythonmod_utils.h" #include "util/module.h" #include "util/netevent.h" #include "util/net_help.h" diff --git a/pythonmod/pythonmod_utils.h b/pythonmod/pythonmod_utils.h index 768eb46de..4ea86f9be 100644 --- a/pythonmod/pythonmod_utils.h +++ b/pythonmod/pythonmod_utils.h @@ -43,6 +43,7 @@ #include "util/module.h" struct delegpt_addr; +struct sldns_buffer; /** * Store the reply_info and query_info pair in message cache (qstate->msg_cache) @@ -77,7 +78,7 @@ void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qin * @param pkt: a sldns_buffer which contains sldns_packet data * @return 0 on failure, out of memory or parse error. */ -int createResponse(struct module_qstate* qstate, sldns_buffer* pkt); +int createResponse(struct module_qstate* qstate, struct sldns_buffer* pkt); /** * Convert reply->addr to string diff --git a/respip/respip.c b/respip/respip.c index 6fa4f1885..9ee098def 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -914,7 +914,7 @@ respip_rewrite_reply(const struct query_info* qinfo, int ret = 1; struct ub_packed_rrset_key* redirect_rrset = NULL; struct rpz* r; - struct auth_zone* a; + struct auth_zone* a = NULL; struct ub_packed_rrset_key* data = NULL; int rpz_used = 0; int rpz_log = 0; @@ -1109,7 +1109,7 @@ respip_operate(struct module_qstate* qstate, enum module_ev event, int id, qstate->return_msg && qstate->return_msg->rep) { struct reply_info* new_rep = qstate->return_msg->rep; struct ub_packed_rrset_key* alias_rrset = NULL; - struct respip_action_info actinfo = {0}; + struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; actinfo.action = respip_none; if(!respip_rewrite_reply(&qstate->qinfo, @@ -1170,7 +1170,7 @@ respip_merge_cname(struct reply_info* base_rep, struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */ uint16_t tgt_rcode; size_t i, j; - struct respip_action_info actinfo = {0}; + struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; actinfo.action = respip_none; /* If the query for the CNAME target would result in an unusual rcode, diff --git a/services/authzone.c b/services/authzone.c index be02610e8..59e828c0f 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1866,15 +1866,26 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) struct auth_xfer* x = NULL; /* create zone */ + if(c->isrpz) { + /* if the rpz lock is needed, grab it before the other + * locks to avoid a lock dependency cycle */ + lock_rw_wrlock(&az->rpz_lock); + } lock_rw_wrlock(&az->lock); if(!(z=auth_zones_find_or_add_zone(az, c->name))) { lock_rw_unlock(&az->lock); + if(c->isrpz) { + lock_rw_unlock(&az->rpz_lock); + } return 0; } if(c->masters || c->urls) { if(!(x=auth_zones_find_or_add_xfer(az, z))) { lock_rw_unlock(&az->lock); lock_rw_unlock(&z->lock); + if(c->isrpz) { + lock_rw_unlock(&az->rpz_lock); + } return 0; } } @@ -1889,6 +1900,9 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) lock_basic_unlock(&x->lock); } lock_rw_unlock(&z->lock); + if(c->isrpz) { + lock_rw_unlock(&az->rpz_lock); + } return 0; } z->for_downstream = c->for_downstream; @@ -1900,11 +1914,13 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) return 0; } lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz)); - lock_rw_wrlock(&az->rpz_lock); + /* the az->rpz_lock is locked above */ z->rpz_az_next = az->rpz_first; if(az->rpz_first) az->rpz_first->rpz_az_prev = z; az->rpz_first = z; + } + if(c->isrpz) { lock_rw_unlock(&az->rpz_lock); } @@ -3270,7 +3286,7 @@ auth_answer_encode(struct query_info* qinfo, struct module_env* env, edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep, - (int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp) + (int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, msg->rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), @@ -3294,7 +3310,7 @@ auth_error_encode(struct query_info* qinfo, struct module_env* env, edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, - rcode, edns, repinfo, temp)) + rcode, edns, repinfo, temp, env->now_tv)) edns->opt_list = NULL; error_encode(buf, rcode|BIT_AA, qinfo, *(uint16_t*)sldns_buffer_begin(buf), @@ -5335,7 +5351,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -5372,6 +5388,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A")); } } + regional_free_all(temp); } else { if(verbosity >= VERB_ALGO) { char zname[255+1]; @@ -5774,7 +5791,7 @@ auth_xfer_transfer_timer_callback(void* arg) log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -5816,7 +5833,7 @@ auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return 0; /* stop on quit */ } @@ -5897,7 +5914,7 @@ auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err, log_assert(xfr->task_transfer); lock_basic_lock(&xfr->lock); env = xfr->task_transfer->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return 0; /* stop on quit */ } @@ -6077,7 +6094,7 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, /* send udp packet */ if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer, - (struct sockaddr*)&addr, addrlen)) { + (struct sockaddr*)&addr, addrlen, 0)) { char zname[255+1], as[256]; dname_str(xfr->name, zname); addr_to_str(&addr, addrlen, as, sizeof(as)); @@ -6111,7 +6128,7 @@ auth_xfer_probe_timer_callback(void* arg) log_assert(xfr->task_probe); lock_basic_lock(&xfr->lock); env = xfr->task_probe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -6147,7 +6164,7 @@ auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, log_assert(xfr->task_probe); lock_basic_lock(&xfr->lock); env = xfr->task_probe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return 0; /* stop on quit */ } @@ -6393,7 +6410,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, log_assert(xfr->task_probe); lock_basic_lock(&xfr->lock); env = xfr->task_probe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } @@ -6430,6 +6447,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A")); } } + regional_free_all(temp); } else { if(verbosity >= VERB_ALGO) { char zname[255+1]; @@ -6470,7 +6488,7 @@ auth_xfer_timer(void* arg) log_assert(xfr->task_nextprobe); lock_basic_lock(&xfr->lock); env = xfr->task_nextprobe->env; - if(env->outnet->want_to_quit) { + if(!env || env->outnet->want_to_quit) { lock_basic_unlock(&xfr->lock); return; /* stop on quit */ } diff --git a/services/cache/dns.c b/services/cache/dns.c index 2a5bca4ac..f3149b614 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -273,7 +273,7 @@ find_add_addrs(struct module_env* env, uint16_t qclass, akey = rrset_cache_lookup(env->rrset_cache, ns->name, ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); if(akey) { - if(!delegpt_add_rrset_A(dp, region, akey, 0)) { + if(!delegpt_add_rrset_A(dp, region, akey, 0, NULL)) { lock_rw_unlock(&akey->entry.lock); return 0; } @@ -293,7 +293,7 @@ find_add_addrs(struct module_env* env, uint16_t qclass, akey = rrset_cache_lookup(env->rrset_cache, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); if(akey) { - if(!delegpt_add_rrset_AAAA(dp, region, akey, 0)) { + if(!delegpt_add_rrset_AAAA(dp, region, akey, 0, NULL)) { lock_rw_unlock(&akey->entry.lock); return 0; } @@ -327,7 +327,8 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, akey = rrset_cache_lookup(env->rrset_cache, ns->name, ns->namelen, LDNS_RR_TYPE_A, qclass, 0, now, 0); if(akey) { - if(!delegpt_add_rrset_A(dp, region, akey, ns->lame)) { + if(!delegpt_add_rrset_A(dp, region, akey, ns->lame, + NULL)) { lock_rw_unlock(&akey->entry.lock); return 0; } @@ -347,7 +348,8 @@ cache_fill_missing(struct module_env* env, uint16_t qclass, akey = rrset_cache_lookup(env->rrset_cache, ns->name, ns->namelen, LDNS_RR_TYPE_AAAA, qclass, 0, now, 0); if(akey) { - if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame)) { + if(!delegpt_add_rrset_AAAA(dp, region, akey, ns->lame, + NULL)) { lock_rw_unlock(&akey->entry.lock); return 0; } @@ -888,9 +890,8 @@ dns_cache_lookup(struct module_env* env, lock_rw_unlock(&rrset->entry.lock); } - /* construct DS, DNSKEY, DLV messages from rrset cache. */ - if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY || - qtype == LDNS_RR_TYPE_DLV) && + /* construct DS, DNSKEY messages from rrset cache. */ + if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY) && (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, qtype, qclass, 0, now, 0))) { /* if the rrset is from the additional section, and the diff --git a/services/cache/infra.c b/services/cache/infra.c index c2484a9f1..2d16bcd6e 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -244,6 +244,7 @@ infra_create(struct config_file* cfg) return NULL; } infra->host_ttl = cfg->host_ttl; + infra->infra_keep_probing = cfg->infra_keep_probing; infra_dp_ratelimit = cfg->ratelimit; infra->domain_rates = slabhash_create(cfg->ratelimit_slabs, INFRA_HOST_STARTSIZE, cfg->ratelimit_size, @@ -297,6 +298,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg) if(!infra) return infra_create(cfg); infra->host_ttl = cfg->host_ttl; + infra->infra_keep_probing = cfg->infra_keep_probing; infra_dp_ratelimit = cfg->ratelimit; infra_ip_ratelimit = cfg->ip_ratelimit; maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ @@ -445,6 +447,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, if(e && ((struct infra_data*)e->data)->ttl < timenow) { /* it expired, try to reuse existing entry */ int old = ((struct infra_data*)e->data)->rtt.rto; + time_t tprobe = ((struct infra_data*)e->data)->probedelay; uint8_t tA = ((struct infra_data*)e->data)->timeout_A; uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA; uint8_t tother = ((struct infra_data*)e->data)->timeout_other; @@ -460,6 +463,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, if(old >= USEFUL_SERVER_TOP_TIMEOUT) { ((struct infra_data*)e->data)->rtt.rto = USEFUL_SERVER_TOP_TIMEOUT; + ((struct infra_data*)e->data)->probedelay = tprobe; ((struct infra_data*)e->data)->timeout_A = tA; ((struct infra_data*)e->data)->timeout_AAAA = tAAAA; ((struct infra_data*)e->data)->timeout_other = tother; @@ -482,7 +486,8 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, *edns_vs = data->edns_version; *edns_lame_known = data->edns_lame_known; *to = rtt_timeout(&data->rtt); - if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) { + if(*to >= PROBE_MAXRTO && (infra->infra_keep_probing || + rtt_notimeout(&data->rtt)*4 <= *to)) { /* delay other queries, this is the probe query */ if(!wr) { lock_rw_unlock(&e->lock); @@ -566,18 +571,27 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1); struct infra_data* data; - int needtoinsert = 0; + int needtoinsert = 0, expired = 0; int rto = 1; + time_t oldprobedelay = 0; if(!e) { if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) return 0; needtoinsert = 1; } else if(((struct infra_data*)e->data)->ttl < timenow) { + oldprobedelay = ((struct infra_data*)e->data)->probedelay; data_entry_init(infra, e, timenow); + expired = 1; } /* have an entry, update the rtt */ data = (struct infra_data*)e->data; if(roundtrip == -1) { + if(needtoinsert || expired) { + /* timeout on entry that has expired before the timer + * keep old timeout from the function caller */ + data->rtt.rto = orig_rtt; + data->probedelay = oldprobedelay; + } rtt_lost(&data->rtt, orig_rtt); if(qtype == LDNS_RR_TYPE_A) { if(data->timeout_A < TIMEOUT_COUNT_MAX) @@ -681,7 +695,12 @@ infra_get_lame_rtt(struct infra_cache* infra, return 0; host = (struct infra_data*)e->data; *rtt = rtt_unclamped(&host->rtt); - if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay + if(host->rtt.rto >= PROBE_MAXRTO && timenow >= host->probedelay + && infra->infra_keep_probing) { + /* single probe, keep probing */ + if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT) + *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + } else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) { /* single probe for this domain, and we are not probing */ /* unless the query type allows a probe to happen */ @@ -704,7 +723,8 @@ infra_get_lame_rtt(struct infra_cache* infra, /* see if this can be a re-probe of an unresponsive server */ /* minus 1000 because that is outside of the RTTBAND, so * blacklisted servers stay blacklisted if this is chosen */ - if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { + if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT || + infra->infra_keep_probing) { lock_rw_unlock(&e->lock); *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; *lame = 0; diff --git a/services/cache/infra.h b/services/cache/infra.h index e33f2a6c0..14f97c4c6 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -114,6 +114,8 @@ struct infra_cache { struct slabhash* hosts; /** TTL value for host information, in seconds */ int host_ttl; + /** the hosts that are down are kept probed for recovery */ + int infra_keep_probing; /** hash table with query rates per name: rate_key, rate_data */ struct slabhash* domain_rates; /** ratelimit settings for domains, struct domain_limit_data */ diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 096f382ba..629d4de72 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -43,6 +43,7 @@ # include #endif #include +#include #ifdef USE_TCP_FASTOPEN #include #endif @@ -53,6 +54,7 @@ #include "util/config_file.h" #include "util/net_help.h" #include "sldns/sbuffer.h" +#include "sldns/parseutil.h" #include "services/mesh.h" #include "util/fptr_wlist.h" #include "util/locks.h" @@ -70,20 +72,36 @@ #include #endif +#ifdef HAVE_IFADDRS_H +#include +#endif +#ifdef HAVE_NET_IF_H +#include +#endif + /** number of queued TCP connections for listen() */ #define TCP_BACKLOG 256 -/** number of simultaneous requests a client can have */ -#define TCP_MAX_REQ_SIMULTANEOUS 32 - #ifndef THREADS_DISABLED /** lock on the counter of stream buffer memory */ static lock_basic_type stream_wait_count_lock; +/** lock on the counter of HTTP2 query buffer memory */ +static lock_basic_type http2_query_buffer_count_lock; +/** lock on the counter of HTTP2 response buffer memory */ +static lock_basic_type http2_response_buffer_count_lock; #endif /** size (in bytes) of stream wait buffers */ static size_t stream_wait_count = 0; /** is the lock initialised for stream wait buffers */ static int stream_wait_lock_inited = 0; +/** size (in bytes) of HTTP2 query buffers */ +static size_t http2_query_buffer_count = 0; +/** is the lock initialised for HTTP2 query buffers */ +static int http2_query_buffer_lock_inited = 0; +/** size (in bytes) of HTTP2 response buffers */ +static size_t http2_response_buffer_count = 0; +/** is the lock initialised for HTTP2 response buffers */ +static int http2_response_buffer_lock_inited = 0; /** * Debug print of the getaddrinfo returned address. @@ -221,16 +239,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, *noproto = 1; return -1; } - log_err("can't create socket: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEAFNOSUPPORT || WSAGetLastError() == WSAEPROTONOSUPPORT) { *noproto = 1; return -1; } - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("can't create socket: %s", sock_strerror(errno)); *noproto = 0; return -1; } @@ -243,9 +259,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #ifdef SO_REUSEADDR if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); + sock_strerror(errno)); +#ifndef USE_WINSOCK if(errno != ENOSYS) { close(s); *noproto = 0; @@ -253,8 +269,6 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } #else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); closesocket(s); *noproto = 0; *inuse = 0; @@ -346,16 +360,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { if(errno != EPERM) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_RCVBUFFORCE, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_RCVBUFFORCE, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -363,16 +370,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif /* SO_RCVBUFFORCE */ if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_RCVBUF, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_RCVBUF, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -405,16 +405,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { if(errno != EPERM) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_SNDBUFFORCE, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_SNDBUFFORCE, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -422,16 +415,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif /* SO_SNDBUFFORCE */ if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_SNDBUF, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_SNDBUF, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -461,16 +447,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int val=(v6only==2)?0:1; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&val, (socklen_t)sizeof(val)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_V6ONLY" - ", ...) failed: %s", strerror(errno)); - close(s); -#else - log_err("setsockopt(..., IPV6_V6ONLY" - ", ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + ", ...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -488,16 +467,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, */ if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU, (void*)&on, (socklen_t)sizeof(on)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_USE_MIN_MTU, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., IPV6_USE_MIN_MTU, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -510,15 +482,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, */ if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU, (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", - strerror(errno)); - close(s); -# else - log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -542,12 +508,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if (errno != EINVAL) { log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", strerror(errno)); - -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -564,27 +525,21 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, &action, (socklen_t)sizeof(action)) < 0) { log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", strerror(errno)); -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif + sock_close(s); *noproto = 0; *inuse = 0; return -1; } } -# elif defined(IP_DONTFRAG) +# elif defined(IP_DONTFRAG) && !defined(__APPLE__) + /* the IP_DONTFRAG option if defined in the 11.0 OSX headers, + * but does not work on that version, so we exclude it */ int off = 0; if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, &off, (socklen_t)sizeof(off)) < 0) { log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", strerror(errno)); -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -614,7 +569,6 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, (struct sockaddr_storage*)addr, addrlen); } #endif /* EADDRINUSE */ - close(s); #else /* USE_WINSOCK */ if(WSAGetLastError() != WSAEADDRINUSE && WSAGetLastError() != WSAEADDRNOTAVAIL && @@ -623,18 +577,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr, addrlen); } - closesocket(s); #endif /* USE_WINSOCK */ + sock_close(s); return -1; } if(!fd_set_nonblock(s)) { *noproto = 0; *inuse = 0; -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; } return s; @@ -642,7 +592,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp) + int* reuseport, int transparent, int mss, int nodelay, int freebind, + int use_systemd, int dscp) { int s; char* err; @@ -678,29 +629,38 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, *noproto = 1; return -1; } - log_err("can't create socket: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEAFNOSUPPORT || WSAGetLastError() == WSAEPROTONOSUPPORT) { *noproto = 1; return -1; } - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("can't create socket: %s", sock_strerror(errno)); return -1; } + if(nodelay) { +#if defined(IPPROTO_TCP) && defined(TCP_NODELAY) + if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + #ifndef USE_WINSOCK + log_err(" setsockopt(.. TCP_NODELAY ..) failed: %s", + strerror(errno)); + #else + log_err(" setsockopt(.. TCP_NODELAY ..) failed: %s", + wsa_strerror(WSAGetLastError())); + #endif + } +#else + log_warn(" setsockopt(TCP_NODELAY) unsupported"); +#endif /* defined(IPPROTO_TCP) && defined(TCP_NODELAY) */ + } if (mss > 0) { #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss, (socklen_t)sizeof(mss)) < 0) { - #ifndef USE_WINSOCK log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", - strerror(errno)); - #else - log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", - wsa_strerror(WSAGetLastError())); - #endif + sock_strerror(errno)); } else { verbose(VERB_ALGO, " tcp socket mss set to %d", mss); @@ -717,15 +677,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, #ifdef SO_REUSEADDR if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + sock_strerror(errno)); + sock_close(s); return -1; } #endif /* SO_REUSEADDR */ @@ -760,15 +714,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, if(addr->ai_family == AF_INET6 && v6only) { if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + sock_strerror(errno)); + sock_close(s); return -1; } } @@ -815,32 +763,22 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, (struct sockaddr_storage*)addr->ai_addr, addr->ai_addrlen); } - close(s); #else log_err_addr("can't bind socket", wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr->ai_addr, addr->ai_addrlen); - closesocket(s); #endif + sock_close(s); return -1; } if(!fd_set_nonblock(s)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; } if(listen(s, TCP_BACKLOG) == -1) { -#ifndef USE_WINSOCK - log_err("can't listen: %s", strerror(errno)); - close(s); -#else - log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + log_err("can't listen: %s", sock_strerror(errno)); + sock_close(s); return -1; } #ifdef USE_TCP_FASTOPEN @@ -884,45 +822,17 @@ set_ip_dscp(int socket, int addrfamily, int dscp) ds = dscp << 2; switch(addrfamily) { case AF_INET6: - if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, &ds, sizeof(ds)) < 0) + if(setsockopt(socket, IPPROTO_IPV6, IPV6_TCLASS, (void*)&ds, sizeof(ds)) < 0) return sock_strerror(errno); break; default: - if(setsockopt(socket, IPPROTO_IP, IP_TOS, &ds, sizeof(ds)) < 0) + if(setsockopt(socket, IPPROTO_IP, IP_TOS, (void*)&ds, sizeof(ds)) < 0) return sock_strerror(errno); break; } return NULL; } -# ifndef USE_WINSOCK -char* -sock_strerror(int errn) -{ - return strerror(errn); -} - -void -sock_close(int socket) -{ - close(socket); -} - -# else -char* -sock_strerror(int ATTR_UNUSED(errn)) -{ - return wsa_strerror(WSAGetLastError()); -} - -void -sock_close(int socket) -{ - closesocket(socket); -} - -# endif /* USE_WINSOCK */ - int create_local_accept_sock(const char *path, int* noproto, int use_systemd) { @@ -983,11 +893,7 @@ create_local_accept_sock(const char *path, int* noproto, int use_systemd) return s; err: -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; #ifdef HAVE_SYSTEMD @@ -1009,7 +915,8 @@ err: static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp) + int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, + int use_systemd, int dscp) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -1045,7 +952,8 @@ make_sock(int stype, const char* ifname, const char* port, } } else { s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, - transparent, tcp_mss, freebind, use_systemd, dscp); + transparent, tcp_mss, nodelay, freebind, use_systemd, + dscp); if(s == -1 && noproto && hints->ai_family == AF_INET6){ *noip6 = 1; } @@ -1058,7 +966,8 @@ make_sock(int stype, const char* ifname, const char* port, static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp) + int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, + int use_systemd, int dscp) { char* s = strchr(ifname, '@'); if(s) { @@ -1079,11 +988,13 @@ make_sock_port(int stype, const char* ifname, const char* port, newif[s-ifname] = 0; (void)strlcpy(p, s+1, sizeof(p)); p[strlen(s+1)]=0; - return make_sock(stype, newif, p, hints, v6only, noip6, - rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd, dscp); + return make_sock(stype, newif, p, hints, v6only, noip6, rcv, + snd, reuseport, transparent, tcp_mss, nodelay, freebind, + use_systemd, dscp); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, - reuseport, transparent, tcp_mss, freebind, use_systemd, dscp); + reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, + dscp); } /** @@ -1182,6 +1093,18 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, return 0; } +/** see if interface is https, its port number == the https port number */ +static int +if_is_https(const char* ifname, const char* port, int https_port) +{ + char* p = strchr(ifname, '@'); + if(!p && atoi(port) == https_port) + return 1; + if(p && atoi(p+1) == https_port) + return 1; + return 0; +} + /** * Helper for ports_open. Creates one interface (or NULL for default). * @param ifname: The interface ip address. @@ -1196,24 +1119,29 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, * @param snd: send buffer size for UDP * @param ssl_port: ssl service port number * @param tls_additional_port: list of additional ssl service port numbers. + * @param https_port: DoH service port number * @param reuseport: try to set SO_REUSEPORT if nonNULL and true. * set to false on exit if reuseport failed due to no kernel support. * @param transparent: set IP_TRANSPARENT socket option. * @param tcp_mss: maximum segment size of tcp socket. default if zero. * @param freebind: set IP_FREEBIND socket option. + * @param http2_nodelay: set TCP_NODELAY on HTTP/2 connection * @param use_systemd: if true, fetch sockets from systemd. * @param dnscrypt_port: dnscrypt service port number + * @param dscp: DSCP to use. * @return: returns false on error. */ static int ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct addrinfo *hints, const char* port, struct listen_port** list, size_t rcv, size_t snd, int ssl_port, - struct config_strlist* tls_additional_port, int* reuseport, - int transparent, int tcp_mss, int freebind, int use_systemd, - int dnscrypt_port, int dscp) + struct config_strlist* tls_additional_port, int https_port, + int* reuseport, int transparent, int tcp_mss, int freebind, + int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp) { int s, noip6=0; + int is_https = if_is_https(ifname, port, https_port); + int nodelay = is_https && http2_nodelay; #ifdef USE_DNSCRYPT int is_dnscrypt = ((strchr(ifname, '@') && atoi(strchr(ifname, '@')+1) == dnscrypt_port) || @@ -1228,7 +1156,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(do_auto) { if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1237,27 +1165,19 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } if(!port_insert(list, s, is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } } else if(do_udp) { /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1266,19 +1186,24 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } if(!port_insert(list, s, is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } } if(do_tcp) { int is_ssl = if_is_ssl(ifname, port, ssl_port, tls_additional_port); + enum listen_type port_type; + if(is_ssl) + port_type = listen_type_ssl; + else if(is_https) + port_type = listen_type_http; + else if(is_dnscrypt) + port_type = listen_type_tcp_dnscrypt; + else + port_type = listen_type_tcp; if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, - &noip6, 0, 0, reuseport, transparent, tcp_mss, + &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { if(noip6) { /*log_warn("IPv6 protocol not available");*/ @@ -1288,13 +1213,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } if(is_ssl) verbose(VERB_ALGO, "setup TCP for SSL service"); - if(!port_insert(list, s, is_ssl?listen_type_ssl: - (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + if(!port_insert(list, s, port_type)) { + sock_close(s); return 0; } } @@ -1323,8 +1243,10 @@ listen_cp_insert(struct comm_point* c, struct listen_dnsport* front) struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ports, size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, - struct tcl_list* tcp_conn_limit, void* sslctx, - struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg) + int harden_large_queries, uint32_t http_max_streams, + char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit, + void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb, + void *cb_arg) { struct listen_dnsport* front = (struct listen_dnsport*) malloc(sizeof(struct listen_dnsport)); @@ -1343,6 +1265,14 @@ listen_create(struct comm_base* base, struct listen_port* ports, lock_basic_init(&stream_wait_count_lock); stream_wait_lock_inited = 1; } + if(!http2_query_buffer_lock_inited) { + lock_basic_init(&http2_query_buffer_count_lock); + http2_query_buffer_lock_inited = 1; + } + if(!http2_response_buffer_lock_inited) { + lock_basic_init(&http2_response_buffer_count_lock); + http2_response_buffer_lock_inited = 1; + } /* create comm points as needed */ while(ports) { @@ -1355,14 +1285,40 @@ listen_create(struct comm_base* base, struct listen_port* ports, ports->ftype == listen_type_tcp_dnscrypt) cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, + harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, - cb, cb_arg); - else if(ports->ftype == listen_type_ssl) { + ports->ftype, cb, cb_arg); + else if(ports->ftype == listen_type_ssl || + ports->ftype == listen_type_http) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, + harden_large_queries, + http_max_streams, http_endpoint, tcp_conn_limit, bufsize, front->udp_buff, - cb, cb_arg); - cp->ssl = sslctx; + ports->ftype, cb, cb_arg); + if(http_notls && ports->ftype == listen_type_http) + cp->ssl = NULL; + else + cp->ssl = sslctx; + if(ports->ftype == listen_type_http) { + if(!sslctx && !http_notls) { + log_warn("HTTPS port configured, but no TLS " + "tls-service-key or tls-service-pem " + "set"); + } +#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB + if(!http_notls) + log_warn("Unbound is not compiled with an " + "OpenSSL version supporting ALPN " + " (OpenSSL >= 1.0.2). This is required " + "to use DNS-over-HTTPS"); +#endif +#ifndef HAVE_NGHTTP2_NGHTTP2_H + log_warn("Unbound is not compiled with " + "nghttp2. This is required to use " + "DNS-over-HTTPS."); +#endif + } } else if(ports->ftype == listen_type_udpancil || ports->ftype == listen_type_udpancil_dnscrypt) cp = comm_point_create_udp_ancil(base, ports->fd, @@ -1436,10 +1392,178 @@ listen_delete(struct listen_dnsport* front) stream_wait_lock_inited = 0; lock_basic_destroy(&stream_wait_count_lock); } + if(http2_query_buffer_lock_inited) { + http2_query_buffer_lock_inited = 0; + lock_basic_destroy(&http2_query_buffer_count_lock); + } + if(http2_response_buffer_lock_inited) { + http2_response_buffer_lock_inited = 0; + lock_basic_destroy(&http2_response_buffer_count_lock); + } +} + +#ifdef HAVE_GETIFADDRS +static int +resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, int *ip_addresses_size) +{ + struct ifaddrs *ifa; + void *tmpbuf; + int last_ip_addresses_size = *ip_addresses_size; + + for(ifa = ifas; ifa != NULL; ifa = ifa->ifa_next) { + sa_family_t family; + const char* atsign; +#ifdef INET6 /* | address ip | % | ifa name | @ | port | nul */ + char addr_buf[INET6_ADDRSTRLEN + 1 + IF_NAMESIZE + 1 + 16 + 1]; +#else + char addr_buf[INET_ADDRSTRLEN + 1 + 16 + 1]; +#endif + + if((atsign=strrchr(search_ifa, '@')) != NULL) { + if(strlen(ifa->ifa_name) != (size_t)(atsign-search_ifa) + || strncmp(ifa->ifa_name, search_ifa, + atsign-search_ifa) != 0) + continue; + } else { + if(strcmp(ifa->ifa_name, search_ifa) != 0) + continue; + atsign = ""; + } + + if(ifa->ifa_addr == NULL) + continue; + + family = ifa->ifa_addr->sa_family; + if(family == AF_INET) { + char a4[INET_ADDRSTRLEN + 1]; + struct sockaddr_in *in4 = (struct sockaddr_in *) + ifa->ifa_addr; + if(!inet_ntop(family, &in4->sin_addr, a4, sizeof(a4))) { + log_err("inet_ntop failed"); + return 0; + } + snprintf(addr_buf, sizeof(addr_buf), "%s%s", + a4, atsign); + } +#ifdef INET6 + else if(family == AF_INET6) { + struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) + ifa->ifa_addr; + char a6[INET6_ADDRSTRLEN + 1]; + char if_index_name[IF_NAMESIZE + 1]; + if_index_name[0] = 0; + if(!inet_ntop(family, &in6->sin6_addr, a6, sizeof(a6))) { + log_err("inet_ntop failed"); + return 0; + } + if_indextoname(in6->sin6_scope_id, + (char *)if_index_name); + if (strlen(if_index_name) != 0) { + snprintf(addr_buf, sizeof(addr_buf), + "%s%%%s%s", a6, if_index_name, atsign); + } else { + snprintf(addr_buf, sizeof(addr_buf), "%s%s", + a6, atsign); + } + } +#endif + else { + continue; + } + verbose(4, "interface %s has address %s", search_ifa, addr_buf); + + tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); + if(!tmpbuf) { + log_err("realloc failed: out of memory"); + return 0; + } else { + *ip_addresses = tmpbuf; + } + (*ip_addresses)[*ip_addresses_size] = strdup(addr_buf); + if(!(*ip_addresses)[*ip_addresses_size]) { + log_err("strdup failed: out of memory"); + return 0; + } + (*ip_addresses_size)++; + } + + if (*ip_addresses_size == last_ip_addresses_size) { + tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); + if(!tmpbuf) { + log_err("realloc failed: out of memory"); + return 0; + } else { + *ip_addresses = tmpbuf; + } + (*ip_addresses)[*ip_addresses_size] = strdup(search_ifa); + if(!(*ip_addresses)[*ip_addresses_size]) { + log_err("strdup failed: out of memory"); + return 0; + } + (*ip_addresses_size)++; + } + return 1; +} +#endif /* HAVE_GETIFADDRS */ + +int resolve_interface_names(struct config_file* cfg, char*** resif, + int* num_resif) +{ +#ifdef HAVE_GETIFADDRS + int i; + struct ifaddrs *addrs = NULL; + if(cfg->num_ifs == 0) { + *resif = NULL; + *num_resif = 0; + return 1; + } + if(getifaddrs(&addrs) == -1) { + log_err("failed to list interfaces: getifaddrs: %s", + strerror(errno)); + freeifaddrs(addrs); + return 0; + } + for(i=0; inum_ifs; i++) { + if(!resolve_ifa_name(addrs, cfg->ifs[i], resif, num_resif)) { + freeifaddrs(addrs); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } + } + freeifaddrs(addrs); + return 1; +#else + int i; + if(cfg->num_ifs == 0) { + *resif = NULL; + *num_resif = 0; + return 1; + } + *num_resif = cfg->num_ifs; + *resif = calloc(*num_resif, sizeof(**resif)); + if(!*resif) { + log_err("out of memory"); + return 0; + } + for(i=0; i<*num_resif; i++) { + (*resif)[i] = strdup(cfg->ifs[i]); + if(!((*resif)[i])) { + log_err("out of memory"); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } + } + return 1; +#endif /* HAVE_GETIFADDRS */ } struct listen_port* -listening_ports_open(struct config_file* cfg, int* reuseport) +listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, + int* reuseport) { struct listen_port* list = NULL; struct addrinfo hints; @@ -1458,7 +1582,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; /* no name lookups on our listening ports */ - if(cfg->num_ifs > 0) + if(num_ifs > 0) hints.ai_flags |= AI_NUMERICHOST; hints.ai_family = AF_UNSPEC; #ifndef INET6 @@ -1468,7 +1592,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) return NULL; } /* create ip4 and ip6 ports so that return addresses are nice. */ - if(do_auto || cfg->num_ifs == 0) { + if(do_auto || num_ifs == 0) { if(do_ip6) { hints.ai_family = AF_INET6; if(!ports_create_if(do_auto?"::0":"::1", @@ -1476,8 +1600,9 @@ listening_ports_open(struct config_file* cfg, int* reuseport) &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; @@ -1490,24 +1615,26 @@ listening_ports_open(struct config_file* cfg, int* reuseport) &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; } } - } else for(i = 0; inum_ifs; i++) { - if(str_is_ip6(cfg->ifs[i])) { + } else for(i = 0; iifs[i], 0, cfg->do_udp, + if(!ports_create_if(ifs[i], 0, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; @@ -1516,12 +1643,13 @@ listening_ports_open(struct config_file* cfg, int* reuseport) if(!do_ip4) continue; hints.ai_family = AF_INET; - if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, + if(!ports_create_if(ifs[i], 0, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; @@ -1537,11 +1665,7 @@ void listening_ports_free(struct listen_port* list) while(list) { nx = list->next; if(list->fd != -1) { -#ifndef USE_WINSOCK - close(list->fd); -#else - closesocket(list->fd); -#endif + sock_close(list->fd); } free(list); list = nx; @@ -1690,20 +1814,19 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) if(!req->cp->tcp_is_reading) wr = 1; - if(req->num_open_req + req->num_done_req < TCP_MAX_REQ_SIMULTANEOUS && - !req->read_is_closed) + if(!req->read_is_closed) rd = 1; if(wr) { req->cp->tcp_is_reading = 0; comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); } else if(rd) { req->cp->tcp_is_reading = 1; comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); /* and also read it (from SSL stack buffers), so * no event read event is expected since the remainder of * the TLS frame is sitting in the buffers. */ @@ -1711,7 +1834,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) } else { comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); comm_point_listen_for_rw(req->cp, 0, 0); } } @@ -1824,7 +1947,7 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req) send_it: c->tcp_is_reading = 0; comm_point_stop_listening(c); - comm_point_start_listening(c, -1, c->tcp_timeout_msec); + comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); return; } req->in_worker_handle = 0; @@ -1942,7 +2065,7 @@ tcp_req_info_send_reply(struct tcp_req_info* req) /* switch to listen to write events */ comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); return; } /* queue up the answer behind the others already pending */ @@ -1963,3 +2086,740 @@ size_t tcp_req_info_get_stream_buffer_size(void) lock_basic_unlock(&stream_wait_count_lock); return s; } + +size_t http2_get_query_buffer_size(void) +{ + size_t s; + if(!http2_query_buffer_lock_inited) + return http2_query_buffer_count; + lock_basic_lock(&http2_query_buffer_count_lock); + s = http2_query_buffer_count; + lock_basic_unlock(&http2_query_buffer_count_lock); + return s; +} + +size_t http2_get_response_buffer_size(void) +{ + size_t s; + if(!http2_response_buffer_lock_inited) + return http2_response_buffer_count; + lock_basic_lock(&http2_response_buffer_count_lock); + s = http2_response_buffer_count; + lock_basic_unlock(&http2_response_buffer_count_lock); + return s; +} + +#ifdef HAVE_NGHTTP2 +/** nghttp2 callback. Used to copy response from rbuffer to nghttp2 session */ +static ssize_t http2_submit_response_read_callback( + nghttp2_session* ATTR_UNUSED(session), + int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, + nghttp2_data_source* source, void* ATTR_UNUSED(cb_arg)) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = source->ptr; + size_t copylen = length; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + verbose(VERB_QUERY, "http2: cannot get stream data, closing " + "stream"); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + if(!h2_stream->rbuffer || + sldns_buffer_remaining(h2_stream->rbuffer) == 0) { + verbose(VERB_QUERY, "http2: cannot submit buffer. No data " + "available in rbuffer"); + /* rbuffer will be free'd in frame close cb */ + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + + if(copylen > sldns_buffer_remaining(h2_stream->rbuffer)) + copylen = sldns_buffer_remaining(h2_stream->rbuffer); + if(copylen > SSIZE_MAX) + copylen = SSIZE_MAX; /* will probably never happen */ + + memcpy(buf, sldns_buffer_current(h2_stream->rbuffer), copylen); + sldns_buffer_skip(h2_stream->rbuffer, copylen); + + if(sldns_buffer_remaining(h2_stream->rbuffer) == 0) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + lock_basic_lock(&http2_response_buffer_count_lock); + http2_response_buffer_count -= + sldns_buffer_capacity(h2_stream->rbuffer); + lock_basic_unlock(&http2_response_buffer_count_lock); + sldns_buffer_free(h2_stream->rbuffer); + h2_stream->rbuffer = NULL; + } + + return copylen; +} + +/** + * Send RST_STREAM frame for stream. + * @param h2_session: http2 session to submit frame to + * @param h2_stream: http2 stream containing frame ID to use in RST_STREAM + * @return 0 on error, 1 otherwise + */ +static int http2_submit_rst_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + int ret = nghttp2_submit_rst_stream(h2_session->session, + NGHTTP2_FLAG_NONE, h2_stream->stream_id, + NGHTTP2_INTERNAL_ERROR); + if(ret) { + verbose(VERB_QUERY, "http2: nghttp2_submit_rst_stream failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} + +/** + * DNS response ready to be submitted to nghttp2, to be prepared for sending + * out. Response is stored in c->buffer. Copy to rbuffer because the c->buffer + * might be used before this will be sent out. + * @param h2_session: http2 session, containing c->buffer which contains answer + * @return 0 on error, 1 otherwise + */ +int http2_submit_dns_response(struct http2_session* h2_session) +{ + int ret; + nghttp2_data_provider data_prd; + char status[4]; + nghttp2_nv headers[3]; + struct http2_stream* h2_stream = h2_session->c->h2_stream; + size_t rlen; + char rlen_str[32]; + + if(h2_stream->rbuffer) { + log_err("http2 submit response error: rbuffer already " + "exists"); + return 0; + } + if(sldns_buffer_remaining(h2_session->c->buffer) == 0) { + log_err("http2 submit response error: c->buffer not complete"); + return 0; + } + + if(snprintf(status, 4, "%d", h2_stream->status) != 3) { + verbose(VERB_QUERY, "http2: submit response error: " + "invalid status"); + return 0; + } + + rlen = sldns_buffer_remaining(h2_session->c->buffer); + snprintf(rlen_str, sizeof(rlen_str), "%u", (unsigned)rlen); + + lock_basic_lock(&http2_response_buffer_count_lock); + if(http2_response_buffer_count + rlen > http2_response_buffer_max) { + lock_basic_unlock(&http2_response_buffer_count_lock); + verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " + "in https-response-buffer-size"); + return http2_submit_rst_stream(h2_session, h2_stream); + } + http2_response_buffer_count += rlen; + lock_basic_unlock(&http2_response_buffer_count_lock); + + if(!(h2_stream->rbuffer = sldns_buffer_new(rlen))) { + lock_basic_lock(&http2_response_buffer_count_lock); + http2_response_buffer_count -= rlen; + lock_basic_unlock(&http2_response_buffer_count_lock); + log_err("http2 submit response error: malloc failure"); + return 0; + } + + headers[0].name = (uint8_t*)":status"; + headers[0].namelen = 7; + headers[0].value = (uint8_t*)status; + headers[0].valuelen = 3; + headers[0].flags = NGHTTP2_NV_FLAG_NONE; + + headers[1].name = (uint8_t*)"content-type"; + headers[1].namelen = 12; + headers[1].value = (uint8_t*)"application/dns-message"; + headers[1].valuelen = 23; + headers[1].flags = NGHTTP2_NV_FLAG_NONE; + + headers[2].name = (uint8_t*)"content-length"; + headers[2].namelen = 14; + headers[2].value = (uint8_t*)rlen_str; + headers[2].valuelen = strlen(rlen_str); + headers[2].flags = NGHTTP2_NV_FLAG_NONE; + + sldns_buffer_write(h2_stream->rbuffer, + sldns_buffer_current(h2_session->c->buffer), + sldns_buffer_remaining(h2_session->c->buffer)); + sldns_buffer_flip(h2_stream->rbuffer); + + data_prd.source.ptr = h2_session; + data_prd.read_callback = http2_submit_response_read_callback; + ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id, + headers, 3, &data_prd); + if(ret) { + verbose(VERB_QUERY, "http2: set_stream_user_data failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} +#else +int http2_submit_dns_response(void* ATTR_UNUSED(v)) +{ + return 0; +} +#endif + +#ifdef HAVE_NGHTTP2 +/** HTTP status to descriptive string */ +static char* http_status_to_str(enum http_status s) +{ + switch(s) { + case HTTP_STATUS_OK: + return "OK"; + case HTTP_STATUS_BAD_REQUEST: + return "Bad Request"; + case HTTP_STATUS_NOT_FOUND: + return "Not Found"; + case HTTP_STATUS_PAYLOAD_TOO_LARGE: + return "Payload Too Large"; + case HTTP_STATUS_URI_TOO_LONG: + return "URI Too Long"; + case HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE: + return "Unsupported Media Type"; + case HTTP_STATUS_NOT_IMPLEMENTED: + return "Not Implemented"; + } + return "Status Unknown"; +} + +/** nghttp2 callback. Used to copy error message to nghttp2 session */ +static ssize_t http2_submit_error_read_callback( + nghttp2_session* ATTR_UNUSED(session), + int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, + nghttp2_data_source* source, void* ATTR_UNUSED(cb_arg)) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = source->ptr; + char* msg; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + verbose(VERB_QUERY, "http2: cannot get stream data, closing " + "stream"); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + msg = http_status_to_str(h2_stream->status); + if(length < strlen(msg)) + return 0; /* not worth trying over multiple frames */ + memcpy(buf, msg, strlen(msg)); + return strlen(msg); + +} + +/** + * HTTP error response ready to be submitted to nghttp2, to be prepared for + * sending out. Message body will contain descriptive string for HTTP status. + * @param h2_session: http2 session to submit to + * @param h2_stream: http2 stream containing HTTP status to use for error + * @return 0 on error, 1 otherwise + */ +static int http2_submit_error(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + int ret; + char status[4]; + nghttp2_data_provider data_prd; + nghttp2_nv headers[1]; /* will be copied by nghttp */ + if(snprintf(status, 4, "%d", h2_stream->status) != 3) { + verbose(VERB_QUERY, "http2: submit error failed, " + "invalid status"); + return 0; + } + headers[0].name = (uint8_t*)":status"; + headers[0].namelen = 7; + headers[0].value = (uint8_t*)status; + headers[0].valuelen = 3; + headers[0].flags = NGHTTP2_NV_FLAG_NONE; + + data_prd.source.ptr = h2_session; + data_prd.read_callback = http2_submit_error_read_callback; + + ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id, + headers, 1, &data_prd); + if(ret) { + verbose(VERB_QUERY, "http2: submit error failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} + +/** + * Start query handling. Query is stored in the stream, and will be free'd here. + * @param h2_session: http2 session, containing comm point + * @param h2_stream: stream containing buffered query + * @return: -1 on error, 1 if answer is stored in c->buffer, 0 if there is no + * reply available (yet). + */ +static int http2_query_read_done(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + log_assert(h2_stream->qbuffer); + + if(h2_session->c->h2_stream) { + verbose(VERB_ALGO, "http2_query_read_done failure: shared " + "buffer already assigned to stream"); + return -1; + } + if(sldns_buffer_remaining(h2_session->c->buffer) < + sldns_buffer_remaining(h2_stream->qbuffer)) { + /* qbuffer will be free'd in frame close cb */ + sldns_buffer_clear(h2_session->c->buffer); + verbose(VERB_ALGO, "http2_query_read_done failure: can't fit " + "qbuffer in c->buffer"); + return -1; + } + + sldns_buffer_write(h2_session->c->buffer, + sldns_buffer_current(h2_stream->qbuffer), + sldns_buffer_remaining(h2_stream->qbuffer)); + + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= sldns_buffer_capacity(h2_stream->qbuffer); + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + + sldns_buffer_flip(h2_session->c->buffer); + h2_session->c->h2_stream = h2_stream; + fptr_ok(fptr_whitelist_comm_point(h2_session->c->callback)); + if((*h2_session->c->callback)(h2_session->c, h2_session->c->cb_arg, + NETEVENT_NOERROR, &h2_session->c->repinfo)) { + return 1; /* answer in c->buffer */ + } + sldns_buffer_clear(h2_session->c->buffer); + h2_session->c->h2_stream = NULL; + return 0; /* mesh state added, or dropped */ +} + +/** nghttp2 callback. Used to check if the received frame indicates the end of a + * stream. Gather collected request data and start query handling. */ +static int http2_req_frame_recv_cb(nghttp2_session* session, + const nghttp2_frame* frame, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + int query_read_done; + + if((frame->hd.type != NGHTTP2_DATA && + frame->hd.type != NGHTTP2_HEADERS) || + !(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) { + return 0; + } + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + session, frame->hd.stream_id))) + return 0; + + if(h2_stream->invalid_endpoint) { + h2_stream->status = HTTP_STATUS_NOT_FOUND; + goto submit_http_error; + } + + if(h2_stream->invalid_content_type) { + h2_stream->status = HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE; + goto submit_http_error; + } + + if(h2_stream->http_method != HTTP_METHOD_GET && + h2_stream->http_method != HTTP_METHOD_POST) { + h2_stream->status = HTTP_STATUS_NOT_IMPLEMENTED; + goto submit_http_error; + } + + if(h2_stream->query_too_large) { + if(h2_stream->http_method == HTTP_METHOD_POST) + h2_stream->status = HTTP_STATUS_PAYLOAD_TOO_LARGE; + else + h2_stream->status = HTTP_STATUS_URI_TOO_LONG; + goto submit_http_error; + } + + if(!h2_stream->qbuffer) { + h2_stream->status = HTTP_STATUS_BAD_REQUEST; + goto submit_http_error; + } + + if(h2_stream->status) { +submit_http_error: + verbose(VERB_QUERY, "http2 request invalid, returning :status=" + "%d", h2_stream->status); + if(!http2_submit_error(h2_session, h2_stream)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + h2_stream->status = HTTP_STATUS_OK; + + sldns_buffer_flip(h2_stream->qbuffer); + h2_session->postpone_drop = 1; + query_read_done = http2_query_read_done(h2_session, h2_stream); + if(query_read_done < 0) + return NGHTTP2_ERR_CALLBACK_FAILURE; + else if(!query_read_done) { + if(h2_session->is_drop) { + /* connection needs to be closed. Return failure to make + * sure no other action are taken anymore on comm point. + * failure will result in reclaiming (and closing) + * of comm point. */ + verbose(VERB_QUERY, "http2 query dropped in worker cb"); + h2_session->postpone_drop = 0; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + /* nothing to submit right now, query added to mesh. */ + h2_session->postpone_drop = 0; + return 0; + } + if(!http2_submit_dns_response(h2_session)) { + sldns_buffer_clear(h2_session->c->buffer); + h2_session->c->h2_stream = NULL; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + verbose(VERB_QUERY, "http2 query submitted to session"); + sldns_buffer_clear(h2_session->c->buffer); + h2_session->c->h2_stream = NULL; + return 0; +} + +/** nghttp2 callback. Used to detect start of new streams. */ +static int http2_req_begin_headers_cb(nghttp2_session* session, + const nghttp2_frame* frame, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + int ret; + if(frame->hd.type != NGHTTP2_HEADERS || + frame->headers.cat != NGHTTP2_HCAT_REQUEST) { + /* only interrested in request headers */ + return 0; + } + if(!(h2_stream = http2_stream_create(frame->hd.stream_id))) { + log_err("malloc failure while creating http2 stream"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + http2_session_add_stream(h2_session, h2_stream); + ret = nghttp2_session_set_stream_user_data(session, + frame->hd.stream_id, h2_stream); + if(ret) { + /* stream does not exist */ + verbose(VERB_QUERY, "http2: set_stream_user_data failed, " + "error: %s", nghttp2_strerror(ret)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + return 0; +} + +/** + * base64url decode, store in qbuffer + * @param h2_session: http2 session + * @param h2_stream: http2 stream + * @param start: start of the base64 string + * @param length: length of the base64 string + * @return: 0 on error, 1 otherwise. query will be stored in h2_stream->qbuffer, + * buffer will be NULL is unparseble. + */ +static int http2_buffer_uri_query(struct http2_session* h2_session, + struct http2_stream* h2_stream, const uint8_t* start, size_t length) +{ + size_t expectb64len; + int b64len; + if(h2_stream->http_method == HTTP_METHOD_POST) + return 1; + if(length == 0) + return 1; + if(h2_stream->qbuffer) { + verbose(VERB_ALGO, "http2_req_header fail, " + "qbuffer already set"); + return 0; + } + + /* calculate size, might be a bit bigger than the real + * decoded buffer size */ + expectb64len = sldns_b64_pton_calculate_size(length); + log_assert(expectb64len > 0); + if(expectb64len > + h2_session->c->http2_stream_max_qbuffer_size) { + h2_stream->query_too_large = 1; + return 1; + } + + lock_basic_lock(&http2_query_buffer_count_lock); + if(http2_query_buffer_count + expectb64len > http2_query_buffer_max) { + lock_basic_unlock(&http2_query_buffer_count_lock); + verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " + "in http2-query-buffer-size"); + return http2_submit_rst_stream(h2_session, h2_stream); + } + http2_query_buffer_count += expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + if(!(h2_stream->qbuffer = sldns_buffer_new(expectb64len))) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + log_err("http2_req_header fail, qbuffer " + "malloc failure"); + return 0; + } + + if(!(b64len = sldns_b64url_pton( + (char const *)start, length, + sldns_buffer_current(h2_stream->qbuffer), + expectb64len)) || b64len < 0) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + /* return without error, method can be an + * unknown POST */ + return 1; + } + sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len); + return 1; +} + +/** nghttp2 callback. Used to parse headers from HEADER frames. */ +static int http2_req_header_cb(nghttp2_session* session, + const nghttp2_frame* frame, const uint8_t* name, size_t namelen, + const uint8_t* value, size_t valuelen, uint8_t ATTR_UNUSED(flags), + void* cb_arg) +{ + struct http2_stream* h2_stream = NULL; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + /* nghttp2 deals with CONTINUATION frames and provides them as part of + * the HEADER */ + if(frame->hd.type != NGHTTP2_HEADERS || + frame->headers.cat != NGHTTP2_HCAT_REQUEST) { + /* only interrested in request headers */ + return 0; + } + if(!(h2_stream = nghttp2_session_get_stream_user_data(session, + frame->hd.stream_id))) + return 0; + + /* earlier checks already indicate we can stop handling this query */ + if(h2_stream->http_method == HTTP_METHOD_UNSUPPORTED || + h2_stream->invalid_content_type || + h2_stream->invalid_endpoint) + return 0; + + + /* nghttp2 performs some sanity checks in the headers, including: + * name and value are guaranteed to be null terminated + * name is guaranteed to be lowercase + * content-length value is guaranteed to contain digits + */ + + if(!h2_stream->http_method && namelen == 7 && + memcmp(":method", name, namelen) == 0) { + /* Case insensitive check on :method value to be on the safe + * side. I failed to find text about case sensitivity in specs. + */ + if(valuelen == 3 && strcasecmp("GET", (const char*)value) == 0) + h2_stream->http_method = HTTP_METHOD_GET; + else if(valuelen == 4 && + strcasecmp("POST", (const char*)value) == 0) { + h2_stream->http_method = HTTP_METHOD_POST; + if(h2_stream->qbuffer) { + /* POST method uses query from DATA frames */ + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= + sldns_buffer_capacity(h2_stream->qbuffer); + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + } + } else + h2_stream->http_method = HTTP_METHOD_UNSUPPORTED; + return 0; + } + if(namelen == 5 && memcmp(":path", name, namelen) == 0) { + /* :path may contain DNS query, depending on method. Method might + * not be known yet here, so check after finishing receiving + * stream. */ +#define HTTP_QUERY_PARAM "?dns=" + size_t el = strlen(h2_session->c->http_endpoint); + size_t qpl = strlen(HTTP_QUERY_PARAM); + + if(valuelen < el || memcmp(h2_session->c->http_endpoint, + value, el) != 0) { + h2_stream->invalid_endpoint = 1; + return 0; + } + /* larger than endpoint only allowed if it is for the query + * parameter */ + if(valuelen <= el+qpl || + memcmp(HTTP_QUERY_PARAM, value+el, qpl) != 0) { + if(valuelen != el) + h2_stream->invalid_endpoint = 1; + return 0; + } + + if(!http2_buffer_uri_query(h2_session, h2_stream, + value+(el+qpl), valuelen-(el+qpl))) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + /* Content type is a SHOULD (rfc7231#section-3.1.1.5) when using POST, + * and not needed when using GET. Don't enfore. + * If set only allow lowercase "application/dns-message". + * + * Clients SHOULD (rfc8484#section-4.1) set an accept header, but MUST + * be able to handle "application/dns-message". Since that is the only + * content-type supported we can ignore the accept header. + */ + if((namelen == 12 && memcmp("content-type", name, namelen) == 0)) { + if(valuelen != 23 || memcmp("application/dns-message", value, + valuelen) != 0) { + h2_stream->invalid_content_type = 1; + } + } + + /* Only interested in content-lentg for POST (on not yet known) method. + */ + if((!h2_stream->http_method || + h2_stream->http_method == HTTP_METHOD_POST) && + !h2_stream->content_length && namelen == 14 && + memcmp("content-length", name, namelen) == 0) { + if(valuelen > 5) { + h2_stream->query_too_large = 1; + return 0; + } + /* guaranteed to only contian digits and be null terminated */ + h2_stream->content_length = atoi((const char*)value); + if(h2_stream->content_length > + h2_session->c->http2_stream_max_qbuffer_size) { + h2_stream->query_too_large = 1; + return 0; + } + } + return 0; +} + +/** nghttp2 callback. Used to get data from DATA frames, which can contain + * queries in POST requests. */ +static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session), + uint8_t ATTR_UNUSED(flags), int32_t stream_id, const uint8_t* data, + size_t len, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + size_t qlen = 0; + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + + if(h2_stream->query_too_large) + return 0; + + if(!h2_stream->qbuffer) { + if(h2_stream->content_length) { + if(h2_stream->content_length < len) + /* getting more data in DATA frame than + * advertised in content-length header. */ + return NGHTTP2_ERR_CALLBACK_FAILURE; + qlen = h2_stream->content_length; + } else if(len <= h2_session->c->http2_stream_max_qbuffer_size) { + /* setting this to msg-buffer-size can result in a lot + * of memory consuption. Most queries should fit in a + * single DATA frame, and most POST queries will + * containt content-length which does not impose this + * limit. */ + qlen = len; + } + } + if(!h2_stream->qbuffer && qlen) { + lock_basic_lock(&http2_query_buffer_count_lock); + if(http2_query_buffer_count + qlen > http2_query_buffer_max) { + lock_basic_unlock(&http2_query_buffer_count_lock); + verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " + "in http2-query-buffer-size"); + return http2_submit_rst_stream(h2_session, h2_stream); + } + http2_query_buffer_count += qlen; + lock_basic_unlock(&http2_query_buffer_count_lock); + if(!(h2_stream->qbuffer = sldns_buffer_new(qlen))) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= qlen; + lock_basic_unlock(&http2_query_buffer_count_lock); + } + } + + if(!h2_stream->qbuffer || + sldns_buffer_remaining(h2_stream->qbuffer) < len) { + verbose(VERB_ALGO, "http2 data_chunck_recv failed. Not enough " + "buffer space for POST query. Can happen on multi " + "frame requests without content-length header"); + h2_stream->query_too_large = 1; + return 0; + } + + sldns_buffer_write(h2_stream->qbuffer, data, len); + + return 0; +} + +void http2_req_stream_clear(struct http2_stream* h2_stream) +{ + if(h2_stream->qbuffer) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= + sldns_buffer_capacity(h2_stream->qbuffer); + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + } + if(h2_stream->rbuffer) { + lock_basic_lock(&http2_response_buffer_count_lock); + http2_response_buffer_count -= + sldns_buffer_capacity(h2_stream->rbuffer); + lock_basic_unlock(&http2_response_buffer_count_lock); + sldns_buffer_free(h2_stream->rbuffer); + h2_stream->rbuffer = NULL; + } +} + +nghttp2_session_callbacks* http2_req_callbacks_create(void) +{ + nghttp2_session_callbacks *callbacks; + if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { + log_err("failed to initialize nghttp2 callback"); + return NULL; + } + /* reception of header block started, used to create h2_stream */ + nghttp2_session_callbacks_set_on_begin_headers_callback(callbacks, + http2_req_begin_headers_cb); + /* complete frame received, used to get data from stream if frame + * has end stream flag, and start processing query */ + nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks, + http2_req_frame_recv_cb); + /* get request info from headers */ + nghttp2_session_callbacks_set_on_header_callback(callbacks, + http2_req_header_cb); + /* get data from DATA frames, containing POST query */ + nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, + http2_req_data_chunk_recv_cb); + + /* generic HTTP2 callbacks */ + nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); + nghttp2_session_callbacks_set_send_callback(callbacks, http2_send_cb); + nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, + http2_stream_close_cb); + + return callbacks; +} +#endif /* HAVE_NGHTTP2 */ diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index c3cc0a92d..f438ff458 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -43,6 +43,9 @@ #define LISTEN_DNSPORT_H #include "util/netevent.h" +#ifdef HAVE_NGHTTP2_NGHTTP2_H +#include +#endif struct listen_list; struct config_file; struct addrinfo; @@ -94,8 +97,9 @@ enum listen_type { /** tcp type + dnscrypt */ listen_type_tcp_dnscrypt, /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/ - listen_type_udpancil_dnscrypt - + listen_type_udpancil_dnscrypt, + /** HTTP(2) over TLS over TCP */ + listen_type_http }; /** @@ -117,19 +121,32 @@ struct listen_port { * interfaces for IP4 and/or IP6, for UDP and/or TCP. * On the given port number. It creates the sockets. * @param cfg: settings on what ports to open. + * @param ifs: interfaces to open, array of IP addresses, "ip[@port]". + * @param num_ifs: length of ifs. * @param reuseport: set to true if you want reuseport, or NULL to not have it, * set to false on exit if reuseport failed to apply (because of no * kernel support). * @return: linked list of ports or NULL on error. */ struct listen_port* listening_ports_open(struct config_file* cfg, - int* reuseport); + char** ifs, int num_ifs, int* reuseport); /** * Close and delete the (list of) listening ports. */ void listening_ports_free(struct listen_port* list); +/** + * Resolve interface names in config and store result IP addresses + * @param cfg: config + * @param resif: string array (malloced array of malloced strings) with + * result. NULL if cfg has none. + * @param num_resif: length of resif. Zero if cfg has zero num_ifs. + * @return 0 on failure. + */ +int resolve_interface_names(struct config_file* cfg, char*** resif, + int* num_resif); + /** * Create commpoints with for this thread for the shared ports. * @param base: the comm_base that provides event functionality. @@ -139,6 +156,10 @@ void listening_ports_free(struct listen_port* list); * @param tcp_accept_count: max number of simultaneous TCP connections * from clients. * @param tcp_idle_timeout: idle timeout for TCP connections in msec. + * @param harden_large_queries: whether query size should be limited. + * @param http_max_streams: maximum number of HTTP/2 streams per connection. + * @param http_endpoint: HTTP endpoint to service queries on + * @param http_notls: no TLS for http downstream * @param tcp_conn_limit: TCP connection limit info. * @param sslctx: nonNULL if ssl context. * @param dtenv: nonNULL if dnstap enabled. @@ -147,11 +168,13 @@ void listening_ports_free(struct listen_port* list); * @param cb_arg: user data argument for callback function. * @return: the malloced listening structure, ready for use. NULL on error. */ -struct listen_dnsport* listen_create(struct comm_base* base, - struct listen_port* ports, size_t bufsize, - int tcp_accept_count, int tcp_idle_timeout, - struct tcl_list* tcp_conn_limit, void* sslctx, - struct dt_env *dtenv, comm_point_callback_type* cb, void* cb_arg); +struct listen_dnsport* +listen_create(struct comm_base* base, struct listen_port* ports, + size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, + int harden_large_queries, uint32_t http_max_streams, + char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit, + void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb, + void *cb_arg); /** * delete the listening structure @@ -205,6 +228,7 @@ void listen_start_accept(struct listen_dnsport* listen); * @param transparent: set IP_TRANSPARENT socket option. * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. + * @param dscp: DSCP to use. * @return: the socket. -1 on error. */ int create_udp_sock(int family, int socktype, struct sockaddr* addr, @@ -220,12 +244,15 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr, * listening UDP port. Set to false on return if it failed to do so. * @param transparent: set IP_TRANSPARENT socket option. * @param mss: maximum segment size of the socket. if zero, leaves the default. + * @param nodelay: if true set TCP_NODELAY and TCP_QUICKACK socket options. * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. + * @param dscp: DSCP to use. * @return: the socket. -1 on error. */ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp); + int* reuseport, int transparent, int mss, int nodelay, int freebind, + int use_systemd, int dscp); /** * Create and bind local listening socket @@ -367,7 +394,34 @@ int tcp_req_info_handle_read_close(struct tcp_req_info* req); /** get the size of currently used tcp stream wait buffers (in bytes) */ size_t tcp_req_info_get_stream_buffer_size(void); +/** get the size of currently used HTTP2 query buffers (in bytes) */ +size_t http2_get_query_buffer_size(void); +/** get the size of currently used HTTP2 response buffers (in bytes) */ +size_t http2_get_response_buffer_size(void); + +#ifdef HAVE_NGHTTP2 +/** + * Create nghttp2 callbacks to handle HTTP2 requests. + * @return malloc'ed struct, NULL on failure + */ +nghttp2_session_callbacks* http2_req_callbacks_create(void); + +/** Free http2 stream buffers and decrease buffer counters */ +void http2_req_stream_clear(struct http2_stream* h2_stream); + +/** + * DNS response ready to be submitted to nghttp2, to be prepared for sending + * out. Response is stored in c->buffer. Copy to rbuffer because the c->buffer + * might be used before this will be send out. + * @param h2_session: http2 session, containing c->buffer which contains answer + * @param h2_stream: http2 stream, containing buffer to store answer in + * @return 0 on error, 1 otherwise + */ +int http2_submit_dns_response(struct http2_session* h2_session); +#else +int http2_submit_dns_response(void* v); +#endif /* HAVE_NGHTTP2 */ + char* set_ip_dscp(int socket, int addrfamily, int ds); -char* sock_strerror(int errn); #endif /* LISTEN_DNSPORT_H */ diff --git a/services/localzone.c b/services/localzone.c index 6aaf0c055..ed0d2c565 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -157,7 +157,7 @@ local_zone_create(uint8_t* nm, size_t len, int labs, z->namelen = len; z->namelabs = labs; lock_rw_init(&z->lock); - z->region = regional_create_custom(sizeof(struct regional)); + z->region = regional_create_nochunk(sizeof(struct regional)); if(!z->region) { free(z); return NULL; @@ -1215,7 +1215,7 @@ local_encode(struct query_info* qinfo, struct module_env* env, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, - repinfo, temp) || !reply_info_answer_encode(qinfo, &rep, + repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) { error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, @@ -1237,7 +1237,7 @@ local_error_encode(struct query_info* qinfo, struct module_env* env, edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, - rcode, edns, repinfo, temp)) + rcode, edns, repinfo, temp, env->now_tv)) edns->opt_list = NULL; error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); @@ -1558,6 +1558,46 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, || lz_type == local_zone_always_transparent) { /* no NODATA or NXDOMAINS for this zone type */ return 0; + } else if(lz_type == local_zone_always_null) { + /* 0.0.0.0 or ::0 or noerror/nodata for this zone type, + * used for blocklists. */ + if(qinfo->qtype == LDNS_RR_TYPE_A || + qinfo->qtype == LDNS_RR_TYPE_AAAA) { + struct ub_packed_rrset_key lrr; + struct packed_rrset_data d; + time_t rr_ttl = 3600; + size_t rr_len = 0; + uint8_t rr_data[2+16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + uint8_t* rr_datas = rr_data; + memset(&lrr, 0, sizeof(lrr)); + memset(&d, 0, sizeof(d)); + lrr.entry.data = &d; + lrr.rk.dname = qinfo->qname; + lrr.rk.dname_len = qinfo->qname_len; + lrr.rk.type = htons(qinfo->qtype); + lrr.rk.rrset_class = htons(qinfo->qclass); + if(qinfo->qtype == LDNS_RR_TYPE_A) { + rr_len = 4; + sldns_write_uint16(rr_data, rr_len); + rr_len += 2; + } else { + rr_len = 16; + sldns_write_uint16(rr_data, rr_len); + rr_len += 2; + } + d.ttl = rr_ttl; + d.count = 1; + d.rr_len = &rr_len; + d.rr_data = &rr_datas; + d.rr_ttl = &rr_ttl; + return local_encode(qinfo, env, edns, repinfo, buf, temp, + &lrr, 1, LDNS_RCODE_NOERROR); + } else { + local_error_encode(qinfo, env, edns, repinfo, buf, + temp, LDNS_RCODE_NOERROR, + (LDNS_RCODE_NOERROR|BIT_AA)); + } + return 1; } /* else lz_type == local_zone_transparent */ @@ -1762,6 +1802,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_always_nxdomain: return "always_nxdomain"; case local_zone_always_nodata: return "always_nodata"; case local_zone_always_deny: return "always_deny"; + case local_zone_always_null: return "always_null"; case local_zone_noview: return "noview"; case local_zone_invalid: return "invalid"; } @@ -1798,6 +1839,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_always_nodata; else if(strcmp(type, "always_deny") == 0) *t = local_zone_always_deny; + else if(strcmp(type, "always_null") == 0) + *t = local_zone_always_null; else if(strcmp(type, "noview") == 0) *t = local_zone_noview; else if(strcmp(type, "nodefault") == 0) diff --git a/services/localzone.h b/services/localzone.h index bb3593936..492629936 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -96,6 +96,9 @@ enum localzone_type { local_zone_always_nodata, /** drop query, even when there is local data */ local_zone_always_deny, + /** answer with 0.0.0.0 or ::0 or noerror/nodata, even when there is + * local data */ + local_zone_always_null, /** answer not from the view, but global or no-answer */ local_zone_noview, /** Invalid type, cannot be used to generate answer */ diff --git a/services/mesh.c b/services/mesh.c index 09c51a2be..69f4d75e3 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -498,7 +498,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, if(!s) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch)) + LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); @@ -514,7 +514,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, if(!s->s.edns_opts_front_in) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, - NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch)) + NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); @@ -551,6 +551,9 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, goto servfail_mem; } } + if(rep->c->use_h2) { + http2_stream_add_meshstate(rep->c->h2_stream, mesh, s); + } /* add serve expired timer if required and not already there */ if(timeout && !mesh_serve_expired_init(s, timeout)) { log_err("mesh_new_client: out of memory initializing serve expired"); @@ -584,7 +587,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, servfail_mem: if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s, - NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch)) + NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); @@ -1109,10 +1112,12 @@ int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub) * @param rcode: if not 0, error code. * @param rep: reply to send (or NULL if rcode is set). * @param r: callback entry + * @param start_time: the time to pass to callback functions, it is 0 or + * a value from one of the packets if the mesh state had packets. */ static void mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, - struct mesh_cb* r) + struct mesh_cb* r, struct timeval* start_time) { int secure; char* reason = NULL; @@ -1133,11 +1138,11 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, if(rcode) { if(rcode == LDNS_RCODE_SERVFAIL) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, rcode, &r->edns, NULL, m->s.region)) + rep, rcode, &r->edns, NULL, m->s.region, start_time)) r->edns.opt_list = NULL; } else { if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, - &r->edns, NULL, m->s.region)) + &r->edns, NULL, m->s.region, start_time)) r->edns.opt_list = NULL; } fptr_ok(fptr_whitelist_mesh_cb(r->cb)); @@ -1152,7 +1157,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, r->edns.bits &= EDNS_DO; if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, - LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) || + LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region, start_time) || !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r->buf, 0, 1, m->s.env->scratch, udp_size, &r->edns, @@ -1193,6 +1198,12 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, /* Copy the client's EDNS for later restore, to make sure the edns * compare is with the correct edns options. */ struct edns_data edns_bak = r->edns; + /* briefly set the replylist to null in case the + * meshsendreply calls tcpreqinfo sendreply that + * comm_point_drops because of size, and then the + * null stops the mesh state remove and thus + * reply_list modification and accounting */ + struct mesh_reply* rlist = m->reply_list; /* examine security status */ if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || m->s.env->cfg->ignore_cd) && rep && @@ -1207,16 +1218,29 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; + if(r->query_reply.c->use_h2) { + r->query_reply.c->h2_stream = r->h2_stream; + /* Mesh reply won't exist for long anymore. Make it impossible + * for HTTP/2 stream to refer to mesh state, in case + * connection gets cleanup before HTTP/2 stream close. */ + r->h2_stream->mesh_state = NULL; + } /* send the reply */ - /* We don't reuse the encoded answer if either the previous or current - * response has a local alias. We could compare the alias records - * and still reuse the previous answer if they are the same, but that - * would be complicated and error prone for the relatively minor case. - * So we err on the side of safety. */ - if(prev && prev_buffer && prev->qflags == r->qflags && + /* We don't reuse the encoded answer if: + * - either the previous or current response has a local alias. We could + * compare the alias records and still reuse the previous answer if they + * are the same, but that would be complicated and error prone for the + * relatively minor case. So we err on the side of safety. + * - there are registered callback functions for the given rcode, as these + * need to be called for each reply. */ + if(((rcode != LDNS_RCODE_SERVFAIL && + !m->s.env->inplace_cb_lists[inplace_cb_reply]) || + (rcode == LDNS_RCODE_SERVFAIL && + !m->s.env->inplace_cb_lists[inplace_cb_reply_servfail])) && + prev && prev_buffer && prev->qflags == r->qflags && !prev->local_alias && !r->local_alias && - prev->edns.edns_present == r->edns.edns_present && - prev->edns.bits == r->edns.bits && + prev->edns.edns_present == r->edns.edns_present && + prev->edns.bits == r->edns.bits && prev->edns.udp_size == r->edns.udp_size && edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list) == 0) { @@ -1226,22 +1250,26 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, sldns_buffer_write_at(r_buffer, 0, &r->qid, sizeof(uint16_t)); sldns_buffer_write_at(r_buffer, 12, r->qname, m->s.qinfo.qname_len); + m->reply_list = NULL; comm_point_send_reply(&r->query_reply); + m->reply_list = rlist; } else if(rcode) { m->s.qinfo.qname = r->qname; m->s.qinfo.local_alias = r->local_alias; if(rcode == LDNS_RCODE_SERVFAIL) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, rcode, &r->edns, NULL, m->s.region)) + rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list = NULL; } else { if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, - &r->edns, NULL, m->s.region)) + &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list = NULL; } error_encode(r_buffer, rcode, &m->s.qinfo, r->qid, r->qflags, &r->edns); + m->reply_list = NULL; comm_point_send_reply(&r->query_reply); + m->reply_list = rlist; } else { size_t udp_size = r->edns.udp_size; r->edns.edns_version = EDNS_ADVERTISED_VERSION; @@ -1251,7 +1279,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, m->s.qinfo.qname = r->qname; m->s.qinfo.local_alias = r->local_alias; if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, - LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) || + LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) || !apply_edns_options(&r->edns, &edns_bak, m->s.env->cfg, r->query_reply.c, m->s.region) || @@ -1261,13 +1289,15 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, secure)) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, LDNS_RCODE_SERVFAIL, &r->edns, NULL, m->s.region)) + rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, &m->s.qinfo, r->qid, r->qflags, &r->edns); } r->edns = edns_bak; + m->reply_list = NULL; comm_point_send_reply(&r->query_reply); + m->reply_list = rlist; } /* account */ log_assert(m->s.env->mesh->num_reply_addrs > 0); @@ -1296,12 +1326,13 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, void mesh_query_done(struct mesh_state* mstate) { - struct mesh_reply* r, *reply_list = NULL; + struct mesh_reply* r; struct mesh_reply* prev = NULL; struct sldns_buffer* prev_buffer = NULL; struct mesh_cb* c; struct reply_info* rep = (mstate->s.return_msg? mstate->s.return_msg->rep:NULL); + struct timeval tv = {0, 0}; /* No need for the serve expired timer anymore; we are going to reply. */ if(mstate->s.serve_expired_data) { comm_timer_delete(mstate->s.serve_expired_data->timer); @@ -1320,27 +1351,9 @@ void mesh_query_done(struct mesh_state* mstate) free(err); } } - if(mstate->reply_list) { - /* set the reply_list to NULL during the mesh_query_done - * processing, so that calls back into the mesh from - * tcp_req_info (deciding to drop the reply and thus - * unregister the mesh_reply from the mstate) are stopped - * because the list is empty. - * The mstate is then likely not a reply_state, and maybe - * also a detached_state. - */ - reply_list = mstate->reply_list; - mstate->reply_list = NULL; - if(!mstate->reply_list && !mstate->cb_list) { - /* was a reply state, not anymore */ - log_assert(mstate->s.env->mesh->num_reply_states > 0); - mstate->s.env->mesh->num_reply_states--; - } - if(!mstate->reply_list && !mstate->cb_list && - mstate->super_set.count == 0) - mstate->s.env->mesh->num_detached_states++; - } - for(r = reply_list; r; r = r->next) { + for(r = mstate->reply_list; r; r = r->next) { + tv = r->start_time; + /* if a response-ip address block has been stored the * information should be logged for each client. */ if(mstate->s.respip_action_info && @@ -1364,7 +1377,15 @@ void mesh_query_done(struct mesh_state* mstate) /* if this query is determined to be dropped during the * mesh processing, this is the point to take that action. */ if(mstate->s.is_drop) { + /* briefly set the reply_list to NULL, so that the + * tcp req info cleanup routine that calls the mesh + * to deregister the meshstate for it is not done + * because the list is NULL and also accounting is not + * done there, but instead we do that here. */ + struct mesh_reply* reply_list = mstate->reply_list; + mstate->reply_list = NULL; comm_point_drop_reply(&r->query_reply); + mstate->reply_list = reply_list; } else { struct sldns_buffer* r_buffer = r->query_reply.c->buffer; if(r->query_reply.c->tcp_req_info) { @@ -1381,6 +1402,17 @@ void mesh_query_done(struct mesh_state* mstate) prev_buffer = r_buffer; } } + if(mstate->reply_list) { + mstate->reply_list = NULL; + if(!mstate->reply_list && !mstate->cb_list) { + /* was a reply state, not anymore */ + log_assert(mstate->s.env->mesh->num_reply_states > 0); + mstate->s.env->mesh->num_reply_states--; + } + if(!mstate->reply_list && !mstate->cb_list && + mstate->super_set.count == 0) + mstate->s.env->mesh->num_detached_states++; + } mstate->replies_sent = 1; while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be @@ -1394,7 +1426,7 @@ void mesh_query_done(struct mesh_state* mstate) if(!mstate->reply_list && !mstate->cb_list && mstate->super_set.count == 0) mstate->s.env->mesh->num_detached_states++; - mesh_do_callback(mstate, mstate->s.return_rcode, rep, c); + mesh_do_callback(mstate, mstate->s.return_rcode, rep, c, &tv); } } @@ -1488,6 +1520,8 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, s->s.qinfo.qname_len); if(!r->qname) return 0; + if(rep->c->use_h2) + r->h2_stream = rep->c->h2_stream; /* Data related to local alias stored in 'qinfo' (if any) is ephemeral * and can be different for different original queries (even if the @@ -1888,6 +1922,7 @@ mesh_serve_expired_callback(void* arg) struct respip_action_info actinfo; struct query_info* lookup_qinfo = &qstate->qinfo; struct query_info qinfo_tmp; + struct timeval tv = {0, 0}; int must_validate = (!(qstate->query_flags&BIT_CD) || qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate; if(!qstate->serve_expired_data) return; @@ -1958,16 +1993,9 @@ mesh_serve_expired_callback(void* arg) if(verbosity >= VERB_ALGO) log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep); - r = mstate->reply_list; - mstate->reply_list = NULL; - if(!mstate->reply_list && !mstate->cb_list) { - log_assert(mesh->num_reply_states > 0); - mesh->num_reply_states--; - if(mstate->super_set.count == 0) { - mesh->num_detached_states++; - } - } - for(; r; r = r->next) { + for(r = mstate->reply_list; r; r = r->next) { + tv = r->start_time; + /* If address info is returned, it means the action should be an * 'inform' variant and the information should be logged. */ if(actinfo.addrinfo) { @@ -2000,6 +2028,16 @@ mesh_serve_expired_callback(void* arg) mesh->ans_expired++; } + if(mstate->reply_list) { + mstate->reply_list = NULL; + if(!mstate->reply_list && !mstate->cb_list) { + log_assert(mesh->num_reply_states > 0); + mesh->num_reply_states--; + if(mstate->super_set.count == 0) { + mesh->num_detached_states++; + } + } + } while((c = mstate->cb_list) != NULL) { /* take this cb off the list; so that the list can be * changed, eg. by adds from the callback routine */ @@ -2012,6 +2050,6 @@ mesh_serve_expired_callback(void* arg) if(!mstate->reply_list && !mstate->cb_list && mstate->super_set.count == 0) qstate->env->mesh->num_detached_states++; - mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c); + mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv); } } diff --git a/services/mesh.h b/services/mesh.h index df2972ac3..d0a4b5fb3 100644 --- a/services/mesh.h +++ b/services/mesh.h @@ -230,6 +230,8 @@ struct mesh_reply { uint8_t* qname; /** same as that in query_info. */ struct local_rrset* local_alias; + /** send query to this http2 stream, if set */ + struct http2_stream* h2_stream; }; /** diff --git a/services/modstack.c b/services/modstack.c index 68e592814..a600549b1 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -51,6 +51,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef WITH_DYNLIBMODULE +#include "dynlibmod/dynlibmod.h" +#endif #ifdef USE_CACHEDB #include "cachedb/cachedb.h" #endif @@ -140,6 +143,9 @@ module_list_avail(void) #ifdef WITH_PYTHONMODULE "python", #endif +#ifdef WITH_DYNLIBMODULE + "dynlib", +#endif #ifdef USE_CACHEDB "cachedb", #endif @@ -171,6 +177,9 @@ module_funcs_avail(void) #ifdef WITH_PYTHONMODULE &pythonmod_get_funcblock, #endif +#ifdef WITH_DYNLIBMODULE + &dynlibmod_get_funcblock, +#endif #ifdef USE_CACHEDB &cachedb_get_funcblock, #endif diff --git a/services/outside_network.c b/services/outside_network.c index ec380c86d..7527a6321 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -58,6 +58,7 @@ #include "util/net_help.h" #include "util/random.h" #include "util/fptr_wlist.h" +#include "util/edns.h" #include "sldns/sbuffer.h" #include "dnstap/dnstap.h" #ifdef HAVE_OPENSSL_SSL_H @@ -131,6 +132,52 @@ serviced_cmp(const void* key1, const void* key2) return sockaddr_cmp(&q1->addr, q1->addrlen, &q2->addr, q2->addrlen); } +/** compare if the reuse element has the same address, port and same ssl-is + * used-for-it characteristic */ +static int +reuse_cmp_addrportssl(const void* key1, const void* key2) +{ + struct reuse_tcp* r1 = (struct reuse_tcp*)key1; + struct reuse_tcp* r2 = (struct reuse_tcp*)key2; + int r; + /* compare address and port */ + r = sockaddr_cmp(&r1->addr, r1->addrlen, &r2->addr, r2->addrlen); + if(r != 0) + return r; + + /* compare if SSL-enabled */ + if(r1->is_ssl && !r2->is_ssl) + return 1; + if(!r1->is_ssl && r2->is_ssl) + return -1; + return 0; +} + +int +reuse_cmp(const void* key1, const void* key2) +{ + int r; + r = reuse_cmp_addrportssl(key1, key2); + if(r != 0) + return r; + + /* compare ptr value */ + if(key1 < key2) return -1; + if(key1 > key2) return 1; + return 0; +} + +int reuse_id_cmp(const void* key1, const void* key2) +{ + struct waiting_tcp* w1 = (struct waiting_tcp*)key1; + struct waiting_tcp* w2 = (struct waiting_tcp*)key2; + if(w1->id < w2->id) + return -1; + if(w1->id > w2->id) + return 1; + return 0; +} + /** delete waiting_tcp entry. Does not unlink from waiting list. * @param w: to delete. */ @@ -165,11 +212,7 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) if(num == 0) { log_err("no TCP outgoing interfaces of family"); log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen); -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } #ifdef INET6 @@ -188,14 +231,8 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0; else ((struct sockaddr_in*)&pi->addr)->sin_port = 0; if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) { -#ifndef USE_WINSOCK - log_err("outgoing tcp: bind: %s", strerror(errno)); - close(s); -#else - log_err("outgoing tcp: bind: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + log_err("outgoing tcp: bind: %s", sock_strerror(errno)); + sock_close(s); return 0; } log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen); @@ -225,13 +262,8 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); } if(s == -1) { -#ifndef USE_WINSOCK - log_err_addr("outgoing tcp: socket", strerror(errno), + log_err_addr("outgoing tcp: socket", sock_strerror(errno), addr, addrlen); -#else - log_err_addr("outgoing tcp: socket", - wsa_strerror(WSAGetLastError()), addr, addrlen); -#endif return -1; } @@ -294,15 +326,234 @@ outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen) return 1; } +/** log reuse item addr and ptr with message */ +static void +log_reuse_tcp(enum verbosity_value v, const char* msg, struct reuse_tcp* reuse) +{ + uint16_t port; + char addrbuf[128]; + if(verbosity < v) return; + addr_to_str(&reuse->addr, reuse->addrlen, addrbuf, sizeof(addrbuf)); + port = ntohs(((struct sockaddr_in*)&reuse->addr)->sin_port); + verbose(v, "%s %s#%u fd %d", msg, addrbuf, (unsigned)port, + reuse->pending->c->fd); +} + +/** pop the first element from the writewait list */ +static struct waiting_tcp* reuse_write_wait_pop(struct reuse_tcp* reuse) +{ + struct waiting_tcp* w = reuse->write_wait_first; + if(!w) + return NULL; + log_assert(w->write_wait_queued); + log_assert(!w->write_wait_prev); + reuse->write_wait_first = w->write_wait_next; + if(w->write_wait_next) + w->write_wait_next->write_wait_prev = NULL; + else reuse->write_wait_last = NULL; + w->write_wait_queued = 0; + return w; +} + +/** remove the element from the writewait list */ +static void reuse_write_wait_remove(struct reuse_tcp* reuse, + struct waiting_tcp* w) +{ + if(!w) + return; + if(!w->write_wait_queued) + return; + if(w->write_wait_prev) + w->write_wait_prev->write_wait_next = w->write_wait_next; + else reuse->write_wait_first = w->write_wait_next; + if(w->write_wait_next) + w->write_wait_next->write_wait_prev = w->write_wait_prev; + else reuse->write_wait_last = w->write_wait_prev; + w->write_wait_queued = 0; +} + +/** push the element after the last on the writewait list */ +static void reuse_write_wait_push_back(struct reuse_tcp* reuse, + struct waiting_tcp* w) +{ + if(!w) return; + log_assert(!w->write_wait_queued); + if(reuse->write_wait_last) { + reuse->write_wait_last->write_wait_next = w; + w->write_wait_prev = reuse->write_wait_last; + } else { + reuse->write_wait_first = w; + } + reuse->write_wait_last = w; + w->write_wait_queued = 1; +} + +/** insert element in tree by id */ +void +reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w) +{ + log_assert(w->id_node.key == NULL); + w->id_node.key = w; + rbtree_insert(&reuse->tree_by_id, &w->id_node); +} + +/** find element in tree by id */ +struct waiting_tcp* +reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id) +{ + struct waiting_tcp key_w; + rbnode_type* n; + memset(&key_w, 0, sizeof(key_w)); + key_w.id_node.key = &key_w; + key_w.id = id; + n = rbtree_search(&reuse->tree_by_id, &key_w); + if(!n) return NULL; + return (struct waiting_tcp*)n->key; +} + +/** return ID value of rbnode in tree_by_id */ +static uint16_t +tree_by_id_get_id(rbnode_type* node) +{ + struct waiting_tcp* w = (struct waiting_tcp*)node->key; + return w->id; +} + +/** insert into reuse tcp tree and LRU, false on failure (duplicate) */ +static int +reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp) +{ + log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse); + if(pend_tcp->reuse.item_on_lru_list) + return 1; + pend_tcp->reuse.node.key = &pend_tcp->reuse; + pend_tcp->reuse.pending = pend_tcp; + if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) { + /* this is a duplicate connection, close this one */ + verbose(VERB_CLIENT, "reuse_tcp_insert: duplicate connection"); + pend_tcp->reuse.node.key = NULL; + return 0; + } + /* insert into LRU, first is newest */ + pend_tcp->reuse.lru_prev = NULL; + if(outnet->tcp_reuse_first) { + pend_tcp->reuse.lru_next = outnet->tcp_reuse_first; + outnet->tcp_reuse_first->lru_prev = &pend_tcp->reuse; + } else { + pend_tcp->reuse.lru_next = NULL; + outnet->tcp_reuse_last = &pend_tcp->reuse; + } + outnet->tcp_reuse_first = &pend_tcp->reuse; + pend_tcp->reuse.item_on_lru_list = 1; + return 1; +} + +/** find reuse tcp stream to destination for query, or NULL if none */ +static struct reuse_tcp* +reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr, + socklen_t addrlen, int use_ssl) +{ + struct waiting_tcp key_w; + struct pending_tcp key_p; + struct comm_point c; + rbnode_type* result = NULL, *prev; + verbose(VERB_CLIENT, "reuse_tcp_find"); + memset(&key_w, 0, sizeof(key_w)); + memset(&key_p, 0, sizeof(key_p)); + memset(&c, 0, sizeof(c)); + key_p.query = &key_w; + key_p.c = &c; + key_p.reuse.pending = &key_p; + key_p.reuse.node.key = &key_p.reuse; + if(use_ssl) + key_p.reuse.is_ssl = 1; + if(addrlen > (socklen_t)sizeof(key_p.reuse.addr)) + return NULL; + memmove(&key_p.reuse.addr, addr, addrlen); + key_p.reuse.addrlen = addrlen; + + verbose(VERB_CLIENT, "reuse_tcp_find: num reuse streams %u", + (unsigned)outnet->tcp_reuse.count); + if(outnet->tcp_reuse.root == NULL || + outnet->tcp_reuse.root == RBTREE_NULL) + return NULL; + if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse.node, + &result)) { + /* exact match */ + /* but the key is on stack, and ptr is compared, impossible */ + log_assert(&key_p.reuse != (struct reuse_tcp*)result); + log_assert(&key_p != ((struct reuse_tcp*)result)->pending); + } + /* not found, return null */ + if(!result || result == RBTREE_NULL) + return NULL; + verbose(VERB_CLIENT, "reuse_tcp_find check inexact match"); + /* inexact match, find one of possibly several connections to the + * same destination address, with the correct port, ssl, and + * also less than max number of open queries, or else, fail to open + * a new one */ + /* rewind to start of sequence of same address,port,ssl */ + prev = rbtree_previous(result); + while(prev && prev != RBTREE_NULL && + reuse_cmp_addrportssl(prev->key, &key_p.reuse) == 0) { + result = prev; + prev = rbtree_previous(result); + } + + /* loop to find first one that has correct characteristics */ + while(result && result != RBTREE_NULL && + reuse_cmp_addrportssl(result->key, &key_p.reuse) == 0) { + if(((struct reuse_tcp*)result)->tree_by_id.count < + MAX_REUSE_TCP_QUERIES) { + /* same address, port, ssl-yes-or-no, and has + * space for another query */ + return (struct reuse_tcp*)result; + } + result = rbtree_next(result); + } + return NULL; +} + +/** use the buffer to setup writing the query */ +static void +outnet_tcp_take_query_setup(int s, struct pending_tcp* pend, + struct waiting_tcp* w) +{ + struct timeval tv; + verbose(VERB_CLIENT, "outnet_tcp_take_query_setup: setup packet to write " + "len %d timeout %d msec", + (int)w->pkt_len, w->timeout); + pend->c->tcp_write_pkt = w->pkt; + pend->c->tcp_write_pkt_len = w->pkt_len; + pend->c->tcp_write_and_read = 1; + pend->c->tcp_write_byte_count = 0; + pend->c->tcp_is_reading = 0; + comm_point_start_listening(pend->c, s, -1); + /* set timer on the waiting_tcp entry, this is the write timeout + * for the written packet. The timer on pend->c is the timer + * for when there is no written packet and we have readtimeouts */ +#ifndef S_SPLINT_S + tv.tv_sec = w->timeout/1000; + tv.tv_usec = (w->timeout%1000)*1000; +#endif + /* if the waiting_tcp was previously waiting for a buffer in the + * outside_network.tcpwaitlist, then the timer is reset now that + * we start writing it */ + comm_timer_set(w->timer, &tv); +} + /** use next free buffer to service a tcp query */ static int -outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) +outnet_tcp_take_into_use(struct waiting_tcp* w) { struct pending_tcp* pend = w->outnet->tcp_free; int s; log_assert(pend); - log_assert(pkt); + log_assert(w->pkt); + log_assert(w->pkt_len > 0); log_assert(w->addrlen > 0); + pend->c->tcp_do_toggle_rw = 0; + pend->c->tcp_do_close = 0; /* open socket */ s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp); @@ -386,7 +637,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl); #endif pend->c->ssl_shake_state = comm_ssl_shake_write; - if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name)) { + if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name, + w->outnet->tls_use_sni)) { pend->c->fd = s; #ifdef HAVE_SSL SSL_free(pend->c->ssl); @@ -396,24 +648,65 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) return 0; } } - w->pkt = NULL; w->next_waiting = (void*)pend; - pend->id = LDNS_ID_WIRE(pkt); w->outnet->num_tcp_outgoing++; w->outnet->tcp_free = pend->next_free; pend->next_free = NULL; pend->query = w; + pend->reuse.outnet = w->outnet; pend->c->repinfo.addrlen = w->addrlen; + pend->c->tcp_more_read_again = &pend->reuse.cp_more_read_again; + pend->c->tcp_more_write_again = &pend->reuse.cp_more_write_again; + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen); - sldns_buffer_clear(pend->c->buffer); - sldns_buffer_write(pend->c->buffer, pkt, pkt_len); - sldns_buffer_flip(pend->c->buffer); - pend->c->tcp_is_reading = 0; - pend->c->tcp_byte_count = 0; - comm_point_start_listening(pend->c, s, -1); + pend->reuse.pending = pend; + if(pend->c->ssl) + pend->reuse.is_ssl = 1; + else pend->reuse.is_ssl = 0; + /* insert in reuse by address tree if not already inserted there */ + (void)reuse_tcp_insert(w->outnet, pend); + reuse_tree_by_id_insert(&pend->reuse, w); + outnet_tcp_take_query_setup(s, pend, w); return 1; } +/** Touch the lru of a reuse_tcp element, it is in use. + * This moves it to the front of the list, where it is not likely to + * be closed. Items at the back of the list are closed to make space. */ +static void +reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse) +{ + if(!reuse->item_on_lru_list) + return; /* not on the list, no lru to modify */ + if(!reuse->lru_prev) + return; /* already first in the list */ + /* remove at current position */ + /* since it is not first, there is a previous element */ + reuse->lru_prev->lru_next = reuse->lru_next; + if(reuse->lru_next) + reuse->lru_next->lru_prev = reuse->lru_prev; + else outnet->tcp_reuse_last = reuse->lru_prev; + /* insert at the front */ + reuse->lru_prev = NULL; + reuse->lru_next = outnet->tcp_reuse_first; + /* since it is not first, it is not the only element and + * lru_next is thus not NULL and thus reuse is now not the last in + * the list, so outnet->tcp_reuse_last does not need to be modified */ + outnet->tcp_reuse_first = reuse; +} + +/** call callback on waiting_tcp, if not NULL */ +static void +waiting_tcp_callback(struct waiting_tcp* w, struct comm_point* c, int error, + struct comm_reply* reply_info) +{ + if(w->cb) { + fptr_ok(fptr_whitelist_pending_tcp(w->cb)); + (void)(*w->cb)(c, w->cb_arg, error, reply_info); + } +} + /** see if buffers can be used to service TCP queries */ static void use_free_buffer(struct outside_network* outnet) @@ -421,25 +714,198 @@ use_free_buffer(struct outside_network* outnet) struct waiting_tcp* w; while(outnet->tcp_free && outnet->tcp_wait_first && !outnet->want_to_quit) { + struct reuse_tcp* reuse = NULL; w = outnet->tcp_wait_first; outnet->tcp_wait_first = w->next_waiting; if(outnet->tcp_wait_last == w) outnet->tcp_wait_last = NULL; - if(!outnet_tcp_take_into_use(w, w->pkt, w->pkt_len)) { - comm_point_callback_type* cb = w->cb; - void* cb_arg = w->cb_arg; - waiting_tcp_delete(w); - fptr_ok(fptr_whitelist_pending_tcp(cb)); - (void)(*cb)(NULL, cb_arg, NETEVENT_CLOSED, NULL); + w->on_tcp_waiting_list = 0; + reuse = reuse_tcp_find(outnet, &w->addr, w->addrlen, + w->ssl_upstream); + if(reuse) { + log_reuse_tcp(VERB_CLIENT, "use free buffer for waiting tcp: " + "found reuse", reuse); + reuse_tcp_lru_touch(outnet, reuse); + comm_timer_disable(w->timer); + w->next_waiting = (void*)reuse->pending; + reuse_tree_by_id_insert(reuse, w); + if(reuse->pending->query) { + /* on the write wait list */ + reuse_write_wait_push_back(reuse, w); + } else { + /* write straight away */ + /* stop the timer on read of the fd */ + comm_point_stop_listening(reuse->pending->c); + reuse->pending->query = w; + outnet_tcp_take_query_setup( + reuse->pending->c->fd, reuse->pending, + w); + } + } else { + struct pending_tcp* pend = w->outnet->tcp_free; + rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); + pend->reuse.pending = pend; + memcpy(&pend->reuse.addr, &w->addr, w->addrlen); + pend->reuse.addrlen = w->addrlen; + if(!outnet_tcp_take_into_use(w)) { + waiting_tcp_callback(w, NULL, NETEVENT_CLOSED, + NULL); + waiting_tcp_delete(w); + } } } } +/** add waiting_tcp element to the outnet tcp waiting list */ +static void +outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w) +{ + struct timeval tv; + if(w->on_tcp_waiting_list) + return; + w->next_waiting = NULL; + if(outnet->tcp_wait_last) + outnet->tcp_wait_last->next_waiting = w; + else outnet->tcp_wait_first = w; + outnet->tcp_wait_last = w; + w->on_tcp_waiting_list = 1; +#ifndef S_SPLINT_S + tv.tv_sec = w->timeout/1000; + tv.tv_usec = (w->timeout%1000)*1000; +#endif + comm_timer_set(w->timer, &tv); +} + +/** delete element from tree by id */ +static void +reuse_tree_by_id_delete(struct reuse_tcp* reuse, struct waiting_tcp* w) +{ + log_assert(w->id_node.key != NULL); + rbtree_delete(&reuse->tree_by_id, w); + w->id_node.key = NULL; +} + +/** move writewait list to go for another connection. */ +static void +reuse_move_writewait_away(struct outside_network* outnet, + struct pending_tcp* pend) +{ + /* the writewait list has not been written yet, so if the + * stream was closed, they have not actually been failed, only + * the queries written. Other queries can get written to another + * stream. For upstreams that do not support multiple queries + * and answers, the stream can get closed, and then the queries + * can get written on a new socket */ + struct waiting_tcp* w; + if(pend->query && pend->query->error_count == 0 && + pend->c->tcp_write_pkt == pend->query->pkt && + pend->c->tcp_write_pkt_len == pend->query->pkt_len) { + /* since the current query is not written, it can also + * move to a free buffer */ + if(verbosity >= VERB_CLIENT && pend->query->pkt_len > 12+2+2 && + LDNS_QDCOUNT(pend->query->pkt) > 0 && + dname_valid(pend->query->pkt+12, pend->query->pkt_len-12)) { + char buf[LDNS_MAX_DOMAINLEN+1]; + dname_str(pend->query->pkt+12, buf); + verbose(VERB_CLIENT, "reuse_move_writewait_away current %s %d bytes were written", + buf, (int)pend->c->tcp_write_byte_count); + } + pend->c->tcp_write_pkt = NULL; + pend->c->tcp_write_pkt_len = 0; + pend->c->tcp_write_and_read = 0; + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; + pend->c->tcp_is_reading = 1; + w = pend->query; + pend->query = NULL; + /* increase error count, so that if the next socket fails too + * the server selection is run again with this query failed + * and it can select a different server (if possible), or + * fail the query */ + w->error_count ++; + reuse_tree_by_id_delete(&pend->reuse, w); + outnet_add_tcp_waiting(outnet, w); + } + while((w = reuse_write_wait_pop(&pend->reuse)) != NULL) { + if(verbosity >= VERB_CLIENT && w->pkt_len > 12+2+2 && + LDNS_QDCOUNT(w->pkt) > 0 && + dname_valid(w->pkt+12, w->pkt_len-12)) { + char buf[LDNS_MAX_DOMAINLEN+1]; + dname_str(w->pkt+12, buf); + verbose(VERB_CLIENT, "reuse_move_writewait_away item %s", buf); + } + reuse_tree_by_id_delete(&pend->reuse, w); + outnet_add_tcp_waiting(outnet, w); + } +} + +/** remove reused element from tree and lru list */ +static void +reuse_tcp_remove_tree_list(struct outside_network* outnet, + struct reuse_tcp* reuse) +{ + verbose(VERB_CLIENT, "reuse_tcp_remove_tree_list"); + if(reuse->node.key) { + /* delete it from reuse tree */ + (void)rbtree_delete(&outnet->tcp_reuse, &reuse->node); + reuse->node.key = NULL; + } + /* delete from reuse list */ + if(reuse->item_on_lru_list) { + if(reuse->lru_prev) { + /* assert that members of the lru list are waiting + * and thus have a pending pointer to the struct */ + log_assert(reuse->lru_prev->pending); + reuse->lru_prev->lru_next = reuse->lru_next; + } else { + log_assert(!reuse->lru_next || reuse->lru_next->pending); + outnet->tcp_reuse_first = reuse->lru_next; + } + if(reuse->lru_next) { + /* assert that members of the lru list are waiting + * and thus have a pending pointer to the struct */ + log_assert(reuse->lru_next->pending); + reuse->lru_next->lru_prev = reuse->lru_prev; + } else { + log_assert(!reuse->lru_prev || reuse->lru_prev->pending); + outnet->tcp_reuse_last = reuse->lru_prev; + } + reuse->item_on_lru_list = 0; + } +} + +/** helper function that deletes an element from the tree of readwait + * elements in tcp reuse structure */ +static void reuse_del_readwait_elem(rbnode_type* node, void* ATTR_UNUSED(arg)) +{ + struct waiting_tcp* w = (struct waiting_tcp*)node->key; + waiting_tcp_delete(w); +} + +/** delete readwait waiting_tcp elements, deletes the elements in the list */ +void reuse_del_readwait(rbtree_type* tree_by_id) +{ + if(tree_by_id->root == NULL || + tree_by_id->root == RBTREE_NULL) + return; + traverse_postorder(tree_by_id, &reuse_del_readwait_elem, NULL); + rbtree_init(tree_by_id, reuse_id_cmp); +} + /** decommission a tcp buffer, closes commpoint and frees waiting_tcp entry */ static void decommission_pending_tcp(struct outside_network* outnet, struct pending_tcp* pend) { + verbose(VERB_CLIENT, "decommission_pending_tcp"); + pend->next_free = outnet->tcp_free; + outnet->tcp_free = pend; + if(pend->reuse.node.key) { + /* needs unlink from the reuse tree to get deleted */ + reuse_tcp_remove_tree_list(outnet, &pend->reuse); + } + /* free SSL structure after remove from outnet tcp reuse tree, + * because the c->ssl null or not is used for sorting in the tree */ if(pend->c->ssl) { #ifdef HAVE_SSL SSL_shutdown(pend->c->ssl); @@ -448,11 +914,68 @@ decommission_pending_tcp(struct outside_network* outnet, #endif } comm_point_close(pend->c); - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; - waiting_tcp_delete(pend->query); + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; + /* unlink the query and writewait list, it is part of the tree + * nodes and is deleted */ pend->query = NULL; - use_free_buffer(outnet); + pend->reuse.write_wait_first = NULL; + pend->reuse.write_wait_last = NULL; + reuse_del_readwait(&pend->reuse.tree_by_id); +} + +/** perform failure callbacks for waiting queries in reuse read rbtree */ +static void reuse_cb_readwait_for_failure(rbtree_type* tree_by_id, int err) +{ + rbnode_type* node; + if(tree_by_id->root == NULL || + tree_by_id->root == RBTREE_NULL) + return; + node = rbtree_first(tree_by_id); + while(node && node != RBTREE_NULL) { + struct waiting_tcp* w = (struct waiting_tcp*)node->key; + waiting_tcp_callback(w, NULL, err, NULL); + node = rbtree_next(node); + } +} + +/** perform callbacks for failure and also decommission pending tcp. + * the callbacks remove references in sq->pending to the waiting_tcp + * members of the tree_by_id in the pending tcp. The pending_tcp is + * removed before the callbacks, so that the callbacks do not modify + * the pending_tcp due to its reference in the outside_network reuse tree */ +static void reuse_cb_and_decommission(struct outside_network* outnet, + struct pending_tcp* pend, int error) +{ + rbtree_type store; + store = pend->reuse.tree_by_id; + pend->query = NULL; + rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); + pend->reuse.write_wait_first = NULL; + pend->reuse.write_wait_last = NULL; + decommission_pending_tcp(outnet, pend); + reuse_cb_readwait_for_failure(&store, error); + reuse_del_readwait(&store); +} + +/** set timeout on tcp fd and setup read event to catch incoming dns msgs */ +static void +reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp) +{ + log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_timeout", &pend_tcp->reuse); + comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT); +} + +/** set timeout on tcp fd and setup read event to catch incoming dns msgs */ +static void +reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp) +{ + log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_readtimeout", &pend_tcp->reuse); + sldns_buffer_clear(pend_tcp->c->buffer); + pend_tcp->c->tcp_is_reading = 1; + pend_tcp->c->tcp_byte_count = 0; + comm_point_stop_listening(pend_tcp->c); + comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT); } int @@ -460,24 +983,116 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error, struct comm_reply *reply_info) { struct pending_tcp* pend = (struct pending_tcp*)arg; - struct outside_network* outnet = pend->query->outnet; + struct outside_network* outnet = pend->reuse.outnet; + struct waiting_tcp* w = NULL; verbose(VERB_ALGO, "outnettcp cb"); - if(error != NETEVENT_NOERROR) { + if(error == NETEVENT_TIMEOUT) { + if(pend->c->tcp_write_and_read) { + verbose(VERB_QUERY, "outnettcp got tcp timeout " + "for read, ignored because write underway"); + /* if we are writing, ignore readtimer, wait for write timer + * or write is done */ + return 0; + } else { + verbose(VERB_QUERY, "outnettcp got tcp timeout %s", + (pend->reuse.tree_by_id.count?"for reading pkt": + "for keepalive for reuse")); + } + /* must be timeout for reading or keepalive reuse, + * close it. */ + reuse_tcp_remove_tree_list(outnet, &pend->reuse); + } else if(error == NETEVENT_PKT_WRITTEN) { + /* the packet we want to write has been written. */ + verbose(VERB_ALGO, "outnet tcp pkt was written event"); + log_assert(c == pend->c); + log_assert(pend->query->pkt == pend->c->tcp_write_pkt); + log_assert(pend->query->pkt_len == pend->c->tcp_write_pkt_len); + pend->c->tcp_write_pkt = NULL; + pend->c->tcp_write_pkt_len = 0; + /* the pend.query is already in tree_by_id */ + log_assert(pend->query->id_node.key); + pend->query = NULL; + /* setup to write next packet or setup read timeout */ + if(pend->reuse.write_wait_first) { + verbose(VERB_ALGO, "outnet tcp setup next pkt"); + /* we can write it straight away perhaps, set flag + * because this callback called after a tcp write + * succeeded and likely more buffer space is available + * and we can write some more. */ + pend->reuse.cp_more_write_again = 1; + pend->query = reuse_write_wait_pop(&pend->reuse); + comm_point_stop_listening(pend->c); + outnet_tcp_take_query_setup(pend->c->fd, pend, + pend->query); + } else { + verbose(VERB_ALGO, "outnet tcp writes done, wait"); + pend->c->tcp_write_and_read = 0; + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; + pend->c->tcp_is_reading = 1; + comm_point_stop_listening(pend->c); + reuse_tcp_setup_timeout(pend); + } + return 0; + } else if(error != NETEVENT_NOERROR) { verbose(VERB_QUERY, "outnettcp got tcp error %d", error); + reuse_move_writewait_away(outnet, pend); /* pass error below and exit */ } else { /* check ID */ - if(sldns_buffer_limit(c->buffer) < sizeof(uint16_t) || - LDNS_ID_WIRE(sldns_buffer_begin(c->buffer))!=pend->id) { + if(sldns_buffer_limit(c->buffer) < sizeof(uint16_t)) { log_addr(VERB_QUERY, - "outnettcp: bad ID in reply, from:", - &pend->query->addr, pend->query->addrlen); + "outnettcp: bad ID in reply, too short, from:", + &pend->reuse.addr, pend->reuse.addrlen); error = NETEVENT_CLOSED; + } else { + uint16_t id = LDNS_ID_WIRE(sldns_buffer_begin( + c->buffer)); + /* find the query the reply is for */ + w = reuse_tcp_by_id_find(&pend->reuse, id); } } - fptr_ok(fptr_whitelist_pending_tcp(pend->query->cb)); - (void)(*pend->query->cb)(c, pend->query->cb_arg, error, reply_info); - decommission_pending_tcp(outnet, pend); + if(error == NETEVENT_NOERROR && !w) { + /* no struct waiting found in tree, no reply to call */ + log_addr(VERB_QUERY, "outnettcp: bad ID in reply, from:", + &pend->reuse.addr, pend->reuse.addrlen); + error = NETEVENT_CLOSED; + } + if(error == NETEVENT_NOERROR) { + /* add to reuse tree so it can be reused, if not a failure. + * This is possible if the state machine wants to make a tcp + * query again to the same destination. */ + if(outnet->tcp_reuse.count < outnet->tcp_reuse_max) { + (void)reuse_tcp_insert(outnet, pend); + } + } + if(w) { + reuse_tree_by_id_delete(&pend->reuse, w); + verbose(VERB_CLIENT, "outnet tcp callback query err %d buflen %d", + error, (int)sldns_buffer_limit(c->buffer)); + waiting_tcp_callback(w, c, error, reply_info); + waiting_tcp_delete(w); + } + verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb"); + if(error == NETEVENT_NOERROR && pend->reuse.node.key) { + verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: keep it"); + /* it is in the reuse_tcp tree, with other queries, or + * on the empty list. do not decommission it */ + /* if there are more outstanding queries, we could try to + * read again, to see if it is on the input, + * because this callback called after a successful read + * and there could be more bytes to read on the input */ + if(pend->reuse.tree_by_id.count != 0) + pend->reuse.cp_more_read_again = 1; + reuse_tcp_setup_read_and_timeout(pend); + return 0; + } + verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: decommission it"); + /* no queries on it, no space to keep it. or timeout or closed due + * to error. Close it */ + reuse_cb_and_decommission(outnet, pend, (error==NETEVENT_TIMEOUT? + NETEVENT_TIMEOUT:NETEVENT_CLOSED)); + use_free_buffer(outnet); return 0; } @@ -736,7 +1351,8 @@ outside_network_create(struct comm_base *base, size_t bufsize, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, struct dt_env* dtenv) + void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv, + int udp_connect) { struct outside_network* outnet = (struct outside_network*) calloc(1, sizeof(struct outside_network)); @@ -752,6 +1368,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->infra = infra; outnet->rnd = rnd; outnet->sslctx = sslctx; + outnet->tls_use_sni = tls_use_sni; #ifdef USE_DNSTAP outnet->dtenv = dtenv; #else @@ -773,6 +1390,9 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->delay_tv.tv_usec = (delayclose%1000)*1000; } #endif + if(udp_connect) { + outnet->udp_connect = 1; + } if(numavailports == 0 || num_ports == 0) { log_err("no outgoing ports available"); outside_network_delete(outnet); @@ -807,6 +1427,8 @@ outside_network_create(struct comm_base *base, size_t bufsize, outside_network_delete(outnet); return NULL; } + rbtree_init(&outnet->tcp_reuse, reuse_cmp); + outnet->tcp_reuse_max = num_tcp; /* allocate commpoints */ for(k=0; knum_tcp; i++) if(outnet->tcp_conns[i]) { + if(outnet->tcp_conns[i]->query && + !outnet->tcp_conns[i]->query-> + on_tcp_waiting_list) { + /* delete waiting_tcp elements that + * the tcp conn is working on */ + struct pending_tcp* pend = + (struct pending_tcp*)outnet-> + tcp_conns[i]->query-> + next_waiting; + decommission_pending_tcp(outnet, pend); + } comm_point_delete(outnet->tcp_conns[i]->c); waiting_tcp_delete(outnet->tcp_conns[i]->query); free(outnet->tcp_conns[i]); @@ -984,6 +1617,10 @@ outside_network_delete(struct outside_network* outnet) p = np; } } + /* was allocated in struct pending that was deleted above */ + rbtree_init(&outnet->tcp_reuse, reuse_cmp); + outnet->tcp_reuse_first = NULL; + outnet->tcp_reuse_last = NULL; if(outnet->udp_wait_first) { struct pending* p = outnet->udp_wait_first, *np; while(p) { @@ -1051,6 +1688,7 @@ sai6_putrandom(struct sockaddr_in6 *sa, int pfxlen, struct ub_randstate *rnd) * @param port: port override for addr. * @param inuse: if -1 is returned, this bool means the port was in use. * @param rnd: random state (for address randomisation). + * @param dscp: DSCP to use. * @return fd or -1 */ static int @@ -1107,6 +1745,33 @@ select_id(struct outside_network* outnet, struct pending* pend, return 1; } +/** return true is UDP connect error needs to be logged */ +static int udp_connect_needs_log(int err) +{ + switch(err) { + case ECONNREFUSED: +# ifdef ENETUNREACH + case ENETUNREACH: +# endif +# ifdef EHOSTDOWN + case EHOSTDOWN: +# endif +# ifdef EHOSTUNREACH + case EHOSTUNREACH: +# endif +# ifdef ENETDOWN + case ENETDOWN: +# endif + if(verbosity >= VERB_ALGO) + return 1; + return 0; + default: + break; + } + return 1; +} + + /** Select random interface and port */ static int select_ifport(struct outside_network* outnet, struct pending* pend, @@ -1126,13 +1791,26 @@ select_ifport(struct outside_network* outnet, struct pending* pend, my_if = ub_random_max(outnet->rnd, num_if); pif = &ifs[my_if]; #ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION - my_port = ub_random_max(outnet->rnd, pif->avail_total); - if(my_port < pif->inuse) { - /* port already open */ - pend->pc = pif->out[my_port]; - verbose(VERB_ALGO, "using UDP if=%d port=%d", - my_if, pend->pc->number); - break; + if(outnet->udp_connect) { + /* if we connect() we cannot reuse fds for a port */ + if(pif->inuse >= pif->avail_total) { + tries++; + if(tries < MAX_PORT_RETRY) + continue; + log_err("failed to find an open port, drop msg"); + return 0; + } + my_port = pif->inuse + ub_random_max(outnet->rnd, + pif->avail_total - pif->inuse); + } else { + my_port = ub_random_max(outnet->rnd, pif->avail_total); + if(my_port < pif->inuse) { + /* port already open */ + pend->pc = pif->out[my_port]; + verbose(VERB_ALGO, "using UDP if=%d port=%d", + my_if, pend->pc->number); + break; + } } /* try to open new port, if fails, loop to try again */ log_assert(pif->inuse < pif->maxout); @@ -1149,6 +1827,19 @@ select_ifport(struct outside_network* outnet, struct pending* pend, if(fd != -1) { verbose(VERB_ALGO, "opened UDP if=%d port=%d", my_if, portno); + if(outnet->udp_connect) { + /* connect() to the destination */ + if(connect(fd, (struct sockaddr*)&pend->addr, + pend->addrlen) < 0) { + if(udp_connect_needs_log(errno)) { + log_err_addr("udp connect failed", + strerror(errno), &pend->addr, + pend->addrlen); + } + sock_close(fd); + return 0; + } + } /* grab fd */ pend->pc = outnet->unused_fds; outnet->unused_fds = pend->pc->next; @@ -1208,8 +1899,8 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) log_assert(pend->pc && pend->pc->cp); /* send it over the commlink */ - if(!comm_point_send_udp_msg(pend->pc->cp, packet, - (struct sockaddr*)&pend->addr, pend->addrlen)) { + if(!comm_point_send_udp_msg(pend->pc->cp, packet, + (struct sockaddr*)&pend->addr, pend->addrlen, outnet->udp_connect)) { portcomm_loweruse(outnet, pend->pc); return 0; } @@ -1284,45 +1975,152 @@ outnet_tcptimer(void* arg) { struct waiting_tcp* w = (struct waiting_tcp*)arg; struct outside_network* outnet = w->outnet; - comm_point_callback_type* cb; - void* cb_arg; - if(w->pkt) { + verbose(VERB_CLIENT, "outnet_tcptimer"); + if(w->on_tcp_waiting_list) { /* it is on the waiting list */ waiting_list_remove(outnet, w); + waiting_tcp_callback(w, NULL, NETEVENT_TIMEOUT, NULL); + waiting_tcp_delete(w); } else { /* it was in use */ struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting; - if(pend->c->ssl) { -#ifdef HAVE_SSL - SSL_shutdown(pend->c->ssl); - SSL_free(pend->c->ssl); - pend->c->ssl = NULL; -#endif - } - comm_point_close(pend->c); - pend->query = NULL; - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; + reuse_cb_and_decommission(outnet, pend, NETEVENT_TIMEOUT); } - cb = w->cb; - cb_arg = w->cb_arg; - waiting_tcp_delete(w); - fptr_ok(fptr_whitelist_pending_tcp(cb)); - (void)(*cb)(NULL, cb_arg, NETEVENT_TIMEOUT, NULL); use_free_buffer(outnet); } +/** close the oldest reuse_tcp connection to make a fd and struct pend + * available for a new stream connection */ +static void +reuse_tcp_close_oldest(struct outside_network* outnet) +{ + struct pending_tcp* pend; + verbose(VERB_CLIENT, "reuse_tcp_close_oldest"); + if(!outnet->tcp_reuse_last) return; + pend = outnet->tcp_reuse_last->pending; + + /* snip off of LRU */ + log_assert(pend->reuse.lru_next == NULL); + if(pend->reuse.lru_prev) { + outnet->tcp_reuse_last = pend->reuse.lru_prev; + pend->reuse.lru_prev->lru_next = NULL; + } else { + outnet->tcp_reuse_last = NULL; + outnet->tcp_reuse_first = NULL; + } + pend->reuse.item_on_lru_list = 0; + + /* free up */ + reuse_cb_and_decommission(outnet, pend, NETEVENT_CLOSED); +} + +/** find spare ID value for reuse tcp stream. That is random and also does + * not collide with an existing query ID that is in use or waiting */ +uint16_t +reuse_tcp_select_id(struct reuse_tcp* reuse, struct outside_network* outnet) +{ + uint16_t id = 0, curid, nextid; + const int try_random = 2000; + int i; + unsigned select, count, space; + rbnode_type* node; + + /* make really sure the tree is not empty */ + if(reuse->tree_by_id.count == 0) { + id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; + return id; + } + + /* try to find random empty spots by picking them */ + for(i = 0; irnd)>>8) & 0xffff; + if(!reuse_tcp_by_id_find(reuse, id)) { + return id; + } + } + + /* equally pick a random unused element from the tree that is + * not in use. Pick a the n-th index of an ununused number, + * then loop over the empty spaces in the tree and find it */ + log_assert(reuse->tree_by_id.count < 0xffff); + select = ub_random_max(outnet->rnd, 0xffff - reuse->tree_by_id.count); + /* select value now in 0 .. num free - 1 */ + + count = 0; /* number of free spaces passed by */ + node = rbtree_first(&reuse->tree_by_id); + log_assert(node && node != RBTREE_NULL); /* tree not empty */ + /* see if select is before first node */ + if(select < tree_by_id_get_id(node)) + return select; + count += tree_by_id_get_id(node); + /* perhaps select is between nodes */ + while(node && node != RBTREE_NULL) { + rbnode_type* next = rbtree_next(node); + if(next && next != RBTREE_NULL) { + curid = tree_by_id_get_id(node); + nextid = tree_by_id_get_id(next); + log_assert(curid < nextid); + if(curid != 0xffff && curid + 1 < nextid) { + /* space between nodes */ + space = nextid - curid - 1; + log_assert(select >= count); + if(select < count + space) { + /* here it is */ + return curid + 1 + (select - count); + } + count += space; + } + } + node = next; + } + + /* select is after the last node */ + /* count is the number of free positions before the nodes in the + * tree */ + node = rbtree_last(&reuse->tree_by_id); + log_assert(node && node != RBTREE_NULL); /* tree not empty */ + curid = tree_by_id_get_id(node); + log_assert(count + (0xffff-curid) + reuse->tree_by_id.count == 0xffff); + return curid + 1 + (select - count); +} + struct waiting_tcp* pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, int timeout, comm_point_callback_type* callback, void* callback_arg) { struct pending_tcp* pend = sq->outnet->tcp_free; + struct reuse_tcp* reuse = NULL; struct waiting_tcp* w; - struct timeval tv; - uint16_t id; - /* if no buffer is free allocate space to store query */ + + verbose(VERB_CLIENT, "pending_tcp_query"); + if(sldns_buffer_limit(packet) < sizeof(uint16_t)) { + verbose(VERB_ALGO, "pending tcp query with too short buffer < 2"); + return NULL; + } + + /* find out if a reused stream to the target exists */ + /* if so, take it into use */ + reuse = reuse_tcp_find(sq->outnet, &sq->addr, sq->addrlen, + sq->ssl_upstream); + if(reuse) { + log_reuse_tcp(VERB_CLIENT, "pending_tcp_query: found reuse", reuse); + log_assert(reuse->pending); + pend = reuse->pending; + reuse_tcp_lru_touch(sq->outnet, reuse); + } + + /* if !pend but we have reuse streams, close a reuse stream + * to be able to open a new one to this target, no use waiting + * to reuse a file descriptor while another query needs to use + * that buffer and file descriptor now. */ + if(!pend) { + reuse_tcp_close_oldest(sq->outnet); + pend = sq->outnet->tcp_free; + } + + /* allocate space to store query */ w = (struct waiting_tcp*)malloc(sizeof(struct waiting_tcp) - + (pend?0:sldns_buffer_limit(packet))); + + sldns_buffer_limit(packet)); if(!w) { return NULL; } @@ -1330,47 +2128,76 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, free(w); return NULL; } - w->pkt = NULL; - w->pkt_len = 0; - id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff; - LDNS_ID_SET(sldns_buffer_begin(packet), id); + w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp); + w->pkt_len = sldns_buffer_limit(packet); + memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len); + if(reuse) + w->id = reuse_tcp_select_id(reuse, sq->outnet); + else w->id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff; + LDNS_ID_SET(w->pkt, w->id); memcpy(&w->addr, &sq->addr, sq->addrlen); w->addrlen = sq->addrlen; w->outnet = sq->outnet; + w->on_tcp_waiting_list = 0; + w->next_waiting = NULL; w->cb = callback; w->cb_arg = callback_arg; w->ssl_upstream = sq->ssl_upstream; w->tls_auth_name = sq->tls_auth_name; -#ifndef S_SPLINT_S - tv.tv_sec = timeout/1000; - tv.tv_usec = (timeout%1000)*1000; -#endif - comm_timer_set(w->timer, &tv); + w->timeout = timeout; + w->id_node.key = NULL; + w->write_wait_prev = NULL; + w->write_wait_next = NULL; + w->write_wait_queued = 0; + w->error_count = 0; if(pend) { /* we have a buffer available right now */ - if(!outnet_tcp_take_into_use(w, sldns_buffer_begin(packet), - sldns_buffer_limit(packet))) { - waiting_tcp_delete(w); - return NULL; + if(reuse) { + /* reuse existing fd, write query and continue */ + /* store query in tree by id */ + verbose(VERB_CLIENT, "pending_tcp_query: reuse, store"); + w->next_waiting = (void*)pend; + reuse_tree_by_id_insert(&pend->reuse, w); + /* can we write right now? */ + if(pend->query == NULL) { + /* write straight away */ + /* stop the timer on read of the fd */ + comm_point_stop_listening(pend->c); + pend->query = w; + outnet_tcp_take_query_setup(pend->c->fd, pend, + w); + } else { + /* put it in the waiting list for + * this stream */ + reuse_write_wait_push_back(&pend->reuse, w); + } + } else { + /* create new fd and connect to addr, setup to + * write query */ + verbose(VERB_CLIENT, "pending_tcp_query: new fd, connect"); + rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); + pend->reuse.pending = pend; + memcpy(&pend->reuse.addr, &sq->addr, sq->addrlen); + pend->reuse.addrlen = sq->addrlen; + if(!outnet_tcp_take_into_use(w)) { + waiting_tcp_delete(w); + return NULL; + } } -#ifdef USE_DNSTAP - if(sq->outnet->dtenv && - (sq->outnet->dtenv->log_resolver_query_messages || - sq->outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - comm_tcp, sq->zone, sq->zonelen, packet); -#endif } else { /* queue up */ - w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp); - w->pkt_len = sldns_buffer_limit(packet); - memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len); - w->next_waiting = NULL; - if(sq->outnet->tcp_wait_last) - sq->outnet->tcp_wait_last->next_waiting = w; - else sq->outnet->tcp_wait_first = w; - sq->outnet->tcp_wait_last = w; + /* waiting for a buffer on the outside network buffer wait + * list */ + verbose(VERB_CLIENT, "pending_tcp_query: queue to wait"); + outnet_add_tcp_waiting(sq->outnet, w); } +#ifdef USE_DNSTAP + if(sq->outnet->dtenv && + (sq->outnet->dtenv->log_resolver_query_messages || + sq->outnet->dtenv->log_forwarder_query_messages)) + dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, + comm_tcp, sq->zone, sq->zonelen, packet); +#endif return w; } @@ -1490,6 +2317,7 @@ static void waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w) { struct waiting_tcp* p = outnet->tcp_wait_first, *prev = NULL; + w->on_tcp_waiting_list = 0; while(p) { if(p == w) { /* remove w */ @@ -1505,10 +2333,53 @@ waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w) } } +/** reuse tcp stream, remove serviced query from stream, + * return true if the stream is kept, false if it is to be closed */ +static int +reuse_tcp_remove_serviced_keep(struct waiting_tcp* w, + struct serviced_query* sq) +{ + struct pending_tcp* pend_tcp = (struct pending_tcp*)w->next_waiting; + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep"); + /* remove the callback. let query continue to write to not cancel + * the stream itself. also keep it as an entry in the tree_by_id, + * in case the answer returns (that we no longer want), but we cannot + * pick the same ID number meanwhile */ + w->cb = NULL; + /* see if can be entered in reuse tree + * for that the FD has to be non-1 */ + if(pend_tcp->c->fd == -1) { + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep: -1 fd"); + return 0; + } + /* if in tree and used by other queries */ + if(pend_tcp->reuse.node.key) { + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep: in use by other queries"); + /* do not reset the keepalive timer, for that + * we'd need traffic, and this is where the serviced is + * removed due to state machine internal reasons, + * eg. iterator no longer interested in this query */ + return 1; + } + /* if still open and want to keep it open */ + if(pend_tcp->c->fd != -1 && sq->outnet->tcp_reuse.count < + sq->outnet->tcp_reuse_max) { + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep: keep open"); + /* set a keepalive timer on it */ + if(!reuse_tcp_insert(sq->outnet, pend_tcp)) { + return 0; + } + reuse_tcp_setup_timeout(pend_tcp); + return 1; + } + return 0; +} + /** cleanup serviced query entry */ static void serviced_delete(struct serviced_query* sq) { + verbose(VERB_CLIENT, "serviced_delete"); if(sq->pending) { /* clear up the pending query */ if(sq->status == serviced_query_UDP_EDNS || @@ -1516,6 +2387,7 @@ serviced_delete(struct serviced_query* sq) sq->status == serviced_query_UDP_EDNS_FRAG || sq->status == serviced_query_UDP_EDNS_fallback) { struct pending* p = (struct pending*)sq->pending; + verbose(VERB_CLIENT, "serviced_delete: UDP"); if(p->pc) portcomm_loweruse(sq->outnet, p->pc); pending_delete(sq->outnet, p); @@ -1523,14 +2395,32 @@ serviced_delete(struct serviced_query* sq) * mesh */ outnet_send_wait_udp(sq->outnet); } else { - struct waiting_tcp* p = (struct waiting_tcp*) + struct waiting_tcp* w = (struct waiting_tcp*) sq->pending; - if(p->pkt == NULL) { - decommission_pending_tcp(sq->outnet, - (struct pending_tcp*)p->next_waiting); + verbose(VERB_CLIENT, "serviced_delete: TCP"); + /* if on stream-write-waiting list then + * remove from waiting list and waiting_tcp_delete */ + if(w->write_wait_queued) { + struct pending_tcp* pend = + (struct pending_tcp*)w->next_waiting; + verbose(VERB_CLIENT, "serviced_delete: writewait"); + reuse_tree_by_id_delete(&pend->reuse, w); + reuse_write_wait_remove(&pend->reuse, w); + waiting_tcp_delete(w); + } else if(!w->on_tcp_waiting_list) { + struct pending_tcp* pend = + (struct pending_tcp*)w->next_waiting; + verbose(VERB_CLIENT, "serviced_delete: tcpreusekeep"); + if(!reuse_tcp_remove_serviced_keep(w, sq)) { + reuse_cb_and_decommission(sq->outnet, + pend, NETEVENT_CLOSED); + use_free_buffer(sq->outnet); + } + sq->pending = NULL; } else { - waiting_list_remove(sq->outnet, p); - waiting_tcp_delete(p); + verbose(VERB_CLIENT, "serviced_delete: tcpwait"); + waiting_list_remove(sq->outnet, w); + waiting_tcp_delete(w); } } } @@ -2119,9 +3009,20 @@ outnet_serviced_query(struct outside_network* outnet, { struct serviced_query* sq; struct service_callback* cb; + struct edns_string_addr* client_string_addr; + if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen, qstate, qstate->region)) return NULL; + + if((client_string_addr = edns_string_addr_lookup( + &env->edns_strings->client_strings, addr, addrlen))) { + edns_opt_list_append(&qstate->edns_opts_back_out, + env->edns_strings->client_string_opcode, + client_string_addr->string_len, + client_string_addr->string, qstate->region); + } + serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, flags); sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen, @@ -2309,6 +3210,11 @@ setup_comm_ssl(struct comm_point* cp, struct outside_network* outnet, #endif cp->ssl_shake_state = comm_ssl_shake_write; /* https verification */ +#ifdef HAVE_SSL + if(outnet->tls_use_sni) { + (void)SSL_set_tlsext_host_name(cp->ssl, host); + } +#endif #ifdef HAVE_SSL_SET1_HOST if((SSL_CTX_get_verify_mode(outnet->sslctx)&SSL_VERIFY_PEER)) { /* because we set SSL_VERIFY_PEER, in netevent in diff --git a/services/outside_network.h b/services/outside_network.h index eeb77bb92..fe287af4f 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -52,6 +52,7 @@ struct ub_randstate; struct pending_tcp; struct waiting_tcp; struct waiting_udp; +struct reuse_tcp; struct infra_cache; struct port_comm; struct port_if; @@ -106,6 +107,9 @@ struct outside_network { int delayclose; /** timeout for delayclose */ struct timeval delay_tv; + /** if we perform udp-connect, connect() for UDP socket to mitigate + * ICMP side channel leakage */ + int udp_connect; /** array of outgoing IP4 interfaces */ struct port_if* ip4_ifs; @@ -132,6 +136,8 @@ struct outside_network { struct ub_randstate* rnd; /** ssl context to create ssl wrapped TCP with DNS connections */ void* sslctx; + /** if SNI will be used for TLS connections */ + int tls_use_sni; #ifdef USE_DNSTAP /** dnstap environment */ struct dt_env* dtenv; @@ -152,6 +158,21 @@ struct outside_network { size_t num_tcp; /** number of tcp communication points in use. */ size_t num_tcp_outgoing; + /** + * tree of still-open and waiting tcp connections for reuse. + * can be closed and reopened to get a new tcp connection. + * or reused to the same destination again. with timeout to close. + * Entries are of type struct reuse_tcp. + * The entries are both active and empty connections. + */ + rbtree_type tcp_reuse; + /** max number of tcp_reuse entries we want to keep open */ + size_t tcp_reuse_max; + /** first and last(oldest) in lru list of reuse connections. + * the oldest can be closed to get a new free pending_tcp if needed + * The list contains empty connections, that wait for timeout or + * a new query that can use the existing connection. */ + struct reuse_tcp* tcp_reuse_first, *tcp_reuse_last; /** list of tcp comm points that are free for use */ struct pending_tcp* tcp_free; /** list of tcp queries waiting for a buffer */ @@ -209,6 +230,76 @@ struct port_comm { struct comm_point* cp; }; +/** + * Reuse TCP connection, still open can be used again. + */ +struct reuse_tcp { + /** rbtree node with links in tcp_reuse tree. key is NULL when not + * in tree. Both active and empty connections are in the tree. + * key is a pointer to this structure, the members used to compare + * are the sockaddr and and then is-ssl bool, and then ptr value is + * used in case the same address exists several times in the tree + * when there are multiple connections to the same destination to + * make the rbtree items unique. */ + rbnode_type node; + /** the key for the tcp_reuse tree. address of peer, ip4 or ip6, + * and port number of peer */ + struct sockaddr_storage addr; + /** length of addr */ + socklen_t addrlen; + /** also key for tcp_reuse tree, if ssl is used */ + int is_ssl; + /** lru chain, so that the oldest can be removed to get a new + * connection when all are in (re)use. oldest is last in list. + * The lru only contains empty connections waiting for reuse, + * the ones with active queries are not on the list because they + * do not need to be closed to make space for others. They already + * service a query so the close for another query does not help + * service a larger number of queries. */ + struct reuse_tcp* lru_next, *lru_prev; + /** true if the reuse_tcp item is on the lru list with empty items */ + int item_on_lru_list; + /** the connection to reuse, the fd is non-1 and is open. + * the addr and port determine where the connection is going, + * and is key to the rbtree. The SSL ptr determines if it is + * a TLS connection or a plain TCP connection there. And TLS + * or not is also part of the key to the rbtree. + * There is a timeout and read event on the fd, to close it. */ + struct pending_tcp* pending; + /** + * The more read again value pointed to by the commpoint + * tcp_more_read_again pointer, so that it exists after commpoint + * delete + */ + int cp_more_read_again; + /** + * The more write again value pointed to by the commpoint + * tcp_more_write_again pointer, so that it exists after commpoint + * delete + */ + int cp_more_write_again; + /** rbtree with other queries waiting on the connection, by ID number, + * of type struct waiting_tcp. It is for looking up received + * answers to the structure for callback. And also to see if ID + * numbers are unused and can be used for a new query. + * The write_wait elements are also in the tree, so that ID numbers + * can be looked up also for them. They are bool write_wait_queued. */ + rbtree_type tree_by_id; + /** list of queries waiting to be written on the channel, + * if NULL no queries are waiting to be written and the pending->query + * is the query currently serviced. The first is the next in line. + * They are also in the tree_by_id. Once written, the are removed + * from this list, but stay in the tree. */ + struct waiting_tcp* write_wait_first, *write_wait_last; + /** the outside network it is part of */ + struct outside_network* outnet; +}; + +/** max number of queries on a reuse connection */ +#define MAX_REUSE_TCP_QUERIES 200 +/** timeout for REUSE entries in milliseconds. */ +#define REUSE_TIMEOUT 60000 + /** * A query that has an answer pending for it. */ @@ -253,12 +344,15 @@ struct pending { struct pending_tcp { /** next in list of free tcp comm points, or NULL. */ struct pending_tcp* next_free; - /** the ID for the query; checked in reply */ - uint16_t id; /** tcp comm point it was sent on (and reply must come back on). */ struct comm_point* c; /** the query being serviced, NULL if the pending_tcp is unused. */ struct waiting_tcp* query; + /** the pre-allocated reuse tcp structure. if ->pending is nonNULL + * it is in use and the connection is waiting for reuse. + * It is here for memory pre-allocation, and used to make this + * pending_tcp wait for reuse. */ + struct reuse_tcp reuse; }; /** @@ -267,12 +361,27 @@ struct pending_tcp { struct waiting_tcp { /** * next in waiting list. - * if pkt==0, this points to the pending_tcp structure. + * if on_tcp_waiting_list==0, this points to the pending_tcp structure. */ struct waiting_tcp* next_waiting; + /** if true the item is on the tcp waiting list and next_waiting + * is used for that. If false, the next_waiting points to the + * pending_tcp */ + int on_tcp_waiting_list; + /** next and prev in query waiting list for stream connection */ + struct waiting_tcp* write_wait_prev, *write_wait_next; + /** true if the waiting_tcp structure is on the write_wait queue */ + int write_wait_queued; + /** entry in reuse.tree_by_id, if key is NULL, not in tree, otherwise, + * this struct is key and sorted by ID (from waiting_tcp.id). */ + rbnode_type id_node; + /** the ID for the query; checked in reply */ + uint16_t id; /** timeout event; timer keeps running whether the query is * waiting for a buffer or the tcp reply is pending */ struct comm_timer* timer; + /** timeout in msec */ + int timeout; /** the outside network it is part of */ struct outside_network* outnet; /** remote address. */ @@ -282,13 +391,14 @@ struct waiting_tcp { /** * The query itself, the query packet to send. * allocated after the waiting_tcp structure. - * set to NULL when the query is serviced and it part of pending_tcp. - * if this is NULL, the next_waiting points to the pending_tcp. */ uint8_t* pkt; /** length of query packet. */ size_t pkt_len; - /** callback for the timeout, error or reply to the message */ + /** callback for the timeout, error or reply to the message, + * or NULL if no user is waiting. the entry uses an ID number. + * a query that was written is no longer needed, but the ID number + * and a reply will come back and can be ignored if NULL */ comm_point_callback_type* cb; /** callback user argument */ void* cb_arg; @@ -296,6 +406,8 @@ struct waiting_tcp { int ssl_upstream; /** ref to the tls_auth_name from the serviced_query */ char* tls_auth_name; + /** the packet was involved in an error, to stop looping errors */ + int error_count; }; /** @@ -405,6 +517,7 @@ struct serviced_query { * @param do_ip4: service IP4. * @param do_ip6: service IP6. * @param num_tcp: number of outgoing tcp buffers to preallocate. + * @param dscp: DSCP to use. * @param infra: pointer to infra cached used for serviced queries. * @param rnd: stored to create random numbers for serviced queries. * @param use_caps_for_id: enable to use 0x20 bits to encode id randomness. @@ -418,7 +531,9 @@ struct serviced_query { * @param sslctx: context to create outgoing connections with (if enabled). * @param delayclose: if not 0, udp sockets are delayed before timeout closure. * msec to wait on timeouted udp sockets. + * @param tls_use_sni: if SNI is used for TLS connections. * @param dtenv: environment to send dnstap events with (if enabled). + * @param udp_connect: if the udp_connect option is enabled. * @return: the new structure (with no pending answers) or NULL on error. */ struct outside_network* outside_network_create(struct comm_base* base, @@ -427,7 +542,8 @@ struct outside_network* outside_network_create(struct comm_base* base, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, struct dt_env *dtenv); + void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv, + int udp_connect); /** * Delete outside_network structure. @@ -544,6 +660,19 @@ size_t outnet_get_mem(struct outside_network* outnet); */ size_t serviced_get_mem(struct serviced_query* sq); +/** Pick random ID value for a tcp stream, avoids existing IDs. */ +uint16_t reuse_tcp_select_id(struct reuse_tcp* reuse, + struct outside_network* outnet); + +/** find element in tree by id */ +struct waiting_tcp* reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id); + +/** insert element in tree by id */ +void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w); + +/** delete readwait waiting_tcp elements, deletes the elements in the list */ +void reuse_del_readwait(rbtree_type* tree_by_id); + /** get TCP file descriptor for address, returns -1 on failure, * tcp_mss is 0 or maxseg size to set for TCP packets. */ int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp); @@ -641,4 +770,10 @@ int pending_cmp(const void* key1, const void* key2); /** compare function of serviced query rbtree */ int serviced_cmp(const void* key1, const void* key2); +/** compare function of reuse_tcp rbtree in outside_network struct */ +int reuse_cmp(const void* key1, const void* key2); + +/** compare function of reuse_tcp tree_by_id rbtree */ +int reuse_id_cmp(const void* key1, const void* key2); + #endif /* OUTSIDE_NETWORK_H */ diff --git a/services/rpz.c b/services/rpz.c index 105f238d0..d7dd17f7e 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -440,6 +440,8 @@ err: respip_set_delete(r->respip_set); if(r->taglist) free(r->taglist); + if(r->region) + regional_destroy(r->region); free(r); } return NULL; @@ -597,8 +599,18 @@ rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname, uint8_t* policydname; if(!dname_subdomain_c(dname, azname)) { - log_err("RPZ: name of record to insert into RPZ is not a " - "subdomain of the configured name of the RPZ zone"); + char* dname_str = sldns_wire2str_dname(dname, dnamelen); + char* azname_str = sldns_wire2str_dname(azname, aznamelen); + if(dname_str && azname_str) { + log_err("RPZ: name of record (%s) to insert into RPZ is not a " + "subdomain of the configured name of the RPZ zone (%s)", + dname_str, azname_str); + } else { + log_err("RPZ: name of record to insert into RPZ is not a " + "subdomain of the configured name of the RPZ zone"); + } + free(dname_str); + free(azname_str); return 0; } @@ -951,8 +963,8 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, for(a = az->rpz_first; a; a = a->rpz_az_next) { lock_rw_rdlock(&a->lock); r = a->rpz; - if(!r->taglist || taglist_intersect(r->taglist, - r->taglistlen, taglist, taglen)) { + if(!r->disabled && (!r->taglist || taglist_intersect(r->taglist, + r->taglistlen, taglist, taglen))) { z = rpz_find_zone(r, qinfo->qname, qinfo->qname_len, qinfo->qclass, 0, 0, 0); if(z && r->action_override == RPZ_DISABLED_ACTION) { @@ -1032,3 +1044,17 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, return ret; } + +void rpz_enable(struct rpz* r) +{ + if(!r) + return; + r->disabled = 0; +} + +void rpz_disable(struct rpz* r) +{ + if(!r) + return; + r->disabled = 1; +} diff --git a/services/rpz.h b/services/rpz.h index 77a2db55c..d5996a6cf 100644 --- a/services/rpz.h +++ b/services/rpz.h @@ -99,6 +99,7 @@ struct rpz { int log; char* log_name; struct regional* region; + int disabled; }; /** @@ -198,4 +199,16 @@ void rpz_finish_config(struct rpz* r); enum respip_action rpz_action_to_respip_action(enum rpz_action a); +/** + * Enable RPZ + * @param r: RPZ struct to enable + */ +void rpz_enable(struct rpz* r); + +/** + * Disable RPZ + * @param r: RPZ struct to disable + */ +void rpz_disable(struct rpz* r); + #endif /* SERVICES_RPZ_H */ diff --git a/sldns/parseutil.c b/sldns/parseutil.c index 82dbc0fe1..9f289d359 100644 --- a/sldns/parseutil.c +++ b/sldns/parseutil.c @@ -167,7 +167,7 @@ sldns_gmtime64_r(int64_t clock, struct tm *result) static int64_t sldns_serial_arithmetics_time(int32_t time, time_t now) { - int32_t offset = time - (int32_t) now; + int32_t offset = (int32_t)((uint32_t) time - (uint32_t) now); return (int64_t) now + offset; } @@ -619,13 +619,18 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize) * * This routine does not insert spaces or linebreaks after 76 characters. */ -int sldns_b64_ntop(uint8_t const *src, size_t srclength, - char *target, size_t targsize) +static int sldns_b64_ntop_base(uint8_t const *src, size_t srclength, + char *target, size_t targsize, int base64url, int padding) { - const char* b64 = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + char* b64; const char pad64 = '='; size_t i = 0, o = 0; + if(base64url) + b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123" + "456789-_"; + else + b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123" + "456789+/"; if(targsize < sldns_b64_ntop_calculate_size(srclength)) return -1; /* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */ @@ -645,18 +650,26 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength, target[o] = b64[src[i] >> 2]; target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ]; target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ]; - target[o+3] = pad64; - /* i += 2; */ - o += 4; + if(padding) { + target[o+3] = pad64; + /* i += 2; */ + o += 4; + } else { + o += 3; + } break; case 1: /* one at end, converted into A B = = */ target[o] = b64[src[i] >> 2]; target[o+1] = b64[ ((src[i]&0x03)<<4) ]; - target[o+2] = pad64; - target[o+3] = pad64; - /* i += 1; */ - o += 4; + if(padding) { + target[o+2] = pad64; + target[o+3] = pad64; + /* i += 1; */ + o += 4; + } else { + o += 2; + } break; case 0: default: @@ -669,19 +682,36 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength, return (int)o; } +int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize) +{ + return sldns_b64_ntop_base(src, srclength, target, targsize, + 0 /* no base64url */, 1 /* padding */); +} + +int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize) +{ + return sldns_b64_ntop_base(src, srclength, target, targsize, + 1 /* base64url */, 0 /* no padding */); +} + size_t sldns_b64_pton_calculate_size(size_t srcsize) { return (((((srcsize + 3) / 4) * 3)) + 1); } -int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) +/* padding not required if srcsize is set */ +static int sldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target, + size_t targsize, int base64url) { const uint8_t pad64 = 64; /* is 64th in the b64 array */ const char* s = src; uint8_t in[4]; size_t o = 0, incount = 0; + int check_padding = (srcsize) ? 0 : 1; - while(*s) { + while(*s && (check_padding || srcsize)) { /* skip any character that is not base64 */ /* conceptually we do: const char* b64 = pad'=' is appended to array @@ -690,30 +720,43 @@ int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) and use d-b64; */ char d = *s++; + srcsize--; if(d <= 'Z' && d >= 'A') d -= 'A'; else if(d <= 'z' && d >= 'a') d = d - 'a' + 26; else if(d <= '9' && d >= '0') d = d - '0' + 52; - else if(d == '+') + else if(!base64url && d == '+') d = 62; - else if(d == '/') + else if(base64url && d == '-') + d = 62; + else if(!base64url && d == '/') d = 63; - else if(d == '=') + else if(base64url && d == '_') + d = 63; + else if(d == '=') { + if(!check_padding) + continue; d = 64; - else continue; + } else continue; + in[incount++] = (uint8_t)d; - if(incount != 4) + /* work on block of 4, unless padding is not used and there are + * less than 4 chars left */ + if(incount != 4 && (check_padding || srcsize)) continue; + assert(!check_padding || incount==4); /* process whole block of 4 characters into 3 output bytes */ - if(in[3] == pad64 && in[2] == pad64) { /* A B = = */ + if((incount == 2 || + (incount == 4 && in[3] == pad64 && in[2] == pad64))) { /* A B = = */ if(o+1 > targsize) return -1; target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); o += 1; break; /* we are done */ - } else if(in[3] == pad64) { /* A B C = */ + } else if(incount == 3 || + (incount == 4 && in[3] == pad64)) { /* A B C = */ if(o+2 > targsize) return -1; target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); @@ -721,7 +764,7 @@ int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) o += 2; break; /* we are done */ } else { - if(o+3 > targsize) + if(incount != 4 || o+3 > targsize) return -1; /* write xxxxxxyy yyyyzzzz zzwwwwww */ target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); @@ -733,3 +776,17 @@ int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) } return (int)o; } + +int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) +{ + return sldns_b64_pton_base(src, 0, target, targsize, 0); +} + +int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, + size_t targsize) +{ + if(!srcsize) { + return 0; + } + return sldns_b64_pton_base(src, srcsize, target, targsize, 1); +} diff --git a/sldns/parseutil.h b/sldns/parseutil.h index 10a2630a9..7eb23317f 100644 --- a/sldns/parseutil.h +++ b/sldns/parseutil.h @@ -92,13 +92,16 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize); int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize); +int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize); /** * calculates the size needed to store the result of sldns_b64_pton */ size_t sldns_b64_pton_calculate_size(size_t srcsize); - int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize); +int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, + size_t targsize); /** * calculates the size needed to store the result of b32_ntop diff --git a/sldns/rrdef.h b/sldns/rrdef.h index 4e7fef574..e084f354a 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -426,7 +426,8 @@ enum sldns_enum_edns_option LDNS_EDNS_N3U = 7, /* RFC6975 */ LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */ LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ - LDNS_EDNS_PADDING = 12 /* RFC7830 */ + LDNS_EDNS_PADDING = 12, /* RFC7830 */ + LDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */ }; typedef enum sldns_enum_edns_option sldns_edns_option; diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index b8bd1b850..a30523c76 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -187,6 +187,7 @@ usage(void) printf("-c file cert file, default %s\n", ROOT_CERT_FILE); printf("-l list builtin key and cert on stdout\n"); printf("-u name server in https url, default %s\n", URLNAME); + printf("-S do not use SNI for the https connection\n"); printf("-x path pathname to xml in url, default %s\n", XMLNAME); printf("-s path pathname to p7s in url, default %s\n", P7SNAME); printf("-n name signer's subject emailAddress, default %s\n", P7SIGNER); @@ -245,9 +246,7 @@ get_builtin_ds(void) return /* The anchors must start on a new line with ". IN DS and end with \n"[;] * because the makedist script greps on the source here */ -/* anchor 19036 is from 2010 */ /* anchor 20326 is from 2017 */ -". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n" ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; } @@ -772,7 +771,7 @@ setup_sslctx(void) /** initiate TLS on a connection */ static SSL* -TLS_initiate(SSL_CTX* sslctx, int fd) +TLS_initiate(SSL_CTX* sslctx, int fd, const char* urlname, int use_sni) { X509* x; int r; @@ -788,6 +787,9 @@ TLS_initiate(SSL_CTX* sslctx, int fd) SSL_free(ssl); return NULL; } + if(use_sni) { + (void)SSL_set_tlsext_host_name(ssl, urlname); + } while(1) { ERR_clear_error(); if( (r=SSL_do_handshake(ssl)) == 1) @@ -1123,7 +1125,7 @@ read_http_result(SSL* ssl) /** https to an IP addr, return BIO with pathname or NULL */ static BIO* https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, - struct ip_list* src) + struct ip_list* src, int use_sni) { int fd; SSL* ssl; @@ -1137,7 +1139,7 @@ https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, SSL_CTX_free(sslctx); return NULL; } - ssl = TLS_initiate(sslctx, fd); + ssl = TLS_initiate(sslctx, fd, urlname, use_sni); if(!ssl) { SSL_CTX_free(sslctx); fd_close(fd); @@ -1161,11 +1163,12 @@ https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, * @param pathname: pathname of file on server to GET. * @param urlname: name to pass as the virtual host for this request. * @param src: if nonNULL, source address to bind to. + * @param use_sni: if SNI will be used. * @return a memory BIO with the file in it. */ static BIO* https(struct ip_list* ip_list, const char* pathname, const char* urlname, - struct ip_list* src) + struct ip_list* src, int use_sni) { struct ip_list* ip; BIO* bio = NULL; @@ -1173,7 +1176,7 @@ https(struct ip_list* ip_list, const char* pathname, const char* urlname, wipe_ip_usage(ip_list); while( (ip = pick_random_ip(ip_list)) ) { ip->used = 1; - bio = https_to_ip(ip, pathname, urlname, src); + bio = https_to_ip(ip, pathname, urlname, src, use_sni); if(bio) break; } if(!bio) { @@ -1929,7 +1932,7 @@ do_certupdate(const char* root_anchor_file, const char* root_cert_file, const char* urlname, const char* xmlname, const char* p7sname, const char* p7signer, const char* res_conf, const char* root_hints, const char* debugconf, const char* srcaddr, int ip4only, int ip6only, - int port) + int port, int use_sni) { STACK_OF(X509)* cert; @@ -1963,8 +1966,8 @@ do_certupdate(const char* root_anchor_file, const char* root_cert_file, #endif /* fetch the necessary files over HTTPS */ - xml = https(ip_list, xmlname, urlname, src); - p7s = https(ip_list, p7sname, urlname, src); + xml = https(ip_list, xmlname, urlname, src, use_sni); + p7s = https(ip_list, p7sname, urlname, src, use_sni); /* verify and update the root anchor */ verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer); @@ -2235,7 +2238,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, const char* urlname, const char* xmlname, const char* p7sname, const char* p7signer, const char* res_conf, const char* root_hints, const char* debugconf, const char* srcaddr, int ip4only, int ip6only, - int force, int res_conf_fallback, int port) + int force, int res_conf_fallback, int port, int use_sni) { struct ub_result* dnskey; int used_builtin = 0; @@ -2278,7 +2281,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, probe_date_allows_certupdate(root_anchor_file)) || force) { if(do_certupdate(root_anchor_file, root_cert_file, urlname, xmlname, p7sname, p7signer, res_conf, root_hints, - debugconf, srcaddr, ip4only, ip6only, port)) + debugconf, srcaddr, ip4only, ip6only, port, use_sni)) return 1; return used_builtin; } @@ -2307,8 +2310,9 @@ int main(int argc, char* argv[]) const char* srcaddr = NULL; int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; int res_conf_fallback = 0; + int use_sni = 1; /* parse the options */ - while( (c=getopt(argc, argv, "46C:FRP:a:b:c:f:hln:r:s:u:vx:")) != -1) { + while( (c=getopt(argc, argv, "46C:FRSP:a:b:c:f:hln:r:s:u:vx:")) != -1) { switch(c) { case 'l': dolist = 1; @@ -2331,6 +2335,9 @@ int main(int argc, char* argv[]) case 'u': urlname = optarg; break; + case 'S': + use_sni = 0; + break; case 'x': xmlname = optarg; break; @@ -2397,5 +2404,5 @@ int main(int argc, char* argv[]) return do_root_update_work(root_anchor_file, root_cert_file, urlname, xmlname, p7sname, p7signer, res_conf, root_hints, debugconf, - srcaddr, ip4only, ip6only, force, res_conf_fallback, port); + srcaddr, ip4only, ip6only, force, res_conf_fallback, port, use_sni); } diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index 3fc638cae..b1b7ae7ef 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -58,6 +58,7 @@ #include "services/authzone.h" #include "respip/respip.h" #include "sldns/sbuffer.h" +#include "sldns/str2wire.h" #ifdef HAVE_GETOPT_H #include #endif @@ -194,6 +195,94 @@ localzonechecks(struct config_file* cfg) local_zones_delete(zs); } +/** checks for acl and views */ +static void +acl_view_tag_checks(struct config_file* cfg, struct views* views) +{ + int d; + struct sockaddr_storage a; + socklen_t alen; + struct config_str2list* acl; + struct config_str3list* s3; + struct config_strbytelist* sb; + + /* acl_view */ + for(acl=cfg->acl_view; acl; acl = acl->next) { + struct view* v; + if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-view " + "address %s %s", acl->str, acl->str2); + } + v = views_find_view(views, acl->str2, 0); + if(!v) { + fatal_exit("cannot find view for " + "access-control-view: %s %s", + acl->str, acl->str2); + } + lock_rw_unlock(&v->lock); + } + + /* acl_tags */ + for(sb=cfg->acl_tags; sb; sb = sb->next) { + if(!netblockstrtoaddr(sb->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-tags " + "address %s", sb->str); + } + } + + /* acl_tag_actions */ + for(s3=cfg->acl_tag_actions; s3; s3 = s3->next) { + enum localzone_type t; + if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-tag-actions " + "address %s %s %s", + s3->str, s3->str2, s3->str3); + } + if(find_tag_id(cfg, s3->str2) == -1) { + fatal_exit("cannot parse tag %s (define-tag it), " + "for access-control-tag-actions: %s %s %s", + s3->str2, s3->str, s3->str2, s3->str3); + } + if(!local_zone_str2type(s3->str3, &t)) { + fatal_exit("cannot parse access control action type %s" + " for access-control-tag-actions: %s %s %s", + s3->str3, s3->str, s3->str2, s3->str3); + } + } + + /* acl_tag_datas */ + for(s3=cfg->acl_tag_datas; s3; s3 = s3->next) { + char buf[65536]; + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t len = sizeof(rr); + int res; + if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen, + &d)) { + fatal_exit("cannot parse access-control-tag-datas address %s %s '%s'", + s3->str, s3->str2, s3->str3); + } + if(find_tag_id(cfg, s3->str2) == -1) { + fatal_exit("cannot parse tag %s (define-tag it), " + "for access-control-tag-datas: %s %s '%s'", + s3->str2, s3->str, s3->str2, s3->str3); + } + /* '.' is sufficient for validation, and it makes the call to + * sldns_wirerr_get_type() simpler below. */ + snprintf(buf, sizeof(buf), "%s %s", ".", s3->str3); + res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, NULL, + 0, NULL, 0); + if(res != 0) { + fatal_exit("cannot parse rr data [char %d] parse error %s, for access-control-tag-datas: %s %s '%s'", + (int)LDNS_WIREPARSE_OFFSET(res)-2, + sldns_get_errorstr_parse(res), + s3->str, s3->str2, s3->str3); + } + } +} + /** check view and response-ip configuration */ static void view_and_respipchecks(struct config_file* cfg) @@ -211,6 +300,7 @@ view_and_respipchecks(struct config_file* cfg) fatal_exit("Could not setup respip set"); if(!respip_views_apply_cfg(views, cfg, &ignored)) fatal_exit("Could not setup per-view respip sets"); + acl_view_tag_checks(cfg, views); views_delete(views); respip_set_delete(respip); } @@ -534,8 +624,6 @@ morechecks(struct config_file* cfg) cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg); check_chroot_filelist_wild("trusted-keys-file", cfg->trusted_keys_file_list, cfg->chrootdir, cfg); - check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, - cfg->chrootdir, cfg); #ifdef USE_IPSECMOD if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) { /* only check hook if enabled */ @@ -569,6 +657,64 @@ morechecks(struct config_file* cfg) && strcmp(cfg->module_conf, "python dns64 iterator") != 0 && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 #endif +#ifdef WITH_DYNLIBMODULE + && strcmp(cfg->module_conf, "dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip iterator") != 0 + && strcmp(cfg->module_conf, "dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "python dynlib dynlib dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip validator iterator") != 0 + && strcmp(cfg->module_conf, "validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "dns64 validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib dns64 validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dns64 dynlib validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip validator cachedb iterator") != 0 + && strcmp(cfg->module_conf, "cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "validator cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip validator cachedb dynlib iterator") != 0 + && strcmp(cfg->module_conf, "validator dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "respip validator dynlib cachedb iterator") != 0 + && strcmp(cfg->module_conf, "dynlib subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip subnetcache iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip subnetcache dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib respip subnetcache validator iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "respip subnetcache dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "subnetcache validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "respip subnetcache validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod respip iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib respip iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod respip validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod validator iterator") != 0 + && strcmp(cfg->module_conf, "dynlib ipsecmod respip validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod dynlib respip validator iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod validator dynlib iterator") != 0 + && strcmp(cfg->module_conf, "ipsecmod respip validator dynlib iterator") != 0 +#endif #ifdef USE_CACHEDB && strcmp(cfg->module_conf, "validator cachedb iterator") != 0 && strcmp(cfg->module_conf, "respip validator cachedb iterator") != 0 diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in index d901ad6cf..eaf1d082c 100644 --- a/smallapp/unbound-control-setup.sh.in +++ b/smallapp/unbound-control-setup.sh.in @@ -97,7 +97,7 @@ OPTIND=1 while getopts 'd:hr' arg; do case "$arg" in d) DESTDIR="$OPTARG" ;; - h) usage; exit 0 ;; + h) usage; exit 1 ;; r) RECREATE=1 ;; ?) fatal "'$arg' unknown option" ;; esac @@ -108,7 +108,7 @@ shift $((OPTIND - 1)) echo "setup in directory $DESTDIR" cd "$DESTDIR" -trap cleanup SIGINT +trap cleanup INT # === # Generate server certificate @@ -120,12 +120,19 @@ if [ ! -f "$SVR_BASE.key" ]; then fi cat >server.cnf <mem.ipsecmod); #endif +#ifdef WITH_DYNLIBMODULE + PR_LL("mem.mod.dynlib", shm_stat->mem.dynlib); +#endif #ifdef USE_DNSCRYPT PR_LL("mem.cache.dnscrypt_shared_secret", shm_stat->mem.dnscrypt_shared_secret); @@ -275,6 +284,8 @@ static void print_mem(struct ub_shm_stat_info* shm_stat, shm_stat->mem.dnscrypt_nonce); #endif PR_LL("mem.streamwait", s->svr.mem_stream_wait); + PR_LL("mem.http.query_buffer", s->svr.mem_http2_query_buffer); + PR_LL("mem.http.response_buffer", s->svr.mem_http2_response_buffer); } /** print histogram */ @@ -339,6 +350,7 @@ static void print_extended(struct ub_stats_info* s) PR_UL("num.query.tls", s->svr.qtls); PR_UL("num.query.tls_resume", s->svr.qtls_resume); PR_UL("num.query.ipv6", s->svr.qipv6); + PR_UL("num.query.https", s->svr.qhttps); /* flags */ PR_UL("num.query.flags.QR", s->svr.qbit_QR); @@ -539,6 +551,30 @@ setup_ctx(struct config_file* cfg) return ctx; } +/** check connect error */ +static void +checkconnecterr(int err, const char* svr, struct sockaddr_storage* addr, + socklen_t addrlen, int statuscmd, int useport) +{ +#ifndef USE_WINSOCK + if(!useport) log_err("connect: %s for %s", strerror(err), svr); + else log_err_addr("connect", strerror(err), addr, addrlen); + if(err == ECONNREFUSED && statuscmd) { + printf("unbound is stopped\n"); + exit(3); + } +#else + int wsaerr = err; + if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr); + else log_err_addr("connect", wsa_strerror(wsaerr), addr, addrlen); + if(wsaerr == WSAECONNREFUSED && statuscmd) { + printf("unbound is stopped\n"); + exit(3); + } +#endif + exit(1); +} + /** contact the server with TCP connect */ static int contact_server(const char* svr, struct config_file* cfg, int statuscmd) @@ -590,32 +626,77 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) addrfamily = addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET; fd = socket(addrfamily, SOCK_STREAM, proto); if(fd == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } + fd_set_nonblock(fd); if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) { #ifndef USE_WINSOCK - int err = errno; - if(!useport) log_err("connect: %s for %s", strerror(err), svr); - else log_err_addr("connect", strerror(err), &addr, addrlen); - if(err == ECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); - } -#else - int wsaerr = WSAGetLastError(); - if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr); - else log_err_addr("connect", wsa_strerror(wsaerr), &addr, addrlen); - if(wsaerr == WSAECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); +#ifdef EINPROGRESS + if(errno != EINPROGRESS) { + checkconnecterr(errno, svr, &addr, + addrlen, statuscmd, useport); + } +#endif +#else + if(WSAGetLastError() != WSAEINPROGRESS && + WSAGetLastError() != WSAEWOULDBLOCK) { + checkconnecterr(WSAGetLastError(), svr, &addr, + addrlen, statuscmd, useport); } #endif - exit(1); } + while(1) { + fd_set rset, wset, eset; + struct timeval tv; + FD_ZERO(&rset); + FD_SET(FD_SET_T fd, &rset); + FD_ZERO(&wset); + FD_SET(FD_SET_T fd, &wset); + FD_ZERO(&eset); + FD_SET(FD_SET_T fd, &eset); + tv.tv_sec = UNBOUND_CONTROL_CONNECT_TIMEOUT/1000; + tv.tv_usec= (UNBOUND_CONTROL_CONNECT_TIMEOUT%1000)*1000; + if(select(fd+1, &rset, &wset, &eset, &tv) == -1) { + fatal_exit("select: %s", sock_strerror(errno)); + } + if(!FD_ISSET(fd, &rset) && !FD_ISSET(fd, &wset) && + !FD_ISSET(fd, &eset)) { + fatal_exit("timeout: could not connect to server"); + } else { + /* check nonblocking connect error */ + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0) { +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else + error = WSAGetLastError(); +#endif + } + if(error != 0) { +#ifndef USE_WINSOCK +#ifdef EINPROGRESS + if(error == EINPROGRESS) + continue; /* try again later */ +#endif +#ifdef EWOULDBLOCK + if(error == EWOULDBLOCK) + continue; /* try again later */ +#endif +#else + if(error == WSAEINPROGRESS) + continue; /* try again later */ + if(error == WSAEWOULDBLOCK) + continue; /* try again later */ +#endif + checkconnecterr(error, svr, &addr, addrlen, + statuscmd, useport); + } + } + break; + } + fd_set_block(fd); return fd; } @@ -678,11 +759,7 @@ remote_read(SSL* ssl, int fd, char* buf, size_t len) /* EOF */ return 0; } -#ifndef USE_WINSOCK - fatal_exit("could not recv: %s", strerror(errno)); -#else - fatal_exit("could not recv: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("could not recv: %s", sock_strerror(errno)); } buf[rr] = 0; } @@ -698,11 +775,7 @@ remote_write(SSL* ssl, int fd, const char* buf, size_t len) ssl_err("could not SSL_write"); } else { if(send(fd, buf, len, 0) < (ssize_t)len) { -#ifndef USE_WINSOCK - fatal_exit("could not send: %s", strerror(errno)); -#else - fatal_exit("could not send: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("could not send: %s", sock_strerror(errno)); } } } @@ -821,11 +894,7 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[]) ret = go_cmd(ssl, fd, quiet, argc, argv); if(ssl) SSL_free(ssl); -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif + sock_close(fd); if(ctx) SSL_CTX_free(ctx); config_delete(cfg); return ret; @@ -883,7 +952,7 @@ int main(int argc, char* argv[]) if(argc == 0) usage(); if(argc >= 1 && strcmp(argv[0], "start")==0) { -#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH) fatal_exit("could not exec unbound: %s", strerror(ENOSYS)); #else diff --git a/smallapp/worker_cb.c b/smallapp/worker_cb.c index 78d921a3c..cdf855dc3 100644 --- a/smallapp/worker_cb.c +++ b/smallapp/worker_cb.c @@ -46,6 +46,9 @@ #include "util/fptr_wlist.h" #include "util/log.h" #include "services/mesh.h" +#ifdef USE_DNSTAP +#include "dnstap/dtstream.h" +#endif void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), diff --git a/testcode/delayer.c b/testcode/delayer.c index ebf883926..54175dbe3 100644 --- a/testcode/delayer.c +++ b/testcode/delayer.c @@ -372,11 +372,7 @@ service_send(struct ringbuf* ring, struct timeval* now, sldns_buffer* pkt, sldns_buffer_limit(pkt), 0, (struct sockaddr*)srv_addr, srv_len); if(sent == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("sendto: %s", sock_strerror(errno)); } else if(sent != (ssize_t)sldns_buffer_limit(pkt)) { log_err("sendto: partial send"); } @@ -398,13 +394,12 @@ do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt) #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return; - log_err("recv: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAEWOULDBLOCK) return; - log_err("recv: %s", wsa_strerror(WSAGetLastError())); #endif + log_err("recv: %s", sock_strerror(errno)); return; } sldns_buffer_set_limit(pkt, (size_t)r); @@ -414,11 +409,7 @@ do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt) r = sendto(retsock, (void*)sldns_buffer_begin(pkt), (size_t)r, 0, (struct sockaddr*)&p->addr, p->addr_len); if(r == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("sendto: %s", sock_strerror(errno)); } } } @@ -469,11 +460,7 @@ find_create_proxy(struct sockaddr_storage* from, socklen_t from_len, if(!p) fatal_exit("out of memory"); p->s = socket(serv_ip6?AF_INET6:AF_INET, SOCK_DGRAM, 0); if(p->s == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } fd_set_nonblock(p->s); memmove(&p->addr, from, from_len); @@ -507,14 +494,12 @@ service_recv(int s, struct ringbuf* ring, sldns_buffer* pkt, #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return; - fatal_exit("recvfrom: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEWOULDBLOCK || WSAGetLastError() == WSAEINPROGRESS) return; - fatal_exit("recvfrom: %s", - wsa_strerror(WSAGetLastError())); #endif + fatal_exit("recvfrom: %s", sock_strerror(errno)); } sldns_buffer_set_limit(pkt, (size_t)len); /* find its proxy element */ @@ -550,15 +535,9 @@ tcp_proxy_delete(struct tcp_proxy* p) free(s); s = sn; } -#ifndef USE_WINSOCK - close(p->client_s); + sock_close(p->client_s); if(p->server_s != -1) - close(p->server_s); -#else - closesocket(p->client_s); - if(p->server_s != -1) - closesocket(p->server_s); -#endif + sock_close(p->server_s); free(p); } @@ -577,14 +556,13 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return; - fatal_exit("accept: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEWOULDBLOCK || WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAECONNRESET) return; - fatal_exit("accept: %s", wsa_strerror(WSAGetLastError())); #endif + fatal_exit("accept: %s", sock_strerror(errno)); } p = (struct tcp_proxy*)calloc(1, sizeof(*p)); if(!p) fatal_exit("out of memory"); @@ -595,11 +573,7 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, p->server_s = socket(addr_is_ip6(srv_addr, srv_len)?AF_INET6:AF_INET, SOCK_STREAM, 0); if(p->server_s == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp socket: %s", strerror(errno)); -#else - fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp socket: %s", sock_strerror(errno)); } fd_set_nonblock(p->client_s); fd_set_nonblock(p->server_s); @@ -607,16 +581,14 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, #ifndef USE_WINSOCK if(errno != EINPROGRESS) { log_err("tcp connect: %s", strerror(errno)); - close(p->server_s); - close(p->client_s); #else if(WSAGetLastError() != WSAEWOULDBLOCK && WSAGetLastError() != WSAEINPROGRESS) { log_err("tcp connect: %s", wsa_strerror(WSAGetLastError())); - closesocket(p->server_s); - closesocket(p->client_s); #endif + sock_close(p->server_s); + sock_close(p->client_s); free(p); return; } @@ -650,13 +622,12 @@ tcp_relay_read(int s, struct tcp_send_list** first, #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err("tcp read: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAEWOULDBLOCK) return 1; - log_err("tcp read: %s", wsa_strerror(WSAGetLastError())); #endif + log_err("tcp read: %s", sock_strerror(errno)); return 0; } else if(r == 0) { /* connection closed */ @@ -708,14 +679,12 @@ tcp_relay_write(int s, struct tcp_send_list** first, #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return 1; - log_err("tcp write: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEWOULDBLOCK || WSAGetLastError() == WSAEINPROGRESS) return 1; - log_err("tcp write: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("tcp write: %s", sock_strerror(errno)); return 0; } else if(r == 0) { /* closed */ @@ -769,11 +738,7 @@ service_tcp_relay(struct tcp_proxy** tcp_proxies, struct timeval* now, log_addr(1, "read tcp answer", &p->addr, p->addr_len); if(!tcp_relay_read(p->server_s, &p->answerlist, &p->answerlast, now, delay, pkt)) { -#ifndef USE_WINSOCK - close(p->server_s); -#else - closesocket(p->server_s); -#endif + sock_close(p->server_s); FD_CLR(FD_SET_T p->server_s, worig); FD_CLR(FD_SET_T p->server_s, rorig); p->server_s = -1; @@ -901,11 +866,7 @@ proxy_list_clear(struct proxy* p) "%u returned\n", i++, from, port, (int)p->numreuse+1, (unsigned)p->numwait, (unsigned)p->numsent, (unsigned)p->numreturn); -#ifndef USE_WINSOCK - close(p->s); -#else - closesocket(p->s); -#endif + sock_close(p->s); free(p); p = np; } @@ -1034,11 +995,7 @@ service(const char* bind_str, int bindport, const char* serv_str, /* bind UDP port */ if((s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET, SOCK_DGRAM, 0)) == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } i=0; if(bindport == 0) { @@ -1051,11 +1008,7 @@ service(const char* bind_str, int bindport, const char* serv_str, exit(1); } if(bind(s, (struct sockaddr*)&bind_addr, bind_len) == -1) { -#ifndef USE_WINSOCK - log_err("bind: %s", strerror(errno)); -#else - log_err("bind: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("bind: %s", sock_strerror(errno)); if(i--==0) fatal_exit("cannot bind any port"); bindport = 1024 + ((int)arc4random())%64000; @@ -1065,39 +1018,22 @@ service(const char* bind_str, int bindport, const char* serv_str, /* and TCP port */ if((listen_s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET, SOCK_STREAM, 0)) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp socket: %s", strerror(errno)); -#else - fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp socket: %s", sock_strerror(errno)); } #ifdef SO_REUSEADDR if(1) { int on = 1; if(setsockopt(listen_s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) -#ifndef USE_WINSOCK fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); -#else - fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); -#endif + sock_strerror(errno)); } #endif if(bind(listen_s, (struct sockaddr*)&bind_addr, bind_len) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp bind: %s", strerror(errno)); -#else - fatal_exit("tcp bind: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp bind: %s", sock_strerror(errno)); } if(listen(listen_s, 5) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp listen: %s", strerror(errno)); -#else - fatal_exit("tcp listen: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp listen: %s", sock_strerror(errno)); } fd_set_nonblock(listen_s); printf("listening on port: %d\n", bindport); @@ -1109,13 +1045,8 @@ service(const char* bind_str, int bindport, const char* serv_str, /* cleanup */ verbose(1, "cleanup"); -#ifndef USE_WINSOCK - close(s); - close(listen_s); -#else - closesocket(s); - closesocket(listen_s); -#endif + sock_close(s); + sock_close(listen_s); sldns_buffer_free(pkt); ring_delete(ring); } diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh index 5439f0f28..effb7c16a 100755 --- a/testcode/do-tests.sh +++ b/testcode/do-tests.sh @@ -29,6 +29,9 @@ else HAVE_MINGW=no fi +# stop tests from notifying systemd, if that is compiled in. +export -n NOTIFY_SOCKET + cd testdata; sh ../testcode/mini_tdir.sh clean rm -f .perfstats.txt diff --git a/testcode/dohclient.c b/testcode/dohclient.c new file mode 100644 index 000000000..263418049 --- /dev/null +++ b/testcode/dohclient.c @@ -0,0 +1,638 @@ +/* + * testcode/dohclient.c - debug program. Perform multiple DNS queries using DoH. + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * Simple DNS-over-HTTPS client. For testing and debugging purposes. + * No authentication of TLS cert. + */ + +#include "config.h" +#ifdef HAVE_GETOPT_H +#include +#endif +#include "sldns/wire2str.h" +#include "sldns/sbuffer.h" +#include "sldns/str2wire.h" +#include "sldns/parseutil.h" +#include "util/data/msgencode.h" +#include "util/data/msgreply.h" +#include "util/data/msgparse.h" +#include "util/net_help.h" +#include +#include +#ifdef HAVE_NGHTTP2 +#include + +struct http2_session { + nghttp2_session* session; + SSL* ssl; + int fd; + int query_count; + /* Use POST :method if 1 */ + int post; + int block_select; + const char* authority; + const char* endpoint; + const char* content_type; +}; + +struct http2_stream { + int32_t stream_id; + int res_status; + struct sldns_buffer* buf; + char* path; +}; + +static void usage(char* argv[]) +{ + printf("usage: %s [options] name type class ...\n", argv[0]); + printf(" sends the name-type-class queries over " + "DNS-over-HTTPS.\n"); + printf("-s server IP address to send the queries to, " + "default: 127.0.0.1\n"); + printf("-p Port to connect to, default: %d\n", + UNBOUND_DNS_OVER_HTTPS_PORT); + printf("-P Use POST method instead of default GET\n"); + printf("-e HTTP endpoint, default: /dns-query\n"); + printf("-c Content-type in request, default: " + "application/dns-message\n"); + printf("-n no-tls, TLS is disabled\n"); + printf("-h This help text\n"); + exit(1); +} + +/** open TCP socket to svr */ +static int +open_svr(const char* svr, int port) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + int fd = -1; + int r; + if(!ipstrtoaddr(svr, port, &addr, &addrlen)) { + printf("fatal: bad server specs '%s'\n", svr); + exit(1); + } + + fd = socket(addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET, + SOCK_STREAM, 0); + if(fd == -1) { + perror("socket() error"); + exit(1); + } + r = connect(fd, (struct sockaddr*)&addr, addrlen); + if(r < 0 && r != EINPROGRESS) { + perror("connect() error"); + exit(1); + } + return fd; +} + +static ssize_t http2_submit_request_read_cb( + nghttp2_session* ATTR_UNUSED(session), + int32_t ATTR_UNUSED(stream_id), uint8_t* buf, size_t length, + uint32_t* data_flags, nghttp2_data_source* source, + void* ATTR_UNUSED(cb_arg)) +{ + if(length > sldns_buffer_remaining(source->ptr)) + length = sldns_buffer_remaining(source->ptr); + + memcpy(buf, sldns_buffer_current(source->ptr), length); + sldns_buffer_skip(source->ptr, length); + + if(sldns_buffer_remaining(source->ptr) == 0) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + } + + return length; +} + +static void +submit_query(struct http2_session* h2_session, struct sldns_buffer* buf) +{ + int32_t stream_id; + struct http2_stream* h2_stream; + nghttp2_nv headers[5]; + char* qb64; + size_t qb64_size; + size_t qb64_expected_size; + size_t i; + nghttp2_data_provider data_prd; + + h2_stream = calloc(1, sizeof(*h2_stream)); + if(!h2_stream) + fatal_exit("could not malloc http2 stream"); + h2_stream->buf = buf; + + if(h2_session->post) { + data_prd.source.ptr = buf; + data_prd.read_callback = http2_submit_request_read_cb; + h2_stream->path = (char*)h2_session->endpoint; + } else { + qb64_expected_size = sldns_b64_ntop_calculate_size( + sldns_buffer_remaining(buf)); + qb64 = malloc(qb64_expected_size); + if(!qb64) fatal_exit("out of memory"); + qb64_size = sldns_b64url_ntop(sldns_buffer_begin(buf), + sldns_buffer_remaining(buf), qb64, qb64_expected_size); + h2_stream->path = malloc(strlen( + h2_session->endpoint)+strlen("?dns=")+qb64_size+1); + if(!h2_stream->path) fatal_exit("out of memory"); + snprintf(h2_stream->path, strlen(h2_session->endpoint)+ + strlen("?dns=")+qb64_size+1, "%s?dns=%s", + h2_session->endpoint, qb64); + free(qb64); + } + + headers[0].name = (uint8_t*)":method"; + if(h2_session->post) + headers[0].value = (uint8_t*)"POST"; + else + headers[0].value = (uint8_t*)"GET"; + headers[1].name = (uint8_t*)":path"; + headers[1].value = (uint8_t*)h2_stream->path; + headers[2].name = (uint8_t*)":scheme"; + if(h2_session->ssl) + headers[2].value = (uint8_t*)"https"; + else + headers[2].value = (uint8_t*)"http"; + headers[3].name = (uint8_t*)":authority"; + headers[3].value = (uint8_t*)h2_session->authority; + headers[4].name = (uint8_t*)"content-type"; + headers[4].value = (uint8_t*)h2_session->content_type; + + printf("Request headers\n"); + for(i=0; isession, NULL, headers, + sizeof(headers)/sizeof(headers[0]), + (h2_session->post) ? &data_prd : NULL, h2_stream); + if(stream_id < 0) { + printf("Failed to submit nghttp2 request"); + exit(1); + } + h2_session->query_count++; + h2_stream->stream_id = stream_id; +} + +static sldns_buffer* +make_query(char* qname, char* qtype, char* qclass) +{ + struct query_info qinfo; + struct edns_data edns; + sldns_buffer* buf = sldns_buffer_new(65553); + if(!buf) fatal_exit("out of memory"); + qinfo.qname = sldns_str2wire_dname(qname, &qinfo.qname_len); + if(!qinfo.qname) { + printf("cannot parse query name: '%s'\n", qname); + exit(1); + } + + qinfo.qtype = sldns_get_rr_type_by_name(qtype); + qinfo.qclass = sldns_get_rr_class_by_name(qclass); + qinfo.local_alias = NULL; + + qinfo_query_encode(buf, &qinfo); /* flips buffer */ + free(qinfo.qname); + sldns_buffer_write_u16_at(buf, 0, 0x0000); + sldns_buffer_write_u16_at(buf, 2, BIT_RD); + memset(&edns, 0, sizeof(edns)); + edns.edns_present = 1; + edns.bits = EDNS_DO; + edns.udp_size = 4096; + if(sldns_buffer_capacity(buf) >= + sldns_buffer_limit(buf)+calc_edns_field_size(&edns)) + attach_edns_record(buf, &edns); + return buf; +} + +static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), + uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + int r; + ssize_t ret; + struct timeval tv, *waittv; + fd_set rfd; + ERR_clear_error(); + + memset(&tv, 0, sizeof(tv)); + + if(h2_session->block_select && h2_session->query_count <= 0) { + return NGHTTP2_ERR_WOULDBLOCK; + } + if(h2_session->block_select) + waittv = NULL; + else + waittv = &tv; + memset(&rfd, 0, sizeof(rfd)); + FD_ZERO(&rfd); + FD_SET(h2_session->fd, &rfd); + r = select(h2_session->fd+1, &rfd, NULL, NULL, waittv); + if(r <= 0) { + return NGHTTP2_ERR_WOULDBLOCK; + } + + if(h2_session->ssl) { + r = SSL_read(h2_session->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_EOF; + } + log_crypto_err("could not SSL_read"); + return NGHTTP2_ERR_EOF; + } + return r; + } + + ret = read(h2_session->fd, buf, len); + if(ret == 0) { + return NGHTTP2_ERR_EOF; + } else if(ret < 0) { + log_err("could not http2 read: %s", strerror(errno)); + return NGHTTP2_ERR_EOF; + } + return ret; +} + +static ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), + const uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + ssize_t ret; + + if(h2_session->ssl) { + int r; + ERR_clear_error(); + r = SSL_write(h2_session->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + log_crypto_err("could not SSL_write"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return r; + } + + ret = write(h2_session->fd, buf, len); + if(ret == 0) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } else if(ret < 0) { + log_err("could not http2 write: %s", strerror(errno)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return ret; +} + +static int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session), + int32_t ATTR_UNUSED(stream_id), + nghttp2_error_code ATTR_UNUSED(error_code), void *cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + h2_session->query_count--; + sldns_buffer_free(h2_stream->buf); + if(!h2_session->post) + free(h2_stream->path); + free(h2_stream); + h2_stream = NULL; + return 0; +} + +static int http2_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session), + uint8_t ATTR_UNUSED(flags), int32_t stream_id, const uint8_t* data, + size_t len, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + + if(sldns_buffer_remaining(h2_stream->buf) < len) { + log_err("received data chunck does not fit into buffer"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + sldns_buffer_write(h2_stream->buf, data, len); + + return 0; +} + +static int http2_frame_recv_cb(nghttp2_session *session, + const nghttp2_frame *frame, void* ATTR_UNUSED(cb_arg)) +{ + struct http2_stream* h2_stream; + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + session, frame->hd.stream_id))) + return 0; + if(frame->hd.type == NGHTTP2_HEADERS && + frame->headers.cat == NGHTTP2_HCAT_RESPONSE) { + sldns_buffer_clear(h2_stream->buf); + } + if(((frame->hd.type != NGHTTP2_DATA && + frame->hd.type != NGHTTP2_HEADERS) || + frame->hd.flags & NGHTTP2_FLAG_END_STREAM) && + h2_stream->res_status == 200) { + char* pktstr; + sldns_buffer_flip(h2_stream->buf); + pktstr = sldns_wire2str_pkt( + sldns_buffer_begin(h2_stream->buf), + sldns_buffer_limit(h2_stream->buf)); + printf("%s\n", pktstr); + free(pktstr); + return 0; + } + return 0; +} +static int http2_header_cb(nghttp2_session* ATTR_UNUSED(session), + const nghttp2_frame* frame, const uint8_t* name, size_t namelen, + const uint8_t* value, size_t ATTR_UNUSED(valuelen), + uint8_t ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + printf("%s %s\n", name, value); + if(namelen == 7 && memcmp(":status", name, namelen) == 0) { + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, frame->hd.stream_id))) { + return 0; + } + h2_stream->res_status = atoi((char*)value); + } + return 0; +} + +static struct http2_session* +http2_session_create() +{ + struct http2_session* h2_session = calloc(1, + sizeof(struct http2_session)); + nghttp2_session_callbacks* callbacks; + if(!h2_session) + fatal_exit("out of memory"); + + if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { + log_err("failed to initialize nghttp2 callback"); + return NULL; + } + nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); + nghttp2_session_callbacks_set_send_callback(callbacks, http2_send_cb); + nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, + http2_stream_close_cb); + nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, + http2_data_chunk_recv_cb); + nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks, + http2_frame_recv_cb); + nghttp2_session_callbacks_set_on_header_callback(callbacks, + http2_header_cb); + nghttp2_session_client_new(&h2_session->session, callbacks, h2_session); + nghttp2_session_callbacks_del(callbacks); + return h2_session; +} + +static void +http2_session_delete(struct http2_session* h2_session) +{ + nghttp2_session_del(h2_session->session); + free(h2_session); +} + +static void +http2_submit_setting(struct http2_session* h2_session) +{ + int ret; + nghttp2_settings_entry settings[1] = { + {NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, + 100}}; + + ret = nghttp2_submit_settings(h2_session->session, NGHTTP2_FLAG_NONE, + settings, 1); + if(ret) { + printf("http2: submit_settings failed, " + "error: %s\n", nghttp2_strerror(ret)); + exit(1); + } +} + +static void +http2_write(struct http2_session* h2_session) +{ + if(nghttp2_session_want_write(h2_session->session)) { + if(nghttp2_session_send(h2_session->session)) { + printf("nghttp2 session send failed\n"); + exit(1); + } + } +} + +static void +http2_read(struct http2_session* h2_session) +{ + if(nghttp2_session_want_read(h2_session->session)) { + if(nghttp2_session_recv(h2_session->session)) { + printf("nghttp2 session mem_recv failed\n"); + exit(1); + } + } +} + +static void +run(struct http2_session* h2_session, int port, int no_tls, int count, char** q) +{ + int i; + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + int fd; + struct sldns_buffer* buf = NULL; + + fd = open_svr(h2_session->authority, port); + h2_session->fd = fd; + + if(!no_tls) { + ctx = connect_sslctx_create(NULL, NULL, NULL, 0); + if(!ctx) fatal_exit("cannot create ssl ctx"); + SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3); + ssl = outgoing_ssl_fd(ctx, fd); + if(!ssl) { + printf("cannot create ssl\n"); + exit(1); + } + h2_session->ssl = ssl; + while(1) { + int r; + ERR_clear_error(); + if( (r=SSL_do_handshake(ssl)) == 1) + break; + r = SSL_get_error(ssl, r); + if(r != SSL_ERROR_WANT_READ && + r != SSL_ERROR_WANT_WRITE) { + log_crypto_err("could not ssl_handshake"); + exit(1); + } + } + } + + http2_submit_setting(h2_session); + http2_write(h2_session); + http2_read(h2_session); /* Read setting from remote peer */ + + h2_session->block_select = 1; + + /* hande query */ + for(i=0; iquery_count) { + http2_read(h2_session); + http2_write(h2_session); + } + + /* shutdown */ + http2_session_delete(h2_session); + if(ssl) { + SSL_shutdown(ssl); + SSL_free(ssl); + } + if(ctx) { + SSL_CTX_free(ctx); + } + close(fd); +} + +/** getopt global, in case header files fail to declare it. */ +extern int optind; +/** getopt global, in case header files fail to declare it. */ +extern char* optarg; +int main(int argc, char** argv) +{ + int c; + int port = UNBOUND_DNS_OVER_HTTPS_PORT, no_tls = 0; + struct http2_session* h2_session; + +#ifdef USE_WINSOCK + WSADATA wsa_data; + if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { + printf("WSAStartup failed\n"); + return 1; + } +#endif + log_init(0, 0, 0); + checklock_start(); + + h2_session = http2_session_create(); + if(!h2_session) fatal_exit("out of memory"); + if(argc == 1) { + usage(argv); + } + + h2_session->authority = "127.0.0.1"; + h2_session->post = 0; + h2_session->endpoint = "/dns-query"; + h2_session->content_type = "application/dns-message"; + + while((c=getopt(argc, argv, "c:e:hns:p:P")) != -1) { + switch(c) { + case 'c': + h2_session->content_type = optarg; + break; + case 'e': + h2_session->endpoint = optarg; + break; + case 'n': + no_tls = 1; + break; + case 'p': + if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) { + printf("error parsing port, " + "number expected: %s\n", optarg); + return 1; + } + port = atoi(optarg); + break; + case 'P': + h2_session->post = 1; + break; + case 's': + h2_session->authority = optarg; + break; + case 'h': + case '?': + default: + usage(argv); + } + } + argc -= optind; + argv += optind; + if(argc%3!=0) { + printf("Invalid input. Specify qname, qtype, and qclass.\n"); + return 1; + } + + + run(h2_session, port, no_tls, argc, argv); + + checklock_stop(); +#ifdef USE_WINSOCK + WSACleanup(); +#endif + return 0; +} +#else +int main(int ATTR_UNUSED(argc), char** ATTR_UNUSED(argv)) +{ + printf("Compiled without nghttp2, cannot run test.\n"); + return 1; +} +#endif /* HAVE_NGHTTP2 */ diff --git a/testcode/fake_event.c b/testcode/fake_event.c index 209257921..b8166c45c 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -52,6 +52,7 @@ #include "util/data/msgreply.h" #include "util/data/msgencode.h" #include "util/data/dname.h" +#include "util/edns.h" #include "util/config_file.h" #include "services/listen_dnsport.h" #include "services/outside_network.h" @@ -63,6 +64,7 @@ #include "sldns/sbuffer.h" #include "sldns/wire2str.h" #include "sldns/str2wire.h" +#include "daemon/remote.h" #include struct worker; struct daemon_remote; @@ -868,9 +870,13 @@ struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), size_t bufsize, int ATTR_UNUSED(tcp_accept_count), int ATTR_UNUSED(tcp_idle_timeout), + int ATTR_UNUSED(harden_large_queries), + uint32_t ATTR_UNUSED(http_max_streams), + char* ATTR_UNUSED(http_endpoint), + int ATTR_UNUSED(http_notls), struct tcl_list* ATTR_UNUSED(tcp_conn_limit), void* ATTR_UNUSED(sslctx), struct dt_env* ATTR_UNUSED(dtenv), - comm_point_callback_type* cb, void* cb_arg) + comm_point_callback_type* cb, void *cb_arg) { struct replay_runtime* runtime = (struct replay_runtime*)base; struct listen_dnsport* l= calloc(1, sizeof(struct listen_dnsport)); @@ -1039,7 +1045,8 @@ outside_network_create(struct comm_base* base, size_t bufsize, int ATTR_UNUSED(outgoing_tcp_mss), void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param), int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx), - int ATTR_UNUSED(delayclose), struct dt_env* ATTR_UNUSED(dtenv)) + int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni), + struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect)) { struct replay_runtime* runtime = (struct replay_runtime*)base; struct outside_network* outnet = calloc(1, @@ -1179,7 +1186,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, socklen_t addrlen, uint8_t* zone, size_t zonelen, struct module_qstate* qstate, comm_point_callback_type* callback, void* callback_arg, sldns_buffer* ATTR_UNUSED(buff), - struct module_env* ATTR_UNUSED(env)) + struct module_env* env) { struct replay_runtime* runtime = (struct replay_runtime*)outnet->base; struct fake_pending* pend = (struct fake_pending*)calloc(1, @@ -1208,6 +1215,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, sldns_buffer_flip(pend->buffer); if(1) { struct edns_data edns; + struct edns_string_addr* client_string_addr; if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen, qstate, qstate->region)) { free(pend); @@ -1219,10 +1227,18 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, edns.edns_version = EDNS_ADVERTISED_VERSION; edns.udp_size = EDNS_ADVERTISED_SIZE; edns.bits = 0; - edns.opt_list = qstate->edns_opts_back_out; if(dnssec) edns.bits = EDNS_DO; edns.padding_block_size = 0; + if((client_string_addr = edns_string_addr_lookup( + &env->edns_strings->client_strings, + addr, addrlen))) { + edns_opt_list_append(&qstate->edns_opts_back_out, + env->edns_strings->client_string_opcode, + client_string_addr->string_len, + client_string_addr->string, qstate->region); + } + edns.opt_list = qstate->edns_opts_back_out; attach_edns_record(pend->buffer, &edns); } memcpy(&pend->addr, addr, addrlen); @@ -1290,7 +1306,14 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) log_info("double delete of pending serviced query"); } +int resolve_interface_names(struct config_file* ATTR_UNUSED(cfg), + char*** ATTR_UNUSED(resif), int* ATTR_UNUSED(num_resif)) +{ + return 1; +} + struct listen_port* listening_ports_open(struct config_file* ATTR_UNUSED(cfg), + char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs), int* ATTR_UNUSED(reuseport)) { return calloc(1, 1); @@ -1490,6 +1513,18 @@ int serviced_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) return 0; } +int reuse_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) +{ + log_assert(0); + return 0; +} + +int reuse_id_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) +{ + log_assert(0); + return 0; +} + /* timers in testbound for autotrust. statistics tested in tdir. */ struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) @@ -1732,7 +1767,7 @@ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, } int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen) + struct sockaddr* addr, socklen_t addrlen, int ATTR_UNUSED(is_connected)) { struct fake_commpoint* fc = (struct fake_commpoint*)c; struct replay_runtime* runtime = fc->runtime; @@ -1825,4 +1860,21 @@ tcp_req_info_get_stream_buffer_size(void) return 0; } +size_t +http2_get_query_buffer_size(void) +{ + return 0; +} + +size_t +http2_get_response_buffer_size(void) +{ + return 0; +} + +void http2_stream_add_meshstate(struct http2_stream* ATTR_UNUSED(h2_stream), + struct mesh_area* ATTR_UNUSED(mesh), struct mesh_state* ATTR_UNUSED(m)) +{ +} + /*********** End of Dummy routines ***********/ diff --git a/testcode/perf.c b/testcode/perf.c index 5b170ca57..b13eca6d3 100644 --- a/testcode/perf.c +++ b/testcode/perf.c @@ -233,12 +233,7 @@ perfsetup(struct perfinfo* info) addr_is_ip6(&info->dest, info->destlen)? AF_INET6:AF_INET, SOCK_DGRAM, 0); if(info->io[i].fd == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } if(info->io[i].fd > info->maxfd) info->maxfd = info->io[i].fd; @@ -260,11 +255,7 @@ perffree(struct perfinfo* info) if(!info) return; if(info->io) { for(i=0; iio_num; i++) { -#ifndef USE_WINSOCK - close(info->io[i].fd); -#else - closesocket(info->io[i].fd); -#endif + sock_close(info->io[i].fd); } free(info->io); } @@ -285,11 +276,7 @@ perfsend(struct perfinfo* info, size_t n, struct timeval* now) /*log_hex("send", info->qlist_data[info->qlist_idx], info->qlist_len[info->qlist_idx]);*/ if(r == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("sendto: %s", sock_strerror(errno)); } else if(r != (ssize_t)info->qlist_len[info->qlist_idx]) { log_err("partial sendto"); } @@ -309,11 +296,7 @@ perfreply(struct perfinfo* info, size_t n, struct timeval* now) r = recv(info->io[n].fd, (void*)sldns_buffer_begin(info->buf), sldns_buffer_capacity(info->buf), 0); if(r == -1) { -#ifndef USE_WINSOCK - log_err("recv: %s", strerror(errno)); -#else - log_err("recv: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("recv: %s", sock_strerror(errno)); } else { info->by_rcode[LDNS_RCODE_WIRE(sldns_buffer_begin( info->buf))]++; diff --git a/testcode/run_vm.sh b/testcode/run_vm.sh index d4c2a2e11..363a32b52 100644 --- a/testcode/run_vm.sh +++ b/testcode/run_vm.sh @@ -26,15 +26,22 @@ cd testdata TPKG=../testcode/mini_tdir.sh #RUNLIST=`(ls -1d *.tdir|grep -v '^0[016]')` RUNLIST=`(ls -1d *.tdir)` -if test "$#" = "1"; then RUNLIST="$1"; fi +if test "$#" = "1"; then + RUNLIST="$1"; + if echo "$RUNLIST" | grep '/$' >/dev/null; then + RUNLIST=`echo "$RUNLIST" | sed -e 's?/$??'` + fi +fi # fix up tdir that was edited on keyboard interrupt. cleanup() { echo cleanup - if test -f "$t.bak"; then mv "$t.bak" "$t"; fi + if test -f "$t.bak"; then rm -fr "${t}"; mv "$t.bak" "$t"; fi exit 0 } -trap cleanup SIGINT +trap cleanup INT +# stop tests from notifying systemd, if that is compiled in. +export -n NOTIFY_SOCKET for t in $RUNLIST do diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index 65ea8d4bc..ffdddbe9d 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -200,6 +200,7 @@ write_q(int fd, int udp, SSL* ssl, sldns_buffer* buf, uint16_t id, static void recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf) { + size_t i; char* pktstr; uint16_t len; if(!udp) { @@ -270,7 +271,13 @@ recv_one(int fd, int udp, SSL* ssl, sldns_buffer* buf) len = (size_t)l; } printf("\nnext received packet\n"); - log_buf(0, "data", buf); + printf("data[%d] ", (int)sldns_buffer_limit(buf)); + for(i=0; i>4], + hex[sldns_buffer_read_u8_at(buf, i)&0x0f]); + } + printf("\n"); pktstr = sldns_wire2str_pkt(sldns_buffer_begin(buf), len); printf("%s", pktstr); @@ -381,11 +388,7 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int onarrival, SSL_free(ssl); SSL_CTX_free(ctx); } -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif + sock_close(fd); sldns_buffer_free(buf); printf("orderly exit\n"); } diff --git a/testcode/testbound.c b/testcode/testbound.c index 602dffaff..5e10779fc 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -42,16 +42,22 @@ #ifdef HAVE_TIME_H # include #endif +#include #include "testcode/testpkts.h" #include "testcode/replay.h" #include "testcode/fake_event.h" #include "daemon/remote.h" +#include "libunbound/worker.h" #include "util/config_file.h" #include "sldns/keyraw.h" -#include +#ifdef UB_ON_WINDOWS +#include "winrc/win_svc.h" +#endif /** signal that this is a testbound compile */ #define unbound_testbound 1 +/** renamed main routine */ +int daemon_main(int argc, char* argv[]); /** * include the main program from the unbound daemon. * rename main to daemon_main to call it @@ -333,7 +339,7 @@ setup_playback(const char* filename, int* pass_argc, char* pass_argv[]) } /** remove config file at exit */ -void remove_configfile(void) +static void remove_configfile(void) { struct config_strlist* p; for(p=cfgfiles; p; p=p->next) @@ -362,6 +368,10 @@ main(int argc, char* argv[]) /* we do not want the test to depend on the timezone */ (void)putenv("TZ=UTC"); memset(pass_argv, 0, sizeof(pass_argv)); +#ifdef HAVE_SYSTEMD + /* we do not want the test to use systemd daemon startup notification*/ + (void)unsetenv("NOTIFY_SOCKET"); +#endif /* HAVE_SYSTEMD */ log_init(NULL, 0, NULL); /* determine commandline options for the daemon */ @@ -547,22 +557,28 @@ void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) log_assert(0); } +#ifdef UB_ON_WINDOWS void wsvc_command_option(const char* ATTR_UNUSED(wopt), const char* ATTR_UNUSED(cfgfile), int ATTR_UNUSED(v), int ATTR_UNUSED(c)) { log_assert(0); } +#endif +#ifdef UB_ON_WINDOWS void wsvc_setup_worker(struct worker* ATTR_UNUSED(worker)) { /* do nothing */ } +#endif +#ifdef UB_ON_WINDOWS void wsvc_desetup_worker(struct worker* ATTR_UNUSED(worker)) { /* do nothing */ } +#endif #ifdef UB_ON_WINDOWS void worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 82c143967..dee451761 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -501,7 +501,7 @@ add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata, { uint8_t edns[] = {0x00, /* root label */ 0x00, LDNS_RR_TYPE_OPT, /* type */ - 0x10, 0x00, /* class is UDPSIZE 4096 */ + 0x04, 0xD0, /* class is UDPSIZE 1232 */ 0x00, /* TTL[0] is ext rcode */ 0x00, /* TTL[1] is edns version */ (uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */ diff --git a/testcode/unitldns.c b/testcode/unitldns.c index 66f756170..22c9ed945 100644 --- a/testcode/unitldns.c +++ b/testcode/unitldns.c @@ -44,6 +44,7 @@ #include "sldns/sbuffer.h" #include "sldns/str2wire.h" #include "sldns/wire2str.h" +#include "sldns/parseutil.h" /** verbose this unit test */ static int vbmp = 0; @@ -220,9 +221,60 @@ rr_tests(void) SRCDIRSTR "/testdata/test_ldnsrr.c5"); } +/** test various base64 decoding options */ +static void +b64_test(void) +{ + /* "normal" b64 alphabet, with padding */ + char* p1 = "aGVsbG8="; /* "hello" */ + char* p2 = "aGVsbG8+"; /* "hello>" */ + char* p3 = "aGVsbG8/IQ=="; /* "hello?!" */ + char* p4 = "aGVsbG8"; /* "hel" + extra garbage */ + + /* base64 url, without padding */ + char* u1 = "aGVsbG8"; /* "hello" */ + char* u2 = "aGVsbG8-"; /* "hello>" */ + char* u3 = "aGVsbG8_IQ"; /* "hello?!" */ + char* u4 = "aaaaa"; /* garbage */ + + char target[128]; + size_t tarsize = 128; + int result; + + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p1, (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello") && strcmp(target, "hello") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p2, (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello>") && strcmp(target, "hello>") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p3, (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello?!") && strcmp(target, "hello?!") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p4, (uint8_t*)target, tarsize); + /* when padding is used everything that is not a block of 4 will be + * ignored */ + unit_assert(result == strlen("hel") && strcmp(target, "hel") == 0); + + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u1, strlen(u1), (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello") && strcmp(target, "hello") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u2, strlen(u2), (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello>") && strcmp(target, "hello>") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u3, strlen(u3), (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello+/") && strcmp(target, "hello?!") == 0); + /* one item in block of four is not allowed */ + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u4, strlen(u4), (uint8_t*)target, tarsize); + unit_assert(result == -1); +} + void ldns_test(void) { unit_show_feature("sldns"); rr_tests(); + b64_test(); } diff --git a/testcode/unitmain.c b/testcode/unitmain.c index 4fc7e508b..c61026f26 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -839,6 +839,52 @@ static void respip_test(void) respip_conf_actions_test(); } +#include "services/outside_network.h" +/** add number of new IDs to the reuse tree, randomly chosen */ +static void tcpid_addmore(struct reuse_tcp* reuse, + struct outside_network* outnet, unsigned int addnum) +{ + unsigned int i; + struct waiting_tcp* w; + for(i=0; iid = id; + w->outnet = outnet; + w->next_waiting = (void*)reuse->pending; + reuse_tree_by_id_insert(reuse, w); + } +} + +/** fill up the reuse ID tree and test assertions */ +static void tcpid_fillup(struct reuse_tcp* reuse, + struct outside_network* outnet) +{ + int t, numtest=3; + for(t=0; ttree_by_id, reuse_id_cmp); + tcpid_addmore(reuse, outnet, 65535); + reuse_del_readwait(&reuse->tree_by_id); + } +} + +/** test TCP ID selection */ +static void tcpid_test(void) +{ + struct pending_tcp pend; + struct outside_network outnet; + unit_show_func("services/outside_network.c", "reuse_tcp_select_id"); + memset(&pend, 0, sizeof(pend)); + pend.reuse.pending = &pend; + memset(&outnet, 0, sizeof(outnet)); + outnet.rnd = ub_initstate(NULL); + rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp); + tcpid_fillup(&pend.reuse, &outnet); + ub_randfree(outnet.rnd); +} + void unit_show_func(const char* file, const char* func) { printf("test %s:%s\n", file, func); @@ -867,6 +913,8 @@ main(int argc, char* argv[]) printf("\tperforms unit tests.\n"); return 1; } + /* Disable roundrobin for the unit tests */ + RRSET_ROUNDROBIN = 0; #ifdef USE_LIBEVENT printf("Start of %s+libevent unit test.\n", PACKAGE_STRING); #else @@ -905,6 +953,7 @@ main(int argc, char* argv[]) infra_test(); ldns_test(); msgparse_test(); + tcpid_test(); #ifdef CLIENT_SUBNET ecs_test(); #endif /* CLIENT_SUBNET */ diff --git a/testdata/04-checkconf.tdir/bad.badfwd b/testdata/04-checkconf.tdir/bad.badfwd index 27d58c5ea..139d31238 100644 --- a/testdata/04-checkconf.tdir/bad.badfwd +++ b/testdata/04-checkconf.tdir/bad.badfwd @@ -2,6 +2,7 @@ server: # to make sure the check doesn't fail on username or chrootdir. username: "" chroot: "" + directory: "" forward-zone: name: "example.com" diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.1 b/testdata/04-checkconf.tdir/bad.include-toplevel.1 new file mode 100644 index 000000000..e45efbc25 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.1 @@ -0,0 +1,3 @@ +include-toplevel: include.withoutclauses.* +server: + identity: "top 1" diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.2 b/testdata/04-checkconf.tdir/bad.include-toplevel.2 new file mode 100644 index 000000000..fc274fd5d --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.2 @@ -0,0 +1,5 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.3 b/testdata/04-checkconf.tdir/bad.include-toplevel.3 new file mode 100644 index 000000000..3a219a8a2 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.3 @@ -0,0 +1,6 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.4 b/testdata/04-checkconf.tdir/bad.include-toplevel.4 new file mode 100644 index 000000000..8dd4555b6 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.4 @@ -0,0 +1,7 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.5 b/testdata/04-checkconf.tdir/bad.include-toplevel.5 new file mode 100644 index 000000000..b2c0eae82 --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.5 @@ -0,0 +1,8 @@ +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withsomeclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.6 b/testdata/04-checkconf.tdir/bad.include-toplevel.6 new file mode 100644 index 000000000..4f578f5cf --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.6 @@ -0,0 +1,10 @@ +include-toplevel: include.withclauses.* +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" +include-toplevel: include.includetop.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.include-toplevel.7 b/testdata/04-checkconf.tdir/bad.include-toplevel.7 new file mode 100644 index 000000000..386f0166e --- /dev/null +++ b/testdata/04-checkconf.tdir/bad.include-toplevel.7 @@ -0,0 +1,11 @@ +include-toplevel: include.withclauses.* +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" +include-toplevel: include.includetop.withclauses.* +include-toplevel: include.include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/bad.user b/testdata/04-checkconf.tdir/bad.user index 40631abb4..ffa556e44 100644 --- a/testdata/04-checkconf.tdir/bad.user +++ b/testdata/04-checkconf.tdir/bad.user @@ -1,2 +1,4 @@ server: username: blabla_noexist_user + chroot: "" + directory: "" diff --git a/testdata/04-checkconf.tdir/good.include-toplevel b/testdata/04-checkconf.tdir/good.include-toplevel new file mode 100644 index 000000000..e88df7d56 --- /dev/null +++ b/testdata/04-checkconf.tdir/good.include-toplevel @@ -0,0 +1,16 @@ +include-toplevel: include.withclauses.* +include-toplevel: include.withclauses.* +server: + identity: "top 1" + include: include.withoutclauses.* + include-toplevel: include.withclauses.* +include: include.withclauses.* +include-toplevel: include.withclauses.* +server: identity: "top 2" +include-toplevel: include.includetop.withclauses.* +include-toplevel: include.include.withclauses.* +include-toplevel: include.include.withclauses.* +server: + chroot: "" + directory: "" + username: "" diff --git a/testdata/04-checkconf.tdir/include.include.withclauses.1 b/testdata/04-checkconf.tdir/include.include.withclauses.1 new file mode 100644 index 000000000..49c88fe8c --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withclauses.1 @@ -0,0 +1 @@ +include: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withclauses.2 b/testdata/04-checkconf.tdir/include.include.withclauses.2 new file mode 100644 index 000000000..49c88fe8c --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withclauses.2 @@ -0,0 +1 @@ +include: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withclauses.3 b/testdata/04-checkconf.tdir/include.include.withclauses.3 new file mode 100644 index 000000000..49c88fe8c --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withclauses.3 @@ -0,0 +1 @@ +include: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withoutclauses.1 b/testdata/04-checkconf.tdir/include.include.withoutclauses.1 new file mode 100644 index 000000000..3552d769c --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withoutclauses.1 @@ -0,0 +1 @@ +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withoutclauses.2 b/testdata/04-checkconf.tdir/include.include.withoutclauses.2 new file mode 100644 index 000000000..3552d769c --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withoutclauses.2 @@ -0,0 +1 @@ +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.include.withoutclauses.3 b/testdata/04-checkconf.tdir/include.include.withoutclauses.3 new file mode 100644 index 000000000..3552d769c --- /dev/null +++ b/testdata/04-checkconf.tdir/include.include.withoutclauses.3 @@ -0,0 +1 @@ +include: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withclauses.1 b/testdata/04-checkconf.tdir/include.includetop.withclauses.1 new file mode 100644 index 000000000..5e296548f --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withclauses.1 @@ -0,0 +1 @@ +include-toplevel: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withclauses.2 b/testdata/04-checkconf.tdir/include.includetop.withclauses.2 new file mode 100644 index 000000000..5e296548f --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withclauses.2 @@ -0,0 +1 @@ +include-toplevel: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withclauses.3 b/testdata/04-checkconf.tdir/include.includetop.withclauses.3 new file mode 100644 index 000000000..5e296548f --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withclauses.3 @@ -0,0 +1 @@ +include-toplevel: include.withclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 new file mode 100644 index 000000000..a411f7b52 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.1 @@ -0,0 +1 @@ +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 new file mode 100644 index 000000000..a411f7b52 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.2 @@ -0,0 +1 @@ +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 new file mode 100644 index 000000000..a411f7b52 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.includetop.withoutclauses.3 @@ -0,0 +1 @@ +include-toplevel: include.withoutclauses.* diff --git a/testdata/04-checkconf.tdir/include.withclauses.1 b/testdata/04-checkconf.tdir/include.withclauses.1 new file mode 100644 index 000000000..d67920e06 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withclauses.1 @@ -0,0 +1 @@ +server: identity: "withclauses1" diff --git a/testdata/04-checkconf.tdir/include.withclauses.2 b/testdata/04-checkconf.tdir/include.withclauses.2 new file mode 100644 index 000000000..3537974c0 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withclauses.2 @@ -0,0 +1 @@ +server: identity: "withclauses2" diff --git a/testdata/04-checkconf.tdir/include.withclauses.3 b/testdata/04-checkconf.tdir/include.withclauses.3 new file mode 100644 index 000000000..5e19c54ef --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withclauses.3 @@ -0,0 +1 @@ +server: identity: "withclauses3" diff --git a/testdata/04-checkconf.tdir/include.withoutclauses.1 b/testdata/04-checkconf.tdir/include.withoutclauses.1 new file mode 100644 index 000000000..3b3b6f48b --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withoutclauses.1 @@ -0,0 +1 @@ +identity: "withoutclauses1" diff --git a/testdata/04-checkconf.tdir/include.withoutclauses.2 b/testdata/04-checkconf.tdir/include.withoutclauses.2 new file mode 100644 index 000000000..fec8b2002 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withoutclauses.2 @@ -0,0 +1 @@ +identity: "withoutclauses2" diff --git a/testdata/04-checkconf.tdir/include.withoutclauses.3 b/testdata/04-checkconf.tdir/include.withoutclauses.3 new file mode 100644 index 000000000..e34a4b12d --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withoutclauses.3 @@ -0,0 +1 @@ +identity: "withoutclauses3" diff --git a/testdata/04-checkconf.tdir/include.withsomeclauses.1 b/testdata/04-checkconf.tdir/include.withsomeclauses.1 new file mode 100644 index 000000000..d719a44f7 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withsomeclauses.1 @@ -0,0 +1 @@ +server: identity: "withsomeclauses1" diff --git a/testdata/04-checkconf.tdir/include.withsomeclauses.2 b/testdata/04-checkconf.tdir/include.withsomeclauses.2 new file mode 100644 index 000000000..ec910e1a8 --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withsomeclauses.2 @@ -0,0 +1 @@ +identity: "withsomeclauses2" diff --git a/testdata/04-checkconf.tdir/include.withsomeclauses.3 b/testdata/04-checkconf.tdir/include.withsomeclauses.3 new file mode 100644 index 000000000..dbb696eeb --- /dev/null +++ b/testdata/04-checkconf.tdir/include.withsomeclauses.3 @@ -0,0 +1 @@ +identity: "withsomeclauses3" diff --git a/testdata/09-unbound-control.tdir/bad_control.key b/testdata/09-unbound-control.tdir/bad_control.key index d29cdbc91..84d3883ed 100644 --- a/testdata/09-unbound-control.tdir/bad_control.key +++ b/testdata/09-unbound-control.tdir/bad_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDti51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4G -SLOE02/hKDkdkOvaUG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtO -DWc3tXPT1IlSEN0xnAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQAB -AoGAG3w/DatfMCu/nS5OdQx9BSqPgNbnUSqux9xA0fhgPTlN0T3oRtPcqa7JUDUW -PryI/a62ry+zGkw98N2AxolCZg3N7Z3vuRx2FMcKKNwpTzDmcZW7TmMk5FPof6gE -PnYl/ff0w+kxqA+L2EexH3Xi6ApLSZcjyzKWj+dL2AuT9gkCQQD3dPitwITxgCAD -IaHw23e3FRkM/hw1Gp8bt6nbuxitVxxpO96q1EQ+fCy/mf0bMEJDp3xzMEIfP3r4 -GmNbaxa1AkEA9b8LeBLbQ2cm2+UMeUgygBsRirdUQ786auqH38Jbvi/j6S9sDl2x -q1vRtikEBZJWfkhsOzrzwFDKe1bI/EEn9wJAAzOwRA9JqRZPU7sLrWIpmmTbfh+L -neRKSsGFoSI6n4ORCouLxgoZF/XjXldPvxpQwS9ZnOPy9xSLMsqknno0QQJAeDtA -IT8Yh6GwIWWu9KeeDY8wxe1sDLlCm4yjbZZpzGMh3rSU6XJtuqjxsW3fydoO9zn3 -ugLdvvnIFxAexUwbgQJBANyM13xcObfUJOj9rjlGCh0CDh/04ONl8SH8HBnM8guA -RJI5S6vBHweVRopEZcF1sQm6wMf3ej/sGkyyNvJxRkY= +MIIG5AIBAAKCAYEAt/3PPZGM7eSdCnEQ04f6Y+Xnmp105gtxqoHxHfyGFG8ljNSd +T1hKBjrg1BRVszTg+Td5V+Y4vAHW25Etvuvg0DQBNDKtrMTTbTZKQbT6A7Xgyp42 +Oj8EyXFWs8BNx/joI1sAMUiCjPKpKAI5bIHV18It4n28MXWTVX5mfwcj82XPTQlO +6OhTXtA45idPLFKkCp4H879EIfIo1sfk+OTLjoSNLXFN3BoI9CIT6WZKrY0pAieL +jdotSlirx/UpwpojAp6IVxzjZ2PHnJZbBwHxVPYnysMogcKQ9CyL1jBT2phWVe2J +YJFwwGgziJH5CJEGVgWkctEtguKubzSCIf9RuX6j/n32ZRtAechm2Oi2WwxGr9tF +uzLXgYsu/MQ+AhzcFP1MEGlyCkyL2fxgDry34Rq7RVQQL9PolhBYk2orYTlsjCVR +kGzXvpFIF8OPDEEsXz2TTM2nkiCla1GqsGXL3xuPFjGD+CEMI5jB7U+j1uL2+xb/ +gVUMAxvpNHADcW1/AgMBAAECggGAFEXF8N25rniTCRR+KyB/aURqqXGR8MrwAj6B +B7HMQDIi7Ap9LsHmnhscrKF08+Luqub+2r2GIMj/GIA9jxzET4x7WXoAAtpJBW6G +7gh3x7LhitG13eMVrvBrAjE9ILx/L24Wblez8r3F/5+HHjqMClLd5We/NZ/j1Pax +amup/WaJWc6dwDHhBcBhlJJeOd79LiJNdADuC+N3tnqd8wKanyBhwdELKCZCOEwM +75mSvt6f1xnuWXnhpaBxhP2xVTzQUNz1jxA2j/ybDbnBdhjLn9QlBY604t8nwRz8 +dwCV6NRFbj85C1Fkw3FSzLSKzkzLGxYBvLpq6vjXiUHuY17bVDskCrgHOx/q0SXb +ivPdmJWhThfPUMRgSTQXXvWpQfEdBP9FDXLFPN6yI9Xocxa4oaalNaK+xIJyXt9w +ZkLb+ZB8+m4JqvgdrQiO0yEXM498aCdRfVnZV/e+GdbB90FW9SFf4/guca/I4SPD +sFpA96LOyxkX4h5AQxyeoDDriKopAoHBAOEQXDMIXxp9gmkZNRo/mW7RvnmUyDic +eCwCbcsLGjay/hKpyOTelXSF7bxdi6GuO5N9UWBQX2FK+//T/uT1kHjmUYTeLa47 +iSDJG73TT6ZSwI0D8Ak+4GEneS3xjldpPW1oFZt/kwuji6yfUFw6orsPa/l5Uf7/ +MCOzoFObtvDZKgd0BkBrQhlIG+u6jicrGfrVkCDX/ONqoQXr3a21b4nl52/r+ezj +N2kKSQOTll5pUQ00+M0SPDwytFJbhbkTpQKBwQDRSCzHPTGVW5R+8BPQY2mRRyjp +Pr1BmJXG05f2wjXeGhafWJ91RCwP7mOBbJDA15w3KoY9N64Rk6Mv5q0Ywwna7+Ea +pTXCfzeuoC+sLL6llCA4kbpJsvrLAeCYyvMuiPjgXfDo2S8qMqAnZ+ZKD16OjBzE +W6H2OI7Zmwjy7+C683Ac2kX+lIvbBeOu9oVtaSw/5nudScUi4njDz89Ha3g3j1AI +98crCLQdjTO94d5k4Mx4FFVdbxPwSa5iZcHWo1MCgcAnHI25PKIyW09Xbk8BIb5L +ON3uCQIGfIKRu1ZTK7nBebeXjLPhuiCk4EVhL6x9S2cFCYkjwLPil4JVggTQyy/x +Iq1V9rpfhe8dqHVOtrMnx0e4+c8z/B5II/D2H/1JiXtoUOc4X6IxKpmyRPlVHcd7 +1IFCGGg8dSJrgeLBxNS05DhelTYk6b7R3+siOwhLHD1mjsh+PKqw5q3W9pdOgbJB +d5eRpqOHHDFb6rKnkXVXMNwp/GOkV5/qIjGeAlOpxxUCgcEAlXLFB0Jbthy/3iXz +AEz9hhEa1fVHkSA1VNalHkFx1jkrDn9q34LfNEE4LaQpeox9sadcVTr9wu97CSnh +Ul11HDNQvIZd7ZaLXNhnMryBKByvJbZrIVX+YhnlGTdUkVae4xoyfxUY6TldxMYd +XaW8EG9d25rT/dBFsn9T1KgYA2j0FqaIdVP+y1lZTggdIBSK1NbyT0/uxwqS0sID +cyz7nDFrJfxK7iA4/yFmYaJ5/e/KE7Xxf9dilaUIMpwX3/6hAoHBAIYjfpbPfK21 +AwHgZiopxOODsjbMuO/f4VCaMhkt8bm7LRmbsNl/Sk9paTNKf20fttKLi2cSUIn8 +sP8iuwdrUNNhVd4cfsh+ncF4GitRs3WrZXEz8AB7m8frpzNr2pYcqVTPL8yl9i8t +ix0XEoVwMWgFroWaN/G+ujEoPZUgXI9z5DuArkNOiLgbpcqVJ8e/+SWTeKILIkWT +ZrFABevmFIaXSZLjI9Avk7cTqEKOVeZy9gag9lmbtVAzFFitdR4aWA== -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/bad_control.pem b/testdata/09-unbound-control.tdir/bad_control.pem index e06b84720..0785acaeb 100644 --- a/testdata/09-unbound-control.tdir/bad_control.pem +++ b/testdata/09-unbound-control.tdir/bad_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQDd5/rocjG5vDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkyNjEyMjQ0NFoXDTI4MDYxMzEyMjQ0NFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDt -i51Z6qASvAjPFFhLLlq8BwtsnmfqMPMn57dKAghb4OifeL4GSLOE02/hKDkdkOva -UG2UqDNh2OoPTuJk4A+mG2LJoziFhHKlIebo9v2YiFWOBVtODWc3tXPT1IlSEN0x -nAGelMmeLcPeCPe+A5IDlIHzF/+YiDgS38S9dL17owIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAHpvcKqY48X9WsqogV16L+zT7iXhZ4tySA9EBk1a+0gud/iDPKSBi7mK -4rzphVfb4S207dVmTG+1WNpa6l3pTGML6XLElxqIu/kr7w4cF0rKvZxWPsBRqYjH -5HrK8CrQ0+YvUHXiu7IaACLGvKXY4Tqa3HQyvEtzLWJ4HhOrGx8F +MIIDszCCAhsCFEm6EpzKglG+V66IyIlx6Q2y3y8nMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMzA3WhcNNDAwMzI1MTMzMzA3 +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQC3/c89kYzt5J0KcRDTh/pj5eeanXTmC3GqgfEd/IYUbyWM +1J1PWEoGOuDUFFWzNOD5N3lX5ji8AdbbkS2+6+DQNAE0Mq2sxNNtNkpBtPoDteDK +njY6PwTJcVazwE3H+OgjWwAxSIKM8qkoAjlsgdXXwi3ifbwxdZNVfmZ/ByPzZc9N +CU7o6FNe0DjmJ08sUqQKngfzv0Qh8ijWx+T45MuOhI0tcU3cGgj0IhPpZkqtjSkC +J4uN2i1KWKvH9SnCmiMCnohXHONnY8ecllsHAfFU9ifKwyiBwpD0LIvWMFPamFZV +7YlgkXDAaDOIkfkIkQZWBaRy0S2C4q5vNIIh/1G5fqP+ffZlG0B5yGbY6LZbDEav +20W7MteBiy78xD4CHNwU/UwQaXIKTIvZ/GAOvLfhGrtFVBAv0+iWEFiTaithOWyM +JVGQbNe+kUgXw48MQSxfPZNMzaeSIKVrUaqwZcvfG48WMYP4IQwjmMHtT6PW4vb7 +Fv+BVQwDG+k0cANxbX8CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEATI+xHWEiq3SK +9Dw2FBiD7GPaaPAh/u5h+QxaLS9G5a6Djh6F9RT3To+gRVeiaAaIPg53asGM5TGR +ojv9nI8cIvi3dL6VKhHSdomldFjfQYmF/uSKEYsHaggceGE/GsG8J8g79HXGRp2y +m5hkACKFh5ZcSHeJBplv7agDbBZ6w5qQaY6QsnYLrAK7B3Jo1Xx+JEKzmgnp4TwV +Ni4wezgLiG+buJ5lXEYr2Rm7HR/cxLRN7CFrpUoavFUvqLKNpXO8MJFx+BkO5/JT +pgv0O/ll9aT+kuegUpf9kcUzhpsw1N4W/JzZOyJAdxrrQ88aNZm+7d433wDBt/WF +BCV4d5wEASxfQALEQa+/1FebIsDfQyBAOHdTAVkupZ00oeNerKe+mHFmNjj04vn8 +LwGgVuADCBJVCDhEqHLEXUqiGeSHJhAJO9pjma7r7H81OtAs/xVC8j8hqe8wLBKg +XNjWQ9QmNXt9VVQCMomro9lmoDozr9k1vsGtUsT3yQEAABQYwIjp -----END CERTIFICATE----- diff --git a/testdata/09-unbound-control.tdir/bad_server.key b/testdata/09-unbound-control.tdir/bad_server.key index 0dbb134b5..d64d05bf5 100644 --- a/testdata/09-unbound-control.tdir/bad_server.key +++ b/testdata/09-unbound-control.tdir/bad_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC9hurNHBtB7QFEuPJOnCylUWUF2/US3v9yQQQXnstuXMQXRaq1 -1uviLmwaGurV9tngX59HITsBT74NQrtFKfEDLViLrm2arAM9Ozsn4tnv30HXPRDj -UOc1M05Q7UzjaSrOv+TkPEqyhtUyaP1DYo0bcmbxtSkYc2ZEWCwhPklUwQIDAQAB -AoGATjzZxN4ramWaNnJapJTX4U7eczK/0pB3xwSL2exVcjOdRzYdKH+WVIJxYb1m -3/jNLFCNAeH356yxeevoPr73nG75YJ9I1ZWQWTnS3SDK6JD1+3pmAD0bQWFoitpf -FoSH9H4X5gFB5vCZ99YVoYH1UXWPcgvUHwxz0voImt6lCKECQQD4YQ4A3M0+Ki8v -Hl+5FKULnS0UtBkweCvkF/X1zZRjjYr6hLnqldFkkgTBKWe17pUXX0nwRMbP1YZX -i+vDq5JNAkEAw1eYsmC0nVAMawo57N6LYavGv/n5u1cvpTpKDtn4cXH0Uqq13Kyu -2FUTzan2NhCEK78UzbWaeewBJmxYda1+RQJAdShKk6uTAEyjnwUjv8h2JWlJN2fQ -LeWxRlDrCruiz+aW9J4gl/99GoQpy/c83TshhjnDRZsbcDNWv/rXBZ/rTQJAFQva -CtX6f7yBKgM3DHtJvyM3zbVMH9Ab9QxbsE/xwZ9KeKGl6Hm+eNZpxM3cFiUfaGs0 -/ZjkZOB1m0MvILaplQJAXC3PJ/E+87banGZRJl5qtS6/HoX5lH9TPkL8Essy7ANO -2BT2OTQawD1A+VKIrQHXs085Of8tQUfrfHHt7s3Kqg== +MIIG4wIBAAKCAYEAr7FId+AlZUWP6MK9xfV0hJ9ooJdcL0sm9yZsWY4UYOlqcTGE +Rah/XvQmsOaKcMg8Wof24LAvo2vmariBYZoS61AAi6MeHHrPh8M2ZDMZQgW4nZC8 +A0biro93nMLU1VxgycSVmj29p18IdNzsYWxC7t+/6AWQSlwD+9YFOYrVWQYxEcSZ +7gZqoh08mDsNRjnVs7nagPAbk/B9jj9zhvgp+0d5h25Ms7Td22t7DfsGlL8Ei3ew +FwaqjThhhVHEVwARBLYGb2ZsZS5EMJv2W/V0k6yQZ+rV07+i0oZQ0cGxOuUy9TNO +7HfiI4ri2x26Wm0YH1qgK5miUIAkbL2E/iWVxMfQOdEAZuOmUpUFOFpm/XHL1/pC +yiqOb98jjLE93UoNPZdsjrbjfQ/WPkap+vtigVZJJPet6F9x4S5XvrhXkV2JWIYM +vhnrs9NpveCOe1lcxNVSsIAtMxsZKi2dIq+mRhfm9/UGoOmj8UxIQUepJJv1IHcd +ASWkTAMmUSyF7z7DAgMBAAECggGAKwY+GeURI1C6oiR2drDaPNQQuir2zzoXK7UE +GZY6lVTz1Q5sNubBck5V30JFqsLOTNk48uMSd3Gn9oCCZpVlhqyLxaZHbHACvFto +yXbd+5YNFMDp2d+VCWxmvUPU/P7nUOHMRP5ToFYcawni9SSe64Jtq3MZV6xa6WQK +2YGPJ4Llp1U+4NQ/br28JgdoA8eL9rxPrv2ds0fUZ25Qa0AAf+GL+Edhjyx+nAoh +E1Zi0TBJ+6FuxOTEBVtGPnC8pRWFrYDfiMX4y8qkbbanAQCNgLn0PC0JdKpFAtk/ +hnpGsZ4/oh0D3ogi6o5Xnn9Gl5+1uqqaEs/n6A4kojcJ/Z0uO7zJultSUDeggbA9 +VoTQucFY1Cqj68d56Rf3kS5FGgAOx7Q6LVCIH7C9+bfs7N6z/2zl6sF72ey88kpK +ZxsPjGUw2OHnwdrkfZHVMjiNUgrEH+KYe8EVmoBxoafGvxcs9mppqeczP3zbf5WX +8LBLQcIqNaSWAsuKQbJTNsbKEIT5AoHBANcs1QPluTGTY3BXvGMwjl3dDyf1h10u +iaGi1tDB60YtF++RnwOl40Zi1Gu8GqmmzY9j32EG5moRO6IhuZ2U+lZcK/AiwY00 ++4hnzc0hBInFlq3lLRa6zVj4rEeQJxuKXykJGLQyKtSqtppcAo7hWE08ZZ6DlnvP +4o4R9ii6gCZcajhr5Bh9FxZOHv+5gMRzOVWmMF0JSjnVToCi0UUY6b3roRdH/U+M +3EOVCOUT1WE7cGuZffkcQ3jQEsC9zRHFFwKBwQDRBsKIfm0FMjP2Z0aQDpHO5wR6 +Vcjw2kmVukTPqlYPcDGaYbUVuQJIR7+ffd8xk0YbIeOfO/bXGngLAjKSGz20JIIW +E/B5RkVycwjD/WeD5NMvKc3NaiT3aiXmnwz1YUzxDHByAtskAKsoXE/GIsyVCbV2 +vDaBn3MCywTvcC9RR4KYeTepKMvd4N8KLgP9n/+hKd1ElsBVnPJUyYabmaOC1tpx +DUyWu3dbhKBKcfEcyt1+YT1bPrfRnG9oxyRStzUCgcA8R9sFVH4lXV0mQ+4K+7dm +pF9yml5pxHfaSHxVz33SEx/5hZo+s2KQfW91HyV5EbnUye3yiLRUUq+aJEiT1QCs +4PWOOK5wmL8+35XQOcfDsQ8deG7BR2Pv4PqiscfC92jhXiMFmGhXW9v8Mnqk/Ix4 +VstBNSwbU4nssyt7DYSJOqqnU9J66dBl90zH53gjkQQm8n/qEIgy24c6kmJ+MRSK +mFBw7UIR3yx14nKzenL04moEOuQHvdtJJUGbrZCdwdECgcBCra9cr0fDwpIE5kkC +J0OoBtXM2JSzEE8s7jCJNkMhxZ5tKwIDHfN2bzzXeeW7AMn6WcMsxoolcBIfIOJU +7U+vqX294Tpy1VHOApgnPSzKTDJ59xHplxSXwEq62L3fgNx0gI1WMUcKoxP2Wgww +nmU4ndI/QCb7Dow3td+rKdROT0t/rBtvYM43x0YfDzLCs0luddZZzOUp6lj7ZxYD +iO06DaO9MIrgAok+rn4bgWFy19v0NrzF4KnuucJoYC5cHIkCgcEAzG+0oppa1L+e +Tw+511VtO070XJ0Kx4DNKjP2F5nFSqTkDAyEEiLoIArO5dYGG5nHy3lXSoj+wvOe +1+3KTZPeFA7ZByceehFXrULT4GbHwbsimzLWBXAF2Dgzb2OZYMnKuFR/tjlW0+vP +OP86cEkQXNJm4SsxxeFjJAcxxif305OzgL8oqndOsohopB+XCbKUP231HBMGJ4MR +EljQHXm63wWWiBUmrX0ZYzWkX5KiAbDlfhvde80fKsDOUrzZfoBw -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/bad_server.pem b/testdata/09-unbound-control.tdir/bad_server.pem index 983247ac7..b81fb19f2 100644 --- a/testdata/09-unbound-control.tdir/bad_server.pem +++ b/testdata/09-unbound-control.tdir/bad_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQCDugnhq8B6LzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkyNjEyMjQ0M1oXDTI4MDYxMzEyMjQ0M1owEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYbqzRwbQe0B -RLjyTpwspVFlBdv1Et7/ckEEF57LblzEF0Wqtdbr4i5sGhrq1fbZ4F+fRyE7AU++ -DUK7RSnxAy1Yi65tmqwDPTs7J+LZ799B1z0Q41DnNTNOUO1M42kqzr/k5DxKsobV -Mmj9Q2KNG3Jm8bUpGHNmRFgsIT5JVMECAwEAATANBgkqhkiG9w0BAQUFAAOBgQCy -zGMW35/9xXoEWsuLFWUOaEKVq5DXuXtXbcMpDW6k2ELoraa305vh7Zwhj5JSqfcm -O0xyqIzXvz/cYdyOTgEkdMDZ/EvQsxKTwvj6eA4614yB1r3Ju5eZd4Gpo6BHhSpu -oqsrr0duJ+JOANTyaBplIxM1sjHbR4FGtmrFknBYBQ== +MIIDqzCCAhMCFFzmVNbhjiApmjK3VeO/j9TBp8yOMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMzA3WhcNNDAwMzI1MTMzMzA3 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAr7FId+AlZUWP6MK9xfV0hJ9ooJdcL0sm9yZsWY4UYOlqcTGERah/XvQm +sOaKcMg8Wof24LAvo2vmariBYZoS61AAi6MeHHrPh8M2ZDMZQgW4nZC8A0biro93 +nMLU1VxgycSVmj29p18IdNzsYWxC7t+/6AWQSlwD+9YFOYrVWQYxEcSZ7gZqoh08 +mDsNRjnVs7nagPAbk/B9jj9zhvgp+0d5h25Ms7Td22t7DfsGlL8Ei3ewFwaqjThh +hVHEVwARBLYGb2ZsZS5EMJv2W/V0k6yQZ+rV07+i0oZQ0cGxOuUy9TNO7HfiI4ri +2x26Wm0YH1qgK5miUIAkbL2E/iWVxMfQOdEAZuOmUpUFOFpm/XHL1/pCyiqOb98j +jLE93UoNPZdsjrbjfQ/WPkap+vtigVZJJPet6F9x4S5XvrhXkV2JWIYMvhnrs9Np +veCOe1lcxNVSsIAtMxsZKi2dIq+mRhfm9/UGoOmj8UxIQUepJJv1IHcdASWkTAMm +USyF7z7DAgMBAAEwDQYJKoZIhvcNAQELBQADggGBAG+IhOsdEiaVCOB8PBRGJQ8F +/kyeQOtE7pPPkH57qYwAW9cxdSoiIxrvase30IGLWmOzjiAc/igf1qz/bVpwFXQr +XohzyeQJ2znlGzUbo67c8rocvWxHzvZwFuQEysJp/E9ft5kiWwoU/xVpoK5p9sxW +zRTTdpA24x6rqvk1ZFzwWGSg0yhjOYfwvwg3kGCbwe3GzAk1J65E+uJPFoLySbNL +p3eUDA2rUKDjVobJOEhtV8k/l+hB0kKwiz/A2sbMT/OoByWMNFKSkmDbNi5m5gJH +FHsZsucbL6ppLy7fmOiPlx6xejbiTR3uAn0aQImdHA5kyfAXLKhTkyYdjWHiHqdQ +XMxi0Ci7/HO9mRupbcjRZEPs//ozMxjOAg4VNasDLdnDI4EKrClqYPjsfoXXXiZf +YTPH9QypxJFGmGEH865BNacEjDBeag8ck1ZTiK/GlrAJMqfV5/60GWBGRQVV/Tvd +WXWY2x0gVp2fxtxF8JCvHKAcfUg2+LrUS7fbMx2Niw== -----END CERTIFICATE----- diff --git a/testdata/09-unbound-control.tdir/unbound_control.key b/testdata/09-unbound-control.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/09-unbound-control.tdir/unbound_control.key +++ b/testdata/09-unbound-control.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/unbound_control.pem b/testdata/09-unbound-control.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/09-unbound-control.tdir/unbound_control.pem +++ b/testdata/09-unbound-control.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/09-unbound-control.tdir/unbound_server.key b/testdata/09-unbound-control.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/09-unbound-control.tdir/unbound_server.key +++ b/testdata/09-unbound-control.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/09-unbound-control.tdir/unbound_server.pem b/testdata/09-unbound-control.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/09-unbound-control.tdir/unbound_server.pem +++ b/testdata/09-unbound-control.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/10-unbound-anchor.tdir/keys/test_cert.pem b/testdata/10-unbound-anchor.tdir/keys/test_cert.pem index 6e588a4ab..1db9680cb 100644 --- a/testdata/10-unbound-anchor.tdir/keys/test_cert.pem +++ b/testdata/10-unbound-anchor.tdir/keys/test_cert.pem @@ -1,15 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICWTCCAYKgAwIBAgIJAN5YIkuCvJf5MA0GCSqGSIb3DQEBBQUAMCYxDjAMBgNV -BAMTBXBldGFsMRQwEgYJKoZIhvcNAQkBFgVwZXRhbDAeFw0xMzAxMTcxMTUyNDVa -Fw0zMjEwMDQxMTUyNDVaMCYxDjAMBgNVBAMTBXBldGFsMRQwEgYJKoZIhvcNAQkB -FgVwZXRhbDCB3zANBgkqhkiG9w0BAQEFAAOBzQAwgckCgcEAuPBoYZiFOuk2SnN0 -IsheC+W7JvAJcv8tksyz/hgAnqStDnDrQ4trF607aCQ7xjj2fSAqpiMvLv0P3Ctu -rcTRHmRXApS3GBf1PjWqoxMK8JBxCIHN4PKpyq4czOtSPH6AFlU+3KsRRwymLgpT -SE15NYv/2M6Z3/cL1SkOdVvVDrZv1gO4OCAxwrgI6HMsjQtwe16mGsBQzrHTCOGV -u4QtISEUDrwZL272PFsZrEpHXd9LtSpqCEoOMujr54pKxBEJAgMBAAGjDzANMAsG -A1UdDwQEAwIChDANBgkqhkiG9w0BAQUFAAOBwQCaA3ys5hDPMNV1oXIxH6u2KfAX -C9tYJId/SR0x8whsZuNaSEZAgImdM5dnyWdjey8Pio772E9/F2aUBGFkdadZx4My -d7hBfEi/NECEKs86k9g0ijbin41NKtnajb6GwyNQ9vDx7Z5FS8BZ3CD0BZIdCQUE -gKuDSWBROQU3tqrjdk2QTwGQkj2mgzT871Jn1MwZw0mczPjS1y469Ejym8wi3uCd -EboDOoGBCpmUQbxBv6JI75cUCdmNNEwjQjZ0XQw= +MIICZDCCAY2gAwIBAgIURC8vM7SbxPTMmosTyBzLlqxgsUAwDQYJKoZIhvcNAQEF +BQAwJjEOMAwGA1UEAwwFcGV0YWwxFDASBgkqhkiG9w0BCQEWBXBldGFsMB4XDTIw +MDcwODE0MDk0MloXDTQwMDMyNTE0MDk0MlowJjEOMAwGA1UEAwwFcGV0YWwxFDAS +BgkqhkiG9w0BCQEWBXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC4 +8GhhmIU66TZKc3QiyF4L5bsm8Aly/y2SzLP+GACepK0OcOtDi2sXrTtoJDvGOPZ9 +ICqmIy8u/Q/cK26txNEeZFcClLcYF/U+NaqjEwrwkHEIgc3g8qnKrhzM61I8foAW +VT7cqxFHDKYuClNITXk1i//Yzpnf9wvVKQ51W9UOtm/WA7g4IDHCuAjocyyNC3B7 +XqYawFDOsdMI4ZW7hC0hIRQOvBkvbvY8WxmsSkdd30u1KmoISg4y6OvnikrEEQkC +AwEAAaMPMA0wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBBQUAA4HBAHX0rIirg2Rt ++rp7BnR3riq81b0cWm4Y/UUdGmLtbPTJLuZogfLZhb9hf+185ub/8ZbuwuUFaiUY +zEcAjaOlPjBeRbNku1xnAVhlgtCIsCOyI37Ey+65OuJxL+0Rpwsyfh0WuR8SdBE5 +OdJ2DuH2yRkTd2JEsNi+DZVIEeaKwXtLGUvsqYWu0GrnXORwGsezfiLM4uAJW+tp +VA95CKpfS98l1MJIHtlcpffAjfRVZAJnGcXv+P/DtefC8aNukoiqvA== -----END CERTIFICATE----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup b/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup index 3e5931199..2492f47b4 100755 --- a/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup +++ b/testdata/10-unbound-anchor.tdir/keys/unbound-control-setup @@ -46,7 +46,7 @@ CLIENTNAME=unbound-anchor DAYS=7200 # size of keys in bits -BITS=1536 +BITS=3072 # hash algorithm HASH=sha1 diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_control.key b/testdata/10-unbound-anchor.tdir/keys/unbound_control.key index 47d15dd37..68b514f83 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_control.key +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_control.key @@ -1,21 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIIDfAIBAAKBwQC2p0MTVVEfvOpaWlI6rLKGxaHfw/4JUxXCwDHRkkyB0hkISRMx -8imB+io0aY2Uck9zl0BTgPaKtFeA0+lukZk75keOuATPFZwbCGs+6Tx5AoN4+NzI -aVay5AuO8E1u6AVdmcAqByP+R92yz5f3T93/cSsYzqPZ6Y1wO9sabtrkGTYwnfMg -nSttyvlBIhRDWbEO+rWL2CCi0JtrnpiK8sa2ysQCq9Y6ZiGjT9PEWIZwkxQ6y5TI -WVtyitoknpDheZcCAwEAAQKBwAgeXSPh2e5ANmZ3t0n2XSUSacSJcKQ3djMm2dAH -4bCvhv9QSDMjIWcumGul+W4Muq1XnrtXcx3tMCqAwNJyVE5OSQX19fjCbCLjd+je -8xop23AoF6As1nazHjRnR/nTBD7QNx2xbaW8RNbaGpTe2G2lpdbg9myRpyqiB8Pk -73x/AQcPqm4SHBJS+kU/Q9k9yZRHGQ/PhYlvAmY0SCndew28Pcs+IdCI32k7e/aP -SCEQvVqKeIiSJ0Zj8RSk8Pz1cQJhANtNsvcEa2V8NxI9yL2zwvBXwoBuU+d9Pszt -Ooqc/kmvU0FV06HgiIPtTSoHLI7Zh9h5Xn4DFGmtS8WeGhwSVCN1iwcW9F2ldgAw -LXcoXjEK21KXYFNAYeo07vul/Ly/yQJhANU3lM8hAqq7FB4R5zgUCcp08FOVA8tl -kEK1JoAdfp6Wv4M2xGJ6tmKcf92r0F8zBDV6oZX/dtPwFzWhBZUi+zaA8PcEqbwt -CJtmM5ycoX6kkkIfXtAVNZiTIYHn01beXwJgQBFA+V03KtzREeku3gzIJILe9bpF -lNlIIYIkmh4nQ8uOnQW/4AjCmRgYdPDHmav/PcSnUFUB/6V6/26i3hSUtA9A4H9a -QIl4IbHxdmA6tEUhsc07fNbQRCXWs3nYjiPRAmEAjDe4MhsYYOUUzs2hTFzJL46F -ucHGtA0/uM7e2eQLsAmdOpJaxhTDOsiGwmXKa8DmJLFX8IgHQkujR850GGbf5DEZ -xqkXYrwO6/tjN7w97EYYNUniFV/NVmBz6bVmY7trAmAvvg7MoBlb/o6nwoCQqnUM -QyjIy9A0t8+KHNMFSQwUldG+HIwiU4/7y2zCqBYJg8NOjrdj/3+73A24rP8wRp15 -zqQCS7mLLWmYx7pWE1ZHN8eY3xGoHmr7LzlB+dzYG+w= +MIIG4gIBAAKCAYEAzDESJ2lpIno7KpSrYBeBshT8H5dbtNF9rVBONsCmwSSqclLR +ixZ62OKrUKMVCEpZ0zj4yZOu3DGTfL9V9pEk3dCD8mFmylidYeLh5GHGMcDVWOzD +VPsnQ9y43KWYeURpGy4QSCxYDb5rrPysleSZwuN5D4lbs/AKdpubAHj6z37Zbrs2 +GjofHp6TaD6ck7jyRXDtqShrnsVXq9U1CadYDOPiE4aZ1TvusRzhhjmDm8GQXalr +tIBJ5j5EcmRamFhONGLshfj5ECZrKo9L17kOd8PyRMaXNfvl2tpx1qtMxmp7FDpb +oGGIzP7F7hyaWMI/zAzkTMAtjGkAJWqHgTbSfvlVul23RLvovM3fD/ZiugBuTWY/ +CRpmN7CQFFV6iFyLGjRp8vV7BojUIQX7is8QTxSqW12SsElMXOuUmcCnuIaoGF4n +AoG6vNLFECtSdLTjQ0uXawIp7dOww4zS8j1/dZzXsVF4G4V7GjeWD8eX7n+HNWoc +3ojjuYzbWfWvLIQbAgMBAAECggGANUTD8KYuOEFc+BHK14mqWxPgZjltQjG4sKMX +lG8T0aVIFgUHB1r492XCvYmd7gi/gDwHo0a0wlromA2uVmGtFXTVR0EjuLv/as7u +kU70jnw47DbwClZu+uQ1EdLdgR1Ysi+FLd7rpcI8gudz+rKlblM7fNMfqkR/5ktX +13q4K7Ny89FBHvx0q99Ao1xaKquAAJ+iUJPr54KiCYDYkkkmzk4Q53kg3qEA9xGK +wCJ29AY+LEELiQ5CuR8baiBGBiJa5QegeThbQox0jBlezNWAMOg1seCchpbZ4tHm +zuM+IRjZ9GRgkxNctQu8nx3Z6QcClpNFW2WfdThI4nzjqvE9C2nQBR+i/a+v0D90 +bX3LbCcPBE5Hr6sdI+pSQ0C3eFOuGZaCdfRxVs6ymWti3STdlMtTgaEOsCswmU0e +DasWVYbezyPHImb34r0/q1ux4BZkxon1AqjLLYOCF5LQ91v868jdwOIITGL3gviN +/TYW0ObbJ3Szav860B9vlGUtG86JAoHBAPNcY2LLCVMWkzrsmkyLL8+MmF1dChsF +/rVt8QIiiStZkV2q3f3F522kVVvH3dYwh6MyzBNPFBAAXHmaY2IjczL3gKWEz0OA +YlKv5+KoEBlRtonJIHSs6GCjdnl6EJ9NyF8NHq/tgpab326Dpb7RyXzMv2EZV5uY +kp3WVqJZONa1xEHYud9SOA7TA3X/7td7bC49b07n0SidH2N93ZZMd+oApjsHx97q +9J1BxCbaJdPX7mK15pPPWD7vPZqsxyeSjQKBwQDWy+hH1jrr26UUAdIq6SgQxPXh +Y2+epVbHGD0UK51Io0rAg0m3Nlaxr28EPc/MLfjwzwPs6cHdM1j1FMqwGCYiO8mw +CV+XqPVDc6Xqzklf+awMqhn71j+M4Y4Dr6K71fXQ9ek5X+9I47I6iuVLOOegLm29 +qSlg/x1fOkQUKnJNQw6aEJmPj7mi6q693E+oa6hzVO160AGe4tAJoidaR7ifwKU1 +ySOhXtugs2I2P7lc07UtkIwftiYS69d1CRE2G0cCgcA41hj4F8dDuoAEQQIAYnl2 +FbX4CCS2Dv5fzR9+iiZTE4YZxDA4dqIIP1sYJmOvBIKJIPH8iHl9CziNxfr0Dqd2 +/crz3UKy1ycffKnBi9LGtwjUwT5tQXy8JTEkSdfb/MSRPnUuTWA0YI8cNm7dVA2k +sgT4XnzRgB6t8kMlg4T80FLXthAjEga5n5qtUmqrtM2dNwfp+8YjoB6Wk+zOj2lq +I2CvZK/PZjxfBd8T29r90O6B603As6o+eI2AtF2G5nkCgcAuhHBkhleyVpoUkCRk +2KOtpgod6rv0npgBfBVWNe/VGFALCyO+wszZpEWlpIFJFbew5xRRjXpHnmQoh30x +z7kKdupB7nW+UX/0QKpxBIXNfDOvdnM0H/0ZVIu97p6OkVKwE2GT5Fvc7DrgBM6N +kOBQx11K0sS8VeOViPfPajXg16Hk6a1n8tdgGfUH9xtlPRN5Dq5zh3KiZzpoq65c +FeY86qqc0FegDfwAfHjLiNdq7ApzuLcv8vGh7WN23CTXE+cCgcAhhnUawfKcOvwh +3+Tt+vX6dBU7x+JVUiaI27zirE4dbKAsNN8MY7hT5pEwYYArtS9szWqmce3VT8dN +t5kJdn0ZLh4tnZcWd8z+xTXjgxgKeSqoUqPjOd9V8f4ceiPeLGnDV/6xPiVdCrHi +/R/fLidzApQKg7kGDyB1IX0gW+9mT24/zD+M52TjRdmYL6E7/1nZlNlr2JWfIdb+ +RLg/+EujuZo36hR59XQVEnvuhZFQ+MQeHC82yP4gjG0ADpLQ3cY= -----END RSA PRIVATE KEY----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem b/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem index ec7cd7e78..e7fe79bc3 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_control.pem @@ -1,14 +1,19 @@ -----BEGIN CERTIFICATE----- -MIICNjCCAV8CCQCbt2WrJa/ewzANBgkqhkiG9w0BAQUFADAmMQ4wDAYDVQQDEwVw -ZXRhbDEUMBIGCSqGSIb3DQEJARYFcGV0YWwwHhcNMTMwMTE3MTE1MjQ1WhcNMzIx -MDA0MTE1MjQ1WjAZMRcwFQYDVQQDEw51bmJvdW5kLWFuY2hvcjCB3zANBgkqhkiG -9w0BAQEFAAOBzQAwgckCgcEAtqdDE1VRH7zqWlpSOqyyhsWh38P+CVMVwsAx0ZJM -gdIZCEkTMfIpgfoqNGmNlHJPc5dAU4D2irRXgNPpbpGZO+ZHjrgEzxWcGwhrPuk8 -eQKDePjcyGlWsuQLjvBNbugFXZnAKgcj/kfdss+X90/d/3ErGM6j2emNcDvbGm7a -5Bk2MJ3zIJ0rbcr5QSIUQ1mxDvq1i9ggotCba56YivLGtsrEAqvWOmYho0/TxFiG -cJMUOsuUyFlbcoraJJ6Q4XmXAgMBAAEwDQYJKoZIhvcNAQEFBQADgcEAhc3wYcbD -Uu9Osbu3bhbxLCkhedq/3weEO8RDU3AyB8diioAikagIOb99UeVE3WIds+JIPD6J -mK5UvS+lPR8SEOMRd0H91bEEp1Zn+gHAS/Z7k/x9t38Xk1N0jOnElc6n4vl42KLO -z2laJWcte7YXjzFjaNxP9fsGgEx1vRxcjtpXQWSY+oj+RVm5kRs5WKX5MCyD/p+y -Xitg7/a0ITKbW1GpVwaX6nPaeoze68m3qmy64l080XCna3igbhi3h2ay +MIIDBTCCAi4CFG36qDt2k02biKtMYGtLy9khnP+eMA0GCSqGSIb3DQEBBQUAMCYx +DjAMBgNVBAMMBXBldGFsMRQwEgYJKoZIhvcNAQkBFgVwZXRhbDAeFw0yMDA3MDgx +NDA5NDJaFw00MDAzMjUxNDA5NDJaMBkxFzAVBgNVBAMMDnVuYm91bmQtYW5jaG9y +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzDESJ2lpIno7KpSrYBeB +shT8H5dbtNF9rVBONsCmwSSqclLRixZ62OKrUKMVCEpZ0zj4yZOu3DGTfL9V9pEk +3dCD8mFmylidYeLh5GHGMcDVWOzDVPsnQ9y43KWYeURpGy4QSCxYDb5rrPysleSZ +wuN5D4lbs/AKdpubAHj6z37Zbrs2GjofHp6TaD6ck7jyRXDtqShrnsVXq9U1CadY +DOPiE4aZ1TvusRzhhjmDm8GQXalrtIBJ5j5EcmRamFhONGLshfj5ECZrKo9L17kO +d8PyRMaXNfvl2tpx1qtMxmp7FDpboGGIzP7F7hyaWMI/zAzkTMAtjGkAJWqHgTbS +fvlVul23RLvovM3fD/ZiugBuTWY/CRpmN7CQFFV6iFyLGjRp8vV7BojUIQX7is8Q +TxSqW12SsElMXOuUmcCnuIaoGF4nAoG6vNLFECtSdLTjQ0uXawIp7dOww4zS8j1/ +dZzXsVF4G4V7GjeWD8eX7n+HNWoc3ojjuYzbWfWvLIQbAgMBAAEwDQYJKoZIhvcN +AQEFBQADgcEAPz9Iw956A8piiC5y3hJXAEJ0JYdNrpsgdj7n6iAXRU2EY+juzcKU +D+zcNEcebQJJxayr4eEMfUOUO1wH5uPkWBhKOC/qm6T6i/+/xNsksOeHm12G4/vH +VYPXTxMS+K+mz5HLmLcR0kuQMnCK22FFQj86fhr2vHBGHqINR6MxwvLCES37FWvr +qVZSseK6/6IwRgsjN101JUpaSnM88cMDpuUcqQrAbSSBRKDvjYMkcYcYuvchab26 +G0jEU4KgxaOs -----END CERTIFICATE----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_server.key b/testdata/10-unbound-anchor.tdir/keys/unbound_server.key index 6614e498f..370a7bbb2 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_server.key +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_server.key @@ -1,21 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ -RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1 -QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu -O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU -J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG -Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh -mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh -qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU -6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz -lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc -Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM -XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ -Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh -C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C -EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS -3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY -F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ -kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3 -berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2 +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem b/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem index 19c8b895b..986807310 100644 --- a/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem +++ b/testdata/10-unbound-anchor.tdir/keys/unbound_server.pem @@ -1,14 +1,22 @@ -----BEGIN CERTIFICATE----- -MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw -ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT -BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd -OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03 -/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8 -67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL -PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG -9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD -ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO -mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV -bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd -q7miNnkO8vd0maw= +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/autotrust_10key.rpl b/testdata/autotrust_10key.rpl index 22cd53681..8e4ab5a18 100644 --- a/testdata/autotrust_10key.rpl +++ b/testdata/autotrust_10key.rpl @@ -106,7 +106,6 @@ www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END -RANGE_END RANGE_END diff --git a/testdata/autotrust_revtp.rpl b/testdata/autotrust_revtp.rpl index 4ed113f74..ec3eeaa4d 100644 --- a/testdata/autotrust_revtp.rpl +++ b/testdata/autotrust_revtp.rpl @@ -97,7 +97,6 @@ www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END -RANGE_END RANGE_END diff --git a/testdata/autotrust_revtp_read.rpl b/testdata/autotrust_revtp_read.rpl index cd48a6339..7428f7aae 100644 --- a/testdata/autotrust_revtp_read.rpl +++ b/testdata/autotrust_revtp_read.rpl @@ -85,7 +85,6 @@ www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 ENTRY_END -RANGE_END RANGE_END diff --git a/testdata/black_data.rpl b/testdata/black_data.rpl index de6f57ec1..e6ef1b79d 100644 --- a/testdata/black_data.rpl +++ b/testdata/black_data.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/black_prime.rpl b/testdata/black_prime.rpl index 7e73f32f3..fbe92a721 100644 --- a/testdata/black_prime.rpl +++ b/testdata/black_prime.rpl @@ -8,6 +8,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/ctrl_itr.tdir/unbound_control.key b/testdata/ctrl_itr.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/ctrl_itr.tdir/unbound_control.key +++ b/testdata/ctrl_itr.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_itr.tdir/unbound_control.pem b/testdata/ctrl_itr.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/ctrl_itr.tdir/unbound_control.pem +++ b/testdata/ctrl_itr.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/ctrl_itr.tdir/unbound_server.key b/testdata/ctrl_itr.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/ctrl_itr.tdir/unbound_server.key +++ b/testdata/ctrl_itr.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_itr.tdir/unbound_server.pem b/testdata/ctrl_itr.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/ctrl_itr.tdir/unbound_server.pem +++ b/testdata/ctrl_itr.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/ctrl_pipe.tdir/unbound_control.key b/testdata/ctrl_pipe.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/ctrl_pipe.tdir/unbound_control.key +++ b/testdata/ctrl_pipe.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_pipe.tdir/unbound_control.pem b/testdata/ctrl_pipe.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/ctrl_pipe.tdir/unbound_control.pem +++ b/testdata/ctrl_pipe.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/ctrl_pipe.tdir/unbound_server.key b/testdata/ctrl_pipe.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/ctrl_pipe.tdir/unbound_server.key +++ b/testdata/ctrl_pipe.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ctrl_pipe.tdir/unbound_server.pem b/testdata/ctrl_pipe.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/ctrl_pipe.tdir/unbound_server.pem +++ b/testdata/ctrl_pipe.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dlv_anchor.rpl b/testdata/dlv_anchor.rpl deleted file mode 100644 index 81547454e..000000000 --- a/testdata/dlv_anchor.rpl +++ /dev/null @@ -1,279 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor -; positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_ask_higher.rpl b/testdata/dlv_ask_higher.rpl deleted file mode 100644 index fad8355c8..000000000 --- a/testdata/dlv_ask_higher.rpl +++ /dev/null @@ -1,354 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV where it needs to ask higher up in dlv. -; at first negative DLV response, it needs to ask higher. -; the SOA record in that negative response has a big span (if interpreted as NSEC) -; then a positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; failed DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -sub.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.net.example.com IN NSEC not.example.com. RRSIG NSEC DLV -example.net.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AKz/e6KOw8gCx6wnpIatBwKb0WOPBTWmNNMg91XR/wlJQ9Z2+qICPmA= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN A -SECTION ANSWER -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -sub.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. nM5HAlRsrLurc5mUNKwCye5X6LSH53pLgSeyni4wb6Jd2J48ZRWwrVvy7IpyvI75+Wlu3aGOjv/kEyVaizChRQ== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ENTRY_END - -RANGE_END - -; ns.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; DS -; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN DNSKEY -SECTION ANSWER -sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. 3600 IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. 3600 IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_below_ta.rpl b/testdata/dlv_below_ta.rpl deleted file mode 100644 index f5d630dfb..000000000 --- a/testdata/dlv_below_ta.rpl +++ /dev/null @@ -1,355 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator, use DLV for nonDSed zone below trustanchor. -; DLV example.com. -; trust anchor at example.net but no secure delegation to -; sub.example.net signed with DLV but not by parent. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net.example.com. IN DLV -SECTION ANSWER -sub.example.net.example.com. 3600 IN DLV 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -sub.example.net.example.com. 3600 IN RRSIG DLV 3 5 3600 20070926135752 20070829135752 2854 example.com. AAdhy87nuDEaxmc+k9pJHYnhKiEYL++OLPxzOdwEQOtsHi7jeD3lRDU= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; no DS to sub.example.net, securely insecure. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN DS -SECTION ANSWER -SECTION AUTHORITY -example.net. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ELVULZHTRc0Qk06rSBRnB/T6sm1+AbAtdEJHN6PCsz2Z3s3E5A8NH7Krz0VzRaYIEUStnbAtuE3oP8XHWHBnyQ== ;{id = 30899} -sub.example.net. IN NSEC tut.example.net. NS NSEC -sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. eNJ2OPjMhGKvg70aYT9l9Uo1lJsqmDqVRMlHibv6t+CNjljytI9Vwbao17oV0cjIksmESAewReb73x9fmVIgEQ== ;{id = 30899} -SECTION ADDITIONAL -ENTRY_END - -; delegation to sub.example.net, securely insecure. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. IN NSEC tut.example.net. NS NSEC -sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. eNJ2OPjMhGKvg70aYT9l9Uo1lJsqmDqVRMlHibv6t+CNjljytI9Vwbao17oV0cjIksmESAewReb73x9fmVIgEQ== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ENTRY_END - - -RANGE_END - -; ns.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; DS is -; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN DNSKEY -SECTION ANSWER -sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_delegation.rpl b/testdata/dlv_delegation.rpl deleted file mode 100644 index 53074c8e2..000000000 --- a/testdata/dlv_delegation.rpl +++ /dev/null @@ -1,335 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with delegation in DLV repository -; positive response for DLV. -; but the DLV repository has a (secure) delegation inside it. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; referral to the net.example.com DLV server -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN DS 2854 3 1 24d80cd822bc4083cf491b7f055890345a77dd9b ; xenat-myfat-memir-sabym-fefig-nakol-zucyh-megef-gakel-lolyn-ruxox -net.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AA0APyTN12wzj1XmDEZe+wrPE1hkLAINKT8cT9zGup7zX3O8R4Ki2N8= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJEvfI+tX6Y1OF0h1CNHERJjXaaTsmLWTMLgXk4UYJl8JjAikCpsf9Q= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.net.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN NS -SECTION ANSWER -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854} -ENTRY_END - -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DNSKEY -SECTION ANSWER -net.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -net.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926134150 20070829134150 2854 net.example.com. ADgKDV1Yi2iFOXFUN1XkvBU7KW/rdtGcOEdc9VMIxfIKDo5h24E5fqs= ;{id = 2854} -SECTION AUTHORITY -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854} -ENTRY_END - -; DLV apex -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -net.example.com. SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -net.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AKAjedAeGWRHaqhDhNhbTvVUQMgCspiD4GNC7dMVbEZSd87AFcqwg1Y= ;{id = 2854} -net.example.com. NSEC example.net.example.com. SOA NS DNSKEY RRSIG NSEC -net.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AAHqj3xDqng7ZuNFn89sTjTo2qfuXTv0yR6v8mZ1+L5mCsOwjpGXrJw= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -; DLV of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AIZmoTbAlXYwLknm84i7sbglbHr1Iq7t0yyTENO/MsPj7K/mvEQAI/g= ;{id = 2854} -SECTION AUTHORITY -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_ds_lookup.rpl b/testdata/dlv_ds_lookup.rpl deleted file mode 100644 index 663cd9c36..000000000 --- a/testdata/dlv_ds_lookup.rpl +++ /dev/null @@ -1,281 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor for a DS lookup. -; positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DS -SECTION AUTHORITY -net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -example.net. IN DS -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -example.net. IN DS -SECTION AUTHORITY -net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_insecure.rpl b/testdata/dlv_insecure.rpl deleted file mode 100644 index e6515a9fb..000000000 --- a/testdata/dlv_insecure.rpl +++ /dev/null @@ -1,254 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - harden-referral-path: no - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with insecure zone with no DLV - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -; could be picked out of the negative cache due to NS queries in between. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_insecure_negcache.rpl b/testdata/dlv_insecure_negcache.rpl deleted file mode 100644 index 8408870b9..000000000 --- a/testdata/dlv_insecure_negcache.rpl +++ /dev/null @@ -1,311 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - harden-referral-path: no - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with insecure zone, no DLV from negative cache - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 300 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -; could be picked out of the negative cache due to NS queries in between. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -zoink.name.example.com IN NSEC zazz.net.example.com. RRSIG NSEC DLV -zoink.name.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AHipxvshRHglCEN4nZCT4m/4RIj8TrCOE2AsqEoH9e+6OYSo+yuNzzo= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -zoink.name.example.com IN NSEC zazz.net.example.com. RRSIG NSEC DLV -zoink.name.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AHipxvshRHglCEN4nZCT4m/4RIj8TrCOE2AsqEoH9e+6OYSo+yuNzzo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC frump.aqua.example.com. SOA NS RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AAscY9DfNm3Uy8f8Q4WX6AzR0flHYNSr3fKfgQ0Xc20fzj1lGP9ebfk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 300 - ADDRESS 1.2.3.5 -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 10 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 10 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -STEP 150 TIME_PASSES ELAPSE 30 - -; no more DLV authority reachable -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 10 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -STEP 220 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -net. IN NS -ENTRY_END - -STEP 230 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_keyretry.rpl b/testdata/dlv_keyretry.rpl deleted file mode 100644 index 8d477b5a5..000000000 --- a/testdata/dlv_keyretry.rpl +++ /dev/null @@ -1,287 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor and subsequently key retries -; positive response for DLV. But the DNSKEY for the target fails validation. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -; expired signature -example.net. 3600 IN RRSIG DNSKEY 5 2 3600 20050926134150 20050829134150 30899 example.net. ydM0/eWMqFn4RxMTbscdSLU7bJNoPuzjCa0eI7HSV/r/54slSGvkl0fmwqrROl1tpc0YMV6kAzgB1T5lJbvdsA== ;{id = 30899} -; good signature: -;example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; AAAA for nameserver (for dnssec retry) query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN SOA . . 2007091300 28800 7200 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. MrpP4svNpbN/YKhuYRlNbvNg0yVxn4ywW1tyEFA9v6F7BR6k1pP8iPfN5XV+XWPAmbss9h3fwKq8zNs4F/SPkg== ;{id = 30899} -ns.example.net. IN NSEC ppp.example.net. A RRSIG NSEC -ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. freWP6rXWsU5iyRE2gIM9rICuBxCYlQSW01GkLPez5czqtEL0hHN8vtjTlfoNxjJjiZj3vAavZDIQGgOOOMIsA== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_negnx.rpl b/testdata/dlv_negnx.rpl deleted file mode 100644 index 03edf1a47..000000000 --- a/testdata/dlv_negnx.rpl +++ /dev/null @@ -1,405 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor for negcache nxdomain proof -; put a DLV in the negcache. -; then test ask-higher with that in the cache. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; under example.net in DLV -ENTRY_BEGIN -MATCH opcode qtype subdomain -ADJUST copy_id copy_query -REPLY QR NXDOMAIN -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.net.example.com. 3600 IN NSEC fru.net.example.com. RRSIG NSEC DLV -example.net.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AI6NNKt4dGcAdCrW73GYwyoqelsdj1dd8mBNPpHRQIL0yp7yYFZ7kXU= ;{id = 2854} -example.com. IN SOA . . 1 2 3 4 5 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AIkRPbv+kZaiG61pH/wQy8fX2UqQS5YRwHaxe4yjEUXk59fgO71Db3s= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -; have it flushed out of the cache quickly. -example.net. 0 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 0 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; subzone -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub1.example.net. IN A -SECTION ANSWER -SECTION AUTHORITY -sub1.example.net. 3600 IN DS 30899 5 1 8916603e54c6f7edcfd885602e3b7b8dc475ba5c ; xodec-komif-vehis-kotav-tefot-mecyk-biryf-rivym-ticol-huvyh-saxox -sub1.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. A3vVrEY3+oIUqdbAa3tkKaU3o47eBD01hVXfAEAue1M+Uci2PA5YyiulLzStyiP75XUXkvubLQ2+ltKMTtfdag== ;{id = 30899} -sub1.example.net. IN NS ns.sub1.example.net. -SECTION ADDITIONAL -ns.sub1.example.net. IN A 1.2.3.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub2.example.net. IN A -SECTION ANSWER -SECTION AUTHORITY -sub2.example.net. 3600 IN DS 30899 5 1 627f7a51f1545133fec3ecbd19b85b92b15679c9 ; ximil-zovah-casuh-gygef-fyzas-farir-tikir-mukon-disih-kavus-nyxex -sub2.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. azMXKt4VPHj2hk5MDU6h8E/HOtNnHnIVS6Le3BV43wtJcHG5wlCxOksOZBOpXMkpbWLvbCJOOMPOnh31nlbjgg== ;{id = 30899} -sub2.example.net. IN NS ns.sub2.example.net. -SECTION ADDITIONAL -ns.sub2.example.net. IN A 1.2.3.12 -ENTRY_END -RANGE_END - -; sub1.example.net. -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.10 -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub1.example.net. IN DNSKEY -SECTION ANSWER -sub1.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub1.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub1.example.net. E200eTdRnkL7/fk54i1nXEE9a/rC2GxZfVkWMU044tpwV6d4XRxVhlFBzY4FytbRFFBUDhz7L3B0qC6BXJM8rg== ;{id = 30899} -ENTRY_END - -; www query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.sub1.example.net. IN A -SECTION ANSWER -www.sub1.example.net. IN A 192.168.1.1 -www.sub1.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub1.example.net. JKxcjPjc/TsQmUmCYHLQa3cBk1c+SbDPtVml69nDWC167NNWG8OLjLrLtUBVCfbTzCmqOWXq2qhrGPxjO65GCQ== ;{id = 30899} -ENTRY_END - -RANGE_END - -; sub2.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.12 -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub2.example.net. IN DNSKEY -SECTION ANSWER -sub2.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub2.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub2.example.net. VcNaPuz9Mmjj5ofZqOa4FsixBomFJTjd/9wxhZOVdxf1LsNR5L++8k09gQvnjtCvqSPfNer/uv0xl+9sRr8Wmw== ;{id = 30899} -ENTRY_END - -; www query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.sub2.example.net. IN A -SECTION ANSWER -www.sub2.example.net. IN A 192.168.1.12 -www.sub2.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub2.example.net. PsWY6+5/0+hsTOhNak/jdSeG44hvHgX5az1Q5XY/YkIchsflH9rmvP1EruFhflNhRR+22M7POiljYOoD5ylQXQ== ;{id = 30899} -ENTRY_END - -RANGE_END - - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub1.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub1.example.net. IN A -SECTION ANSWER -www.sub1.example.net. IN A 192.168.1.1 -www.sub1.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub1.example.net. JKxcjPjc/TsQmUmCYHLQa3cBk1c+SbDPtVml69nDWC167NNWG8OLjLrLtUBVCfbTzCmqOWXq2qhrGPxjO65GCQ== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; have example.net DNSKEY time out -STEP 14 TIME_PASSES ELAPSE 1.0 - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub2.example.net. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub2.example.net. IN A -SECTION ANSWER -www.sub2.example.net. IN A 192.168.1.12 -www.sub2.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub2.example.net. PsWY6+5/0+hsTOhNak/jdSeG44hvHgX5az1Q5XY/YkIchsflH9rmvP1EruFhflNhRR+22M7POiljYOoD5ylQXQ== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - - -SCENARIO_END diff --git a/testdata/dlv_optout.rpl b/testdata/dlv_optout.rpl deleted file mode 100644 index e5a8fdd62..000000000 --- a/testdata/dlv_optout.rpl +++ /dev/null @@ -1,440 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator, DLV to zone below optout, check negative cache. -; DLV example.com. -; trust anchor at example.net but no secure delegation to -; sub.example.net signed with DLV but not by parent. -; parent uses optout NSEC3. -; then a signed delegation to down.sub.example.net. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net.example.com. IN DLV -SECTION ANSWER -sub.example.net.example.com. 3600 IN DLV 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -sub.example.net.example.com. 3600 IN RRSIG DLV 3 5 3600 20070926135752 20070829135752 2854 example.com. AAdhy87nuDEaxmc+k9pJHYnhKiEYL++OLPxzOdwEQOtsHi7jeD3lRDU= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -down.sub.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -sub.example.net.example.com. IN NSEC zzz.example.net.example.com. RRSIG NSEC DLV -sub.example.net.example.com. 3600 IN RRSIG NSEC 3 5 3600 20070926134150 20070829134150 2854 example.com. AG/M+H/lex1CMTIuO+JpdmTjCzt7XBsLtRLPDfYTykhxnnECzZwkMnQ= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; no DS to sub.example.net, optout NSEC3. -; NSEC3PARAM 1 1 31 DE15C001 -; example.net. -> hk4jq0lg6q3bt992urc88dqten1k2be8. -; sub.example.net. -> ecs17hqd0kf7dk9g1cjvevj25pginrf2. -; *.example.net. -> 1tgbedpeeuubbsejh2dqvso62f8n4dk1. -; down.sub.example.net. -> 9j1r8re9b1238vd907tilclgat1i0fre. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN DS -SECTION ANSWER -SECTION AUTHORITY -example.net. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ELVULZHTRc0Qk06rSBRnB/T6sm1+AbAtdEJHN6PCsz2Z3s3E5A8NH7Krz0VzRaYIEUStnbAtuE3oP8XHWHBnyQ== ;{id = 30899} -; CE is example.net -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. IN NSEC3 1 1 31 DE15C001 hl4jq0lg6q3bt992urc88dqten1k2be8 NS SOA NAPTR RRSIG DNSKEY NSEC3PARAM -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. n1dQKbRoB+X4K003RAhdUp6ZUP5dCiwQi+apGfLII8wmCUmw/cKiz7/Ijhs/+88hZwq/7yhlZM0D/yqAUKUiAA== ;{id = 30899} -; NC covers sub.example.net -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. IN NSEC3 1 1 31 de15c001 efs17hqd0kf7dk9g1cjvevj25pginrf2 A RRSIG -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. oSVB7Dyp7/yaOlT8AFwBJZdqwRRSQ8XFzCpu1AP51JPIuhCg5byepdvY6UC3xXc7YVO6h74tpxFCGqLpRXwDoQ== ;{id = 30899} -SECTION ADDITIONAL -ENTRY_END - -; delegation to sub.example.net, optout NSEC3. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. IN NSEC3 1 1 31 DE15C001 hl4jq0lg6q3bt992urc88dqten1k2be8 NS SOA NAPTR RRSIG DNSKEY NSEC3PARAM -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. n1dQKbRoB+X4K003RAhdUp6ZUP5dCiwQi+apGfLII8wmCUmw/cKiz7/Ijhs/+88hZwq/7yhlZM0D/yqAUKUiAA== ;{id = 30899} -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. IN NSEC3 1 1 31 de15c001 efs17hqd0kf7dk9g1cjvevj25pginrf2 A RRSIG -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. oSVB7Dyp7/yaOlT8AFwBJZdqwRRSQ8XFzCpu1AP51JPIuhCg5byepdvY6UC3xXc7YVO6h74tpxFCGqLpRXwDoQ== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ENTRY_END - - -RANGE_END - -; ns.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; DS is -; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN DNSKEY -SECTION ANSWER -sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; DS for down.sub.example.net -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -down.sub.example.net. IN DS -SECTION ANSWER -down.sub.example.net. 3600 IN DS 60946 5 1 c636304ab7cdb6272215aceac95a8d312ac7a4f6 -down.sub.example.net. 3600 IN RRSIG DS 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AMc8J534UF2+0PtPSNBw6RzN4Q5gXfnBXiUfpuT/MR1YtOE/5AP/0dTgvqvKRiFZx3NjOPeZmRnaabxkw0Qzrw== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; delegation to down.sub.example.net -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -down.sub.example.net. IN NS -SECTION ANSWER -SECTION AUTHORITY -down.sub.example.net. IN NS ns.down.sub.example.net. -; the DS record is not given (like it was parent and child hosted on the same -; server) -;down.sub.example.net. 3600 IN DS 60946 5 1 c636304ab7cdb6272215aceac95a8d312ac7a4f6 -;down.sub.example.net. 3600 IN RRSIG DS 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AMc8J534UF2+0PtPSNBw6RzN4Q5gXfnBXiUfpuT/MR1YtOE/5AP/0dTgvqvKRiFZx3NjOPeZmRnaabxkw0Qzrw== ;{id = 30899} -SECTION ADDITIONAL -ns.down.sub.example.net. IN A 1.2.3.7 -ENTRY_END - -RANGE_END - -; ns.down.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.7 -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -down.sub.example.net. IN DNSKEY -SECTION ANSWER -down.sub.example.net. 3600 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} -down.sub.example.net. 3600 IN RRSIG DNSKEY 5 4 3600 20070926134150 20070829134150 60946 down.sub.example.net. lK5HNva/IPw0CS9BfBd16fqm5y9bgCSwGsBLBAA1d5SCcKep6AVrv6NFuXl12d1G3MdQ4ruHi6eDDO5dhtkfrw== ;{id = 60946} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; www.down.sub.example.net. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.down.sub.example.net. IN A -SECTION ANSWER -www.down.sub.example.net. IN A 10.20.30.44 -www.down.sub.example.net. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 60946 down.sub.example.net. Hg5WF/xW8PRth2rl1mZcYK8/pgGpM73e/fD+mH/XElEKgL9zq0ou8psA0I6OvMLGBN6RQeknQHRAy3D2/5k/Wg== ;{id = 60946} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.down.sub.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.down.sub.example.net. IN A -SECTION ANSWER -www.down.sub.example.net. IN A 10.20.30.44 -www.down.sub.example.net. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 60946 down.sub.example.net. Hg5WF/xW8PRth2rl1mZcYK8/pgGpM73e/fD+mH/XElEKgL9zq0ou8psA0I6OvMLGBN6RQeknQHRAy3D2/5k/Wg== ;{id = 60946} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove.rpl b/testdata/dlv_remove.rpl deleted file mode 100644 index d503148c7..000000000 --- a/testdata/dlv_remove.rpl +++ /dev/null @@ -1,198 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor but DLV domain is down -; so DLV has been decommissioned. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - -ENTRY_BEGIN -MATCH opcode -ADJUST copy_id copy_query -REPLY QR SERVFAIL -SECTION QUESTION -example.com. IN NS -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove_empty.rpl b/testdata/dlv_remove_empty.rpl deleted file mode 100644 index 11b825bc2..000000000 --- a/testdata/dlv_remove_empty.rpl +++ /dev/null @@ -1,272 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV and DLV repository is empty. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query, everything is NXDOMAIN -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR AA NXDOMAIN -SECTION QUESTION -example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. 3600 IN NSEC example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AH++lP1qhsBw6zO1g3JVPZeQIpDhL9xT8V9xdgjXvCjIGQ1BUUlfQkA= -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove_nodel.rpl b/testdata/dlv_remove_nodel.rpl deleted file mode 100644 index 1abe5a32f..000000000 --- a/testdata/dlv_remove_nodel.rpl +++ /dev/null @@ -1,276 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "dlv.example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV and DLV is removed and not delegated -; so the response is that the dlv domain itself does not exist, but it's -; parent domain does exist (securely). - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query, everything is NXDOMAIN -; thus, no delegation to the dlv repository in dlv.example.com -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR AA NXDOMAIN -SECTION QUESTION -example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. 3600 IN NSEC example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AH++lP1qhsBw6zO1g3JVPZeQIpDhL9xT8V9xdgjXvCjIGQ1BUUlfQkA= -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove_pos.rpl b/testdata/dlv_remove_pos.rpl deleted file mode 100644 index 892ffa3c0..000000000 --- a/testdata/dlv_remove_pos.rpl +++ /dev/null @@ -1,167 +0,0 @@ -; config options -; The island of trust is at example.com -server: - dlv-anchor: "dlv.example.net. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV removed for positive anchored response -; So the destination has a valid DNSSEC chain of trust to the root, -; but the configured dlv anchor fails. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -; this covers dlv.example.net and thus makes it servfail (unusable). -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR SERVFAIL -SECTION QUESTION -net. IN NS -ENTRY_END - -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_unused.rpl b/testdata/dlv_unused.rpl deleted file mode 100644 index aa7d04c1e..000000000 --- a/testdata/dlv_unused.rpl +++ /dev/null @@ -1,277 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator, DLV anchor unused because trustanchor works. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dnstap.tdir/dnstap.pre b/testdata/dnstap.tdir/dnstap.pre index 95216949c..6561d77e9 100644 --- a/testdata/dnstap.tdir/dnstap.pre +++ b/testdata/dnstap.tdir/dnstap.pre @@ -45,7 +45,7 @@ fi # make config file sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < dnstap.conf > ub.conf # start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +$PRE/unbound -d -c ub.conf -vvvv >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test diff --git a/testdata/dnstap.tdir/dnstap.test b/testdata/dnstap.tdir/dnstap.test index 04db17b27..fbf8565ff 100644 --- a/testdata/dnstap.tdir/dnstap.test +++ b/testdata/dnstap.tdir/dnstap.test @@ -24,6 +24,8 @@ else exit 1 fi +echo "> wait for log to happen on timer" +sleep 3 echo "> check tap.log for dnstap info" # see if it logged the information in tap.log # wait for a moment for filesystem to catch up. @@ -57,6 +59,8 @@ dig @127.0.0.1 -p $UNBOUND_PORT q7.example.net. dig @127.0.0.1 -p $UNBOUND_PORT q8.example.net. dig @127.0.0.1 -p $UNBOUND_PORT q9.example.net. dig @127.0.0.1 -p $UNBOUND_PORT q10.example.net. +echo "> wait for log to happen on timer" +sleep 3 for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi diff --git a/testdata/dnstap.tdir/unbound_control.key b/testdata/dnstap.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap.tdir/unbound_control.key +++ b/testdata/dnstap.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap.tdir/unbound_control.pem b/testdata/dnstap.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap.tdir/unbound_control.pem +++ b/testdata/dnstap.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap.tdir/unbound_server.key b/testdata/dnstap.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap.tdir/unbound_server.key +++ b/testdata/dnstap.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap.tdir/unbound_server.pem b/testdata/dnstap.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap.tdir/unbound_server.pem +++ b/testdata/dnstap.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post index 8474b3a02..0056a20d9 100644 --- a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post @@ -13,4 +13,6 @@ kill_pid $FWD_PID kill $UNBOUND_PID kill $UNBOUND_PID >/dev/null 2>&1 cat unbound.log +cat tap.log +cat tap.errlog exit 0 diff --git a/testdata/dnstap_reconnect.tdir/unbound_control.key b/testdata/dnstap_reconnect.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_reconnect.tdir/unbound_control.key +++ b/testdata/dnstap_reconnect.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_reconnect.tdir/unbound_control.pem b/testdata/dnstap_reconnect.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_reconnect.tdir/unbound_control.pem +++ b/testdata/dnstap_reconnect.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_reconnect.tdir/unbound_server.key b/testdata/dnstap_reconnect.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_reconnect.tdir/unbound_server.key +++ b/testdata/dnstap_reconnect.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_reconnect.tdir/unbound_server.pem b/testdata/dnstap_reconnect.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_reconnect.tdir/unbound_server.pem +++ b/testdata/dnstap_reconnect.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_tcp.tdir/unbound_control.key b/testdata/dnstap_tcp.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_tcp.tdir/unbound_control.key +++ b/testdata/dnstap_tcp.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tcp.tdir/unbound_control.pem b/testdata/dnstap_tcp.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_tcp.tdir/unbound_control.pem +++ b/testdata/dnstap_tcp.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_tcp.tdir/unbound_server.key b/testdata/dnstap_tcp.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_tcp.tdir/unbound_server.key +++ b/testdata/dnstap_tcp.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tcp.tdir/unbound_server.pem b/testdata/dnstap_tcp.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_tcp.tdir/unbound_server.pem +++ b/testdata/dnstap_tcp.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls.tdir/unbound_control.key b/testdata/dnstap_tls.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_tls.tdir/unbound_control.key +++ b/testdata/dnstap_tls.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls.tdir/unbound_control.pem b/testdata/dnstap_tls.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_tls.tdir/unbound_control.pem +++ b/testdata/dnstap_tls.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls.tdir/unbound_server.key b/testdata/dnstap_tls.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_tls.tdir/unbound_server.key +++ b/testdata/dnstap_tls.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls.tdir/unbound_server.pem b/testdata/dnstap_tls.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_tls.tdir/unbound_server.pem +++ b/testdata/dnstap_tls.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_control.key b/testdata/dnstap_tls_badcert.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_tls_badcert.tdir/unbound_control.key +++ b/testdata/dnstap_tls_badcert.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_control.pem b/testdata/dnstap_tls_badcert.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_tls_badcert.tdir/unbound_control.pem +++ b/testdata/dnstap_tls_badcert.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_server.key b/testdata/dnstap_tls_badcert.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_tls_badcert.tdir/unbound_server.key +++ b/testdata/dnstap_tls_badcert.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badcert.tdir/unbound_server.pem b/testdata/dnstap_tls_badcert.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_tls_badcert.tdir/unbound_server.pem +++ b/testdata/dnstap_tls_badcert.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_control.key b/testdata/dnstap_tls_badname.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_tls_badname.tdir/unbound_control.key +++ b/testdata/dnstap_tls_badname.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_control.pem b/testdata/dnstap_tls_badname.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_tls_badname.tdir/unbound_control.pem +++ b/testdata/dnstap_tls_badname.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_server.key b/testdata/dnstap_tls_badname.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_tls_badname.tdir/unbound_server.key +++ b/testdata/dnstap_tls_badname.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_badname.tdir/unbound_server.pem b/testdata/dnstap_tls_badname.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_tls_badname.tdir/unbound_server.pem +++ b/testdata/dnstap_tls_badname.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_control.key b/testdata/dnstap_tls_clientauth.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_tls_clientauth.tdir/unbound_control.key +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem b/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_server.key b/testdata/dnstap_tls_clientauth.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_tls_clientauth.tdir/unbound_server.key +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem b/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem +++ b/testdata/dnstap_tls_clientauth.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_control.key b/testdata/dnstap_tls_peername.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/dnstap_tls_peername.tdir/unbound_control.key +++ b/testdata/dnstap_tls_peername.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_control.pem b/testdata/dnstap_tls_peername.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/dnstap_tls_peername.tdir/unbound_control.pem +++ b/testdata/dnstap_tls_peername.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_server.key b/testdata/dnstap_tls_peername.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/dnstap_tls_peername.tdir/unbound_server.key +++ b/testdata/dnstap_tls_peername.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/dnstap_tls_peername.tdir/unbound_server.pem b/testdata/dnstap_tls_peername.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/dnstap_tls_peername.tdir/unbound_server.pem +++ b/testdata/dnstap_tls_peername.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/doh_downstream.tdir/doh_downstream.conf b/testdata/doh_downstream.tdir/doh_downstream.conf new file mode 100644 index 000000000..f0857bb58 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.conf @@ -0,0 +1,27 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream.tdir/doh_downstream.dsc b/testdata/doh_downstream.tdir/doh_downstream.dsc new file mode 100644 index 000000000..66b84284e --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream +Version: 1.0 +Description: Test DNS-over-HTTPS query processing +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream.pre +Post: doh_downstream.post +Test: doh_downstream.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream.tdir/doh_downstream.post b/testdata/doh_downstream.tdir/doh_downstream.post new file mode 100644 index 000000000..0e3c00b05 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.post @@ -0,0 +1,13 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream.tdir/doh_downstream.pre b/testdata/doh_downstream.tdir/doh_downstream.pre new file mode 100644 index 000000000..29bb805a1 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.pre @@ -0,0 +1,33 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream.tdir/doh_downstream.test b/testdata/doh_downstream.tdir/doh_downstream.test new file mode 100644 index 000000000..d66168fba --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.test @@ -0,0 +1,339 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l ) +if test "$num_ans" -ne 90; then + echo "number of answers not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream.tdir/doh_downstream.testns b/testdata/doh_downstream.tdir/doh_downstream.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream.tdir/unbound_server.key b/testdata/doh_downstream.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream.tdir/unbound_server.pem b/testdata/doh_downstream.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf new file mode 100644 index 000000000..30d8e2a4f --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf @@ -0,0 +1,17 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-response-buffer-size: 500 + + local-zone: "example.net" redirect + local-data: "example.net. IN A 1.2.3.1" diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc new file mode 100644 index 000000000..c271fcdc1 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_buffer_size +Version: 1.0 +Description: Test DNS-over-HTTPS http-response-buffer-size +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_buffer_size.pre +Post: doh_downstream_buffer_size.post +Test: doh_downstream_buffer_size.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post new file mode 100644 index 000000000..881970a77 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post @@ -0,0 +1,12 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +. ../common.sh +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre new file mode 100644 index 000000000..a58780ab3 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre @@ -0,0 +1,24 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 1 +UNBOUND_PORT=$RND_PORT +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_buffer_size.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test new file mode 100644 index 000000000..78c46081d --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test @@ -0,0 +1,39 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +echo "> query www.example.net. endpoint /dns-query" +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT 1.example.net. A IN 2.example.net. A IN 3.example.net. A IN 4.example.net. A IN 5.example.net. A IN 6.example.net. A IN 7.example.net. A IN 8.example.net. A IN 9.example.net. A IN 10.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +num=$(grep "ANSWER SEC" outfile | wc -l) +# 58 byte answers, 500 byte max response buffer -> 8 answers +if [ $num -eq 8 ]; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +exit 0 diff --git a/testdata/doh_downstream_buffer_size.tdir/unbound_server.key b/testdata/doh_downstream_buffer_size.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem b/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf new file mode 100644 index 000000000..3ec5ed4a1 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf @@ -0,0 +1,17 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-endpoint: "/abc" + + local-zone: "example.net" static + local-data: "www.example.net. IN A 1.2.3.1" diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc new file mode 100644 index 000000000..ef36a1968 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream +Version: 1.0 +Description: Test DNS-over-HTTPS query processing, endpoint setting +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_endpoint.pre +Post: doh_downstream_endpoint.post +Test: doh_downstream_endpoint.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post new file mode 100644 index 000000000..dcdf8627e --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post @@ -0,0 +1,12 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre new file mode 100644 index 000000000..cd0d11fd4 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre @@ -0,0 +1,23 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_random_port 1 +UNBOUND_PORT=$RND_PORT +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_endpoint.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test new file mode 100644 index 000000000..2a6954cab --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test @@ -0,0 +1,59 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +echo "> query www.example.net. endpoint /dns-query" +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "status 404" outfile; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +echo "> query www.example.net. endpoint /abc" +$PRE/dohclient -e /abc -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep ":status 200" outfile; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_endpoint.tdir/unbound_server.key b/testdata/doh_downstream_endpoint.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_endpoint.tdir/unbound_server.pem b/testdata/doh_downstream_endpoint.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf new file mode 100644 index 000000000..bdca45645 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf @@ -0,0 +1,28 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + http-notls-downstream: yes + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc new file mode 100644 index 000000000..4b908e052 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_notls +Version: 1.0 +Description: Test DNS-over-HTTP query processing with no-tls +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_notls.pre +Post: doh_downstream_notls.post +Test: doh_downstream_notls.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post new file mode 100644 index 000000000..3ceaeade8 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post @@ -0,0 +1,13 @@ +# #-- doh_downstream_notls.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre new file mode 100644 index 000000000..e1f30a575 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre @@ -0,0 +1,33 @@ +# #-- doh_downstream_notls.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream_notls.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_notls.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test new file mode 100644 index 000000000..87ff560d3 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test @@ -0,0 +1,339 @@ +# #-- doh_downstream_notls.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l ) +if test "$num_ans" -ne 90; then + echo "number of answers not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream_notls.tdir/unbound_server.key b/testdata/doh_downstream_notls.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_notls.tdir/unbound_server.pem b/testdata/doh_downstream_notls.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.conf b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf new file mode 100644 index 000000000..f0857bb58 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf @@ -0,0 +1,27 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc new file mode 100644 index 000000000..70de7502f --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_post +Version: 1.0 +Description: Test DNS-over-HTTPS query processing, using POST method +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_post.pre +Post: doh_downstream_post.post +Test: doh_downstream_post.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.post b/testdata/doh_downstream_post.tdir/doh_downstream_post.post new file mode 100644 index 000000000..98034a32c --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.post @@ -0,0 +1,13 @@ +# #-- doh_downstream_post.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.pre b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre new file mode 100644 index 000000000..34df83d4b --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre @@ -0,0 +1,31 @@ +# #-- doh_downstream_post.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream_post.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_post.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.test b/testdata/doh_downstream_post.tdir/doh_downstream_post.test new file mode 100644 index 000000000..6442d1e12 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.test @@ -0,0 +1,340 @@ +# #-- doh_downstream_post.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l ) +if test "$num_ans" -ne 90; then + echo "number of answers not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.testns b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream_post.tdir/unbound_server.key b/testdata/doh_downstream_post.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_post.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_post.tdir/unbound_server.pem b/testdata/doh_downstream_post.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/domain_insec_dlv.rpl b/testdata/domain_insec_dlv.rpl deleted file mode 100644 index c8bd98344..000000000 --- a/testdata/domain_insec_dlv.rpl +++ /dev/null @@ -1,277 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - domain-insecure: "example.net" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with domain-insecure below a DLV -; positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dynlibmod.tdir/dynlibmod.conf b/testdata/dynlibmod.tdir/dynlibmod.conf new file mode 100644 index 000000000..d59444344 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.conf @@ -0,0 +1,32 @@ +server: + verbosity: 2 + num-threads: 3 + outgoing-range: 16 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + local-zone: "example.net." redirect + local-data: "example.net. IN A 10.20.30.41" + module-config: "dynlib iterator" + +dynlib: + dynlib-file: "@DLL_FILE@" + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/dynlibmod.tdir/dynlibmod.dsc b/testdata/dynlibmod.tdir/dynlibmod.dsc new file mode 100644 index 000000000..b1a83910d --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.dsc @@ -0,0 +1,16 @@ +BaseName: dynlibmod +Version: 1.0 +Description: test dynlibmod module +CreationDate: Tue May 19 15:00:38 CET 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: dynlibmod.pre +Post: dynlibmod.post +Test: dynlibmod.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/dynlibmod.tdir/dynlibmod.post b/testdata/dynlibmod.tdir/dynlibmod.post new file mode 100644 index 000000000..caa0da4f5 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.post @@ -0,0 +1,15 @@ +# #-- dynlibmod.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $FWD_PID +kill $UNBOUND_PID +kill $UNBOUND_PID >/dev/null 2>&1 +cat unbound.log +exit 0 diff --git a/testdata/dynlibmod.tdir/dynlibmod.pre b/testdata/dynlibmod.tdir/dynlibmod.pre new file mode 100644 index 000000000..94adaa723 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.pre @@ -0,0 +1,35 @@ +# #-- dynlibmod.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh + +PRE="../.." +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 3 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +CONTROL_PORT=$(($RND_PORT + 2)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT dynlibmod.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +if grep "define USE_WINSOCK 1" $PRE/config.h; then + DLL_FILE="helloworld.dll" +else + DLL_FILE="helloworld.so" +fi +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' -e 's/@DLL_FILE\@/'$DLL_FILE'/' < dynlibmod.conf > ub.conf + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log diff --git a/testdata/dynlibmod.tdir/dynlibmod.test b/testdata/dynlibmod.tdir/dynlibmod.test new file mode 100644 index 000000000..f99f6fbc4 --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.test @@ -0,0 +1,74 @@ +# #-- dynlibmod.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +PRE="../.." +if grep "define WITH_DYNLIBMODULE 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +# compile the dynamic library module +if grep "define USE_WINSOCK 1" $PRE/config.h; then + echo "compile dynamic library dll for mingw" + echo "x86_64-w64-mingw32-gcc -m64 -I$PRE -shared -Wall -fpic -o helloworld.dll $PRE/dynlibmod/examples/helloworld.c -L../.. -l:libunbound.a" + x86_64-w64-mingw32-gcc -m64 -I$PRE -shared -Wall -fpic -o helloworld.dll $PRE/dynlibmod/examples/helloworld.c -L../.. -l:libunbound.a + if test $? != 0; then + echo "compile failure" + exit 1; + fi +else + echo "compile dynamic library" + echo "gcc -I$PRE -shared -Wall -fpic -o helloworld.so $PRE/dynlibmod/examples/helloworld.c" + gcc -I$PRE -shared -Wall -fpic -o helloworld.so $PRE/dynlibmod/examples/helloworld.c + if test $? != 0; then + echo "compile failure" + exit 1; + fi +fi + +# start unbound in the background +LD_LIBRARY_PATH="." $PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +# test if the server is up. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> check log for dynlibmod info" +# wait for a moment for filesystem to catch up. +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 1; fi +if grep "hello world from operate" unbound.log >/dev/null; then :; else sleep 10; fi +if grep "hello world from operate" unbound.log; then echo "yes it is in unbound.log"; +else + echo "information not in unbound.log" + echo "failed" + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> OK" +exit 0 diff --git a/testdata/dynlibmod.tdir/dynlibmod.testns b/testdata/dynlibmod.tdir/dynlibmod.testns new file mode 100644 index 000000000..0c911ca5b --- /dev/null +++ b/testdata/dynlibmod.tdir/dynlibmod.testns @@ -0,0 +1,22 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA SERVFAIL +ADJUST copy_id +SECTION QUESTION +www.example.net. IN A +ENTRY_END + diff --git a/testdata/dynlibmod.tdir/unbound_control.key b/testdata/dynlibmod.tdir/unbound_control.key new file mode 100644 index 000000000..753a4ef61 --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/dynlibmod.tdir/unbound_control.pem b/testdata/dynlibmod.tdir/unbound_control.pem new file mode 100644 index 000000000..a1edf7017 --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/dynlibmod.tdir/unbound_server.key b/testdata/dynlibmod.tdir/unbound_server.key new file mode 100644 index 000000000..370a7bbb2 --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/dynlibmod.tdir/unbound_server.pem b/testdata/dynlibmod.tdir/unbound_server.pem new file mode 100644 index 000000000..986807310 --- /dev/null +++ b/testdata/dynlibmod.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/edns_client_string.rpl b/testdata/edns_client_string.rpl new file mode 100644 index 000000000..1822f7898 --- /dev/null +++ b/testdata/edns_client_string.rpl @@ -0,0 +1,152 @@ +; config options +server: + edns-client-string: 10.0.0.0/24 "abc d" + edns-client-string: 10.0.0.10/32 "123AbC!" + +stub-zone: + name: "edns-string-abc." + stub-addr: 10.0.0.1 + +stub-zone: + name: "edns-string-123." + stub-addr: 10.0.0.10 + +stub-zone: + name: "notag." + stub-addr: 10.10.0.1 + +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.10.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-abc. IN A +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-abc. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + fd e9 ; Opcode 65001 + 00 05 ; Length 5 + 61 62 63 20 64 ; "abc d" + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +ENTRY_END + +STEP 110 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-123. IN A +ENTRY_END + +STEP 120 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-123. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + fd e9 ; Opcode 65001 + 00 07 ; Length 7 + 31 32 33 41 62 ; "123Ab" + 43 21 ; "C!" + HEX_EDNSDATA_END +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +ENTRY_END + +STEP 210 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +notag. IN A +ENTRY_END + +STEP 220 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +notag. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END + +STEP 230 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +ENTRY_END + +SCENARIO_END diff --git a/testdata/edns_client_string_opcode.rpl b/testdata/edns_client_string_opcode.rpl new file mode 100644 index 000000000..3bd6dda4e --- /dev/null +++ b/testdata/edns_client_string_opcode.rpl @@ -0,0 +1,153 @@ +; config options +server: + edns-client-string: 10.0.0.0/24 "abc d" + edns-client-string: 10.0.0.10/32 "123AbC!" + edns-client-string-opcode: 65432 + +stub-zone: + name: "edns-string-abc." + stub-addr: 10.0.0.1 + +stub-zone: + name: "edns-string-123." + stub-addr: 10.0.0.10 + +stub-zone: + name: "notag." + stub-addr: 10.10.0.1 + +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.10.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-abc. IN A +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-abc. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ff 98 ; Opcode 65432 + 00 05 ; Length 5 + 61 62 63 20 64 ; "abc d" + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +ENTRY_END + +STEP 110 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-123. IN A +ENTRY_END + +STEP 120 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-123. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ff 98 ; Opcode 65432 + 00 07 ; Length 7 + 31 32 33 41 62 ; "123Ab" + 43 21 ; "C!" + HEX_EDNSDATA_END +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +ENTRY_END + +STEP 210 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +notag. IN A +ENTRY_END + +STEP 220 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +notag. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END + +STEP 230 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +ENTRY_END + +SCENARIO_END diff --git a/testdata/fwd_bogus.tdir/unbound_control.key b/testdata/fwd_bogus.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/fwd_bogus.tdir/unbound_control.key +++ b/testdata/fwd_bogus.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/fwd_bogus.tdir/unbound_control.pem b/testdata/fwd_bogus.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/fwd_bogus.tdir/unbound_control.pem +++ b/testdata/fwd_bogus.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/fwd_bogus.tdir/unbound_server.key b/testdata/fwd_bogus.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/fwd_bogus.tdir/unbound_server.key +++ b/testdata/fwd_bogus.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/fwd_bogus.tdir/unbound_server.pem b/testdata/fwd_bogus.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/fwd_bogus.tdir/unbound_server.pem +++ b/testdata/fwd_bogus.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf b/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf index 08e9d6432..5b2c8045a 100644 --- a/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf +++ b/testdata/fwd_compress_c00c.tdir/fwd_compress_c00c.conf @@ -10,6 +10,7 @@ server: username: "" do-not-query-localhost: no minimal-responses: no + rrset-roundrobin: no forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/fwd_oneport.tdir/fwd_oneport.conf b/testdata/fwd_oneport.tdir/fwd_oneport.conf index f3427fece..21ebc9fed 100644 --- a/testdata/fwd_oneport.tdir/fwd_oneport.conf +++ b/testdata/fwd_oneport.tdir/fwd_oneport.conf @@ -13,6 +13,7 @@ server: num-queries-per-thread: 1024 use-syslog: no do-not-query-localhost: no + udp-connect: no forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/fwddlv_parse.rpl b/testdata/fwddlv_parse.rpl deleted file mode 100644 index 8b8a9613f..000000000 --- a/testdata/fwddlv_parse.rpl +++ /dev/null @@ -1,134 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw==" - val-override-date: "20090617133009" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test parse of packet when forwarding and dlv are in use - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -org. IN NS -SECTION AUTHORITY -org. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. (for ORG) -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -org. IN NS -SECTION ANSWER -org. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -dlv.isc.org. IN NS -SECTION AUTHORITY -dlv.isc.org. IN NS ns.org. -SECTION ADDITIONAL -ns.org. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.org for dlv.isc.org -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -dlv.isc.org. IN DNSKEY -SECTION ANSWER -dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw== ;{id = 64263 (zsk), size = 1024b} -dlv.isc.org. 5072 IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh ;{id = 19297 (ksk), size = 2048b} -dlv.isc.org. 5072 IN RRSIG DNSKEY 5 3 7200 20090717133009 20090617133009 19297 dlv.isc.org. iqGOzsIQKFHcPLbJHLb/kNzcm7TlHiyT4kzTknCjKsC7DCB86YCOhnZZjvZQyA+D0N0KDgNWY8v5czbyX57qR6qORciT2zmPSTGj7CIOe4zrq60n8HzsChKgvk+RSYQrzf6vRfnZhce6Y1waXQd4wh1buPAUw/l46Ovt74ALXzcWSgfMNyx6PBz7rbusuePKeSv0GZL9+M2qhXKe9LJmnzD9uCwnbV/Y5yu+xLfxLdm9q4IKp6Rn50CeHYKf3tO2jI9dkWqFR94XHSTNGfhC02i5UsfP1HRPnk49bX7OMstuuCq9zMX+qTt602MVFYdTSHTy/5+Yw5DvOA9JgOqO4w== ;{id = 19297} -dlv.isc.org. 5072 IN RRSIG DNSKEY 5 3 7200 20090717133009 20090617133009 64263 dlv.isc.org. W1KX1PagXsaWWmxkaOfnLetnw1hhSw7ym91S4rSu14QfFbYi5iN9ZkSuKa21M7Do52S9om/2hDllMF7EFfnv9l4e4/rMOc59vKGVojpHOvZyRVhIiMyh1H9NfLTYUovORRvKO0Cnp65gBXspVf1WhzoY3pC1NZ+5pscPWLeD1rw= ;{id = 64263} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.com.dlv.isc.org. IN DLV -SECTION ANSWER -SECTION AUTHORITY -dlv.isc.org. 2776 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009061702 7200 3600 2419200 3600 -dlv.isc.org. 2776 IN RRSIG SOA 5 3 3600 20090717133009 20090617133009 64263 dlv.isc.org. S5iTFqF8k9XWoGq4Wajo1GQF6Oc1e5lI1kGFWyaKf3oM2asbzCbVk2aZLtyDCGjYA4euZWXD0q2vol7/1cPB5Ds4SteCuo5Jkpa/mw7mPAcbNu8mYexq1RaodVCbWrW8KSxEyVd8X5mZx2OBaSyK8zns/W5I3ZPNNLf4Kz6Zpo0= ;{id = 64263} -seatex.com.cn.dlv.isc.org. 2776 IN RRSIG NSEC 5 6 3600 20090717133009 20090617133009 64263 dlv.isc.org. Rxv7gVdu8rpWbJ3fJm7cY66IKV+C94I4/HYiDQke1m2P7hXo5bpDBBShKpIvME34ANN8Lb0cZQK9XT7NYpWjE5rjW7CaMiVjiR6U1LyDGQyK4X3wdkbv3aJcHLSg7sWsxyZXj5iVUxkU5JO3JBjo412oKQ3bh+RGi1BxTIIq09g= ;{id = 64263} -seatex.com.cn.dlv.isc.org. 2776 IN NSEC absolight.com.dlv.isc.org. RRSIG NSEC DLV -ericgermann.com.dlv.isc.org. 2776 IN RRSIG NSEC 5 5 3600 20090717133009 20090617133009 64263 dlv.isc.org. OEUizWAXsWFBzt4rN5+AUTaND8phZc4ezux06LA/Ua5N/B/LQQ1cb42eEqCQHwnGK8BsRhbsRiVywPNgnnPlL1Gy8n25gi+0qWOpA27fOwZJbO3n944gKvPDWZoDeCbdJr6AQG5Z9/Ka0ERRtHC6uI2Xn6KCQPjgTEihqhoayYg= ;{id = 64263} -ericgermann.com.dlv.isc.org. 2776 IN NSEC fayengineering.com.dlv.isc.org. RRSIG NSEC DLV -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com.dlv.isc.org. IN DLV -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www.example.com.dlv.isc.org. IN DLV -SECTION ANSWER -SECTION AUTHORITY -dlv.isc.org. 2776 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009061702 7200 3600 2419200 3600 -dlv.isc.org. 2776 IN RRSIG SOA 5 3 3600 20090717133009 20090617133009 64263 dlv.isc.org. S5iTFqF8k9XWoGq4Wajo1GQF6Oc1e5lI1kGFWyaKf3oM2asbzCbVk2aZLtyDCGjYA4euZWXD0q2vol7/1cPB5Ds4SteCuo5Jkpa/mw7mPAcbNu8mYexq1RaodVCbWrW8KSxEyVd8X5mZx2OBaSyK8zns/W5I3ZPNNLf4Kz6Zpo0= ;{id = 64263} -seatex.com.cn.dlv.isc.org. 2776 IN NSEC absolight.com.dlv.isc.org. RRSIG NSEC DLV -seatex.com.cn.dlv.isc.org. 2776 IN RRSIG NSEC 5 6 3600 20090717133009 20090617133009 64263 dlv.isc.org. Rxv7gVdu8rpWbJ3fJm7cY66IKV+C94I4/HYiDQke1m2P7hXo5bpDBBShKpIvME34ANN8Lb0cZQK9XT7NYpWjE5rjW7CaMiVjiR6U1LyDGQyK4X3wdkbv3aJcHLSg7sWsxyZXj5iVUxkU5JO3JBjo412oKQ3bh+RGi1BxTIIq09g= ;{id = 64263} -ericgermann.com.dlv.isc.org. 2776 IN NSEC fayengineering.com.dlv.isc.org. RRSIG NSEC DLV -ericgermann.com.dlv.isc.org. 2776 IN RRSIG NSEC 5 5 3600 20090717133009 20090617133009 64263 dlv.isc.org. OEUizWAXsWFBzt4rN5+AUTaND8phZc4ezux06LA/Ua5N/B/LQQ1cb42eEqCQHwnGK8BsRhbsRiVywPNgnnPlL1Gy8n25gi+0qWOpA27fOwZJbO3n944gKvPDWZoDeCbdJr6AQG5Z9/Ka0ERRtHC6uI2Xn6KCQPjgTEihqhoayYg= ;{id = 64263} -ENTRY_END - -SCENARIO_END diff --git a/testdata/iter_lame_noaa.rpl b/testdata/iter_lame_noaa.rpl index 7a6eb1b30..defaa5ca8 100644 --- a/testdata/iter_lame_noaa.rpl +++ b/testdata/iter_lame_noaa.rpl @@ -4,6 +4,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_lame_nosoa.rpl b/testdata/iter_lame_nosoa.rpl index 4914f7461..3bf6ccc18 100644 --- a/testdata/iter_lame_nosoa.rpl +++ b/testdata/iter_lame_nosoa.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_ns_badip.rpl b/testdata/iter_ns_badip.rpl index ad266c64d..e0bf96674 100644 --- a/testdata/iter_ns_badip.rpl +++ b/testdata/iter_ns_badip.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "3 2 1 0 0" qname-minimisation: "no" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_pcnamech.rpl b/testdata/iter_pcnamech.rpl index 098ae0bb5..32b3130c8 100644 --- a/testdata/iter_pcnamech.rpl +++ b/testdata/iter_pcnamech.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_pcnamechrec.rpl b/testdata/iter_pcnamechrec.rpl index ca996bb38..8bf7ad879 100644 --- a/testdata/iter_pcnamechrec.rpl +++ b/testdata/iter_pcnamechrec.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_ranoaa_lame.rpl b/testdata/iter_ranoaa_lame.rpl index 4808b25a9..0e6d98778 100644 --- a/testdata/iter_ranoaa_lame.rpl +++ b/testdata/iter_ranoaa_lame.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_reclame_one.rpl b/testdata/iter_reclame_one.rpl index 4df9b6594..4a6abfae5 100644 --- a/testdata/iter_reclame_one.rpl +++ b/testdata/iter_reclame_one.rpl @@ -3,6 +3,7 @@ server: target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/iter_reclame_two.rpl b/testdata/iter_reclame_two.rpl index de4ef4165..459dcb17f 100644 --- a/testdata/iter_reclame_two.rpl +++ b/testdata/iter_reclame_two.rpl @@ -2,6 +2,7 @@ server: target-fetch-policy: "0 0 0 0 0" minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/localdata.rpl b/testdata/localdata.rpl index 08aec6d7d..eb25ef573 100644 --- a/testdata/localdata.rpl +++ b/testdata/localdata.rpl @@ -4,6 +4,7 @@ server: hide-version: no identity: "test-identity" version: "test-version" + rrset-roundrobin: no ; implicit transparent zone should not block id.server local-data: "mydata.server. CH A 10.11.12.13" @@ -34,6 +35,9 @@ server: local-zone: "redirect.top." redirect local-data: "redirect.top. A 20.30.40.54" + ; null zone + local-zone: "null.top." always_null + ; create implicit data in the IN domain as well local-data: "a.a.implicit. A 20.30.41.50" local-data: "b.a.implicit. A 20.30.42.50" @@ -354,4 +358,36 @@ SECTION ANSWER www.redirect.top. IN A 20.30.40.54 ENTRY_END +; always_null zone +STEP 60 QUERY +ENTRY_BEGIN +SECTION QUESTION +null.top. IN A +ENTRY_END +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NOERROR +SECTION QUESTION +null.top. IN A +SECTION ANSWER +null.top. IN A 0.0.0.0 +ENTRY_END + +; always_null zone AAAA +STEP 62 QUERY +ENTRY_BEGIN +SECTION QUESTION +foo.null.top. IN AAAA +ENTRY_END +STEP 63 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NOERROR +SECTION QUESTION +foo.null.top. IN AAAA +SECTION ANSWER +foo.null.top. IN AAAA ::0 +ENTRY_END + SCENARIO_END diff --git a/testdata/nsid_ascii.rpl b/testdata/nsid_ascii.rpl new file mode 100644 index 000000000..f357db5ae --- /dev/null +++ b/testdata/nsid_ascii.rpl @@ -0,0 +1,54 @@ +; config options +server: + nsid: "ascii_hopsa kidee" + +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 0b ; Length 11 + 68 6F 70 73 61 20 ; "hopsa " + 6B 69 64 65 65 ; "kidee" + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/nsid_hex.rpl b/testdata/nsid_hex.rpl new file mode 100644 index 000000000..0d5e8f40d --- /dev/null +++ b/testdata/nsid_hex.rpl @@ -0,0 +1,54 @@ +; config options +server: + nsid: "0123456789abcdef" + +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 08 ; Length 8 + 01 23 45 67 ; + 89 ab cd ef ; + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/nsid_not_set.rpl b/testdata/nsid_not_set.rpl new file mode 100644 index 000000000..06abe5985 --- /dev/null +++ b/testdata/nsid_not_set.rpl @@ -0,0 +1,47 @@ +; config options +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/remote-threaded.tdir/unbound_control.key b/testdata/remote-threaded.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/remote-threaded.tdir/unbound_control.key +++ b/testdata/remote-threaded.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/unbound_control.pem b/testdata/remote-threaded.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/remote-threaded.tdir/unbound_control.pem +++ b/testdata/remote-threaded.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/remote-threaded.tdir/unbound_server.key b/testdata/remote-threaded.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/remote-threaded.tdir/unbound_server.key +++ b/testdata/remote-threaded.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/remote-threaded.tdir/unbound_server.pem b/testdata/remote-threaded.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/remote-threaded.tdir/unbound_server.pem +++ b/testdata/remote-threaded.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/rpz_axfr.rpl b/testdata/rpz_axfr.rpl index b5b84bfd3..f57363616 100644 --- a/testdata/rpz_axfr.rpl +++ b/testdata/rpz_axfr.rpl @@ -3,6 +3,7 @@ server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no + rrset-roundrobin: no rpz: name: "rpz.example.com." diff --git a/testdata/rpz_ixfr.rpl b/testdata/rpz_ixfr.rpl index 3f7cb3d35..ca2b62335 100644 --- a/testdata/rpz_ixfr.rpl +++ b/testdata/rpz_ixfr.rpl @@ -3,6 +3,7 @@ server: module-config: "respip validator iterator" target-fetch-policy: "0 0 0 0 0" qname-minimisation: no + rrset-roundrobin: no rpz: name: "rpz.example.com." diff --git a/testdata/rrset_updated.rpl b/testdata/rrset_updated.rpl index d36ab8cc8..55da56bac 100644 --- a/testdata/rrset_updated.rpl +++ b/testdata/rrset_updated.rpl @@ -2,6 +2,7 @@ ; config options go here. server: minimal-responses: no + rrset-roundrobin: no forward-zone: name: "." forward-addr: 216.0.0.1 CONFIG_END diff --git a/testdata/ssl_req_order.tdir/ssl_req_order.test b/testdata/ssl_req_order.tdir/ssl_req_order.test index 65981d16c..360a09922 100644 --- a/testdata/ssl_req_order.tdir/ssl_req_order.test +++ b/testdata/ssl_req_order.tdir/ssl_req_order.test @@ -11,12 +11,14 @@ get_make # this test query should just work (server is up) echo "> query www1.example.net." -$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -28,6 +30,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -37,12 +40,14 @@ echo "OK" # multiple requests (from localdata) echo "> query www1.example.net. www2.example.net. www3.example.net." -$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -54,6 +59,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -65,6 +71,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -76,6 +83,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -85,12 +93,14 @@ fi # out of order requests, the example.com elements take 2 seconds to wait. echo "" echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -102,6 +112,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -113,6 +124,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -124,6 +136,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -135,6 +148,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -146,6 +160,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -156,12 +171,14 @@ fi # www.example.com present twice, answered twice. echo "" echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -173,6 +190,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -184,6 +202,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -195,6 +214,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -206,6 +226,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -216,12 +237,14 @@ fi # www3.example.com present twice, answered twice. echo "" echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -233,6 +256,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -244,6 +268,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -255,6 +280,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -266,6 +292,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -274,12 +301,14 @@ fi echo "" echo "> query www4.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -291,6 +320,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -302,6 +332,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -310,12 +341,14 @@ fi echo "" echo "> query a1.example.com. - a100.example.com." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN a91.a.example.com. A IN a92.a.example.com. A IN a93.a.example.com. A IN a94.a.example.com. A IN a95.a.example.com. A IN a96.a.example.com. A IN a97.a.example.com. A IN a98.a.example.com. A IN a99.a.example.com. A IN a100.a.example.com. A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN a91.a.example.com. A IN a92.a.example.com. A IN a93.a.example.com. A IN a94.a.example.com. A IN a95.a.example.com. A IN a96.a.example.com. A IN a97.a.example.com. A IN a98.a.example.com. A IN a99.a.example.com. A IN a100.a.example.com. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -325,12 +358,14 @@ grep "a.example.com. IN A" outfile echo "" echo "> query www5.example.net. www3.example.net. www.drop.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" diff --git a/testdata/ssl_req_order.tdir/unbound_server.key b/testdata/ssl_req_order.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/ssl_req_order.tdir/unbound_server.key +++ b/testdata/ssl_req_order.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ssl_req_order.tdir/unbound_server.pem b/testdata/ssl_req_order.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/ssl_req_order.tdir/unbound_server.pem +++ b/testdata/ssl_req_order.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test b/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test index 5223fc985..7f6527e0d 100644 --- a/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test +++ b/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test @@ -17,12 +17,14 @@ fi # this test query should just work (server is up) echo "> query www1.example.net." -$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -34,6 +36,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -43,12 +46,14 @@ echo "OK" # multiple requests that are answered immediately and then the timeout echo "> query www1.example.net. www2.example.net. www3.example.net. www.example.com." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN www.example.com. A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN www.example.com. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -60,6 +65,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -71,6 +77,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -82,6 +89,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -93,6 +101,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -101,12 +110,14 @@ fi # multiple requests that are waiting for answers and then the timeout echo "> query www2.example.com. www2.example.com. www3.example.com." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN www2.example.com A IN www3.example.com A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN www2.example.com A IN www3.example.com A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -118,6 +129,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" diff --git a/testdata/ssl_req_timeout.tdir/unbound_server.key b/testdata/ssl_req_timeout.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/ssl_req_timeout.tdir/unbound_server.key +++ b/testdata/ssl_req_timeout.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/ssl_req_timeout.tdir/unbound_server.pem b/testdata/ssl_req_timeout.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/ssl_req_timeout.tdir/unbound_server.pem +++ b/testdata/ssl_req_timeout.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/stat_values.tdir/stat_values.conf b/testdata/stat_values.tdir/stat_values.conf new file mode 100644 index 000000000..5cec691f5 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.conf @@ -0,0 +1,31 @@ +server: + verbosity: 2 + num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + extended-statistics: yes + identity: "stat_values" + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +forward-zone: + name: "expired." + forward-addr: "127.0.0.1@@EXPIREDPORT@" diff --git a/testdata/stat_values.tdir/stat_values.dsc b/testdata/stat_values.tdir/stat_values.dsc new file mode 100644 index 000000000..5112dbcf9 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.dsc @@ -0,0 +1,16 @@ +BaseName: stat_values +Version: 1.0 +Description: Test unbound statistics +CreationDate: Mon Sep 09 14:48:03 CEST 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: stat_values.pre +Post: stat_values.post +Test: stat_values.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/stat_values.tdir/stat_values.post b/testdata/stat_values.tdir/stat_values.post new file mode 100644 index 000000000..8656b599f --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.post @@ -0,0 +1,14 @@ +# #-- stat_values.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill $FWD_EXPIRED_PID >/dev/null 2>&1 # This is killed during testing. +# it was stopped with unbound-control (if the test succeeded) +kill $UNBOUND_PID >/dev/null 2>&1 +kill $UNBOUND_PID >/dev/null 2>&1 +exit 0 diff --git a/testdata/stat_values.tdir/stat_values.pre b/testdata/stat_values.tdir/stat_values.pre new file mode 100644 index 000000000..2db4a17e0 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.pre @@ -0,0 +1,41 @@ +# #-- stat_values.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +FWD_EXPIRED_PORT=$(($RND_PORT + 2)) +CONTROL_PORT=$(($RND_PORT + 3)) +FWD_EXPIRED_PORT=$(($RND_PORT + 4)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "FWD_EXPIRED_PORT=$FWD_EXPIRED_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT stat_values.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start expired forwarder +$LDNS_TESTNS -p $FWD_EXPIRED_PORT stat_values.testexpiredns >fwd_expired.log 2>&1 & +FWD_EXPIRED_PID=$! +echo "FWD_EXPIRED_PID=$FWD_EXPIRED_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_ldns_testns_up fwd_expired.log +wait_unbound_up unbound.log diff --git a/testdata/stat_values.tdir/stat_values.test b/testdata/stat_values.tdir/stat_values.test new file mode 100644 index 000000000..1cd19fa2b --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.test @@ -0,0 +1,411 @@ +# #-- stat_values.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +# We need kill_pid for the serve-expired-client-timeout test +. ../common.sh + +PRE="../.." + +# Individual thread stats. +STATS_IGNORE_THREAD="\ +^thread" + +# Histogram stats. +STATS_IGNORE_HISTOGRAM="\ +^histogram" + +# Time dependent stats. +STATS_IGNORE_TIME_SPECIFIC="\ +^total.recursion.time.avg= +^total.recursion.time.median= +^time.now= +^time.up= +^time.elapsed=" + +# Usage dependent stats. +STATS_IGNORE_USAGE_SPECIFIC="\ +^total.requestlist.avg= +^total.requestlist.max= +^total.requestlist.overwritten= +^total.requestlist.exceeded= +^total.requestlist.current.all= +^total.requestlist.current.user= +^total.tcpusage= +^mem\." + +# Stats to ignore by default. +STATS_IGNORE_DEFAULT="\ +$STATS_IGNORE_THREAD +$STATS_IGNORE_HISTOGRAM +$STATS_IGNORE_TIME_SPECIFIC +$STATS_IGNORE_USAGE_SPECIFIC" + +# Various files to be used while testing. +STATS_FILE=stats.$$ +EXPECTED_STATS_FILE=expected_stats.$$ +IGNORE_REGEX_FILE=ignore_regex.$$ +FILTERED_STATS_FILE=filtered_stats.$$ +FOUND_STATS_FILE=found_stats.$$ +REST_STATS_FILE=rest_stats.$$ + +DEBUG=0 + +# Write stats to $STATS_FILE. +# Call this when you want to get stats from unbound. +get_stats () { + echo "> Getting stats" + echo "$PRE/unbound-control -c ub.conf stats" + $PRE/unbound-control -c ub.conf stats > $STATS_FILE + if test $? -ne 0; then + echo "wrong exit value after success" + exit 1 + fi +} + +# Set the expected stat values by writing to $EXPECTED_STATS_FILE. +# sort is used for proper diff later. +set_expected_stats () { + echo "$1" | sort > $EXPECTED_STATS_FILE +} + +# Set the regex to ignore stats by writing to $IGNORE_REGEX_FILE. +set_ignore_regex_stats () { + echo "$1" > $IGNORE_REGEX_FILE +} + +# Filter the stats by removing any matched regex from $IGNORE_REGEX_FILE, +# sorts and writes the left over stats to $FILTERED_STATS_FILE. +filter_stats () { + grep -v -f $IGNORE_REGEX_FILE $STATS_FILE | sort > $FILTERED_STATS_FILE +} + +# Check that the stats in $FILTERED_STATS_FILE include the expected stats in +# $EXPECTED_STATS_FILE. +check_expected_stats () { + echo "> Checking expected stats" + grep -F -x -f $EXPECTED_STATS_FILE $FILTERED_STATS_FILE > $FOUND_STATS_FILE + if test $DEBUG -ne 0; then + echo "Found:" + cat $FOUND_STATS_FILE + fi + if diff $EXPECTED_STATS_FILE $FOUND_STATS_FILE; then + echo "OK" + else + echo "! bad expected stats:" + cat $FILTERED_STATS_FILE + exit 1 + fi +} + +# Check that the rest (unspecified) stats are all 0 (no surprises). +check_rest_stats () { + echo "> Checking rest stats" + grep -F -x -v -f $EXPECTED_STATS_FILE $FILTERED_STATS_FILE > $REST_STATS_FILE + if test $DEBUG -ne 0; then + echo "Rest:" + cat $REST_STATS_FILE + fi + if grep -v "=0$" $REST_STATS_FILE; then + echo "! bad rest stats" + exit 1 + else + echo "OK" + fi +} + +# Main function to check stats by: +# - Getting stats from unbound +# - Filtering out the stats we are not interested in +# - Checking that the expected stats are part of the filtered stats +# - The rest of the stats have 0 values. +check_stats () { + set_expected_stats "$1" + if test $DEBUG -ne 0; then + echo "Expected:" + cat $EXPECTED_STATS_FILE + fi + get_stats + filter_stats + if test $DEBUG -ne 0; then + echo "Filtered:" + cat $FILTERED_STATS_FILE + fi + check_expected_stats + check_rest_stats +} + +# Convenient function to set an option through unbound-control. +set_ub_option () { + name=$1 + value=$2 + echo "$PRE/unbound-control -c ub.conf set_option $name: $value" + $PRE/unbound-control -c ub.conf set_option $name: $value + if test $? -ne 0; then + echo "wrong exit value after success" + exit 1 + fi +} + +# Convenient function to exit the test. +end () { + echo "> cat logfiles" + cat fwd.log + cat unbound.log + if test $1 -eq 1; then + echo "Not OK" + else + echo "> OK" + fi + exit $1 +} + +# Ignore all run specific stats. +set_ignore_regex_stats "$STATS_IGNORE_DEFAULT" + +# Check if the server is up. +echo "> dig 1ttl.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT 1ttl.example.com. | tee outfile +echo "> check answer" +if grep "1.1.1.1" outfile; then + echo "OK" +else + end 1 +fi + +echo +echo "[ Check initial stats based on first query. ]" +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Check stat reset. ]" +check_stats "\ +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1" + + +echo +echo "[ Enable serve-expired and check. ]" +set_ub_option serve-expired yes +sleep 2 # make sure the TTL has expired. +echo "> dig 1ttl.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT 1ttl.example.com. | tee outfile +echo "> check answer" +if grep "1.1.1.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.expired=1 +total.num.cachehits=1 +total.num.prefetch=1 +num.answer.rcode.NOERROR=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1" + + +echo +echo "[ Enable serve-expired-client-timeout and check. ]" +set_ub_option serve-expired-client-timeout 1 +echo "> dig servfail.expired." +dig @127.0.0.1 -p $UNBOUND_PORT servfail.expired. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +msg.cache.count=2 +rrset.cache.count=2 +infra.cache.count=2 +num.answer.rcode.NOERROR=1" +kill_pid $FWD_EXPIRED_PID # kill the expired forwarder to force a servfail from upstream. +sleep 2 # make sure the TTL has expired. +echo "> dig servfail.expired." +dig @127.0.0.1 -p $UNBOUND_PORT servfail.expired. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.expired=1 +total.num.recursivereplies=1 +num.answer.rcode.NOERROR=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.cachemiss=1 +msg.cache.count=2 +rrset.cache.count=2 +infra.cache.count=2" + + +# Disable serve-expired +set_ub_option serve-expired no + + +echo +echo "[ Check REFUSED; try without RD flag. ]" +echo "> dig somethingelse.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT +nordflag somethingelse.example.com. | tee outfile +echo "> check answer" +if grep "REFUSED" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.answer.rcode.REFUSED=1 +total.num.cachehits=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +msg.cache.count=2 +rrset.cache.count=2 +infra.cache.count=2" + + +echo +echo "[ Check the AD flag. ]" +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT +noadflag www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.query.flags.AD=0 +total.num.cachemiss=1 +num.answer.rcode.NOERROR=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +total.num.recursivereplies=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + +echo +echo "[ Check local zone. ]" +echo "> dig www.local.zone." +dig @127.0.0.1 -p $UNBOUND_PORT www.local.zone. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.answer.rcode.NOERROR=1 +total.num.cachehits=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + + +echo +echo "[ Check NXDOMAIN (with local data). ]" +echo "> dig mail.local.zone." +dig @127.0.0.1 -p $UNBOUND_PORT mail.local.zone. | tee outfile +echo "> check answer" +if grep "NXDOMAIN" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.answer.rcode.NXDOMAIN=1 +total.num.cachehits=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + + +echo +echo "[ Check CHAOS. ]" +echo "> dig id.server. ch txt" +dig @127.0.0.1 -p $UNBOUND_PORT id.server. ch txt | tee outfile +echo "> check answer" +if grep "stat_values" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.query.class.CH=1 +total.num.cachehits=1 +num.answer.rcode.NOERROR=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.TXT=1 +total.num.queries=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + + +end 0 diff --git a/testdata/stat_values.tdir/stat_values.testexpiredns b/testdata/stat_values.tdir/stat_values.testexpiredns new file mode 100644 index 000000000..a737a4a79 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.testexpiredns @@ -0,0 +1,13 @@ +; nameserver test file +$ORIGIN expired. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +servfail IN A +SECTION ANSWER +servfail 1 IN A 192.0.2.1 +ENTRY_END diff --git a/testdata/stat_values.tdir/stat_values.testns b/testdata/stat_values.tdir/stat_values.testns new file mode 100644 index 000000000..6691b0199 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.testns @@ -0,0 +1,23 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +1ttl IN A +SECTION ANSWER +1ttl 1 IN A 1.1.1.1 +ENTRY_END diff --git a/testdata/stat_values.tdir/unbound_control.key b/testdata/stat_values.tdir/unbound_control.key new file mode 100644 index 000000000..753a4ef61 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/stat_values.tdir/unbound_control.pem b/testdata/stat_values.tdir/unbound_control.pem new file mode 100644 index 000000000..a1edf7017 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/stat_values.tdir/unbound_server.key b/testdata/stat_values.tdir/unbound_server.key new file mode 100644 index 000000000..370a7bbb2 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/stat_values.tdir/unbound_server.pem b/testdata/stat_values.tdir/unbound_server.pem new file mode 100644 index 000000000..986807310 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/stream_ssl.tdir/stream_ssl.test b/testdata/stream_ssl.tdir/stream_ssl.test index 08bbcdee9..b5bc2d911 100644 --- a/testdata/stream_ssl.tdir/stream_ssl.test +++ b/testdata/stream_ssl.tdir/stream_ssl.test @@ -11,11 +11,12 @@ get_make # first test streamtcp against the server unbound. echo "> streamtcp -s www.example.com A IN" -$PRE/streamtcp -s -f 127.0.0.1@$SERV_PORT www.example.com. A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$SERV_PORT www.example.com. A IN >outfile 2>outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr echo "SSLSERVICE" cat unboundserv.log echo "SSLCLIENT" @@ -27,6 +28,7 @@ else fi echo "> cat logfiles" cat outfile +cat outerr echo "SSLSERVICE" cat unboundserv.log echo "SSLCLIENT" diff --git a/testdata/stream_ssl.tdir/unbound_control.key b/testdata/stream_ssl.tdir/unbound_control.key index d7c43a06b..753a4ef61 100644 --- a/testdata/stream_ssl.tdir/unbound_control.key +++ b/testdata/stream_ssl.tdir/unbound_control.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDD6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBa -rzPA0vlyuNtUsEN3qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvH -ST6JwUdIg0Lzg/USJ81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQAB -AoGAFT3e35MIgI4uDJJ8X0RfHp2NCO2LUg4TKbWical/C0W9vlR1/x80G1pE1d2Z -WotqJVWTrOq6eBox19RCgtLg2wPGk9uD62+9SDT37heWFlUCElWq50pQG6k9ThiG -DDypkZyZ/52+DdWybiaQJkuK6O5qQXuNAtVJMpghu4GnHAECQQDsupnZUQDpapzr -4FC4MSkL2+A1PRt6g4VhwoqOpJXaHfVnH6F7AwUuOLNwGdR5Cvv70pfJ7Jqg8L2m -Kxyl5bORAkEA09rn34YQ0pHJdHidbl2kInIuYTz09+TO3LWwan17nISH9aaYvVDr -p9x1B4Qzw9qyxT9oll7ze/5Rw/7C3AQj4QJAT2B2a+b8bkgAXBs4FbruL3rHoDJg -P2FQXSpVOWU4lg2LlsuFYvDtUMVUbZdLplanjZXcral3Y9W1Ub2M+ped8QJAYQN+ -aRpge7ys7vwIw7B36Bo3aOncF+ScYe+FkM5Tm7II/JHEofT7ZQwMP1vnxIlSkgbe -YvWqNB6a3NC99LikoQJBAM4UhDdRg63Tr6Idky6CQaH///zAN7nArJfffKGWFdw9 -DKrWpNqvYZtX/cfEJucKcRCm5YL8CKFYbQy4VoCxUcE= +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= -----END RSA PRIVATE KEY----- diff --git a/testdata/stream_ssl.tdir/unbound_control.pem b/testdata/stream_ssl.tdir/unbound_control.pem index 8f1ba87f1..a1edf7017 100644 --- a/testdata/stream_ssl.tdir/unbound_control.pem +++ b/testdata/stream_ssl.tdir/unbound_control.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBozCCAQwCCQD6XaN6FzW/4DANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowGjEYMBYGA1UE -AxMPdW5ib3VuZC1jb250cm9sMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD -6DogNCsSeEa1u99+6PUVbGzjMzzei9MIK6s94+zcpp7OAOBarzPA0vlyuNtUsEN3 -qwPomQQQmIgbT7OXkzC1wqioxwa609xoL8oW/I7e336rEyvHST6JwUdIg0Lzg/US -J81eTwMnzYSd4Bpsqr9eP33ubaR7Gh/6o76loLOlcQIDAQABMA0GCSqGSIb3DQEB -BQUAA4GBAGFAXmaQHuFgAuc6HVhYZJdToxLBhfxGpot4oZNjcb1Cdoz3OL34MU1B -9E5psj2PpGPIi8/RwoqBtAJHJ+J5cWngo03o4ZmdwKNSzaxlp141z/3rUtFqEHEC -iO6gPCT3U7dt6MyC7r6vdMqyW6aldP3CtwD0gQziKAMoj+TAfAcq +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte -----END CERTIFICATE----- diff --git a/testdata/stream_ssl.tdir/unbound_server.key b/testdata/stream_ssl.tdir/unbound_server.key index 4256c421d..370a7bbb2 100644 --- a/testdata/stream_ssl.tdir/unbound_server.key +++ b/testdata/stream_ssl.tdir/unbound_server.key @@ -1,15 +1,39 @@ -----BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA -3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s -RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB -AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS -6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds -sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi -XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 -fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL -CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP -0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 -oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l -In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S -LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== -----END RSA PRIVATE KEY----- diff --git a/testdata/stream_ssl.tdir/unbound_server.pem b/testdata/stream_ssl.tdir/unbound_server.pem index aeda3ff11..986807310 100644 --- a/testdata/stream_ssl.tdir/unbound_server.pem +++ b/testdata/stream_ssl.tdir/unbound_server.pem @@ -1,11 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 -bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE -AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS -y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ -/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu -g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ -9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG -l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH -Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== -----END CERTIFICATE----- diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.conf b/testdata/tcp_reuse.tdir/tcp_reuse.conf new file mode 100644 index 000000000..e8de8d3f8 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.conf @@ -0,0 +1,17 @@ +server: + verbosity: 5 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.conf2 b/testdata/tcp_reuse.tdir/tcp_reuse.conf2 new file mode 100644 index 000000000..55985c83f --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.conf2 @@ -0,0 +1,39 @@ +# this is the upstream server that has pipelining and responds to queries. +server: + verbosity: 1 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound2.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tcp-idle-timeout: 10000 + + log-queries: yes + log-replies: yes + log-identity: "upstream" + + local-zone: "." refuse + local-zone: "example.com" static + local-data: "www.example.com A 10.20.30.40" + local-data: "www1.example.com A 10.20.30.41" + local-data: "www2.example.com A 10.20.30.42" + local-data: "www3.example.com A 10.20.30.43" + local-data: "www4.example.com A 10.20.30.44" + local-data: "www5.example.com A 10.20.30.45" + local-data: "www6.example.com A 10.20.30.46" + local-data: "www7.example.com A 10.20.30.47" + + local-zone: "drop.net" deny + local-zone: "refuse.net" refuse + + local-zone: "more.net" redirect + local-data: "more.net A 10.20.30.40" + +# if queries escape, send them to localhost +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.dsc b/testdata/tcp_reuse.tdir/tcp_reuse.dsc new file mode 100644 index 000000000..8a780480d --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.dsc @@ -0,0 +1,16 @@ +BaseName: tcp_reuse +Version: 1.0 +Description: Test tcp stream reuse. +CreationDate: Wed Jun 03 09:37:00 CET 2020 +Maintainer: Wouter Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: tcp_reuse.pre +Post: tcp_reuse.post +Test: tcp_reuse.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.post b/testdata/tcp_reuse.tdir/tcp_reuse.post new file mode 100644 index 000000000..ca7535471 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.post @@ -0,0 +1,19 @@ +# #-- tcp_reuse.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid `cat unbound2.pid` +if test -f unbound2.log; then + echo ">>> upstream log" + cat unbound2.log +fi +#kill_pid $UNBOUND_PID +kill_pid `cat unbound.pid` +if test -f unbound.log; then + echo ">>> unbound log" + cat unbound.log +fi diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.pre b/testdata/tcp_reuse.tdir/tcp_reuse.pre new file mode 100644 index 000000000..511dbc6f7 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.pre @@ -0,0 +1,34 @@ +# #-- tcp_reuse.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +UPSTREAM_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf > ub.conf +# start unbound in the background +#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +# make upstream config file +sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf2 > ub2.conf +# start upstream unbound in the background +#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 & +$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log & +UPSTREAM_PID=$! +echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test +wait_unbound_up unbound2.log + +cat .tpkg.var.test + diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.test b/testdata/tcp_reuse.tdir/tcp_reuse.test new file mode 100644 index 000000000..b62ec0d19 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.test @@ -0,0 +1,309 @@ +# #-- tcp_reuse.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +get_make +(cd $PRE; $MAKE streamtcp) + +echo "> query www1.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.com" outfile | grep "10.20.30.41"; then + echo "content OK" +else + echo "result contents not OK, for www1.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www1.example.com" + exit 1 +fi +echo "OK" +echo "" + +# this should be reused on the same tcp stream: +echo "> query www2.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK, for www2.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www2.example.com" + exit 1 +fi + +echo "> query refuse.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for refuse.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for refuse.net" + exit 1 +fi + +echo "> query www3.example.com." +echo "> query www4.example.com." +echo "> query www5.example.com." +echo "> query www6.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK, for www3.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www3.example.com" + exit 1 +fi +if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK, for www4.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www4.example.com" + exit 1 +fi +if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then + echo "content OK" +else + echo "result contents not OK, for www5.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www5.example.com" + exit 1 +fi +if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then + echo "content OK" +else + echo "result contents not OK, for www6.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www6.example.com" + exit 1 +fi + +echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# make the server timeout to drop the upstream connection +echo "> sleep 15" +sleep 15 +# see if we are still up. +echo "> query a7.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a7.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# dropconn.drop.net make the server drop the connection. +echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +# cannot really check outfile, because it may or may not have answers depending +# on how fast the other server responds or the drop happens, but there are +# a bunch of connection drops, whilst resolving the other queries. + +echo "> query drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for drop.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for drop.net" + exit 1 +fi + + +# timeouts at the end. (so that the server is not marked as failed for +# the other tests). +echo "> query q1.drop.net." +echo "> query q2.drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile1 +cat outfile2 +if grep "rcode: SERVFAIL" outfile1; then + echo "content OK" +else + echo "result contents not OK, for q1.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q1.drop.net" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile2; then + echo "content OK" +else + echo "result contents not OK, for q2.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q2.drop.net" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/tls_reuse.tdir/tls_reuse.conf b/testdata/tls_reuse.tdir/tls_reuse.conf new file mode 100644 index 000000000..e8200b28b --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.conf @@ -0,0 +1,18 @@ +server: + verbosity: 5 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + + tls-cert-bundle: "unbound_server.pem" + tls-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@#unbound" diff --git a/testdata/tls_reuse.tdir/tls_reuse.conf2 b/testdata/tls_reuse.tdir/tls_reuse.conf2 new file mode 100644 index 000000000..0b452558d --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.conf2 @@ -0,0 +1,43 @@ +# this is the upstream server that has pipelining and responds to queries. +server: + verbosity: 1 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound2.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tls-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + tcp-idle-timeout: 10000 + + log-queries: yes + log-replies: yes + log-identity: "upstream" + + local-zone: "." refuse + local-zone: "example.com" static + local-data: "www.example.com A 10.20.30.40" + local-data: "www1.example.com A 10.20.30.41" + local-data: "www2.example.com A 10.20.30.42" + local-data: "www3.example.com A 10.20.30.43" + local-data: "www4.example.com A 10.20.30.44" + local-data: "www5.example.com A 10.20.30.45" + local-data: "www6.example.com A 10.20.30.46" + local-data: "www7.example.com A 10.20.30.47" + + local-zone: "drop.net" deny + local-zone: "refuse.net" refuse + + local-zone: "more.net" redirect + local-data: "more.net A 10.20.30.40" + +# if queries escape, send them to localhost +forward-zone: + name: "." + forward-tls-upstream: yes + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/tls_reuse.tdir/tls_reuse.dsc b/testdata/tls_reuse.tdir/tls_reuse.dsc new file mode 100644 index 000000000..76a80cdad --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.dsc @@ -0,0 +1,16 @@ +BaseName: tls_reuse +Version: 1.0 +Description: Test tls stream reuse. +CreationDate: Wed Jun 30 16:37:00 CET 2020 +Maintainer: Wouter Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: tls_reuse.pre +Post: tls_reuse.post +Test: tls_reuse.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/tls_reuse.tdir/tls_reuse.post b/testdata/tls_reuse.tdir/tls_reuse.post new file mode 100644 index 000000000..2eef0da96 --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.post @@ -0,0 +1,19 @@ +# #-- tls_reuse.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid `cat unbound2.pid` +if test -f unbound2.log; then + echo ">>> upstream log" + cat unbound2.log +fi +#kill_pid $UNBOUND_PID +kill_pid `cat unbound.pid` +if test -f unbound.log; then + echo ">>> unbound log" + cat unbound.log +fi diff --git a/testdata/tls_reuse.tdir/tls_reuse.pre b/testdata/tls_reuse.tdir/tls_reuse.pre new file mode 100644 index 000000000..f4ba26372 --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.pre @@ -0,0 +1,34 @@ +# #-- tls_reuse.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +UPSTREAM_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf > ub.conf +# start unbound in the background +#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +# make upstream config file +sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf2 > ub2.conf +# start upstream unbound in the background +#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 & +$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log & +UPSTREAM_PID=$! +echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test +wait_unbound_up unbound2.log + +cat .tpkg.var.test + diff --git a/testdata/tls_reuse.tdir/tls_reuse.test b/testdata/tls_reuse.tdir/tls_reuse.test new file mode 100644 index 000000000..0f392fba8 --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.test @@ -0,0 +1,308 @@ +# #-- tls_reuse.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +get_make +(cd $PRE; $MAKE streamtcp) + +echo "> query www1.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.com" outfile | grep "10.20.30.41"; then + echo "content OK" +else + echo "result contents not OK, for www1.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www1.example.com" + exit 1 +fi +echo "OK" +echo "" + +# this should be reused on the same tcp stream: +echo "> query www2.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK, for www2.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www2.example.com" + exit 1 +fi + +echo "> query refuse.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for refuse.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for refuse.net" + exit 1 +fi + +echo "> query www3.example.com." +echo "> query www4.example.com." +echo "> query www5.example.com." +echo "> query www6.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK, for www3.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www3.example.com" + exit 1 +fi +if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK, for www4.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www4.example.com" + exit 1 +fi +if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then + echo "content OK" +else + echo "result contents not OK, for www5.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www5.example.com" + exit 1 +fi +if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then + echo "content OK" +else + echo "result contents not OK, for www6.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www6.example.com" + exit 1 +fi + +echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# make the server timeout to drop the upstream connection +echo "> sleep 15" +sleep 15 +# see if we are still up. +echo "> query a7.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a7.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# dropconn.drop.net make the server drop the connection. +echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +# cannot really check outfile, because it may or may not have answers depending +# on how fast the other server responds or the drop happens, but there are +# a bunch of connection drops, whilst resolving the other queries. + +echo "> query drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for drop.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for drop.net" + exit 1 +fi + +# timeouts at the end. (so that the server is not marked as failed for +# the other tests). +echo "> query q1.drop.net." +echo "> query q2.drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile1 +cat outfile2 +if grep "rcode: SERVFAIL" outfile1; then + echo "content OK" +else + echo "result contents not OK, for q1.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q1.drop.net" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile2; then + echo "content OK" +else + echo "result contents not OK, for q2.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q2.drop.net" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/tls_reuse.tdir/unbound_control.key b/testdata/tls_reuse.tdir/unbound_control.key new file mode 100644 index 000000000..753a4ef61 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/tls_reuse.tdir/unbound_control.pem b/testdata/tls_reuse.tdir/unbound_control.pem new file mode 100644 index 000000000..a1edf7017 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/tls_reuse.tdir/unbound_server.key b/testdata/tls_reuse.tdir/unbound_server.key new file mode 100644 index 000000000..370a7bbb2 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/tls_reuse.tdir/unbound_server.pem b/testdata/tls_reuse.tdir/unbound_server.pem new file mode 100644 index 000000000..986807310 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/val_any.rpl b/testdata/val_any.rpl index 058f44925..4ce195134 100644 --- a/testdata/val_any.rpl +++ b/testdata/val_any.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_any_dname.rpl b/testdata/val_any_dname.rpl index 3957f7bae..6ab3cded7 100644 --- a/testdata/val_any_dname.rpl +++ b/testdata/val_any_dname.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_cnametocnamewctoposwc.rpl b/testdata/val_cnametocnamewctoposwc.rpl index f17f5aafc..c290026ba 100644 --- a/testdata/val_cnametocnamewctoposwc.rpl +++ b/testdata/val_cnametocnamewctoposwc.rpl @@ -186,7 +186,7 @@ ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA AD DO NOERROR +REPLY QR TC RD RA AD DO NOERROR SECTION QUESTION start.example.com. IN A SECTION ANSWER @@ -201,11 +201,7 @@ SECTION AUTHORITY *.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU= *.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC *.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ= SECTION ADDITIONAL -ns.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= ENTRY_END SCENARIO_END diff --git a/testdata/val_nsec3_b3_optout.rpl b/testdata/val_nsec3_b3_optout.rpl index 0b0569201..9d84be974 100644 --- a/testdata/val_nsec3_b3_optout.rpl +++ b/testdata/val_nsec3_b3_optout.rpl @@ -1,12 +1,13 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_negcache.rpl b/testdata/val_nsec3_b3_optout_negcache.rpl index f8ef6f87d..497a8591a 100644 --- a/testdata/val_nsec3_b3_optout_negcache.rpl +++ b/testdata/val_nsec3_b3_optout_negcache.rpl @@ -1,12 +1,13 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_noce.rpl b/testdata/val_nsec3_b3_optout_noce.rpl index ddcd4c01a..c5601e386 100644 --- a/testdata/val_nsec3_b3_optout_noce.rpl +++ b/testdata/val_nsec3_b3_optout_noce.rpl @@ -1,11 +1,12 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b3_optout_nonc.rpl b/testdata/val_nsec3_b3_optout_nonc.rpl index c4b044e33..53e8898de 100644 --- a/testdata/val_nsec3_b3_optout_nonc.rpl +++ b/testdata/val_nsec3_b3_optout_nonc.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b4_wild.rpl b/testdata/val_nsec3_b4_wild.rpl index db205ab23..8bf3a5466 100644 --- a/testdata/val_nsec3_b4_wild.rpl +++ b/testdata/val_nsec3_b4_wild.rpl @@ -1,11 +1,12 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nsec3_b5_wcnodata.rpl b/testdata/val_nsec3_b5_wcnodata.rpl index a10d6b75a..c8be6a48f 100644 --- a/testdata/val_nsec3_b5_wcnodata.rpl +++ b/testdata/val_nsec3_b5_wcnodata.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b5_wcnodata_noce.rpl b/testdata/val_nsec3_b5_wcnodata_noce.rpl index f35eae18d..fdd175f9e 100644 --- a/testdata/val_nsec3_b5_wcnodata_noce.rpl +++ b/testdata/val_nsec3_b5_wcnodata_noce.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b5_wcnodata_nonc.rpl b/testdata/val_nsec3_b5_wcnodata_nonc.rpl index e4c58c62a..6c35ead13 100644 --- a/testdata/val_nsec3_b5_wcnodata_nonc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nonc.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_b5_wcnodata_nowc.rpl b/testdata/val_nsec3_b5_wcnodata_nowc.rpl index 27f68d614..8e972ccc8 100644 --- a/testdata/val_nsec3_b5_wcnodata_nowc.rpl +++ b/testdata/val_nsec3_b5_wcnodata_nowc.rpl @@ -1,6 +1,6 @@ ; config options server: - trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" + trust-anchor: "example. DNSKEY 257 3 7 AwEAAcUlFV1vhmqx6NSOUOq2R/dsR7Xm3upJ ( j7IommWSpJABVfW8Q0rOvXdM6kzt+TAu92L9 AbsUdblMFin8CVF3n4s= )" val-override-date: "20120420235959" target-fetch-policy: "0 0 0 0 0" qname-minimisation: "no" diff --git a/testdata/val_nsec3_cnametocnamewctoposwc.rpl b/testdata/val_nsec3_cnametocnamewctoposwc.rpl index 23d2b6a89..0fba0e2e1 100644 --- a/testdata/val_nsec3_cnametocnamewctoposwc.rpl +++ b/testdata/val_nsec3_cnametocnamewctoposwc.rpl @@ -184,7 +184,7 @@ ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA AD DO NOERROR +REPLY QR TC RD RA AD DO NOERROR SECTION QUESTION start.example.com. IN A SECTION ANSWER @@ -199,11 +199,7 @@ isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarj isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg= a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= SECTION ADDITIONAL -ns.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= ENTRY_END SCENARIO_END diff --git a/testdata/val_nsec3_wcany.rpl b/testdata/val_nsec3_wcany.rpl index 24bdaeb18..b653f6bde 100644 --- a/testdata/val_nsec3_wcany.rpl +++ b/testdata/val_nsec3_wcany.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_nx_nsec3_collision.rpl b/testdata/val_nx_nsec3_collision.rpl index 41cd0d6e7..8ff7e4b06 100644 --- a/testdata/val_nx_nsec3_collision.rpl +++ b/testdata/val_nx_nsec3_collision.rpl @@ -7,6 +7,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_refer_unsignadd.rpl b/testdata/val_refer_unsignadd.rpl index 90e0f0421..4d073016f 100644 --- a/testdata/val_refer_unsignadd.rpl +++ b/testdata/val_refer_unsignadd.rpl @@ -9,6 +9,7 @@ server: qname-minimisation: "no" fake-sha1: yes trust-anchor-signaling: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_referglue.rpl b/testdata/val_referglue.rpl index dd7e7de91..54b767156 100644 --- a/testdata/val_referglue.rpl +++ b/testdata/val_referglue.rpl @@ -10,6 +10,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no stub-zone: name: "." diff --git a/testdata/val_stub_noroot.rpl b/testdata/val_stub_noroot.rpl index 4235bcc52..07113bef7 100644 --- a/testdata/val_stub_noroot.rpl +++ b/testdata/val_stub_noroot.rpl @@ -3,8 +3,6 @@ server: target-fetch-policy: "0 0 0 0 0" trust-anchor: "lp0.eu. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" val-override-date: "20100913111500" - ; the dlv anchor is completely ignored, but here to test that. - dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" fake-sha1: yes trust-anchor-signaling: no minimal-responses: no diff --git a/testdata/val_twocname.rpl b/testdata/val_twocname.rpl index d8e8cf316..bc7c3bcb2 100644 --- a/testdata/val_twocname.rpl +++ b/testdata/val_twocname.rpl @@ -5,6 +5,7 @@ server: fake-sha1: yes trust-anchor-signaling: no minimal-responses: no + rrset-roundrobin: no forward-zone: name: "." diff --git a/testdata/val_unalgo_dlv.rpl b/testdata/val_unalgo_dlv.rpl deleted file mode 100644 index 142beae8d..000000000 --- a/testdata/val_unalgo_dlv.rpl +++ /dev/null @@ -1,284 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with unknown algorithm DLV anchor -; positive response for DLV. -; but only has unknown algos -; have to treat zone as insecure - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -; algo 208 is unknown -example.net.example.com. 3600 IN DLV 30899 208 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. AFBU1dN/KstcLfQQzy7ZKvPq+2hQg7D6QynqgwI3f8envPQGj782/NA= ;{id = 2854} -;example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -;example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index 1071f9a7b..d6da7d167 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -78,6 +78,8 @@ gid_t cfg_gid = (gid_t)-1; int autr_permit_small_holddown = 0; /** size (in bytes) of stream wait buffers max */ size_t stream_wait_max = 4 * 1024 * 1024; +size_t http2_query_buffer_max = 4 * 1024 * 1024; +size_t http2_response_buffer_max = 4 * 1024 * 1024; /** global config during parsing */ struct config_parser_state* cfg_parser = 0; @@ -116,6 +118,13 @@ config_create(void) cfg->ssl_upstream = 0; cfg->tls_cert_bundle = NULL; cfg->tls_win_cert = 0; + cfg->tls_use_sni = 1; + cfg->https_port = UNBOUND_DNS_OVER_HTTPS_PORT; + if(!(cfg->http_endpoint = strdup("/dns-query"))) goto error_exit; + cfg->http_max_streams = 100; + cfg->http_query_buffer_size = 4*1024*1024; + cfg->http_response_buffer_size = 4*1024*1024; + cfg->http_nodelay = 1; cfg->use_syslog = 1; cfg->log_identity = NULL; /* changed later with argv[0] */ cfg->log_time_ascii = 0; @@ -143,7 +152,7 @@ config_create(void) cfg->incoming_num_tcp = 2; #endif cfg->stream_wait_size = 4 * 1024 * 1024; - cfg->edns_buffer_size = 4096; /* 4k from rfc recommendation */ + cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */ cfg->msg_buffer_size = 65552; /* 64 k + a small margin */ cfg->msg_cache_size = 4 * 1024 * 1024; cfg->msg_cache_slabs = 4; @@ -161,7 +170,9 @@ config_create(void) cfg->infra_cache_slabs = 4; cfg->infra_cache_numhosts = 10000; cfg->infra_cache_min_rtt = 50; + cfg->infra_keep_probing = 0; cfg->delay_close = 0; + cfg->udp_connect = 1; if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int)))) goto error_exit; init_outgoing_availports(cfg->outgoing_avail_ports, 65536); @@ -209,7 +220,7 @@ config_create(void) cfg->views = NULL; cfg->acls = NULL; cfg->tcp_connection_limits = NULL; - cfg->harden_short_bufsize = 0; + cfg->harden_short_bufsize = 1; cfg->harden_large_queries = 0; cfg->harden_glue = 1; cfg->harden_dnssec_stripped = 1; @@ -226,14 +237,15 @@ config_create(void) cfg->hide_trustanchor = 0; cfg->identity = NULL; cfg->version = NULL; + cfg->nsid_cfg_str = NULL; + cfg->nsid = NULL; + cfg->nsid_len = 0; cfg->auto_trust_anchor_file_list = NULL; cfg->trust_anchor_file_list = NULL; cfg->trust_anchor_list = NULL; cfg->trusted_keys_file_list = NULL; cfg->trust_anchor_signaling = 1; cfg->root_key_sentinel = 1; - cfg->dlv_anchor_file = NULL; - cfg->dlv_anchor_list = NULL; cfg->domain_insecure = NULL; cfg->val_date_override = 0; cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */ @@ -267,13 +279,14 @@ config_create(void) cfg->unblock_lan_zones = 0; cfg->insecure_lan_zones = 0; cfg->python_script = NULL; + cfg->dynlib_file = NULL; cfg->remote_control_enable = 0; cfg->control_ifs.first = NULL; cfg->control_ifs.last = NULL; cfg->control_port = UNBOUND_CONTROL_PORT; cfg->control_use_cert = 1; cfg->minimal_responses = 1; - cfg->rrset_roundrobin = 0; + cfg->rrset_roundrobin = 1; cfg->unknown_server_time_limit = 376; cfg->max_udp_size = 4096; if(!(cfg->server_key_file = strdup(RUN_DIR"/unbound_server.key"))) @@ -296,6 +309,7 @@ config_create(void) if(!(cfg->dnstap_socket_path = strdup(DNSTAP_SOCKET_PATH))) goto error_exit; #endif + cfg->dnstap_bidirectional = 1; cfg->dnstap_tls = 1; cfg->disable_dnssec_lame_check = 0; cfg->ip_ratelimit = 0; @@ -312,6 +326,8 @@ config_create(void) cfg->qname_minimisation_strict = 0; cfg->shm_enable = 0; cfg->shm_key = 11777; + cfg->edns_client_strings = NULL; + cfg->edns_client_string_opcode = 65001; cfg->dnscrypt = 0; cfg->dnscrypt_port = 0; cfg->dnscrypt_provider = NULL; @@ -379,6 +395,7 @@ struct config_file* config_create_forlib(void) cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; cfg->minimal_responses = 0; + cfg->harden_short_bufsize = 1; return cfg; } @@ -491,6 +508,8 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("do-ip6:", do_ip6) else S_YNO("do-udp:", do_udp) else S_YNO("do-tcp:", do_tcp) + else S_YNO("prefer-ip4:", prefer_ip4) + else S_YNO("prefer-ip6:", prefer_ip6) else S_YNO("tcp-upstream:", tcp_upstream) else S_YNO("udp-upstream-without-downstream:", udp_upstream_without_downstream) @@ -511,6 +530,14 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STRLIST_APPEND("tls-session-ticket-keys:", tls_session_ticket_keys) else S_STR("tls-ciphers:", tls_ciphers) else S_STR("tls-ciphersuites:", tls_ciphersuites) + else S_YNO("tls-use-sni:", tls_use_sni) + else S_NUMBER_NONZERO("https-port:", https_port) + else S_STR("http-endpoint:", http_endpoint) + else S_NUMBER_NONZERO("http-max-streams:", http_max_streams) + else S_MEMSIZE("http-query-buffer-size:", http_query_buffer_size) + else S_MEMSIZE("http-response-buffer-size:", http_response_buffer_size) + else S_YNO("http-nodelay:", http_nodelay) + else S_YNO("http-notls-downstream:", http_notls_downstream) else S_YNO("interface-automatic:", if_automatic) else S_YNO("use-systemd:", use_systemd) else S_YNO("do-daemonize:", do_daemonize) @@ -546,10 +573,12 @@ int config_set_option(struct config_file* cfg, const char* opt, IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val); RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt; } + else S_YNO("infra-keep-probing:", infra_keep_probing) else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl) else S_POW2("infra-cache-slabs:", infra_cache_slabs) else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts) else S_NUMBER_OR_ZERO("delay-close:", delay_close) + else S_YNO("udp-connect:", udp_connect) else S_STR("chroot:", chrootdir) else S_STR("username:", username) else S_STR("directory:", directory) @@ -559,6 +588,20 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("hide-trustanchor:", hide_trustanchor) else S_STR("identity:", identity) else S_STR("version:", version) + else if(strcmp(opt, "nsid:") == 0) { + free(cfg->nsid_cfg_str); + if (!(cfg->nsid_cfg_str = strdup(val))) + return 0; + /* Empty string is just validly unsetting nsid */ + if (*val == 0) { + free(cfg->nsid); + cfg->nsid = NULL; + cfg->nsid_len = 0; + return 1; + } + cfg->nsid = cfg_parse_nsid(val, &cfg->nsid_len); + return cfg->nsid != NULL; + } else S_STRLIST("root-hints:", root_hints) else S_STR("target-fetch-policy:", target_fetch_policy) else S_YNO("harden-glue:", harden_glue) @@ -581,8 +624,6 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STRLIST("trusted-keys-file:", trusted_keys_file_list) else S_YNO("trust-anchor-signaling:", trust_anchor_signaling) else S_YNO("root-key-sentinel:", root_key_sentinel) - else S_STR("dlv-anchor-file:", dlv_anchor_file) - else S_STRLIST("dlv-anchor:", dlv_anchor_list) else S_STRLIST("domain-insecure:", domain_insecure) else S_NUMBER_OR_ZERO("val-bogus-ttl:", bogus_ttl) else S_YNO("val-clean-additional:", val_clean_additional) @@ -630,6 +671,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("control-cert-file:", control_cert_file) else S_STR("module-config:", module_conf) else S_STRLIST("python-script:", python_script) + else S_STRLIST("dynlib-file:", dynlib_file) else S_YNO("disable-dnssec-lame-check:", disable_dnssec_lame_check) #ifdef CLIENT_SUBNET /* Can't set max subnet prefix here, since that value is used when @@ -639,6 +681,7 @@ int config_set_option(struct config_file* cfg, const char* opt, #endif #ifdef USE_DNSTAP else S_YNO("dnstap-enable:", dnstap) + else S_YNO("dnstap-bidirectional:", dnstap_bidirectional) else S_STR("dnstap-socket-path:", dnstap_socket_path) else S_STR("dnstap-ip:", dnstap_ip) else S_YNO("dnstap-tls:", dnstap_tls) @@ -946,12 +989,16 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "infra-host-ttl", host_ttl) else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs) else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt) + else O_YNO(opt, "infra-keep-probing", infra_keep_probing) else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts) else O_UNS(opt, "delay-close", delay_close) + else O_YNO(opt, "udp-connect", udp_connect) else O_YNO(opt, "do-ip4", do_ip4) else O_YNO(opt, "do-ip6", do_ip6) else O_YNO(opt, "do-udp", do_udp) else O_YNO(opt, "do-tcp", do_tcp) + else O_YNO(opt, "prefer-ip4", prefer_ip4) + else O_YNO(opt, "prefer-ip6", prefer_ip6) else O_YNO(opt, "tcp-upstream", tcp_upstream) else O_YNO(opt, "udp-upstream-without-downstream", udp_upstream_without_downstream) else O_DEC(opt, "tcp-mss", tcp_mss) @@ -969,6 +1016,14 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys.first) else O_STR(opt, "tls-ciphers", tls_ciphers) else O_STR(opt, "tls-ciphersuites", tls_ciphersuites) + else O_YNO(opt, "tls-use-sni", tls_use_sni) + else O_DEC(opt, "https-port", https_port) + else O_STR(opt, "http-endpoint", http_endpoint) + else O_UNS(opt, "http-max-streams", http_max_streams) + else O_MEM(opt, "http-query-buffer-size", http_query_buffer_size) + else O_MEM(opt, "http-response-buffer-size", http_response_buffer_size) + else O_YNO(opt, "http-nodelay", http_nodelay) + else O_YNO(opt, "http-notls-downstream", http_notls_downstream) else O_YNO(opt, "use-systemd", use_systemd) else O_YNO(opt, "do-daemonize", do_daemonize) else O_STR(opt, "chroot", chrootdir) @@ -986,6 +1041,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "hide-trustanchor", hide_trustanchor) else O_STR(opt, "identity", identity) else O_STR(opt, "version", version) + else O_STR(opt, "nsid", nsid_cfg_str) else O_STR(opt, "target-fetch-policy", target_fetch_policy) else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize) else O_YNO(opt, "harden-large-queries", harden_large_queries) @@ -999,7 +1055,6 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) else O_YNO(opt, "do-not-query-localhost", donotquery_localhost) else O_STR(opt, "module-config", module_conf) - else O_STR(opt, "dlv-anchor-file", dlv_anchor_file) else O_DEC(opt, "val-bogus-ttl", bogus_ttl) else O_YNO(opt, "val-clean-additional", val_clean_additional) else O_DEC(opt, "val-log-level", val_log_level) @@ -1037,7 +1092,6 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "trusted-keys-file", trusted_keys_file_list) else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling) else O_YNO(opt, "root-key-sentinel", root_key_sentinel) - else O_LST(opt, "dlv-anchor", dlv_anchor_list) else O_LST(opt, "control-interface", control_ifs.first) else O_LST(opt, "domain-insecure", domain_insecure) else O_UNS(opt, "val-override-date", val_date_override) @@ -1058,6 +1112,7 @@ config_get_option(struct config_file* cfg, const char* opt, #endif #ifdef USE_DNSTAP else O_YNO(opt, "dnstap-enable", dnstap) + else O_YNO(opt, "dnstap-bidirectional", dnstap_bidirectional) else O_STR(opt, "dnstap-socket-path", dnstap_socket_path) else O_STR(opt, "dnstap-ip", dnstap_ip) else O_YNO(opt, "dnstap-tls", dnstap_tls) @@ -1104,6 +1159,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones) else O_DEC(opt, "max-udp-size", max_udp_size) else O_LST(opt, "python-script", python_script) + else O_LST(opt, "dynlib-file", dynlib_file) else O_YNO(opt, "disable-dnssec-lame-check", disable_dnssec_lame_check) else O_DEC(opt, "ip-ratelimit", ip_ratelimit) else O_DEC(opt, "ratelimit", ratelimit) @@ -1133,6 +1189,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "pad-responses-block-size", pad_responses_block_size) else O_YNO(opt, "pad-queries", pad_queries) else O_DEC(opt, "pad-queries-block-size", pad_queries_block_size) + else O_LS2(opt, "edns-client-strings", edns_client_strings) #ifdef USE_IPSECMOD else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled) else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus) @@ -1394,8 +1451,8 @@ config_delviews(struct config_view* p) p = np; } } -/** delete string array */ -static void + +void config_del_strarray(char** array, int num) { int i; @@ -1437,6 +1494,7 @@ config_delete(struct config_file* cfg) config_delstrlist(cfg->tls_session_ticket_keys.first); free(cfg->tls_ciphers); free(cfg->tls_ciphersuites); + free(cfg->http_endpoint); if(cfg->log_identity) { log_ident_revert_to_default(); free(cfg->log_identity); @@ -1455,6 +1513,8 @@ config_delete(struct config_file* cfg) #endif free(cfg->identity); free(cfg->version); + free(cfg->nsid_cfg_str); + free(cfg->nsid); free(cfg->module_conf); free(cfg->outgoing_avail_ports); config_delstrlist(cfg->caps_whitelist); @@ -1465,8 +1525,6 @@ config_delete(struct config_file* cfg) config_delstrlist(cfg->trusted_keys_file_list); config_delstrlist(cfg->trust_anchor_list); config_delstrlist(cfg->domain_insecure); - free(cfg->dlv_anchor_file); - config_delstrlist(cfg->dlv_anchor_list); config_deldblstrlist(cfg->acls); config_deldblstrlist(cfg->tcp_connection_limits); free(cfg->val_nsec3_key_iterations); @@ -1501,6 +1559,8 @@ config_delete(struct config_file* cfg) config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_below_domain); config_delstrlist(cfg->python_script); + config_delstrlist(cfg->dynlib_file); + config_deldblstrlist(cfg->edns_client_strings); #ifdef USE_IPSECMOD free(cfg->ipsecmod_hook); config_delstrlist(cfg->ipsecmod_whitelist); @@ -1993,6 +2053,37 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str, return taglist; } +uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len) +{ + uint8_t* nsid = NULL; + + if (strncasecmp(str, "ascii_", 6) == 0) { + if ((nsid = (uint8_t *)strdup(str + 6))) + *nsid_len = strlen(str + 6); + + } else if (strlen(str) % 2) + ; /* hex string has even number of characters */ + + else if (*str && (nsid = calloc(1, strlen(str) / 2))) { + const char *ch; + uint8_t *dp; + + for ( ch = str, dp = nsid + ; isxdigit(ch[0]) && isxdigit(ch[1]) + ; ch += 2, dp++) { + *dp = (uint8_t)sldns_hexdigit_to_int(ch[0]) * 16; + *dp += (uint8_t)sldns_hexdigit_to_int(ch[1]); + } + if (*ch) { + free(nsid); + nsid = NULL; + } else + *nsid_len = strlen(str) / 2; + } + return nsid; +} + + char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, size_t taglen) { @@ -2045,6 +2136,8 @@ config_apply(struct config_file* config) log_set_time_asc(config->log_time_ascii); autr_permit_small_holddown = config->permit_small_holddown; stream_wait_max = config->stream_wait_size; + http2_query_buffer_max = config->http_query_buffer_size; + http2_response_buffer_max = config->http_response_buffer_size; } void config_lookup_uid(struct config_file* cfg) diff --git a/util/config_file.h b/util/config_file.h index 3941f7e85..480b800c0 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -128,6 +128,23 @@ struct config_file { char* tls_ciphers; /** TLS chiphersuites (TLSv1.3) */ char* tls_ciphersuites; + /** if SNI is to be used */ + int tls_use_sni; + + /** port on which to provide DNS over HTTPS service */ + int https_port; + /** endpoint for HTTP service */ + char* http_endpoint; + /** MAX_CONCURRENT_STREAMS HTTP/2 setting */ + uint32_t http_max_streams; + /** maximum size of all HTTP2 query buffers combined. */ + size_t http_query_buffer_size; + /** maximum size of all HTTP2 response buffers combined. */ + size_t http_response_buffer_size; + /** set TCP_NODELAY option for http sockets */ + int http_nodelay; + /** Disable TLS for http sockets downstream */ + int http_notls_downstream; /** outgoing port range number of ports (per thread) */ int outgoing_num_ports; @@ -164,8 +181,12 @@ struct config_file { size_t infra_cache_numhosts; /** min value for infra cache rtt */ int infra_cache_min_rtt; + /** keep probing hosts that are down */ + int infra_keep_probing; /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ int delay_close; + /** udp_connect enable uses UDP connect to mitigate ICMP side channel */ + int udp_connect; /** the target fetch policy for the iterator */ char* target_fetch_policy; @@ -317,6 +338,10 @@ struct config_file { char* identity; /** version, package version returned if "". */ char* version; + /** nsid */ + char *nsid_cfg_str; + uint8_t *nsid; + uint16_t nsid_len; /** the module configuration string */ char* module_conf; @@ -329,10 +354,6 @@ struct config_file { struct config_strlist* auto_trust_anchor_file_list; /** files with trusted DNSKEYs in named.conf format, list */ struct config_strlist* trusted_keys_file_list; - /** DLV anchor file */ - char* dlv_anchor_file; - /** DLV anchor inline */ - struct config_strlist* dlv_anchor_list; /** insecure domain list */ struct config_strlist* domain_insecure; /** send key tag query */ @@ -448,6 +469,9 @@ struct config_file { /** Python script file */ struct config_strlist* python_script; + /** Dynamic library file */ + struct config_strlist* dynlib_file; + /** Use systemd socket activation. */ int use_systemd; @@ -476,6 +500,8 @@ struct config_file { /** true to enable dnstap support */ int dnstap; + /** using bidirectional frame streams if true */ + int dnstap_bidirectional; /** dnstap socket path */ char* dnstap_socket_path; /** dnstap IP */ @@ -546,6 +572,11 @@ struct config_file { /** SHM data - key for the shm */ int shm_key; + /** list of EDNS client string entries, linked list */ + struct config_str2list* edns_client_strings; + /** EDNS opcode to use for EDNS client strings */ + uint16_t edns_client_string_opcode; + /** DNSCrypt */ /** true to enable dnscrypt */ int dnscrypt; @@ -629,6 +660,10 @@ extern gid_t cfg_gid; extern int autr_permit_small_holddown; /** size (in bytes) of stream wait buffers max */ extern size_t stream_wait_max; +/** size (in bytes) of all total HTTP2 query buffers max */ +extern size_t http2_query_buffer_max; +/** size (in bytes) of all total HTTP2 response buffers max */ +extern size_t http2_response_buffer_max; /** * Stub config options @@ -974,6 +1009,9 @@ void config_deldblstrlist(struct config_str2list* list); */ void config_deltrplstrlist(struct config_str3list* list); +/** delete string array */ +void config_del_strarray(char** array, int num); + /** delete stringbytelist */ void config_del_strbytelist(struct config_strbytelist* list); @@ -1047,6 +1085,16 @@ int cfg_count_numbers(const char* str); */ int cfg_parse_memsize(const char* str, size_t* res); +/** + * Parse nsid from string into binary nsid. nsid is either a hexidecimal + * string or an ascii string prepended with ascii_ in which case the + * characters after ascii_ are simply copied. + * @param str: the string to parse. + * @param nsid_len: returns length of nsid in bytes. + * @return malloced bytes or NULL on parse error or malloc failure. + */ +uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len); + /** * Add a tag name to the config. It is added at the end with a new ID value. * @param cfg: the config structure. diff --git a/util/configlexer.c b/util/configlexer.c index e8bba6b94..f5e09d2dd 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg ); (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 315 -#define YY_END_OF_BUFFER 316 +#define YY_NUM_RULES 342 +#define YY_END_OF_BUFFER 343 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,350 +363,375 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[3109] = +static const flex_int16_t yy_accept[3341] = { 0, - 1, 1, 297, 297, 301, 301, 305, 305, 309, 309, - 1, 1, 316, 313, 1, 295, 295, 314, 2, 314, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 297, 298, 298, 299, 314, 301, 302, 302, - 303, 314, 308, 305, 306, 306, 307, 314, 309, 310, - 310, 311, 314, 312, 296, 2, 300, 314, 312, 313, - 0, 1, 2, 2, 2, 2, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 1, 1, 316, 316, 320, 320, 324, 324, 328, 328, + 1, 1, 332, 332, 336, 336, 343, 340, 1, 314, + 314, 341, 2, 341, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 316, 317, 317, 318, + 341, 320, 321, 321, 322, 341, 327, 324, 325, 325, + 326, 341, 328, 329, 329, 330, 341, 339, 315, 2, + 319, 341, 339, 335, 332, 333, 333, 334, 341, 336, + 337, 337, 338, 341, 340, 0, 1, 2, 2, 2, + 2, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 297, 0, 301, 0, 308, 0, 305, 309, 0, - 312, 0, 2, 2, 312, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 316, + 0, 320, 0, 327, 0, 324, 328, 0, 339, 0, + 2, 2, 339, 335, 0, 332, 336, 0, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 312, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 339, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 114, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 122, - 313, 313, 313, 313, 313, 313, 313, 312, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 125, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 134, + 340, 340, 340, 340, 340, 340, 340, 339, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 98, 313, 313, 313, 313, 313, 313, - 313, 313, 8, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 115, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 109, 340, 313, 340, + 340, 340, 340, 340, 340, 340, 8, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 127, 313, 312, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 290, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 126, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 139, 340, 339, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 312, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 56, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 224, 313, 14, 15, 313, 19, 18, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 306, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 121, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 208, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 3, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 339, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 64, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 238, 340, 14, 15, 340, 19, 18, 340, 340, 222, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 312, 313, 313, - 313, 313, 313, 313, 313, 284, 313, 313, 283, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 304, 313, 313, 313, 313, 313, + 340, 132, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 220, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 3, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 339, - 313, 313, 55, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 59, - 313, 254, 313, 313, 313, 313, 313, 313, 313, 313, - 291, 292, 313, 313, 313, 313, 313, 313, 313, 60, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 118, 313, 313, 313, - 313, 313, 313, 313, 313, 197, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 21, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 300, 340, 340, + 299, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 323, 340, + 340, 340, 340, 340, 340, 340, 340, 63, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 67, 340, 269, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 146, 313, 313, 304, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 96, 313, - 313, 313, 313, 313, 313, 313, 262, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 169, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 145, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 307, 308, 340, 340, 340, + 340, 340, 340, 340, 68, 340, 340, 133, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 129, 340, 340, 340, 340, 340, 340, 340, + 340, 209, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 21, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 158, 340, 340, 339, 323, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 95, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 32, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 33, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 57, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 120, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 107, 340, + 340, 340, 340, 340, 340, 340, 277, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 181, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 157, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 113, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 58, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 227, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 170, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 46, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 106, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 32, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 33, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 65, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 131, 339, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 245, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 50, 313, 51, 313, 313, 313, - 313, 313, 99, 313, 100, 313, 313, 313, 313, 97, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 7, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 124, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 66, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 242, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 182, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 54, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 217, 313, 313, 313, - 313, 148, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 228, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 47, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 189, 313, 188, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 260, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 58, 340, 59, 340, 340, 340, 340, + 340, 110, 340, 111, 340, 340, 340, 340, 108, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 7, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 16, 17, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 61, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 196, 313, 313, 313, 313, - 313, 313, 102, 313, 101, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 180, 313, 313, 313, 313, - 313, 313, 313, 313, 128, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 80, 313, 313, 313, 313, 313, + 339, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 231, + 340, 340, 340, 340, 160, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 243, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 45, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 55, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 84, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 54, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 183, 184, - 313, 313, 313, 256, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 6, 313, 313, 313, - 313, 313, 313, 275, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 201, 340, 200, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 16, 17, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 69, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 208, 340, 340, 340, 340, 340, 340, 113, 340, + 112, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 192, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 260, 313, 313, 313, 313, 313, 313, 285, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 42, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 44, 313, 313, 313, 313, 313, 313, 313, - 313, 176, 313, 313, 313, 123, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 201, 313, 177, 313, - 313, 313, 214, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 140, 339, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 101, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 89, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 221, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 94, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 62, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 45, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 125, 107, 313, 108, 313, 313, 313, 106, - 313, 313, 313, 313, 313, 313, 313, 313, 143, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 244, 313, 313, 313, 313, 313, 313, 313, 313, 178, - 313, 313, 313, 313, 313, 181, 313, 187, 313, 313, - 313, 313, 313, 213, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 94, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 119, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 195, 196, 340, 340, 340, 271, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 6, 340, + 340, 340, 340, 340, 340, 290, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 275, 340, 340, 340, 340, 340, 340, + 301, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 42, 340, 340, 340, 340, 44, 340, 340, 340, + 90, 340, 340, 340, 340, 340, 52, 340, 340, 340, - 313, 313, 313, 313, 313, 313, 52, 313, 313, 313, - 26, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 20, 313, 313, 313, 313, 313, 313, 27, 36, 313, - 153, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 69, 71, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 264, 313, 313, 313, 225, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 109, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 339, 340, 188, 340, 340, 340, + 135, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 213, 340, 189, 340, 340, 340, 228, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 53, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 137, + 118, 340, 119, 340, 340, 340, 117, 340, 340, 340, + 340, 340, 340, 340, 340, 155, 340, 340, 50, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 259, 340, 340, 340, 340, - 313, 142, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 279, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 147, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 273, - 313, 313, 313, 207, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 288, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 164, 313, 313, 313, 313, - 313, 313, 313, 313, 103, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 190, 340, 340, 340, 340, + 340, 193, 340, 199, 340, 340, 340, 340, 340, 227, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 105, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 130, 340, 340, 340, 340, + 340, 340, 60, 340, 340, 340, 26, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 20, 340, 340, 340, + 340, 340, 340, 27, 36, 340, 165, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 159, 313, 171, 313, 313, 313, - 313, 313, 131, 313, 313, 313, 313, 313, 90, 313, - 313, 313, 313, 199, 313, 313, 313, 313, 313, 313, - 215, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 236, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 124, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 163, 313, 313, - 313, 313, 313, 72, 73, 313, 313, 313, 313, 313, - 53, 313, 313, 313, 313, 313, 79, 172, 313, 190, - 313, 218, 313, 313, 182, 257, 313, 313, 313, 313, + 339, 340, 340, 340, 340, 340, 340, 77, 79, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 279, 340, 340, 340, 340, 239, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 120, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 154, 340, 46, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 294, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 65, 313, 174, 313, 313, 313, 313, 313, 9, - 313, 313, 313, 313, 313, 93, 313, 313, 313, 313, - 249, 313, 313, 313, 313, 198, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 162, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 149, 313, 263, 313, - 313, 313, 313, 235, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 159, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 288, 340, 340, 340, + 219, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 304, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 176, 340, 340, 340, 340, 340, 340, 340, + 340, 114, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 171, 340, 183, 340, 340, 340, 340, 339, 340, + 143, 340, 340, 340, 340, 340, 100, 340, 340, 340, + 340, 211, 340, 340, 340, 340, 340, 340, 229, 340, - 313, 313, 313, 313, 313, 209, 313, 313, 313, 313, - 255, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 282, 313, 173, 313, 313, - 313, 313, 313, 313, 313, 64, 66, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 92, 313, 313, 313, - 313, 247, 313, 313, 313, 313, 259, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 203, 34, - 28, 30, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 35, 313, 29, 31, 313, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 251, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 136, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 175, 340, 340, 340, 340, 340, 340, 80, 340, + 81, 340, 340, 340, 340, 340, 61, 297, 340, 340, + 340, 340, 340, 88, 184, 340, 202, 340, 232, 340, + 340, 194, 272, 340, 340, 340, 340, 340, 73, 340, + 186, 340, 340, 340, 340, 340, 9, 340, 340, 340, + 340, 340, 104, 340, 340, 340, 340, 264, 340, 340, - 313, 313, 313, 89, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 205, 202, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 63, 313, 313, 126, 313, 110, 313, 313, 313, 313, - 313, 313, 313, 313, 144, 13, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 277, 313, 280, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 12, 313, - 313, 22, 313, 313, 313, 313, 313, 253, 313, 313, - 313, 313, 261, 313, 313, 313, 67, 313, 211, 313, + 340, 340, 210, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 339, 340, + 340, 340, 340, 174, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 161, 340, 278, 340, 340, 340, + 340, 340, 250, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 223, 340, 340, 340, 340, 340, + 270, 340, 340, 340, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 204, 313, 313, 62, 313, 313, 313, - 313, 23, 313, 43, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 158, 157, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 206, 200, 313, - 216, 313, 313, 265, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 74, 313, 313, 313, 248, 313, 313, 313, 313, - 186, 313, 313, 313, 313, 210, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 286, 287, 155, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 298, 340, 185, 340, 340, 340, 340, 340, 340, + 340, 72, 74, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 103, 340, 340, 340, 340, 262, 340, 340, + 340, 340, 274, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 215, 34, 28, 30, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 35, 340, 29, + 31, 340, 340, 340, 340, 340, 340, 340, 340, 99, + 340, 340, 340, 340, 340, 340, 339, 340, 340, 340, - 313, 313, 68, 313, 313, 313, 313, 165, 313, 313, - 104, 105, 313, 313, 313, 313, 150, 313, 152, 313, - 191, 313, 313, 313, 313, 156, 313, 313, 219, 313, - 313, 313, 313, 313, 313, 313, 133, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 226, 313, - 313, 313, 313, 313, 313, 313, 24, 313, 258, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 192, 313, 313, 246, 313, 281, 313, 185, 313, 313, - 313, 313, 48, 313, 313, 313, 313, 313, 313, 4, - 313, 313, 313, 313, 117, 132, 313, 313, 313, 313, + 340, 340, 340, 340, 340, 340, 340, 340, 217, 214, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 71, 340, + 340, 340, 138, 340, 121, 340, 340, 340, 340, 340, + 340, 340, 340, 156, 47, 340, 340, 340, 331, 13, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 292, 340, 295, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 12, 340, 340, 22, 340, 340, 340, + 340, 340, 268, 340, 340, 340, 340, 276, 340, 340, + 340, 75, 340, 225, 340, 340, 340, 340, 216, 340, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 222, 37, 38, 313, 313, 313, - 313, 313, 313, 313, 266, 313, 313, 313, 313, 313, - 313, 234, 313, 313, 313, 313, 313, 313, 313, 195, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 77, - 313, 49, 252, 313, 223, 313, 313, 313, 313, 11, - 313, 313, 313, 313, 313, 313, 313, 313, 116, 313, - 313, 313, 313, 193, 81, 313, 40, 313, 313, 313, - 313, 313, 313, 313, 313, 161, 313, 313, 313, 313, - 313, 135, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 70, 340, 340, 340, 340, 23, 340, 43, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 170, 169, 331, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 218, 212, 340, 230, 340, 340, 280, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 82, 340, 340, 340, 340, 263, 340, 340, + 340, 340, 198, 340, 340, 340, 340, 224, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 302, - 313, 233, 313, 313, 313, 313, 129, 313, 313, 111, - 112, 313, 313, 313, 83, 87, 82, 313, 75, 313, - 313, 313, 313, 313, 10, 313, 313, 313, 313, 313, - 250, 289, 313, 313, 313, 313, 294, 39, 313, 313, - 313, 313, 313, 160, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 88, 86, 313, 76, - 278, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 179, 313, 313, 313, 313, 313, 194, 313, 313, 313, - 313, 313, 313, 313, 313, 151, 70, 313, 313, 313, + 303, 167, 340, 340, 76, 340, 340, 340, 340, 177, + 340, 340, 115, 116, 340, 340, 340, 340, 162, 340, + 164, 340, 203, 340, 340, 340, 340, 168, 340, 340, + 233, 340, 340, 340, 340, 340, 340, 340, 145, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 241, 340, 340, 340, 340, 340, 340, 340, 311, + 340, 24, 340, 273, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 86, 204, + 340, 340, 261, 340, 296, 340, 197, 340, 340, 340, + 340, 56, 340, 340, 340, 340, 340, 340, 4, 340, - 313, 313, 267, 313, 313, 313, 313, 313, 313, 313, - 230, 313, 313, 229, 130, 313, 85, 136, 137, 140, - 141, 138, 139, 78, 276, 313, 313, 251, 313, 313, - 313, 313, 154, 313, 313, 313, 313, 313, 221, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 167, 166, 41, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 274, 313, 313, 313, 313, 91, 313, 220, 313, 243, - 271, 313, 313, 313, 313, 313, 313, 313, 313, 313, + 340, 340, 340, 128, 144, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 236, 37, 38, 340, 340, 340, 340, + 340, 340, 340, 281, 340, 340, 340, 340, 340, 340, + 340, 249, 340, 340, 340, 340, 340, 340, 340, 340, + 207, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 85, 340, 57, 267, 340, 237, 340, + 340, 340, 340, 11, 340, 340, 340, 340, 340, 340, + 340, 340, 127, 340, 340, 340, 340, 205, 91, 340, + 40, 340, 340, 340, 340, 340, 340, 340, 340, 173, - 313, 313, 313, 5, 313, 313, 212, 313, 313, 272, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 231, - 25, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 232, 313, 313, 313, 134, 313, 313, - 313, 313, 313, 313, 313, 313, 168, 313, 175, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 268, 313, - 313, 313, 313, 313, 313, 313, 313, 313, 313, 313, - 313, 313, 313, 313, 313, 313, 293, 313, 313, 239, - 313, 313, 313, 313, 313, 269, 313, 313, 313, 313, - 313, 313, 270, 313, 313, 313, 237, 313, 240, 241, + 340, 340, 340, 340, 340, 147, 340, 340, 340, 340, + 240, 340, 340, 340, 340, 340, 248, 340, 340, 340, + 340, 141, 340, 340, 340, 122, 123, 340, 340, 340, + 93, 97, 92, 340, 340, 340, 340, 83, 340, 340, + 340, 340, 340, 10, 340, 340, 340, 340, 340, 265, + 305, 340, 340, 340, 340, 310, 39, 340, 340, 340, + 340, 340, 172, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 98, 96, 340, 51, + 340, 340, 84, 293, 340, 340, 340, 340, 340, 340, - 313, 313, 313, 313, 313, 238, 242, 0 + 340, 340, 340, 191, 340, 340, 340, 340, 340, 206, + 340, 340, 340, 340, 340, 340, 340, 340, 163, 78, + 340, 340, 340, 340, 340, 282, 340, 340, 340, 340, + 340, 340, 340, 245, 340, 340, 244, 142, 340, 340, + 95, 48, 340, 148, 149, 152, 153, 150, 151, 87, + 291, 340, 340, 266, 340, 340, 340, 340, 166, 340, + 340, 340, 340, 340, 235, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 179, 178, 41, 340, 340, + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + + 340, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 289, 340, 340, 340, 340, 102, 340, 234, 340, 258, + 286, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 312, 340, 49, 5, 340, 340, 226, 340, + 340, 287, 340, 340, 340, 340, 340, 340, 340, 340, + 340, 246, 25, 340, 340, 340, 340, 340, 340, 340, + 340, 340, 340, 340, 340, 247, 340, 340, 340, 146, + 340, 340, 340, 340, 340, 340, 340, 340, 180, 340, + 187, 340, 340, 340, 340, 340, 340, 340, 340, 340, + 283, 340, 340, 340, 340, 340, 340, 340, 340, 340, + + 340, 340, 340, 340, 340, 340, 340, 340, 309, 340, + 340, 254, 340, 340, 340, 340, 340, 284, 340, 340, + 340, 340, 340, 340, 285, 340, 340, 340, 252, 340, + 255, 256, 340, 340, 340, 340, 340, 253, 257, 0 } ; static const YY_CHAR yy_ec[256] = @@ -749,2052 +774,2200 @@ static const YY_CHAR yy_meta[41] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[3123] = +static const flex_int16_t yy_base[3359] = { 0, 0, 0, 38, 41, 44, 46, 59, 65, 71, 77, - 90, 112, 1561, 1369, 81, 6063, 6063, 6063, 96, 52, - 106, 63, 107, 111, 70, 128, 130, 133, 57, 88, - 76, 135, 141, 117, 163, 134, 151, 165, 174, 179, - 190, 145, 1331, 6063, 6063, 6063, 107, 1281, 6063, 6063, - 6063, 165, 1175, 1158, 6063, 6063, 6063, 212, 1094, 6063, - 6063, 6063, 216, 816, 6063, 220, 6063, 224, 157, 782, - 228, 234, 0, 240, 0, 0, 201, 225, 85, 182, - 176, 232, 234, 114, 236, 209, 241, 224, 238, 244, - 252, 248, 249, 256, 254, 258, 257, 259, 266, 271, + 90, 112, 96, 118, 124, 136, 4574, 4073, 81, 6519, + 6519, 6519, 129, 52, 130, 63, 131, 152, 70, 140, + 149, 156, 57, 88, 76, 173, 175, 95, 197, 145, + 185, 199, 208, 213, 178, 123, 3610, 6519, 6519, 6519, + 107, 3567, 6519, 6519, 6519, 154, 3481, 3242, 6519, 6519, + 6519, 245, 3155, 6519, 6519, 6519, 163, 2778, 6519, 249, + 6519, 253, 148, 2533, 2411, 6519, 6519, 6519, 257, 2074, + 6519, 6519, 6519, 233, 2014, 263, 201, 0, 267, 0, + 0, 165, 191, 221, 252, 205, 181, 265, 92, 261, - 279, 251, 278, 281, 282, 285, 289, 287, 292, 295, - 296, 297, 307, 300, 308, 310, 314, 313, 315, 320, - 322, 321, 161, 324, 331, 325, 159, 327, 329, 337, - 332, 342, 346, 352, 351, 354, 358, 357, 359, 360, - 356, 729, 381, 686, 383, 599, 390, 452, 286, 394, - 189, 398, 402, 0, 379, 394, 403, 387, 396, 398, - 364, 400, 401, 404, 409, 407, 415, 416, 418, 421, - 422, 431, 430, 432, 434, 429, 437, 439, 445, 438, - 455, 447, 454, 456, 460, 461, 462, 463, 464, 481, - 466, 472, 467, 490, 488, 497, 500, 486, 502, 504, + 216, 263, 271, 272, 210, 279, 274, 282, 278, 291, + 283, 286, 276, 285, 295, 293, 306, 314, 297, 313, + 317, 311, 315, 319, 321, 331, 327, 332, 336, 322, + 339, 337, 346, 345, 347, 348, 353, 351, 357, 284, + 358, 359, 369, 360, 380, 365, 381, 379, 375, 366, + 367, 389, 390, 394, 393, 395, 396, 403, 404, 1925, + 419, 1172, 422, 924, 429, 854, 832, 433, 781, 437, + 441, 0, 433, 705, 447, 479, 287, 452, 411, 445, + 426, 446, 447, 448, 449, 450, 451, 453, 452, 456, + 470, 234, 463, 473, 481, 479, 476, 483, 486, 487, - 474, 511, 507, 514, 515, 510, 522, 518, 519, 520, - 521, 523, 524, 526, 528, 529, 534, 477, 530, 542, - 543, 535, 547, 537, 552, 544, 560, 555, 556, 564, - 557, 558, 573, 574, 569, 577, 570, 465, 578, 581, - 589, 590, 585, 572, 586, 593, 592, 594, 596, 598, - 597, 606, 614, 610, 612, 619, 609, 618, 621, 622, - 623, 601, 633, 625, 635, 629, 641, 634, 642, 644, - 640, 646, 647, 649, 648, 660, 651, 664, 666, 669, - 655, 670, 662, 678, 673, 674, 675, 677, 679, 681, - 682, 683, 685, 688, 694, 689, 698, 691, 705, 708, + 488, 489, 491, 492, 501, 500, 502, 505, 508, 510, + 511, 460, 509, 513, 527, 515, 516, 519, 538, 529, + 540, 543, 539, 548, 555, 400, 550, 551, 558, 553, + 560, 561, 569, 562, 565, 566, 567, 570, 572, 574, + 576, 579, 578, 582, 577, 590, 591, 585, 595, 594, + 606, 601, 608, 604, 605, 362, 607, 611, 615, 623, + 612, 627, 613, 614, 629, 633, 640, 641, 636, 622, + 637, 639, 643, 644, 646, 648, 647, 656, 660, 659, + 663, 667, 657, 665, 669, 671, 673, 649, 682, 675, + 684, 688, 680, 683, 690, 692, 694, 696, 695, 699, - 697, 719, 712, 702, 710, 722, 713, 717, 714, 732, - 746, 741, 733, 742, 747, 749, 751, 724, 754, 755, - 748, 761, 762, 752, 767, 768, 775, 776, 6063, 770, - 773, 786, 784, 791, 792, 785, 798, 772, 793, 806, - 804, 805, 809, 831, 807, 808, 811, 813, 821, 6063, - 820, 824, 855, 825, 833, 849, 845, 815, 837, 844, - 853, 841, 872, 861, 863, 864, 881, 865, 873, 876, - 877, 879, 880, 897, 889, 882, 886, 894, 905, 900, - 901, 904, 913, 903, 906, 912, 907, 914, 915, 920, - 926, 918, 929, 930, 931, 933, 932, 936, 935, 938, + 697, 700, 708, 704, 713, 712, 721, 716, 722, 719, + 731, 732, 727, 717, 728, 729, 733, 736, 730, 740, + 738, 741, 745, 743, 750, 752, 760, 755, 756, 771, + 763, 766, 762, 773, 774, 769, 775, 793, 798, 799, + 786, 800, 801, 804, 803, 805, 807, 808, 809, 818, + 811, 823, 815, 824, 825, 829, 836, 834, 6519, 831, + 833, 847, 848, 849, 852, 765, 856, 858, 839, 868, + 864, 861, 870, 892, 865, 878, 869, 871, 874, 6519, + 887, 880, 916, 882, 889, 902, 903, 900, 904, 905, + 917, 910, 933, 850, 914, 922, 943, 939, 925, 938, - 948, 956, 943, 953, 951, 958, 960, 962, 966, 963, - 969, 970, 971, 972, 980, 977, 978, 979, 983, 985, - 986, 989, 991, 992, 994, 996, 998, 997, 1003, 1007, - 1005, 1013, 846, 6063, 1015, 1008, 1017, 1018, 1019, 1023, - 1021, 1020, 6063, 1024, 1030, 1022, 1037, 1034, 1039, 1046, - 1035, 1045, 1052, 1047, 1048, 1060, 1038, 1059, 1070, 1057, - 1067, 1065, 1068, 1069, 1074, 1066, 1075, 1076, 1077, 1078, - 1097, 6063, 1082, 1084, 1086, 1085, 1093, 1106, 1115, 1107, - 1095, 1112, 1118, 1114, 1121, 1126, 1125, 1130, 1131, 1133, - 1134, 1136, 1140, 1138, 1141, 1139, 1142, 1145, 1143, 1144, + 940, 907, 941, 948, 949, 946, 951, 953, 960, 952, + 957, 959, 971, 961, 970, 972, 965, 974, 980, 985, + 987, 992, 975, 984, 995, 978, 990, 998, 1008, 1003, + 1001, 1009, 1012, 1015, 1023, 1019, 1027, 1028, 1002, 1029, + 1030, 1035, 1031, 1038, 1041, 1039, 1042, 1051, 1049, 1047, + 1048, 1054, 1055, 1056, 1058, 1061, 1064, 1063, 1068, 1072, + 1066, 1073, 1079, 1067, 1085, 1077, 6519, 1089, 6519, 1080, + 1083, 1087, 1092, 1093, 1094, 1095, 6519, 1097, 1100, 1102, + 1105, 1109, 1111, 1110, 1116, 1112, 1123, 1124, 1125, 1128, + 1135, 1130, 1133, 1138, 1137, 1140, 1141, 1144, 1142, 1147, - 1149, 6063, 1156, 1163, 1170, 1157, 1166, 1168, 1171, 1173, - 1083, 1172, 1177, 1178, 1174, 1184, 1192, 1179, 1195, 1193, - 1194, 1196, 1198, 1199, 1200, 1202, 1201, 1215, 1206, 1208, - 1223, 1226, 1225, 1228, 1235, 1212, 1231, 1232, 1230, 1236, - 1238, 1240, 1216, 1242, 1243, 1252, 1250, 1248, 1251, 1253, - 1263, 1255, 1258, 1259, 1264, 1268, 1265, 1270, 1274, 1275, - 1276, 1277, 6063, 1284, 1285, 1288, 1289, 1295, 1296, 1297, - 1287, 1298, 1301, 1304, 1305, 1306, 1312, 1309, 1313, 1307, - 1319, 1321, 1320, 1324, 1322, 1337, 1336, 1338, 1327, 1340, - 1341, 1329, 1350, 1342, 1355, 1353, 1352, 1364, 1359, 1360, + 1149, 1148, 1154, 1155, 1158, 1175, 6519, 1157, 1167, 1162, + 1159, 1168, 1169, 1187, 1185, 1188, 1186, 1190, 1203, 1198, + 1204, 1206, 1207, 1160, 1210, 1212, 1214, 1216, 1217, 1218, + 1219, 1221, 1222, 1223, 1225, 1224, 1228, 6519, 1226, 1236, + 1247, 1242, 1245, 1246, 1248, 1249, 1161, 1251, 1250, 1106, + 517, 1253, 1257, 1258, 1259, 1272, 1267, 1270, 1268, 1269, + 1275, 1274, 1276, 1278, 1287, 1283, 1289, 1291, 1299, 1298, + 1301, 1308, 1310, 1303, 1305, 1311, 1307, 1306, 1313, 1315, + 1322, 1316, 1319, 1326, 1329, 1328, 1331, 1335, 1320, 1336, + 1333, 1341, 1342, 1343, 1344, 1351, 1350, 1346, 1358, 1353, - 1361, 1368, 1351, 1365, 1371, 1367, 1377, 1375, 1383, 1385, - 1384, 1388, 1395, 1390, 1392, 1397, 1400, 1402, 1398, 1403, - 1405, 1406, 1407, 1414, 1409, 1411, 1415, 1418, 1410, 1412, - 1422, 1424, 1432, 1429, 1435, 1436, 1437, 1438, 1440, 1441, - 1444, 1445, 1446, 1452, 1448, 1450, 1451, 1460, 1453, 1468, - 1459, 1461, 1469, 1472, 1476, 1477, 1478, 1485, 1474, 1486, - 1487, 1488, 1489, 1491, 1494, 1497, 1501, 1495, 1504, 1506, - 1508, 1507, 1511, 1514, 1517, 1518, 6063, 1512, 1525, 1520, - 1526, 1524, 1529, 1532, 1539, 1534, 1537, 1535, 1538, 1541, - 1564, 6063, 1543, 6063, 6063, 1545, 6063, 6063, 1546, 1551, + 1356, 1354, 1352, 1373, 1374, 1363, 1365, 6519, 1381, 1367, + 1382, 1383, 1384, 1388, 1390, 1386, 1392, 1393, 1394, 1396, + 1397, 1399, 1403, 1404, 1405, 1406, 1408, 1419, 1416, 1411, + 1427, 1426, 1428, 1418, 1430, 1432, 1431, 1440, 1438, 1441, + 1439, 1445, 1446, 1453, 1448, 1449, 1454, 1463, 1456, 1455, + 1460, 1458, 1466, 1469, 1468, 1483, 1472, 1480, 1488, 1489, + 1479, 1491, 1481, 1492, 1495, 1496, 1497, 1498, 1499, 1507, + 1502, 1503, 1505, 1508, 1509, 1510, 1516, 1511, 1524, 1521, + 1522, 1525, 1530, 1532, 1533, 1531, 1537, 1538, 1539, 1540, + 1546, 1541, 1548, 1550, 1543, 1554, 1553, 1561, 1559, 1563, - 1549, 1548, 1559, 1566, 1568, 1556, 1571, 1570, 1578, 1591, - 1575, 1581, 1582, 1587, 1594, 1589, 1599, 1604, 1596, 1607, - 1613, 1614, 1615, 1622, 1623, 1616, 1619, 1626, 1624, 1627, - 1629, 1631, 1633, 1635, 1639, 1634, 1641, 1636, 1651, 1642, - 1655, 1662, 6063, 1659, 1663, 1666, 1665, 1673, 1668, 1669, - 1672, 1677, 1679, 1674, 1681, 1683, 1643, 1684, 1685, 1686, - 1690, 1687, 1692, 1697, 1693, 6063, 1694, 1695, 1577, 1706, - 1698, 1710, 1709, 1708, 1715, 1716, 1717, 1724, 1719, 1721, - 1726, 1728, 1727, 1731, 6063, 1733, 1739, 1729, 1741, 1732, - 1743, 1744, 1747, 1748, 1749, 1752, 1755, 1754, 1757, 1762, + 1568, 1569, 1572, 1571, 1574, 1580, 1570, 1583, 1584, 1573, + 1586, 1589, 1591, 1594, 1598, 1592, 1599, 1600, 1603, 1604, + 1610, 1611, 1614, 1616, 1618, 6519, 1605, 1628, 1619, 1626, + 1623, 1607, 1629, 1637, 1633, 1636, 1634, 1638, 1640, 1664, + 6519, 1642, 6519, 6519, 1644, 6519, 6519, 1645, 1649, 6519, + 1650, 1653, 1651, 1668, 1658, 1670, 1674, 1675, 1665, 1677, + 1687, 1698, 1689, 1680, 1678, 1688, 1682, 1691, 1703, 1690, + 1704, 1707, 1712, 1724, 1713, 1721, 1714, 1725, 1726, 1728, + 1731, 1735, 1737, 1646, 1738, 1739, 1741, 1742, 1744, 1743, + 1746, 1749, 1752, 1753, 1755, 1748, 1756, 1765, 1767, 1769, - 1761, 1765, 1760, 1766, 1767, 1771, 1778, 1782, 1774, 1784, - 1786, 1787, 1788, 1789, 1790, 1792, 1797, 1796, 1804, 1799, - 1807, 1820, 1813, 1802, 1803, 1800, 1816, 1824, 1828, 1826, - 1818, 1827, 1838, 1830, 1834, 1831, 1839, 1842, 1843, 1847, - 1845, 1835, 1848, 1854, 1852, 6063, 1853, 1855, 6063, 1856, - 1860, 1882, 1861, 1863, 1864, 1866, 1870, 1874, 1873, 1872, - 1875, 1883, 1890, 1892, 1896, 1894, 1899, 1901, 1902, 1905, - 1908, 1910, 1911, 1921, 1922, 1926, 1923, 1933, 1920, 1928, - 1930, 1949, 1931, 1932, 1938, 1934, 1935, 1939, 1945, 1940, - 1941, 1951, 1959, 1961, 6063, 1962, 1964, 1966, 1971, 1978, + 1776, 6519, 1774, 1777, 1786, 1782, 1789, 1781, 1785, 1788, + 1793, 1795, 1790, 1797, 1799, 1800, 1801, 1802, 1803, 1806, + 1808, 1812, 1810, 1827, 1811, 6519, 1814, 1816, 1813, 1824, + 1826, 1828, 1833, 1832, 1834, 1836, 1839, 1848, 1840, 1843, + 1844, 1851, 1849, 1850, 6519, 1854, 1865, 1855, 1857, 1866, + 1868, 1869, 1870, 1871, 1872, 1867, 1757, 1875, 1877, 1880, + 1885, 1883, 1878, 1884, 1899, 1886, 1901, 1903, 1904, 1907, + 1908, 1909, 1910, 1911, 1912, 1914, 1919, 1921, 1918, 1926, + 1922, 1923, 1935, 1944, 1937, 1927, 1939, 1940, 1942, 1947, + 1955, 1879, 1950, 1952, 1960, 1953, 1957, 1958, 1961, 1970, - 1974, 1973, 6063, 1977, 1980, 1981, 1982, 1987, 1983, 1988, - 1990, 1991, 1994, 1995, 1999, 2000, 1998, 2001, 2012, 6063, - 2003, 6063, 2011, 2013, 2015, 2016, 2017, 2021, 2022, 2023, - 6063, 6063, 2024, 2031, 2037, 2026, 2032, 2039, 2042, 6063, - 2043, 2050, 2047, 2053, 2046, 2045, 2052, 2057, 2058, 2061, - 2069, 2062, 2070, 2066, 2067, 2073, 6063, 2074, 2078, 2079, - 2080, 2086, 2083, 2089, 2091, 6063, 2090, 2092, 2095, 2104, - 2106, 2100, 2093, 2107, 2112, 2097, 2114, 2116, 2117, 2118, - 2125, 2127, 2123, 2124, 2130, 2132, 6063, 2122, 2134, 2143, - 2139, 2142, 2138, 2146, 2145, 2148, 2149, 2150, 2153, 2156, + 1962, 1967, 1974, 1972, 1978, 1979, 1980, 6519, 1981, 1982, + 6519, 1987, 1983, 1985, 2007, 1988, 1986, 1993, 1992, 1995, + 1997, 2002, 2011, 2004, 2013, 2030, 2022, 2019, 2032, 2026, + 2034, 2035, 2037, 2038, 2040, 2043, 2044, 2015, 2045, 2060, + 2062, 2059, 2051, 2069, 2055, 2064, 2066, 2085, 2067, 2065, + 2068, 2075, 2071, 2073, 2080, 2076, 2081, 2089, 2094, 2098, + 2096, 2095, 2097, 2102, 2103, 2113, 2116, 2106, 6519, 2123, + 2119, 2109, 2124, 2114, 2131, 2130, 2132, 6519, 2133, 2134, + 2136, 2144, 2137, 2139, 2140, 2141, 2148, 2147, 2153, 2150, + 2154, 2149, 2156, 2166, 6519, 2164, 6519, 2157, 2168, 2170, - 2157, 2164, 2165, 2160, 2162, 2170, 2166, 2172, 2177, 2178, - 2173, 2179, 2180, 2181, 6063, 2182, 2184, 124, 2190, 2187, - 2193, 2192, 2194, 2196, 2198, 2213, 2214, 2210, 2209, 2212, - 2216, 2219, 2220, 2221, 2222, 2224, 2223, 2226, 6063, 2228, - 2229, 2232, 2234, 2240, 2235, 2237, 6063, 2247, 2239, 2258, - 2252, 2254, 2260, 2261, 2264, 2262, 2265, 2266, 2267, 2273, - 2269, 6063, 2275, 2276, 2278, 2277, 2286, 2289, 2287, 2279, - 2290, 2292, 2295, 2298, 2299, 2300, 2301, 2302, 2303, 2304, - 2309, 2308, 2314, 2316, 6063, 2332, 2315, 2319, 2317, 2330, - 2331, 2339, 2322, 2336, 2340, 2344, 2354, 2342, 2347, 2352, + 2169, 2172, 2176, 2174, 2177, 6519, 6519, 2181, 2175, 2192, + 2200, 2178, 2195, 2185, 6519, 2196, 2203, 6519, 2204, 2206, + 2199, 2201, 2207, 2211, 2214, 2215, 2222, 2217, 2224, 2219, + 2220, 2226, 6519, 2228, 2232, 2233, 2236, 2235, 2239, 2242, + 2243, 6519, 2246, 2245, 2248, 2256, 2258, 2259, 2249, 2260, + 2264, 2262, 2266, 2269, 2270, 2271, 2278, 2281, 2274, 2277, + 2283, 2292, 6519, 2276, 2287, 2296, 2293, 2300, 2295, 2297, + 2291, 2301, 2302, 2308, 2303, 2310, 2312, 2313, 2316, 2323, + 2324, 2319, 2321, 2328, 2322, 2329, 2332, 2337, 2331, 2336, + 2338, 2339, 6519, 2340, 2347, 2342, 171, 2351, 2348, 2354, - 2348, 2360, 2357, 2364, 2369, 2370, 2371, 2361, 2378, 2380, - 2368, 2376, 2381, 2384, 2386, 2387, 2389, 2398, 2399, 2395, - 2402, 2396, 2403, 2397, 2417, 2422, 2413, 6063, 2421, 2415, - 2409, 2423, 2434, 2426, 2429, 2431, 2438, 2437, 2439, 2440, - 2441, 2448, 2443, 2445, 2447, 2449, 2450, 2456, 2457, 2460, - 2462, 2469, 2463, 2471, 2472, 6063, 2473, 2477, 2479, 2480, - 2484, 2466, 2488, 2490, 2492, 2481, 2493, 2495, 2496, 2500, - 2499, 2501, 2504, 2505, 2508, 6063, 2509, 2510, 2515, 2517, - 2521, 2518, 2527, 2530, 2528, 2524, 2534, 2536, 2535, 6063, - 2544, 2545, 2541, 2553, 2549, 2537, 2550, 2552, 2554, 6063, + 2350, 2352, 2368, 2353, 2375, 2376, 2356, 2374, 2358, 2377, + 2371, 2378, 2381, 2380, 2383, 2384, 2388, 2387, 6519, 2390, + 2393, 2394, 2396, 2398, 2397, 2400, 6519, 2409, 2420, 2410, + 2423, 2401, 2418, 2424, 2425, 2428, 2426, 2429, 2430, 2431, + 2433, 2436, 2437, 2439, 6519, 2441, 2442, 2451, 2445, 2452, + 2455, 2453, 2454, 2460, 2461, 2464, 2463, 2466, 2467, 2468, + 2470, 2471, 2477, 2481, 2472, 2474, 2484, 2482, 2485, 2486, + 2488, 2490, 2495, 2499, 6519, 2506, 2501, 2503, 2505, 2502, + 2508, 2509, 2511, 2526, 2512, 2518, 2521, 2527, 2535, 2529, + 2530, 2547, 2537, 2545, 2546, 2557, 2556, 2559, 2552, 2549, - 2555, 2557, 2565, 2566, 2562, 6063, 2569, 2564, 2567, 2570, - 2571, 2572, 2576, 2573, 2579, 2581, 2583, 2592, 2586, 2589, - 6063, 2595, 2602, 2597, 2598, 2600, 2603, 2605, 2606, 2611, - 2610, 2613, 6063, 2628, 2625, 2623, 2632, 2618, 2630, 2633, - 2635, 2636, 2638, 2639, 6063, 2641, 2642, 2644, 2645, 2648, - 2647, 2649, 2663, 2658, 2650, 2653, 2661, 2664, 2666, 2672, - 2671, 2675, 2673, 2674, 2681, 2684, 2686, 2687, 2688, 2695, - 2696, 2697, 2700, 6063, 2703, 2705, 2704, 2694, 2706, 2707, - 2710, 2714, 2711, 2716, 2718, 2719, 2721, 2735, 2738, 2725, - 2726, 2728, 2730, 2739, 2736, 2742, 2743, 2744, 2752, 2750, + 2562, 2566, 2560, 2565, 2567, 2568, 2572, 2573, 2574, 2581, + 2584, 2585, 2582, 2589, 2591, 2579, 2594, 2602, 2597, 6519, + 2606, 2601, 2604, 2611, 2618, 2614, 2613, 2619, 2615, 2621, + 2625, 2626, 2627, 2634, 2631, 2638, 2633, 2637, 2636, 2639, + 2640, 2643, 2649, 2652, 2655, 2657, 2659, 6519, 2660, 2662, + 2653, 2664, 2666, 2669, 2675, 2676, 2678, 2671, 2679, 2681, + 2682, 2684, 2685, 2686, 2688, 2693, 2690, 6519, 2696, 2694, + 2698, 2701, 2706, 2704, 2713, 2707, 2714, 2716, 2720, 2721, + 2722, 2723, 2724, 6519, 2732, 2733, 2729, 2741, 2731, 2736, + 2738, 2743, 2744, 6519, 2745, 2746, 2747, 2754, 2756, 2751, - 2751, 2759, 2754, 2758, 2766, 2756, 2757, 2765, 2767, 2768, - 2769, 2770, 2771, 2778, 2774, 2779, 2780, 2788, 2795, 2791, - 2797, 2789, 2799, 2800, 2803, 6063, 2806, 2807, 2804, 2810, - 2811, 2815, 2816, 2823, 2818, 2825, 2826, 2828, 2835, 2820, - 2829, 2834, 2842, 2844, 6063, 2837, 6063, 2841, 2845, 2848, - 2852, 2851, 6063, 2857, 6063, 2858, 2860, 2853, 2863, 6063, - 2864, 2865, 2866, 2872, 2868, 2870, 2874, 2876, 2878, 2886, - 2877, 2882, 2880, 2888, 2884, 2890, 2894, 2896, 2901, 2902, - 2903, 2909, 2904, 2907, 2912, 2913, 2914, 6063, 2921, 2915, - 2917, 2922, 2924, 2925, 2927, 2929, 2935, 2936, 2930, 2940, + 6519, 2758, 2753, 2759, 2761, 2762, 2763, 2765, 2768, 2771, + 2772, 2775, 2780, 2787, 2776, 2784, 6519, 2782, 2796, 2788, + 2794, 2792, 2798, 2802, 2804, 2805, 2807, 2809, 2814, 6519, + 2821, 2820, 2818, 2831, 2808, 2823, 2826, 2832, 2833, 2834, + 2835, 2836, 2839, 6519, 2840, 2842, 2843, 2845, 2847, 2848, + 2850, 2862, 2853, 2857, 2858, 2863, 2864, 2867, 2868, 2870, + 2875, 2871, 2874, 2881, 2884, 2885, 2887, 2890, 2898, 2901, + 2888, 2897, 2900, 2893, 2903, 2905, 2914, 2917, 2918, 2915, + 2919, 6519, 2922, 2923, 2904, 2925, 2926, 2928, 2929, 2930, + 2931, 2933, 2939, 2935, 2934, 2936, 2951, 2958, 2941, 2959, - 2937, 2944, 2943, 2953, 2949, 2958, 6063, 2951, 2960, 2954, - 2961, 6063, 2963, 2962, 2970, 2974, 2964, 2966, 2972, 2976, - 2980, 2977, 2982, 2985, 2996, 2992, 2995, 6063, 2999, 3000, - 2993, 3001, 3012, 3010, 3016, 3019, 3013, 3021, 3009, 3011, - 3023, 3024, 3025, 3033, 3036, 3032, 3040, 3031, 3038, 3046, - 3047, 3035, 3039, 3041, 3048, 3049, 3055, 3051, 3056, 3057, - 3058, 3060, 3065, 6063, 3069, 3070, 3066, 3072, 3076, 3075, - 3079, 3080, 3083, 3081, 3087, 3088, 3085, 6063, 3084, 6063, - 3082, 3102, 3109, 3111, 3106, 3095, 3112, 3117, 3114, 3119, - 3120, 3121, 3122, 3123, 3124, 3128, 3131, 3135, 3136, 3146, + 2946, 2949, 2954, 2962, 2956, 2964, 2969, 2972, 2971, 2970, + 2979, 2974, 2977, 2986, 2978, 2981, 2982, 2985, 2988, 2989, + 2990, 2991, 2995, 2994, 2999, 3003, 3007, 3009, 3011, 3017, + 3012, 3014, 3019, 3020, 6519, 3024, 3028, 3029, 3027, 3030, + 3035, 3031, 3043, 3038, 3041, 3040, 3048, 3051, 3049, 3050, + 3056, 3063, 3059, 6519, 3060, 6519, 3061, 3062, 3064, 3072, + 3070, 6519, 3074, 6519, 3077, 3084, 3071, 3075, 6519, 3085, + 3079, 3086, 3092, 3081, 3089, 3094, 3097, 3098, 3100, 3105, + 3103, 3104, 3106, 3107, 3108, 3111, 3115, 3117, 3120, 3124, + 3126, 3116, 3128, 3118, 3132, 3134, 3137, 3139, 6519, 3142, - 3129, 3137, 3134, 3142, 3132, 3159, 3155, 3151, 6063, 6063, - 3154, 3157, 3161, 3164, 3165, 3166, 3167, 3169, 3172, 3170, - 3173, 3183, 3190, 6063, 3185, 3176, 3186, 3187, 3202, 3193, - 3198, 3206, 3204, 3213, 3210, 6063, 3195, 3203, 3218, 3214, - 3219, 3226, 6063, 3221, 6063, 3205, 3223, 3225, 3230, 3231, - 3232, 3234, 3235, 3237, 3246, 3247, 3238, 3243, 3250, 3252, - 3253, 3260, 3255, 3256, 3257, 6063, 3262, 3259, 3265, 3273, - 3276, 3280, 3274, 3264, 6063, 3267, 3289, 3284, 3286, 3290, - 3292, 3293, 3294, 3296, 3299, 3295, 3297, 3306, 3304, 3302, - 3312, 3322, 3310, 3324, 6063, 3325, 3319, 3332, 3334, 3315, + 3145, 3146, 3148, 3147, 3149, 3150, 3151, 3153, 3154, 3157, + 3160, 3169, 3165, 3168, 3171, 3176, 3185, 3172, 3186, 6519, + 3182, 3184, 3187, 3189, 6519, 3193, 3190, 3199, 3201, 3191, + 3194, 3203, 3204, 3208, 3197, 3210, 3211, 3217, 3219, 3216, + 3224, 6519, 3225, 3228, 3226, 3229, 3237, 3244, 3245, 3241, + 3247, 3249, 3258, 3254, 3240, 3242, 3255, 3256, 3261, 3263, + 3268, 3265, 3272, 3267, 3273, 3280, 3277, 3269, 3271, 3275, + 3283, 3284, 3285, 3286, 3281, 3288, 3294, 3289, 6519, 3293, + 3300, 3301, 3309, 3302, 3307, 3310, 3311, 3313, 6519, 3316, + 3317, 3319, 3320, 3326, 3318, 3321, 3328, 3329, 3331, 3336, - 3329, 3335, 3336, 3337, 3339, 3340, 3341, 3342, 3343, 3345, - 3344, 3352, 3347, 3363, 3348, 3350, 3370, 3372, 3362, 3354, - 3364, 3371, 3376, 3379, 3381, 3385, 3387, 3377, 3389, 3398, - 3390, 3392, 3401, 3402, 3409, 3404, 6063, 3414, 3394, 3416, - 3396, 3415, 3420, 3422, 3430, 3425, 3426, 3427, 3434, 3429, - 6063, 3441, 3417, 3443, 2983, 3433, 3442, 3450, 3432, 3451, - 3454, 3455, 3456, 3458, 3460, 3461, 3464, 3465, 6063, 6063, - 3467, 3468, 3470, 6063, 3471, 3469, 3483, 3474, 3475, 3476, - 3487, 3486, 3484, 3488, 3492, 3497, 6063, 3498, 3505, 3500, - 3501, 3512, 3502, 6063, 3507, 3515, 3517, 3514, 3521, 3511, + 3338, 3341, 3339, 6519, 3342, 6519, 3343, 3346, 3359, 3361, + 3344, 3348, 3364, 3370, 3363, 3354, 3372, 3374, 3365, 3371, + 3380, 3375, 3381, 3382, 3392, 3396, 3378, 3388, 3385, 3383, + 3399, 3406, 3402, 3404, 6519, 6519, 3408, 3409, 3410, 3412, + 3413, 3414, 3417, 3425, 3421, 3420, 3423, 3424, 3436, 6519, + 3429, 3431, 3439, 3440, 3447, 3448, 3450, 3457, 3453, 3460, + 3456, 6519, 3452, 3455, 3465, 3463, 3464, 3474, 6519, 3470, + 6519, 3471, 3475, 3477, 3479, 3480, 3482, 3483, 3484, 3487, + 3502, 3505, 3491, 3501, 3489, 3492, 3503, 3507, 3511, 3518, + 3513, 3514, 3515, 6519, 3517, 3519, 3521, 3523, 3526, 3527, - 3522, 3523, 3524, 3525, 3528, 3532, 3540, 3542, 3529, 3537, - 3544, 6063, 3538, 3539, 3545, 3547, 3551, 3553, 6063, 3555, - 3556, 3557, 3562, 3566, 3569, 3567, 3576, 3559, 3572, 3577, - 3579, 3581, 3582, 3591, 3588, 3587, 3590, 3593, 3595, 6063, - 3597, 3598, 3600, 3605, 3608, 3616, 3617, 3618, 3613, 3619, - 3621, 3628, 6063, 3623, 3625, 3626, 3627, 3636, 3631, 3640, - 3632, 6063, 3637, 3641, 3642, 6063, 3643, 3650, 3655, 3657, - 3645, 3664, 3661, 3663, 3666, 3662, 6063, 3669, 6063, 3670, - 3675, 3676, 6063, 3678, 3679, 3680, 3682, 3683, 3684, 3688, - 3695, 3686, 3696, 3697, 3698, 3699, 3702, 3710, 3700, 3711, + 3520, 3534, 6519, 3536, 3537, 3541, 3542, 3538, 3543, 3545, + 3546, 3547, 3551, 3553, 6519, 3549, 3555, 3564, 3559, 3556, + 3566, 3570, 3573, 3578, 6519, 3579, 3580, 3587, 3583, 3585, + 3586, 3590, 3591, 3592, 3594, 3595, 3596, 3598, 3599, 3604, + 3600, 3602, 3609, 3605, 3617, 3619, 3606, 3627, 3634, 3620, + 6519, 3623, 3630, 3632, 3633, 3635, 3636, 3638, 3644, 3646, + 3640, 3655, 3656, 3647, 3651, 3659, 3661, 3669, 3664, 6519, + 3676, 3662, 3677, 3666, 3675, 3674, 3679, 3681, 3683, 3685, + 3684, 3687, 3688, 3690, 3702, 3694, 3697, 3693, 3698, 3709, + 3701, 6519, 3716, 3712, 3704, 3720, 3714, 3723, 3730, 3727, - 3701, 3708, 6063, 3712, 3709, 3714, 3725, 3721, 3716, 3729, - 3731, 3732, 6063, 6063, 3734, 6063, 3735, 3737, 3739, 6063, - 3741, 3740, 3748, 3743, 3746, 3749, 3758, 3744, 6063, 3759, - 3761, 3762, 3764, 3765, 3767, 3768, 3770, 3769, 3772, 3771, - 6063, 3774, 3776, 3784, 3775, 3778, 3789, 3791, 3785, 6063, - 3797, 3799, 3800, 3803, 3804, 6063, 3806, 6063, 3807, 3810, - 3809, 3812, 3813, 6063, 3820, 3816, 3824, 3817, 3826, 3827, - 3828, 3834, 3835, 3836, 3844, 3837, 3841, 3840, 3851, 3847, - 6063, 3846, 3848, 3858, 3859, 3849, 3861, 3869, 3866, 3868, - 3867, 3872, 3874, 3875, 3876, 3878, 3882, 3884, 3883, 6063, + 3728, 3729, 3732, 3733, 3734, 3737, 3739, 3740, 3743, 3744, + 6519, 6519, 3746, 3747, 3749, 6519, 3751, 3752, 3762, 3754, + 3755, 3763, 3767, 3766, 3765, 3768, 3770, 3771, 6519, 3777, + 3785, 3780, 3781, 3789, 3784, 6519, 3790, 3798, 3794, 3797, + 3795, 3799, 3801, 3803, 3805, 3806, 3807, 3810, 3818, 3822, + 3814, 3813, 3817, 6519, 3823, 3825, 3826, 3830, 3827, 3835, + 6519, 3832, 3836, 3838, 3839, 3842, 3845, 3852, 3854, 3855, + 3856, 3858, 3857, 3859, 3860, 3867, 3866, 3864, 3872, 3873, + 3878, 6519, 3875, 3883, 3865, 3887, 6519, 3889, 3896, 3897, + 6519, 3898, 3893, 3900, 3901, 3908, 6519, 3903, 3906, 3904, - 3886, 3890, 3893, 3900, 3896, 3897, 6063, 3903, 3902, 3906, - 6063, 3904, 3908, 3910, 3913, 3916, 3918, 3921, 3924, 3920, - 6063, 3927, 3929, 3922, 3925, 3926, 3923, 6063, 6063, 3940, - 6063, 3943, 3933, 3945, 3944, 3947, 3948, 3951, 3952, 3954, - 3955, 3963, 3964, 3958, 3976, 3979, 3983, 3965, 3978, 3980, - 6063, 6063, 3982, 3984, 3987, 3989, 3990, 3992, 3993, 4001, - 3997, 4005, 4008, 3998, 4015, 6063, 4012, 3994, 4013, 6063, - 4018, 4019, 4021, 4020, 4022, 4023, 4026, 4025, 4028, 4029, - 4031, 4032, 4034, 4047, 4037, 4038, 4039, 4048, 4046, 4054, - 4056, 6063, 4057, 4060, 4061, 4062, 4040, 4067, 4066, 4069, + 3907, 3917, 3909, 3918, 3920, 3914, 6519, 3921, 3922, 3923, + 6519, 3924, 3929, 3935, 3937, 3938, 3945, 3940, 3942, 3943, + 3944, 6519, 3950, 6519, 3948, 3952, 3956, 6519, 3954, 3959, + 3960, 3962, 3963, 3968, 3969, 3967, 3976, 3977, 3978, 3980, + 3981, 3979, 3984, 3988, 3985, 3986, 3990, 3991, 6519, 3992, + 3994, 4001, 3996, 4006, 4002, 4009, 3999, 4013, 4014, 6519, + 6519, 4023, 6519, 4025, 4015, 4017, 6519, 4019, 4024, 4032, + 4029, 4035, 4037, 4041, 4042, 6519, 4044, 4047, 6519, 4030, + 4045, 4055, 4052, 4054, 4057, 4060, 4056, 4058, 4062, 4063, + 4066, 4068, 4064, 4067, 4072, 6519, 4069, 4070, 4071, 4085, - 4068, 6063, 4073, 4071, 4074, 4078, 4076, 4082, 4083, 4093, - 4097, 4094, 4098, 4099, 4101, 4103, 4107, 6063, 4114, 4104, - 4105, 4106, 4116, 4121, 4108, 4123, 4117, 4129, 4126, 4131, - 4133, 4138, 4130, 4134, 4139, 4140, 6063, 4142, 4146, 4148, - 4150, 4151, 4152, 4154, 4155, 4161, 4162, 4163, 4164, 6063, - 4165, 4168, 4173, 6063, 4170, 4174, 4176, 4175, 4183, 4177, - 4184, 4185, 4186, 6063, 4193, 4188, 4195, 4198, 4199, 4203, - 4194, 4204, 4206, 4207, 4210, 6063, 4211, 4214, 4222, 4216, - 4218, 4224, 4229, 4225, 6063, 4232, 4233, 4235, 4242, 4226, - 4246, 4239, 4243, 4249, 4252, 4253, 4254, 4255, 4257, 4258, + 4086, 4087, 4092, 4094, 4088, 6519, 4096, 4098, 4097, 4105, + 4102, 6519, 4103, 6519, 4106, 4111, 4113, 4114, 4117, 6519, + 4119, 4118, 4123, 4126, 4128, 4127, 4130, 4134, 4131, 4137, + 4144, 4140, 4141, 4143, 4148, 4150, 6519, 4146, 4153, 4160, + 4161, 4151, 4156, 4169, 4168, 4170, 4164, 4171, 4175, 4177, + 4180, 4183, 4185, 4186, 4178, 6519, 4188, 4190, 4193, 4204, + 4199, 4195, 6519, 4201, 4205, 4206, 6519, 4202, 4209, 4212, + 4217, 4218, 4219, 4222, 4220, 4224, 6519, 4223, 4228, 4225, + 4226, 4227, 4233, 6519, 6519, 4241, 6519, 4243, 4230, 4244, + 4246, 4248, 4252, 4251, 4254, 4256, 4257, 4258, 4265, 4266, - 4259, 4268, 4275, 4272, 6063, 4260, 6063, 4261, 4277, 4285, - 4281, 4271, 6063, 4283, 4284, 4287, 4288, 4289, 6063, 4292, - 4294, 4296, 4295, 6063, 4302, 4301, 4297, 4308, 4313, 4314, - 6063, 4319, 4321, 4322, 4329, 4331, 4333, 4316, 4334, 4326, - 4328, 4336, 4339, 4343, 4344, 4341, 6063, 4345, 4347, 4352, - 4348, 4354, 4356, 4357, 4360, 4362, 6063, 4364, 4365, 4366, - 4367, 4368, 4370, 4373, 4377, 4374, 4379, 6063, 4382, 4383, - 4393, 4384, 4389, 6063, 6063, 4394, 4395, 4399, 4400, 4403, - 6063, 4401, 4412, 4407, 4410, 4411, 6063, 6063, 4414, 6063, - 4415, 6063, 4416, 4418, 6063, 6063, 4417, 4421, 4423, 4424, + 4267, 4275, 4277, 4278, 4280, 4282, 4268, 6519, 6519, 4285, + 4286, 4291, 4293, 4294, 4296, 4281, 4303, 4302, 4304, 4310, + 4306, 4319, 6519, 4314, 4315, 4316, 4317, 6519, 4298, 4321, + 4322, 4324, 4325, 4328, 4327, 4329, 4331, 4332, 4334, 4338, + 4340, 4347, 4341, 4344, 4348, 4350, 4351, 4353, 4357, 4359, + 6519, 4363, 4361, 4364, 4365, 4368, 4370, 4372, 4373, 4374, + 6519, 4376, 6519, 4377, 4382, 4378, 4379, 4387, 4394, 4397, + 4398, 4401, 4403, 4404, 4407, 4408, 4413, 4402, 4409, 4418, + 4414, 4421, 4425, 4427, 6519, 4428, 4429, 4430, 4431, 4435, + 4437, 4438, 4440, 4441, 4445, 4446, 4442, 4452, 4454, 4448, - 4432, 6063, 4436, 6063, 4443, 4438, 4425, 4427, 4440, 6063, - 4442, 4448, 4444, 4446, 4453, 6063, 4450, 4460, 4455, 4457, - 6063, 4463, 4464, 4465, 4468, 6063, 4469, 4475, 4466, 4476, - 4478, 4477, 4479, 4483, 4485, 4480, 4488, 4489, 4490, 4501, - 4503, 4505, 4507, 4496, 4498, 4510, 4511, 4513, 4517, 4518, - 4519, 4520, 4522, 4523, 4525, 4527, 3648, 4528, 4531, 4532, - 4533, 4541, 4534, 4535, 4548, 4543, 4537, 4545, 4549, 4550, - 4556, 4557, 4551, 4561, 4564, 6063, 4559, 4566, 4567, 4568, - 4569, 4573, 4575, 4582, 4585, 4586, 6063, 4591, 6063, 4593, - 4589, 4595, 4596, 6063, 4597, 4598, 4599, 4600, 4601, 4602, + 4455, 4456, 4458, 6519, 4460, 4467, 4463, 4469, 4471, 4472, + 4473, 4474, 4480, 4481, 4483, 4484, 6519, 4487, 4485, 4492, + 6519, 4488, 4493, 4494, 4495, 4497, 4501, 4505, 4503, 4506, + 6519, 4512, 4507, 4515, 4514, 4513, 4517, 4519, 4523, 4525, + 4530, 4526, 6519, 4536, 4533, 4537, 4539, 4540, 4541, 4547, + 4543, 6519, 4549, 4550, 4551, 4563, 4556, 4565, 4567, 4568, + 4558, 4561, 4575, 4570, 4571, 4576, 4581, 4582, 4592, 4593, + 4584, 6519, 4589, 6519, 4591, 4594, 4603, 4598, 4601, 4602, + 6519, 4604, 4605, 4611, 4608, 4616, 6519, 4614, 4612, 4615, + 4617, 6519, 4631, 4613, 4619, 4632, 4636, 4637, 6519, 4641, - 4603, 4604, 4608, 4609, 4611, 6063, 4614, 4618, 4619, 4630, - 6063, 4623, 4634, 4625, 4631, 4635, 4636, 4637, 4638, 4641, - 4639, 4645, 4647, 4654, 4650, 4652, 4653, 4659, 4660, 4661, - 4665, 4669, 4663, 4673, 4677, 6063, 4666, 6063, 4674, 4678, - 4679, 4682, 4684, 4686, 4688, 6063, 6063, 4690, 4692, 4694, - 4696, 4687, 4699, 4701, 4700, 4704, 6063, 4703, 4709, 4717, - 4714, 6063, 4719, 4720, 4721, 4723, 6063, 4724, 4726, 4725, - 4731, 4728, 4733, 4737, 4739, 4738, 4743, 4745, 6063, 6063, - 6063, 6063, 4749, 4746, 4752, 4753, 4756, 4758, 4761, 4760, - 4757, 6063, 4763, 6063, 6063, 4771, 4773, 4765, 4775, 4774, + 4642, 4643, 4633, 4652, 4647, 4650, 4651, 4653, 4655, 4657, + 4658, 4659, 4668, 4661, 4664, 6519, 4666, 4673, 4679, 4680, + 4663, 4674, 4681, 4682, 4688, 4684, 6519, 4689, 4690, 4691, + 4692, 4695, 4693, 4698, 4702, 4708, 4700, 4704, 4705, 4707, + 4709, 6519, 4715, 4716, 4717, 4725, 4720, 4729, 6519, 4726, + 6519, 4733, 4736, 4738, 4734, 4739, 6519, 6519, 4742, 4749, + 4744, 4751, 4745, 6519, 6519, 4753, 6519, 4748, 6519, 4755, + 4757, 6519, 6519, 4758, 4759, 4762, 4765, 4772, 6519, 4775, + 6519, 4782, 4777, 4764, 4761, 4779, 6519, 4768, 4786, 4781, + 4788, 4791, 6519, 4792, 4802, 4794, 4795, 6519, 4798, 4803, - 4764, 4777, 4781, 6063, 4784, 4785, 4787, 4788, 4794, 4796, - 4791, 4797, 4800, 4801, 4810, 4806, 4807, 4805, 4809, 4813, - 4816, 6063, 6063, 4817, 4822, 4823, 4833, 4824, 4831, 4834, - 4835, 4837, 4838, 4825, 4841, 4843, 4850, 4851, 4848, 4846, - 6063, 4852, 4856, 6063, 4854, 6063, 4855, 4862, 4861, 4863, - 4865, 4868, 4869, 4871, 6063, 6063, 4872, 4873, 4875, 4882, - 4878, 4883, 4884, 4886, 4887, 6063, 4888, 6063, 4889, 4896, - 4902, 4890, 4904, 4911, 4913, 4917, 4910, 4914, 6063, 4912, - 4895, 6063, 4926, 4922, 4923, 4924, 4928, 6063, 4929, 4931, - 4933, 4935, 6063, 4937, 4940, 4941, 6063, 4948, 6063, 4939, + 4799, 4804, 6519, 4807, 4814, 4811, 4805, 4815, 4820, 4817, + 4821, 4826, 4827, 4828, 4809, 4831, 4838, 4842, 4844, 4846, + 4847, 4830, 4849, 4850, 4852, 4855, 4856, 4857, 4858, 4861, + 4862, 4864, 4866, 4869, 4870, 4871, 4872, 4873, 4883, 4875, + 4876, 4886, 4889, 4879, 4887, 4890, 4891, 4892, 4897, 4899, + 4901, 4902, 4904, 6519, 4894, 4908, 4911, 4913, 4914, 4918, + 4920, 4922, 4927, 4931, 6519, 4935, 6519, 4937, 4924, 4929, + 4933, 4939, 6519, 4941, 4944, 4943, 4946, 4947, 4948, 4832, + 4949, 4945, 4953, 4950, 6519, 4958, 4959, 4955, 4967, 4975, + 6519, 4970, 4981, 4960, 4964, 4983, 4972, 4984, 4985, 4988, - 4945, 4942, 4957, 6063, 4952, 4960, 6063, 4963, 4965, 4955, - 4953, 6063, 4967, 6063, 4968, 4970, 4973, 4976, 4971, 4978, - 4979, 4980, 4981, 4989, 4991, 4993, 6063, 6063, 5000, 4982, - 4984, 4987, 4996, 5009, 5001, 5006, 5012, 6063, 6063, 5008, - 6063, 5014, 5015, 6063, 5016, 5017, 5019, 5023, 5021, 5024, - 5029, 5031, 5032, 5042, 5033, 5035, 5040, 5056, 5038, 5052, - 5058, 5060, 5062, 5064, 5066, 5067, 5049, 5068, 5025, 5070, - 5071, 6063, 5074, 5075, 5077, 6063, 5080, 5076, 5085, 5081, - 6063, 5088, 5089, 5092, 5093, 6063, 5096, 5100, 5103, 5097, - 5104, 5105, 5109, 5118, 5108, 5110, 5111, 6063, 6063, 6063, + 4986, 4992, 4994, 4989, 4995, 5000, 4997, 4999, 5007, 5008, + 5010, 5011, 5014, 5012, 5015, 5016, 5018, 5019, 5032, 5020, + 5034, 6519, 5024, 6519, 5029, 5027, 5037, 5039, 5040, 5041, + 5044, 6519, 6519, 5042, 5047, 5052, 5053, 5048, 5055, 5056, + 5057, 5060, 6519, 5058, 5065, 5071, 5074, 6519, 5075, 5076, + 5077, 5079, 6519, 5080, 5082, 5081, 5084, 5086, 5089, 5093, + 5094, 5095, 5100, 5102, 6519, 6519, 6519, 6519, 5106, 5099, + 5109, 5104, 5110, 5113, 5115, 5119, 5114, 6519, 5126, 6519, + 6519, 5127, 5128, 5116, 5131, 5134, 5120, 5135, 5137, 6519, + 5138, 5141, 5143, 5140, 5150, 5152, 5157, 5147, 5158, 5159, - 5120, 5127, 6063, 5129, 5122, 5113, 5130, 6063, 5131, 5132, - 6063, 6063, 5133, 5134, 5135, 5145, 6063, 5137, 6063, 5141, - 6063, 5142, 5146, 5152, 5150, 6063, 5156, 5163, 6063, 5166, - 5169, 5171, 5172, 5154, 5157, 5173, 6063, 5183, 5175, 5179, - 5186, 5182, 5187, 5188, 5189, 5196, 5191, 5195, 6063, 5197, - 5198, 5199, 5205, 5192, 5202, 5209, 6063, 5213, 6063, 5210, - 5214, 5215, 5221, 5218, 5220, 5224, 5226, 5222, 5236, 5225, - 6063, 5238, 5241, 6063, 5228, 6063, 5243, 6063, 5245, 5246, - 5247, 5250, 6063, 5252, 5233, 5256, 5260, 5257, 5258, 6063, - 5266, 5259, 5264, 5269, 6063, 6063, 5270, 5278, 5271, 5274, + 5160, 5167, 5164, 5165, 5168, 5170, 5172, 5174, 6519, 6519, + 5176, 5180, 5181, 5188, 5185, 5186, 5192, 5199, 5194, 5195, + 5196, 5197, 5201, 5202, 5210, 5213, 5203, 5214, 6519, 5211, + 5215, 5216, 6519, 5217, 6519, 5222, 5225, 5221, 5224, 5231, + 5232, 5233, 5235, 6519, 6519, 5228, 5242, 5243, 6519, 6519, + 5238, 5245, 5247, 5251, 5248, 5252, 5253, 5254, 5259, 5256, + 6519, 5261, 6519, 5260, 5263, 5273, 5264, 5274, 5283, 5284, + 5282, 5279, 5285, 6519, 5286, 5288, 6519, 5297, 5293, 5294, + 5292, 5299, 6519, 5302, 5300, 5305, 5308, 6519, 5310, 5311, + 5312, 6519, 5320, 6519, 5313, 5316, 5322, 5329, 6519, 5324, - 5282, 5285, 5275, 5287, 5288, 5289, 5291, 5300, 5293, 5292, - 5297, 5302, 5305, 5309, 6063, 6063, 6063, 5303, 5307, 5319, - 5321, 5322, 5324, 5314, 6063, 5323, 5326, 5316, 5336, 5329, - 5334, 6063, 5337, 5338, 5339, 5340, 5342, 5343, 5345, 6063, - 5351, 5358, 5355, 5352, 5363, 5370, 5372, 5374, 5375, 6063, - 5377, 6063, 6063, 5348, 6063, 5359, 5361, 5365, 5378, 6063, - 5385, 5382, 5386, 5388, 5389, 5390, 5392, 5394, 6063, 5401, - 5396, 5398, 5406, 6063, 6063, 5404, 6063, 5413, 5410, 5400, - 5424, 5407, 5420, 5422, 5425, 6063, 5423, 5426, 5427, 5429, - 5431, 6063, 5434, 5433, 5435, 5436, 5439, 5438, 5444, 5445, + 5325, 6519, 5331, 5336, 5337, 5332, 6519, 5338, 6519, 5327, + 5342, 5348, 5351, 5339, 5353, 5346, 5343, 5355, 5363, 5365, + 5358, 6519, 6519, 135, 5372, 5360, 5367, 5368, 5370, 5379, + 5374, 5377, 5385, 6519, 6519, 5375, 6519, 5378, 5389, 6519, + 5382, 5390, 5394, 5391, 5396, 5397, 5398, 5400, 5403, 5405, + 5410, 5406, 5404, 5416, 5428, 5431, 5417, 5412, 5432, 5434, + 5437, 5439, 5426, 5441, 5429, 5443, 5445, 5444, 5447, 5448, + 5451, 5453, 6519, 5455, 5459, 5461, 5456, 6519, 5466, 5460, + 5476, 5472, 6519, 5479, 5480, 5481, 5482, 6519, 5468, 5484, + 5488, 5485, 5487, 5493, 5495, 5502, 5498, 5499, 5503, 6519, - 5448, 6063, 5458, 5440, 5465, 5464, 6063, 5447, 5468, 6063, - 6063, 5450, 5471, 5472, 6063, 6063, 6063, 5474, 6063, 5478, - 5482, 5486, 5490, 5485, 6063, 5491, 5492, 5494, 5495, 5497, - 6063, 6063, 5498, 5499, 5500, 5503, 6063, 6063, 5504, 5507, - 5506, 5508, 5509, 6063, 5512, 5516, 5520, 5523, 5527, 5528, - 5531, 5532, 5539, 5540, 5535, 5537, 5542, 5545, 5546, 5547, - 5549, 5559, 5555, 5557, 5565, 5562, 6063, 6063, 5569, 6063, - 6063, 5571, 5573, 5575, 5577, 5579, 5581, 5583, 5585, 5586, - 6063, 5587, 5589, 5590, 5591, 5593, 6063, 5592, 5595, 5600, - 5597, 5602, 5604, 5601, 5607, 6063, 6063, 5608, 5617, 5598, + 6519, 6519, 5500, 5513, 6519, 5515, 5509, 5497, 5516, 6519, + 5517, 5518, 6519, 6519, 5519, 5520, 5521, 5531, 6519, 5524, + 6519, 5527, 6519, 5528, 5532, 5538, 5540, 6519, 5542, 5550, + 6519, 5546, 5553, 5556, 5557, 5543, 5558, 5559, 6519, 5567, + 5560, 5568, 5570, 5562, 5571, 5572, 5574, 5576, 5581, 5578, + 5585, 6519, 5582, 5587, 5590, 5588, 5591, 5596, 5597, 6519, + 5598, 6519, 5600, 6519, 5601, 5602, 5604, 5607, 5605, 5606, + 5462, 5617, 5619, 5623, 5609, 5613, 5629, 5624, 6519, 6519, + 5631, 5634, 6519, 5626, 6519, 5636, 6519, 5637, 5638, 5640, + 5641, 6519, 5645, 5642, 5648, 5655, 5650, 5651, 6519, 5658, - 5618, 5609, 6063, 5622, 5629, 5621, 5628, 5630, 5632, 5631, - 6063, 5634, 5636, 6063, 6063, 5637, 6063, 6063, 6063, 6063, - 6063, 6063, 6063, 6063, 6063, 5638, 5639, 6063, 5641, 5656, - 5658, 5660, 6063, 5644, 5653, 5554, 5646, 5651, 6063, 5648, - 5661, 5663, 5673, 5664, 5669, 5674, 5676, 5678, 5677, 5680, - 5682, 5681, 5686, 5683, 5685, 5688, 5689, 6063, 6063, 6063, - 5692, 5691, 5700, 5701, 5703, 5712, 5715, 5717, 5707, 5709, - 5718, 5719, 5720, 5722, 5723, 5733, 5728, 5731, 5730, 5732, - 6063, 5737, 5734, 5739, 5741, 6063, 5744, 6063, 5745, 6063, - 6063, 5751, 5753, 5748, 5746, 5761, 5766, 5757, 5762, 5764, + 5652, 5660, 5664, 6519, 6519, 5661, 5671, 5667, 5668, 5675, + 5677, 5669, 5683, 5680, 5678, 5684, 5692, 5688, 5685, 5693, + 5695, 5696, 5700, 6519, 6519, 6519, 5698, 5703, 5711, 5709, + 5712, 5720, 5706, 6519, 5716, 5718, 5722, 5719, 5731, 5726, + 5729, 6519, 5730, 5732, 5733, 5734, 5736, 5737, 5739, 5740, + 6519, 5746, 5752, 5748, 5754, 5757, 5760, 5764, 5766, 5761, + 5741, 5775, 5771, 6519, 5773, 6519, 6519, 5770, 6519, 5777, + 5778, 5779, 5780, 6519, 5783, 5784, 5785, 5788, 5786, 5787, + 5791, 5793, 6519, 5803, 5794, 5798, 5807, 6519, 6519, 5809, + 6519, 5816, 5813, 5805, 5826, 5811, 5821, 5825, 5822, 6519, - 5767, 5769, 5774, 6063, 5770, 5776, 6063, 5778, 5777, 6063, - 5779, 5780, 5782, 5784, 5787, 5786, 5788, 5789, 5803, 6063, - 6063, 5790, 5795, 5798, 5807, 5804, 5814, 5811, 5815, 5816, - 5818, 5819, 5828, 6063, 5825, 5826, 5830, 6063, 5832, 5827, - 5833, 5834, 5835, 5843, 5839, 5842, 6063, 5844, 6063, 5848, - 5850, 5851, 5841, 5849, 5852, 5863, 5861, 5857, 6063, 5867, - 5871, 5869, 5873, 5875, 5877, 5878, 5879, 5881, 5884, 5890, - 5887, 5894, 5895, 5891, 5899, 5896, 6063, 5906, 5897, 6063, - 5903, 5907, 5900, 5909, 5913, 6063, 5918, 5911, 5920, 5921, - 5924, 5925, 6063, 5927, 5934, 5929, 6063, 5935, 6063, 6063, + 5828, 5830, 5831, 5832, 5833, 6519, 5834, 5835, 5837, 5838, + 6519, 5841, 5840, 5843, 5845, 5846, 6519, 5847, 5849, 5868, + 5865, 6519, 5853, 5864, 5863, 6519, 6519, 5872, 5875, 5877, + 6519, 6519, 6519, 5879, 5880, 5882, 5884, 6519, 5887, 5891, + 5895, 5899, 5890, 6519, 5898, 5900, 5905, 5902, 5907, 6519, + 6519, 5906, 5908, 5910, 5912, 6519, 6519, 5913, 5916, 5914, + 5922, 5917, 6519, 5919, 5924, 5929, 5935, 5940, 5927, 5936, + 5943, 5950, 5951, 5946, 5947, 5948, 5953, 5954, 5956, 5961, + 5963, 5964, 5966, 5968, 5972, 5973, 6519, 6519, 5977, 6519, + 5980, 5974, 6519, 6519, 5982, 5985, 5989, 5991, 5993, 5995, - 5937, 5931, 5938, 5944, 5946, 6063, 6063, 6063, 5971, 5978, - 5985, 5992, 5999, 88, 6006, 6013, 6020, 6027, 6034, 6041, - 6048, 6055 + 5997, 5999, 5986, 6519, 6000, 6002, 6004, 6003, 6005, 6519, + 6007, 6011, 6006, 6014, 6008, 6016, 6018, 6023, 6519, 6519, + 6019, 6028, 6024, 6029, 6034, 6519, 6032, 6042, 6039, 6038, + 6040, 6044, 6041, 6519, 6045, 6046, 6519, 6519, 6054, 6048, + 6519, 6519, 6047, 6519, 6519, 6519, 6519, 6519, 6519, 6519, + 6519, 6056, 6064, 6519, 6065, 6069, 6071, 6075, 6519, 6049, + 6076, 6077, 6060, 6079, 6519, 6066, 6083, 6082, 6084, 6088, + 6090, 6092, 6095, 6097, 6096, 6098, 6101, 6099, 6106, 6102, + 6100, 6104, 6111, 6113, 6117, 6519, 6519, 6519, 6120, 6119, + 6125, 6126, 6128, 6129, 6132, 6137, 6138, 6140, 6141, 6142, + + 6143, 6145, 6146, 6155, 6150, 6151, 6153, 6166, 6152, 6168, + 6519, 6174, 6154, 6156, 6177, 6519, 6171, 6519, 6162, 6519, + 6519, 6179, 6181, 6183, 6184, 6193, 6194, 6185, 6189, 6190, + 6192, 6196, 6519, 6201, 6519, 6519, 6198, 6204, 6519, 6206, + 6207, 6519, 6205, 6208, 6210, 6214, 6215, 6212, 6216, 6217, + 6233, 6519, 6519, 6218, 6223, 6226, 6235, 6237, 6236, 6239, + 6243, 6244, 6246, 6247, 6256, 6519, 6253, 6254, 6258, 6519, + 6260, 6255, 6261, 6262, 6263, 6271, 6267, 6270, 6519, 6272, + 6519, 6276, 6278, 6279, 6269, 6277, 6280, 6291, 6289, 6285, + 6519, 6295, 6299, 6297, 6301, 6303, 6305, 6306, 6307, 6309, + + 6312, 6318, 6315, 6322, 6323, 6319, 6327, 6324, 6519, 6334, + 6325, 6519, 6331, 6335, 6328, 6337, 6341, 6519, 6346, 6339, + 6348, 6349, 6352, 6353, 6519, 6355, 6362, 6357, 6519, 6363, + 6519, 6519, 6365, 6359, 6366, 6372, 6374, 6519, 6519, 6519, + 6399, 6406, 6413, 6420, 6427, 6434, 6441, 88, 6448, 6455, + 6462, 6469, 6476, 6483, 6490, 6497, 6504, 6511 } ; -static const flex_int16_t yy_def[3123] = +static const flex_int16_t yy_def[3359] = { 0, - 3108, 1, 3109, 3109, 3110, 3110, 3111, 3111, 3112, 3112, - 3113, 3113, 3108, 3114, 3108, 3108, 3108, 3108, 3115, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3116, 3108, 3108, 3108, 3116, 3117, 3108, 3108, - 3108, 3117, 3118, 3108, 3108, 3108, 3108, 3118, 3119, 3108, - 3108, 3108, 3119, 3120, 3108, 3121, 3108, 3120, 3120, 3114, - 3114, 3108, 3122, 3115, 3122, 3115, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3340, 1, 3341, 3341, 3342, 3342, 3343, 3343, 3344, 3344, + 3345, 3345, 3346, 3346, 3347, 3347, 3340, 3348, 3340, 3340, + 3340, 3340, 3349, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3350, 3340, 3340, 3340, + 3350, 3351, 3340, 3340, 3340, 3351, 3352, 3340, 3340, 3340, + 3340, 3352, 3353, 3340, 3340, 3340, 3353, 3354, 3340, 3355, + 3340, 3354, 3354, 3356, 3340, 3340, 3340, 3340, 3356, 3357, + 3340, 3340, 3340, 3357, 3348, 3348, 3340, 3358, 3349, 3358, + 3349, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3116, 3116, 3117, 3117, 3118, 3118, 3108, 3119, 3119, - 3120, 3120, 3121, 3121, 3120, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3350, + 3350, 3351, 3351, 3352, 3352, 3340, 3353, 3353, 3354, 3354, + 3355, 3355, 3354, 3356, 3356, 3340, 3357, 3357, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3120, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3354, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3120, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3354, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3108, 3114, 3120, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3354, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3120, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3108, 3108, 3114, 3108, 3108, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3354, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3340, 3340, 3348, 3340, 3340, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3120, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3354, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3340, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3120, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3340, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3354, 3354, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3354, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3108, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, + 3354, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3340, 3354, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3108, 3114, 3108, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3340, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3354, 3348, 3340, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3340, 3348, 3340, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3340, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3108, 3108, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3108, - 3114, 3108, 3114, 3114, 3108, 3108, 3114, 3114, 3114, 3114, + 3354, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3108, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3354, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, - 3108, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3108, 3108, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3340, 3348, 3348, + 3348, 3348, 3348, 3340, 3340, 3348, 3340, 3348, 3340, 3348, + 3348, 3340, 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3108, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3108, 3114, 3108, 3114, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3354, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3108, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3108, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, - 3108, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3108, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3340, 3340, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3340, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3354, 3348, 3348, 3348, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3114, - 3108, 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, - 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3108, 3114, 3108, 3114, 3108, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3340, 3348, 3348, 3348, 3340, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3108, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3114, 3108, 3108, 3114, 3108, 3114, 3114, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3108, 3108, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3340, 3354, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3340, 3348, 3340, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, - 3114, 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3108, - 3108, 3114, 3114, 3114, 3108, 3108, 3108, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, - 3108, 3108, 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3108, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3114, 3114, 3114, + 3340, 3340, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3340, 3340, 3348, 3348, 3348, 3348, 3340, 3348, + 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3340, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3340, + 3348, 3348, 3340, 3348, 3340, 3348, 3340, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3108, 3108, 3114, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3108, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3108, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, 3108, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, + 3348, 3348, 3348, 3340, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3340, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3340, 3340, 3348, 3340, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3340, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, - 3114, 3114, 3114, 3108, 3114, 3114, 3108, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, - 3108, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3108, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, 3114, - 3114, 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3108, - 3114, 3114, 3114, 3114, 3114, 3108, 3114, 3114, 3114, 3114, - 3114, 3114, 3108, 3114, 3114, 3114, 3108, 3114, 3108, 3108, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, + 3348, 3340, 3348, 3348, 3348, 3340, 3340, 3348, 3348, 3348, + 3340, 3340, 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3340, + 3340, 3348, 3348, 3348, 3348, 3340, 3340, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3340, 3348, 3340, + 3348, 3348, 3340, 3340, 3348, 3348, 3348, 3348, 3348, 3348, - 3114, 3114, 3114, 3114, 3114, 3108, 3108, 0, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108 + 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3340, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3340, 3348, 3348, 3340, 3340, 3348, 3348, + 3340, 3340, 3348, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3340, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3340, 3348, 3340, 3348, 3340, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3340, 3348, 3340, 3340, 3348, 3348, 3340, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3340, 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3340, + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + 3340, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, + + 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3348, 3340, 3348, + 3348, 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3348, 3348, + 3348, 3348, 3348, 3348, 3340, 3348, 3348, 3348, 3340, 3348, + 3340, 3340, 3348, 3348, 3348, 3348, 3348, 3340, 3340, 0, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340 } ; -static const flex_int16_t yy_nxt[6104] = +static const flex_int16_t yy_nxt[6560] = { 0, - 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, - 14, 14, 18, 20, 21, 22, 23, 24, 25, 26, - 14, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 14, 14, 14, 42, - 44, 45, 46, 44, 45, 46, 49, 50, 49, 50, - 51, 47, 51, 70, 47, 70, 70, 52, 70, 52, - 54, 55, 56, 57, 70, 18, 54, 55, 56, 57, - 71, 18, 58, 60, 61, 62, 71, 82, 58, 60, - 61, 62, 72, 71, 63, 102, 73, 92, 70, 71, - 63, 15, 16, 17, 65, 66, 67, 75, 71, 75, + 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, + 18, 18, 22, 24, 25, 26, 27, 28, 29, 30, + 18, 31, 32, 33, 34, 35, 36, 37, 38, 39, + 40, 41, 42, 43, 44, 45, 18, 18, 18, 46, + 48, 49, 50, 48, 49, 50, 53, 54, 53, 54, + 55, 51, 55, 85, 51, 85, 85, 56, 85, 56, + 58, 59, 60, 61, 85, 22, 58, 59, 60, 61, + 86, 22, 62, 64, 65, 66, 86, 97, 62, 64, + 65, 66, 87, 86, 67, 119, 88, 108, 85, 86, + 67, 19, 20, 21, 69, 70, 71, 75, 76, 77, - 75, 71, 75, 68, 104, 158, 103, 93, 75, 76, - 142, 142, 69, 15, 16, 17, 65, 66, 67, 71, - 71, 83, 77, 78, 71, 68, 79, 71, 84, 87, - 71, 80, 85, 88, 69, 86, 89, 152, 90, 91, - 81, 71, 94, 71, 96, 164, 71, 71, 71, 105, - 98, 112, 97, 99, 71, 109, 95, 106, 71, 110, - 100, 119, 101, 107, 71, 120, 226, 108, 144, 121, - 152, 144, 71, 141, 71, 111, 71, 113, 71, 122, - 123, 114, 124, 125, 155, 115, 126, 71, 130, 71, - 131, 116, 71, 127, 117, 71, 134, 128, 129, 132, + 78, 86, 22, 72, 121, 86, 120, 109, 86, 79, + 160, 160, 73, 19, 20, 21, 69, 70, 71, 75, + 76, 77, 78, 187, 22, 72, 81, 82, 83, 130, + 90, 79, 90, 90, 73, 90, 86, 84, 81, 82, + 83, 90, 91, 86, 86, 98, 92, 93, 170, 84, + 94, 159, 99, 86, 110, 95, 100, 162, 86, 101, + 162, 170, 86, 112, 96, 86, 167, 167, 111, 86, + 102, 113, 137, 115, 103, 173, 116, 104, 86, 105, + 106, 179, 114, 117, 170, 118, 86, 122, 86, 126, + 107, 86, 156, 127, 86, 123, 157, 184, 86, 138, - 220, 118, 152, 71, 138, 133, 135, 159, 139, 160, - 136, 137, 140, 146, 71, 146, 146, 156, 146, 149, - 149, 75, 71, 75, 75, 151, 75, 151, 151, 70, - 151, 70, 70, 154, 70, 72, 166, 71, 71, 73, - 70, 75, 157, 75, 75, 71, 75, 71, 161, 71, - 162, 71, 75, 76, 71, 170, 171, 71, 165, 174, - 167, 71, 71, 163, 71, 71, 168, 71, 169, 71, - 71, 71, 71, 172, 183, 176, 173, 184, 175, 71, - 178, 179, 177, 192, 71, 181, 190, 186, 180, 182, - 187, 71, 71, 185, 71, 71, 193, 195, 71, 150, + 158, 124, 87, 139, 86, 125, 88, 128, 180, 129, + 86, 131, 86, 140, 141, 132, 142, 143, 86, 133, + 144, 86, 148, 86, 149, 134, 86, 145, 135, 86, + 152, 146, 147, 150, 86, 136, 177, 177, 183, 151, + 153, 181, 196, 189, 154, 155, 164, 86, 164, 164, + 90, 164, 90, 90, 169, 90, 169, 169, 174, 169, + 174, 174, 172, 174, 85, 86, 85, 85, 90, 85, + 90, 90, 289, 90, 86, 85, 86, 182, 86, 90, + 91, 185, 190, 188, 86, 86, 197, 86, 191, 86, + 192, 86, 86, 207, 186, 86, 86, 86, 86, 86, - 71, 196, 71, 188, 189, 71, 201, 202, 71, 71, - 71, 191, 200, 71, 198, 204, 194, 197, 203, 199, - 71, 71, 205, 71, 207, 209, 71, 71, 71, 214, - 206, 208, 211, 71, 71, 71, 212, 71, 71, 216, - 71, 210, 71, 228, 71, 71, 213, 222, 217, 219, - 71, 225, 227, 215, 218, 71, 221, 231, 223, 71, - 229, 233, 224, 230, 71, 71, 237, 71, 232, 71, - 71, 71, 71, 71, 234, 238, 241, 71, 244, 240, - 235, 236, 242, 245, 142, 142, 144, 239, 254, 144, - 243, 146, 152, 146, 146, 246, 146, 149, 149, 151, + 178, 199, 193, 194, 86, 198, 86, 195, 86, 200, + 86, 201, 245, 209, 205, 202, 203, 206, 208, 86, + 210, 215, 211, 204, 86, 212, 86, 86, 86, 217, + 86, 218, 86, 220, 86, 86, 226, 221, 213, 214, + 86, 227, 225, 223, 86, 86, 216, 229, 224, 86, + 86, 219, 86, 222, 230, 232, 233, 228, 86, 86, + 86, 86, 231, 235, 86, 237, 86, 240, 234, 238, + 86, 86, 86, 86, 242, 86, 236, 370, 86, 86, + 86, 239, 86, 243, 241, 248, 251, 252, 86, 244, + 253, 247, 86, 86, 86, 254, 249, 246, 260, 257, - 71, 151, 151, 75, 151, 75, 75, 71, 75, 71, - 248, 71, 247, 71, 71, 154, 71, 71, 250, 252, - 71, 255, 71, 261, 251, 249, 253, 258, 71, 71, - 262, 71, 257, 256, 71, 71, 265, 260, 266, 264, - 259, 267, 71, 71, 71, 71, 268, 71, 275, 270, - 71, 71, 71, 148, 271, 277, 263, 278, 71, 272, - 71, 276, 281, 269, 283, 273, 274, 71, 71, 71, - 279, 280, 284, 71, 71, 71, 71, 71, 71, 71, - 71, 290, 291, 285, 297, 71, 287, 71, 286, 288, - 71, 282, 348, 289, 71, 292, 299, 300, 293, 71, + 250, 261, 86, 86, 259, 263, 86, 86, 86, 86, + 258, 267, 255, 86, 264, 256, 86, 86, 262, 266, + 268, 270, 160, 160, 86, 162, 265, 269, 162, 273, + 164, 271, 164, 164, 337, 164, 167, 167, 169, 86, + 169, 169, 90, 169, 90, 90, 170, 90, 174, 272, + 174, 174, 274, 174, 172, 177, 177, 276, 86, 86, + 86, 86, 86, 86, 86, 86, 86, 275, 278, 86, + 281, 284, 280, 86, 277, 279, 86, 287, 286, 283, + 176, 290, 282, 86, 288, 285, 86, 291, 292, 86, + 293, 317, 86, 296, 86, 294, 86, 301, 297, 86, - 294, 71, 301, 71, 302, 298, 326, 304, 309, 306, - 71, 307, 295, 71, 296, 71, 303, 71, 310, 305, - 71, 312, 313, 71, 71, 311, 308, 71, 71, 315, - 314, 71, 71, 71, 71, 71, 71, 71, 317, 71, - 319, 71, 71, 71, 316, 321, 323, 71, 71, 328, - 71, 324, 322, 318, 329, 71, 71, 71, 320, 334, - 71, 330, 325, 327, 332, 71, 331, 337, 71, 71, - 71, 71, 333, 71, 339, 335, 336, 71, 342, 340, - 343, 344, 71, 71, 346, 71, 71, 71, 338, 341, - 71, 71, 349, 350, 71, 347, 351, 353, 71, 71, + 86, 86, 86, 298, 86, 86, 304, 305, 308, 299, + 300, 302, 295, 86, 86, 86, 306, 310, 86, 303, + 311, 86, 86, 86, 86, 307, 86, 318, 86, 86, + 86, 319, 86, 325, 312, 313, 315, 309, 314, 316, + 86, 320, 86, 329, 321, 328, 322, 330, 327, 326, + 332, 86, 86, 86, 724, 334, 86, 338, 323, 331, + 324, 86, 335, 86, 86, 340, 86, 342, 86, 339, + 341, 86, 333, 86, 86, 86, 344, 336, 86, 86, + 86, 343, 86, 86, 346, 86, 348, 86, 345, 86, + 86, 86, 86, 351, 353, 86, 349, 358, 86, 347, - 354, 345, 71, 71, 357, 71, 152, 71, 356, 71, - 71, 71, 147, 364, 71, 360, 362, 355, 358, 71, - 352, 365, 71, 71, 359, 71, 368, 71, 366, 361, - 367, 71, 71, 363, 71, 71, 71, 369, 71, 374, - 375, 376, 71, 378, 373, 370, 71, 71, 71, 372, - 377, 379, 371, 71, 71, 71, 381, 71, 382, 71, - 71, 71, 71, 385, 71, 380, 386, 388, 71, 383, - 387, 390, 393, 71, 384, 71, 392, 71, 389, 71, - 396, 391, 71, 71, 395, 397, 71, 71, 71, 394, - 71, 71, 71, 402, 71, 71, 71, 403, 71, 145, + 352, 354, 359, 86, 86, 350, 355, 86, 86, 360, + 357, 356, 362, 364, 86, 367, 361, 86, 86, 86, + 86, 86, 373, 369, 86, 86, 86, 86, 86, 363, + 374, 372, 365, 366, 376, 86, 86, 368, 377, 371, + 86, 378, 86, 379, 375, 380, 86, 381, 383, 86, + 86, 384, 170, 86, 86, 387, 86, 86, 386, 86, + 86, 86, 86, 394, 388, 390, 392, 395, 385, 86, + 86, 382, 86, 86, 398, 389, 86, 396, 86, 391, + 86, 397, 86, 393, 86, 399, 86, 404, 86, 405, + 409, 406, 400, 86, 403, 86, 86, 86, 402, 407, - 405, 71, 71, 401, 71, 399, 398, 71, 408, 400, - 71, 71, 413, 404, 410, 71, 412, 406, 71, 407, - 409, 71, 415, 71, 414, 71, 71, 71, 424, 428, - 71, 411, 71, 423, 422, 71, 443, 71, 425, 430, - 426, 416, 143, 429, 417, 71, 71, 431, 432, 418, - 419, 420, 421, 433, 71, 71, 427, 435, 434, 71, - 71, 71, 71, 436, 71, 71, 437, 71, 71, 445, - 438, 441, 444, 442, 71, 71, 446, 439, 440, 447, - 71, 71, 452, 71, 449, 71, 71, 448, 71, 71, - 453, 457, 454, 458, 469, 71, 451, 71, 71, 71, + 401, 86, 408, 86, 411, 86, 412, 86, 86, 86, + 86, 415, 86, 86, 410, 419, 416, 86, 175, 417, + 421, 86, 418, 413, 414, 86, 86, 422, 423, 86, + 86, 420, 86, 424, 86, 86, 426, 427, 428, 429, + 86, 86, 86, 86, 86, 86, 86, 435, 432, 86, + 425, 86, 436, 86, 86, 434, 86, 438, 86, 441, + 431, 437, 433, 86, 430, 86, 443, 446, 86, 86, + 439, 447, 440, 86, 442, 86, 86, 445, 86, 86, + 457, 448, 86, 444, 86, 455, 86, 86, 86, 458, + 461, 459, 499, 449, 170, 462, 450, 456, 469, 86, - 450, 455, 459, 456, 71, 71, 71, 470, 462, 460, - 463, 71, 464, 471, 465, 461, 472, 71, 71, 71, - 71, 71, 71, 473, 71, 474, 71, 466, 152, 152, - 467, 475, 468, 71, 71, 476, 489, 71, 71, 486, - 484, 487, 485, 477, 71, 478, 71, 479, 488, 504, - 71, 491, 490, 499, 71, 500, 501, 71, 71, 71, - 480, 502, 71, 481, 503, 482, 71, 483, 71, 505, - 492, 493, 506, 508, 71, 507, 71, 71, 71, 509, - 494, 586, 495, 496, 497, 71, 71, 498, 513, 71, - 71, 512, 71, 71, 71, 71, 511, 519, 514, 71, + 463, 451, 452, 453, 454, 466, 86, 460, 464, 465, + 467, 86, 86, 86, 86, 468, 86, 86, 86, 477, + 86, 86, 86, 479, 86, 475, 478, 476, 86, 472, + 470, 86, 480, 471, 473, 474, 86, 86, 86, 481, + 483, 482, 86, 487, 86, 168, 86, 86, 488, 86, + 489, 492, 86, 505, 493, 166, 484, 486, 485, 490, + 86, 86, 86, 86, 491, 86, 494, 495, 497, 86, + 498, 86, 500, 496, 86, 506, 507, 86, 86, 508, + 504, 86, 86, 86, 86, 501, 509, 86, 502, 546, + 503, 86, 510, 86, 520, 86, 511, 522, 519, 523, - 510, 515, 71, 522, 521, 518, 516, 71, 520, 517, - 71, 524, 526, 71, 71, 523, 71, 71, 71, 71, - 71, 525, 529, 530, 531, 71, 71, 71, 71, 536, - 528, 71, 538, 71, 535, 533, 532, 539, 527, 71, - 541, 534, 71, 71, 71, 71, 71, 537, 71, 71, - 542, 71, 540, 551, 547, 552, 71, 543, 550, 544, - 546, 71, 545, 554, 71, 548, 71, 549, 557, 71, - 553, 71, 556, 71, 558, 71, 71, 555, 559, 71, - 561, 563, 71, 71, 71, 71, 566, 567, 564, 562, - 71, 71, 71, 71, 568, 560, 71, 565, 71, 71, + 86, 524, 86, 525, 512, 86, 513, 527, 514, 537, + 535, 536, 521, 170, 538, 86, 86, 86, 86, 526, + 86, 515, 539, 86, 516, 556, 517, 86, 518, 86, + 86, 528, 529, 542, 540, 86, 541, 165, 86, 543, + 545, 530, 544, 531, 532, 533, 86, 547, 534, 548, + 549, 86, 86, 86, 86, 558, 86, 551, 553, 86, + 550, 86, 86, 559, 86, 86, 86, 563, 555, 557, + 86, 554, 86, 86, 86, 552, 561, 566, 86, 560, + 562, 567, 568, 86, 86, 86, 565, 86, 86, 573, + 564, 86, 572, 86, 569, 574, 575, 86, 86, 570, - 573, 571, 71, 572, 71, 71, 569, 71, 574, 71, - 71, 71, 579, 570, 575, 580, 71, 582, 71, 578, - 71, 71, 581, 577, 576, 583, 71, 585, 71, 587, - 71, 71, 71, 71, 71, 71, 71, 71, 589, 584, - 590, 592, 588, 71, 599, 594, 601, 71, 71, 598, - 71, 71, 71, 591, 593, 595, 600, 596, 71, 71, - 71, 71, 603, 597, 602, 71, 604, 609, 606, 605, - 71, 610, 71, 71, 607, 611, 608, 612, 71, 71, - 71, 71, 71, 71, 614, 615, 618, 71, 71, 71, - 71, 71, 619, 621, 620, 71, 71, 71, 71, 71, + 86, 571, 577, 86, 578, 86, 580, 581, 86, 584, + 594, 86, 582, 576, 86, 86, 86, 585, 603, 579, + 586, 86, 86, 595, 583, 86, 589, 596, 86, 597, + 599, 587, 86, 588, 590, 591, 86, 598, 592, 593, + 86, 86, 86, 86, 86, 602, 601, 604, 86, 606, + 608, 86, 86, 600, 86, 86, 611, 607, 612, 609, + 86, 86, 86, 605, 86, 610, 613, 86, 86, 86, + 618, 86, 616, 617, 86, 614, 86, 86, 619, 86, + 86, 86, 615, 620, 624, 86, 86, 627, 623, 625, + 86, 626, 86, 86, 621, 622, 86, 628, 86, 630, - 616, 613, 617, 635, 624, 622, 71, 150, 71, 623, - 71, 625, 634, 642, 672, 633, 626, 636, 627, 71, - 71, 645, 637, 638, 628, 71, 629, 71, 71, 630, - 631, 71, 646, 639, 71, 641, 632, 640, 71, 71, - 644, 643, 648, 71, 71, 651, 71, 71, 653, 71, - 647, 71, 71, 71, 71, 71, 71, 71, 71, 148, - 659, 649, 71, 650, 654, 655, 656, 660, 663, 71, - 71, 652, 662, 657, 658, 661, 152, 666, 664, 71, - 665, 71, 667, 71, 71, 71, 71, 71, 147, 673, - 71, 71, 71, 675, 668, 676, 677, 71, 670, 678, + 86, 629, 86, 632, 634, 86, 86, 86, 86, 635, + 86, 637, 631, 86, 633, 86, 645, 647, 86, 86, + 639, 723, 86, 86, 86, 86, 636, 638, 640, 86, + 641, 642, 644, 646, 648, 643, 86, 86, 86, 649, + 652, 86, 655, 86, 650, 658, 86, 651, 86, 657, + 86, 86, 653, 86, 86, 86, 654, 86, 661, 664, + 86, 86, 86, 656, 660, 665, 667, 86, 86, 659, + 86, 86, 86, 86, 86, 86, 662, 666, 663, 681, + 86, 86, 86, 668, 670, 163, 684, 669, 86, 671, + 679, 682, 720, 698, 672, 680, 673, 683, 86, 86, - 669, 671, 680, 674, 679, 71, 71, 71, 71, 71, - 682, 71, 71, 71, 71, 71, 686, 685, 681, 71, - 694, 71, 691, 683, 687, 71, 684, 692, 71, 71, - 690, 688, 693, 696, 689, 695, 71, 697, 71, 71, - 698, 71, 699, 71, 71, 71, 700, 701, 71, 71, - 702, 71, 707, 71, 705, 71, 71, 704, 706, 710, - 709, 71, 703, 71, 71, 71, 71, 711, 71, 713, - 715, 71, 71, 716, 708, 718, 71, 71, 71, 712, - 719, 71, 722, 71, 720, 717, 714, 71, 71, 71, - 71, 729, 725, 726, 145, 721, 723, 71, 71, 724, + 86, 86, 674, 86, 675, 685, 688, 676, 677, 686, + 692, 86, 691, 687, 678, 689, 86, 86, 690, 86, + 86, 693, 696, 86, 699, 86, 694, 86, 701, 86, + 86, 86, 86, 695, 86, 86, 86, 86, 86, 86, + 707, 86, 703, 697, 702, 708, 704, 711, 712, 170, + 700, 705, 710, 713, 714, 86, 706, 709, 86, 86, + 86, 86, 86, 86, 86, 727, 86, 715, 721, 726, + 86, 86, 86, 716, 725, 718, 722, 719, 717, 729, + 86, 86, 86, 86, 728, 86, 731, 86, 86, 86, + 735, 86, 730, 734, 740, 732, 86, 733, 736, 741, - 71, 71, 71, 727, 731, 728, 732, 730, 71, 71, - 71, 71, 735, 734, 71, 736, 737, 71, 71, 71, - 71, 739, 71, 741, 743, 71, 71, 749, 733, 738, - 740, 744, 71, 71, 71, 71, 746, 71, 751, 742, - 71, 747, 71, 750, 143, 745, 748, 752, 753, 71, - 71, 71, 754, 71, 71, 71, 755, 760, 756, 758, - 761, 759, 762, 71, 71, 71, 71, 757, 71, 763, - 764, 765, 71, 71, 71, 772, 766, 71, 71, 769, - 71, 71, 71, 773, 71, 767, 768, 774, 71, 775, - 71, 777, 781, 770, 771, 778, 71, 71, 71, 779, + 86, 743, 86, 744, 86, 737, 745, 739, 738, 742, + 746, 86, 86, 747, 86, 748, 86, 749, 86, 86, + 86, 86, 750, 86, 86, 754, 86, 753, 86, 86, + 752, 757, 86, 86, 756, 86, 762, 751, 755, 86, + 758, 86, 86, 761, 86, 763, 86, 766, 86, 86, + 767, 760, 759, 765, 86, 86, 86, 86, 773, 86, + 770, 768, 764, 86, 86, 86, 86, 86, 774, 86, + 781, 86, 771, 775, 776, 769, 86, 772, 86, 777, + 86, 783, 778, 779, 780, 782, 86, 86, 788, 789, + 786, 784, 785, 787, 86, 86, 86, 86, 790, 86, - 776, 71, 784, 71, 786, 71, 783, 785, 71, 782, - 71, 71, 788, 71, 780, 71, 71, 790, 71, 71, - 71, 796, 71, 71, 71, 71, 797, 71, 71, 791, - 787, 71, 789, 798, 792, 71, 793, 71, 794, 805, - 795, 801, 71, 799, 802, 71, 800, 803, 71, 71, - 71, 71, 804, 71, 71, 810, 806, 71, 71, 71, - 807, 71, 818, 71, 71, 71, 71, 819, 808, 809, - 812, 811, 71, 71, 71, 813, 814, 815, 816, 817, - 822, 71, 71, 820, 821, 71, 823, 71, 824, 71, - 71, 71, 827, 825, 828, 826, 830, 829, 71, 71, + 791, 86, 793, 86, 794, 86, 86, 86, 795, 86, + 86, 802, 86, 798, 800, 796, 86, 86, 86, 86, + 799, 86, 792, 797, 86, 803, 808, 810, 806, 86, + 801, 86, 86, 807, 805, 809, 804, 811, 812, 86, + 86, 86, 813, 86, 86, 86, 814, 819, 821, 815, + 817, 86, 86, 86, 86, 822, 820, 816, 86, 86, + 825, 86, 86, 818, 824, 826, 86, 86, 86, 86, + 832, 86, 829, 86, 827, 828, 86, 834, 835, 86, + 837, 86, 86, 823, 839, 86, 830, 831, 833, 838, + 841, 836, 86, 86, 86, 844, 86, 842, 843, 840, - 71, 71, 71, 831, 71, 832, 833, 152, 71, 834, - 71, 836, 838, 839, 71, 835, 837, 71, 840, 71, - 71, 71, 841, 846, 71, 71, 842, 71, 847, 849, - 71, 71, 852, 71, 843, 844, 848, 71, 71, 71, - 850, 845, 71, 854, 851, 71, 858, 71, 71, 855, - 71, 71, 71, 853, 71, 859, 71, 860, 71, 71, - 3108, 71, 71, 857, 71, 875, 861, 856, 872, 71, - 873, 870, 71, 876, 863, 871, 862, 71, 874, 71, - 877, 71, 864, 71, 71, 882, 865, 879, 71, 866, - 71, 71, 878, 890, 71, 71, 867, 868, 880, 869, + 845, 86, 86, 846, 86, 86, 848, 850, 86, 86, + 86, 86, 86, 849, 856, 86, 86, 847, 86, 857, + 86, 86, 86, 86, 86, 858, 851, 852, 853, 86, + 854, 865, 855, 859, 86, 86, 860, 86, 86, 864, + 861, 863, 862, 86, 86, 86, 86, 867, 866, 870, + 86, 86, 86, 86, 86, 879, 86, 868, 877, 86, + 872, 86, 869, 86, 871, 880, 86, 86, 873, 874, + 875, 876, 86, 878, 86, 882, 86, 881, 883, 885, + 884, 86, 86, 86, 86, 86, 86, 86, 886, 889, + 890, 891, 892, 86, 888, 887, 86, 86, 893, 86, - 71, 895, 71, 881, 71, 883, 884, 71, 885, 71, - 894, 886, 71, 892, 947, 891, 887, 71, 897, 896, - 71, 899, 888, 889, 898, 893, 71, 71, 71, 71, - 901, 900, 71, 902, 903, 71, 71, 71, 904, 71, - 71, 905, 71, 907, 71, 911, 71, 71, 71, 71, - 910, 906, 71, 914, 71, 71, 71, 908, 918, 909, - 919, 912, 913, 936, 71, 915, 916, 920, 71, 921, - 924, 917, 71, 925, 922, 71, 71, 923, 71, 71, - 927, 71, 71, 926, 928, 71, 71, 71, 929, 931, - 71, 932, 71, 930, 71, 933, 71, 71, 71, 71, + 897, 894, 86, 895, 170, 86, 896, 86, 898, 900, + 901, 86, 86, 86, 899, 902, 86, 86, 86, 903, + 86, 904, 908, 86, 86, 909, 911, 86, 905, 86, + 906, 86, 86, 910, 912, 915, 86, 914, 907, 86, + 913, 86, 86, 917, 921, 919, 86, 86, 918, 86, + 86, 86, 916, 86, 922, 86, 923, 86, 86, 86, + 920, 979, 86, 86, 86, 924, 86, 936, 937, 938, + 934, 86, 942, 926, 935, 939, 925, 86, 86, 927, + 940, 86, 928, 86, 943, 941, 929, 86, 86, 930, + 86, 86, 946, 86, 948, 86, 931, 932, 944, 933, - 71, 935, 940, 71, 943, 71, 71, 71, 71, 941, - 71, 71, 934, 942, 938, 937, 945, 946, 939, 71, - 949, 71, 71, 71, 948, 944, 950, 951, 71, 71, - 71, 956, 71, 958, 71, 952, 957, 71, 954, 71, - 71, 71, 71, 955, 71, 71, 71, 963, 965, 959, - 961, 966, 71, 953, 71, 964, 71, 71, 960, 968, - 71, 71, 71, 967, 962, 71, 969, 71, 71, 979, - 71, 974, 976, 71, 71, 71, 970, 971, 71, 71, - 71, 973, 972, 980, 71, 977, 984, 71, 975, 978, - 981, 71, 982, 983, 987, 71, 986, 71, 985, 71, + 86, 86, 86, 86, 86, 959, 945, 956, 961, 958, + 947, 86, 949, 950, 957, 951, 86, 86, 952, 960, + 86, 963, 964, 953, 962, 86, 86, 86, 967, 954, + 955, 968, 965, 970, 86, 971, 969, 86, 86, 86, + 974, 86, 972, 973, 86, 966, 975, 976, 86, 978, + 86, 86, 86, 977, 86, 86, 86, 86, 982, 86, + 986, 86, 86, 980, 985, 86, 86, 989, 86, 86, + 86, 981, 993, 991, 1052, 983, 984, 987, 86, 988, + 86, 995, 86, 996, 999, 994, 990, 86, 997, 86, + 86, 992, 998, 1000, 86, 86, 1002, 1003, 86, 86, - 71, 71, 71, 71, 996, 71, 989, 988, 991, 71, - 71, 998, 71, 71, 1000, 71, 71, 71, 1006, 990, - 71, 992, 994, 997, 993, 995, 71, 1001, 1004, 71, - 1002, 71, 999, 71, 1003, 1009, 1005, 71, 1008, 71, - 71, 71, 1010, 71, 71, 1013, 1015, 71, 71, 1011, - 1007, 71, 71, 1012, 1018, 152, 71, 1017, 71, 1021, - 71, 71, 1016, 1014, 1020, 71, 71, 71, 71, 71, - 1022, 1019, 1024, 71, 71, 1036, 71, 71, 1039, 71, - 1037, 1023, 1027, 71, 1025, 71, 71, 71, 71, 1028, - 1026, 1041, 1038, 1044, 1029, 71, 71, 1046, 1030, 1043, + 1001, 86, 86, 86, 1004, 1006, 86, 1007, 86, 1005, + 86, 1008, 86, 86, 86, 86, 86, 1010, 1015, 86, + 1011, 86, 1018, 86, 86, 86, 86, 86, 1009, 86, + 1016, 1013, 1012, 1017, 1019, 1014, 1021, 86, 1022, 86, + 86, 86, 1024, 1020, 1026, 86, 86, 86, 1025, 86, + 1023, 1027, 86, 86, 1034, 1032, 86, 86, 1030, 1028, + 1033, 86, 86, 86, 86, 1031, 1039, 86, 86, 1041, + 86, 1035, 1029, 1037, 1040, 1044, 1036, 1042, 86, 86, + 86, 86, 86, 86, 86, 86, 1038, 1055, 86, 1043, + 86, 86, 86, 86, 1050, 1088, 86, 86, 86, 86, - 1031, 1042, 1047, 71, 1032, 71, 1033, 71, 1040, 71, - 1045, 1034, 71, 1049, 71, 71, 1035, 1052, 71, 1048, - 1055, 71, 1051, 71, 71, 1050, 1054, 1053, 1060, 1061, - 1059, 1063, 1056, 71, 71, 71, 71, 1058, 1062, 71, - 1064, 71, 1057, 71, 71, 71, 71, 71, 71, 1079, - 1076, 71, 71, 71, 71, 1065, 1075, 1080, 71, 1078, - 1066, 1067, 71, 1068, 71, 1077, 1081, 1082, 1069, 1087, - 1070, 1085, 71, 1083, 71, 71, 1071, 71, 1086, 71, - 1088, 1072, 1073, 1084, 71, 1091, 71, 71, 1074, 1097, - 71, 71, 1092, 71, 71, 71, 71, 1090, 1089, 1094, + 1045, 1046, 1047, 1051, 1049, 1048, 1053, 1056, 1057, 1054, + 1058, 1059, 86, 1061, 86, 1063, 86, 86, 1060, 1062, + 86, 86, 86, 86, 86, 86, 1072, 86, 1073, 1065, + 1067, 86, 86, 1075, 86, 86, 86, 1064, 161, 86, + 86, 1066, 1078, 1068, 1070, 1074, 1069, 1071, 86, 1076, + 86, 1079, 86, 86, 1080, 86, 1077, 86, 1084, 1081, + 86, 1086, 1087, 86, 1082, 86, 86, 1091, 86, 1093, + 86, 86, 1083, 86, 86, 86, 1085, 1096, 1090, 1095, + 86, 1089, 1097, 170, 1099, 86, 1092, 86, 1100, 1094, + 1098, 86, 86, 86, 86, 86, 86, 1103, 86, 86, - 71, 71, 1095, 71, 71, 1093, 1100, 71, 71, 1098, - 1096, 71, 71, 71, 71, 1099, 71, 1107, 1102, 1109, - 1104, 1105, 1106, 1101, 71, 71, 71, 1103, 71, 71, - 71, 1108, 1110, 1122, 71, 71, 71, 71, 1111, 71, - 1117, 1118, 1119, 1114, 71, 71, 1112, 1113, 1115, 1116, - 71, 1121, 71, 1120, 1123, 71, 71, 1127, 71, 71, - 71, 1129, 1128, 71, 1130, 71, 71, 1124, 1125, 1131, - 71, 71, 1126, 1132, 71, 71, 1138, 1140, 1133, 71, - 71, 1134, 71, 71, 1136, 1142, 71, 71, 1135, 1137, - 1144, 71, 71, 71, 1141, 1139, 71, 1146, 1147, 71, + 86, 86, 1116, 1117, 1119, 86, 86, 1101, 86, 1106, + 86, 1102, 1104, 1107, 1121, 86, 1108, 86, 1105, 1109, + 86, 1118, 1124, 1110, 86, 1111, 86, 86, 86, 1112, + 1122, 1113, 86, 1120, 1141, 86, 1114, 1126, 1123, 86, + 1125, 1115, 1127, 86, 1128, 86, 1129, 86, 86, 1130, + 86, 86, 1133, 86, 1132, 1136, 86, 86, 86, 1146, + 1135, 1131, 1134, 1142, 86, 1137, 1140, 1143, 86, 1144, + 1139, 1145, 86, 86, 1138, 86, 1147, 86, 86, 86, + 86, 86, 86, 1159, 86, 1162, 86, 178, 86, 86, + 1148, 1163, 1158, 86, 86, 1160, 1149, 1150, 86, 1151, - 1143, 1149, 71, 71, 71, 71, 71, 1150, 71, 1152, - 71, 1155, 1145, 71, 1154, 1148, 1151, 71, 1156, 71, - 71, 1153, 1157, 1159, 1158, 71, 1160, 71, 1161, 71, - 71, 71, 1166, 1164, 1167, 71, 71, 71, 71, 1171, - 71, 1168, 1169, 71, 1165, 71, 1162, 71, 1170, 1163, - 1174, 71, 71, 1172, 1176, 71, 71, 1175, 71, 71, - 1177, 71, 71, 71, 1180, 1181, 71, 1173, 1178, 71, - 71, 1186, 1187, 71, 1182, 71, 1179, 71, 71, 71, - 1189, 1184, 1190, 71, 1183, 71, 71, 1194, 1188, 1185, - 71, 71, 71, 71, 71, 71, 1200, 71, 1191, 1192, + 1161, 1164, 86, 1165, 1152, 1169, 1153, 86, 86, 86, + 86, 86, 1154, 1166, 1170, 86, 86, 1155, 1156, 86, + 1171, 1167, 86, 1168, 1157, 1175, 86, 86, 1172, 86, + 1178, 1173, 86, 1176, 1174, 1179, 86, 86, 1183, 1177, + 1182, 1180, 1181, 86, 86, 86, 86, 86, 1184, 86, + 86, 1189, 86, 86, 86, 1186, 1187, 86, 1192, 1190, + 86, 86, 86, 86, 1185, 1188, 86, 86, 1199, 86, + 86, 1191, 1197, 1201, 1193, 1194, 1198, 86, 1196, 86, + 1195, 86, 86, 86, 1203, 86, 1200, 86, 86, 86, + 86, 86, 1209, 1202, 86, 1210, 1206, 1212, 86, 1211, - 71, 1196, 1193, 71, 1195, 71, 71, 71, 1206, 71, - 1204, 71, 1197, 3108, 1199, 1202, 1205, 1201, 1203, 1198, - 1208, 1209, 71, 71, 1211, 71, 71, 71, 1210, 71, - 1212, 1207, 71, 71, 71, 71, 71, 71, 1215, 71, - 1221, 71, 71, 1213, 1218, 71, 1214, 71, 71, 1216, - 71, 1219, 71, 71, 1217, 1227, 1222, 1232, 1220, 1225, - 71, 1231, 1224, 1223, 1228, 71, 1229, 71, 1226, 1230, - 1233, 71, 1234, 71, 71, 71, 1236, 71, 71, 71, - 71, 1235, 71, 1240, 1239, 1242, 71, 1245, 71, 71, - 71, 71, 71, 1237, 1246, 1238, 1247, 1243, 1241, 71, + 1215, 1204, 1205, 1207, 1208, 86, 1213, 1214, 86, 86, + 1219, 1217, 86, 86, 86, 1220, 86, 86, 1221, 86, + 86, 1222, 1223, 1216, 86, 1218, 1224, 86, 86, 1230, + 86, 1232, 86, 86, 1225, 86, 1226, 86, 1234, 86, + 1228, 86, 1227, 1229, 1236, 86, 86, 1233, 86, 86, + 1231, 1238, 86, 1235, 1239, 86, 86, 1241, 86, 86, + 1242, 86, 86, 1247, 1240, 1244, 1237, 1246, 1243, 86, + 1248, 86, 86, 86, 1245, 86, 1251, 86, 1252, 86, + 1250, 1249, 86, 86, 86, 1258, 1256, 86, 1259, 86, + 86, 86, 1260, 1253, 86, 1261, 86, 1257, 1254, 1263, - 71, 1244, 71, 71, 1249, 71, 1250, 1252, 71, 1251, - 1248, 71, 71, 71, 71, 71, 71, 71, 1253, 1257, - 1255, 71, 71, 1262, 1254, 1258, 1256, 71, 71, 71, - 71, 3108, 71, 1259, 1261, 71, 1260, 1263, 1266, 1267, - 1269, 1264, 1268, 71, 71, 71, 1273, 1265, 1271, 71, - 1270, 1274, 71, 71, 1275, 71, 1272, 71, 1278, 1287, - 71, 71, 1288, 1276, 3108, 71, 1277, 71, 1285, 1286, - 71, 1291, 1279, 71, 71, 1280, 1281, 71, 1289, 1290, - 1282, 71, 71, 71, 71, 1294, 1283, 1292, 1293, 71, - 1284, 71, 1296, 71, 71, 1295, 1297, 71, 1298, 71, + 86, 1262, 1255, 1266, 86, 86, 86, 1264, 86, 86, + 86, 1267, 1268, 86, 86, 86, 86, 1269, 1273, 1270, + 1265, 86, 1271, 86, 1274, 86, 86, 1275, 1276, 86, + 1280, 1281, 86, 1272, 86, 86, 86, 86, 1278, 1283, + 1284, 86, 86, 1277, 86, 86, 1288, 1282, 1279, 86, + 86, 86, 86, 86, 1285, 170, 1286, 1287, 1290, 1294, + 86, 86, 1289, 86, 86, 86, 86, 86, 1299, 86, + 1291, 86, 1293, 1307, 1300, 1295, 1297, 1292, 1296, 1298, + 1301, 86, 1303, 1304, 86, 1305, 1302, 86, 86, 86, + 86, 86, 1306, 86, 86, 1308, 86, 86, 1309, 1311, - 71, 1299, 71, 1301, 1303, 1306, 1307, 1300, 71, 71, - 71, 71, 71, 1308, 1304, 71, 71, 1302, 1310, 1309, - 1305, 1315, 71, 1311, 1316, 1312, 71, 1313, 71, 1314, - 71, 1317, 1318, 1319, 71, 71, 71, 1320, 1321, 71, - 1323, 1325, 71, 1322, 71, 1324, 1326, 71, 1327, 1329, - 71, 71, 71, 71, 71, 1335, 71, 1336, 71, 1331, - 71, 71, 71, 71, 1328, 1330, 1337, 1339, 1334, 71, - 71, 1332, 1333, 71, 1338, 71, 71, 1340, 1341, 71, - 1344, 1345, 71, 1347, 71, 71, 71, 1348, 1342, 1349, - 71, 1346, 71, 71, 71, 1350, 1353, 71, 1343, 1354, + 86, 86, 1317, 86, 1314, 1310, 86, 86, 1312, 86, + 86, 86, 176, 86, 86, 1313, 1315, 1321, 1323, 1316, + 1318, 1331, 86, 86, 1320, 1319, 1327, 1324, 1329, 1325, + 1322, 86, 1326, 86, 1328, 1330, 86, 86, 86, 86, + 1333, 86, 86, 86, 86, 1332, 86, 1337, 1336, 86, + 86, 1340, 86, 1344, 86, 86, 1339, 1334, 86, 1335, + 1345, 1342, 1338, 1341, 86, 86, 86, 86, 86, 1346, + 1348, 1343, 1349, 86, 86, 1350, 86, 86, 1347, 86, + 86, 86, 1351, 86, 86, 86, 1356, 86, 1352, 1354, + 86, 1355, 1357, 1353, 86, 86, 1361, 86, 86, 86, - 1355, 71, 1352, 71, 1356, 71, 71, 1360, 71, 71, - 1357, 1351, 71, 71, 71, 1358, 1362, 71, 71, 1364, - 1366, 71, 71, 71, 3108, 1368, 1365, 1359, 71, 1361, - 71, 71, 1363, 1370, 71, 1371, 1373, 71, 1369, 1367, - 71, 71, 1372, 71, 1375, 1374, 1376, 71, 71, 71, - 71, 1381, 1382, 1378, 71, 1377, 1379, 71, 71, 1383, - 1384, 1380, 71, 71, 1388, 71, 71, 71, 71, 1386, - 71, 1385, 1392, 1393, 1387, 71, 1395, 71, 71, 71, - 71, 1394, 71, 71, 71, 71, 71, 1389, 1390, 71, - 1402, 1396, 71, 1391, 71, 1399, 71, 1397, 1400, 71, + 1358, 86, 1360, 86, 1359, 1363, 1365, 1364, 86, 1362, + 1366, 1368, 86, 1373, 86, 86, 86, 1367, 86, 86, + 1369, 86, 86, 1371, 86, 86, 1376, 1379, 1370, 1374, + 1375, 86, 1372, 1381, 86, 1377, 1380, 1378, 1382, 86, + 86, 1386, 86, 86, 1383, 1384, 175, 1385, 86, 1387, + 86, 1397, 1395, 1388, 1396, 1394, 1389, 1390, 86, 86, + 86, 1391, 86, 1398, 1400, 86, 1403, 1392, 1399, 86, + 86, 1393, 86, 86, 1401, 86, 1405, 1402, 86, 86, + 86, 86, 1406, 1404, 1407, 86, 86, 86, 1415, 1410, + 1412, 1416, 86, 1408, 86, 86, 1409, 86, 86, 1418, - 1398, 1406, 71, 1401, 1407, 71, 1403, 1409, 71, 1411, - 71, 71, 1405, 71, 1412, 71, 71, 1404, 71, 71, - 1414, 1415, 1408, 71, 71, 1422, 71, 1410, 1413, 1420, - 1416, 71, 1421, 1417, 1418, 1424, 71, 1419, 71, 1427, - 1423, 71, 1425, 71, 1428, 71, 71, 1426, 71, 71, - 1429, 71, 71, 1432, 71, 71, 1434, 71, 71, 1439, - 71, 71, 71, 71, 1431, 1440, 71, 1433, 1436, 1430, - 1443, 71, 1435, 1437, 71, 1438, 71, 71, 1441, 71, - 1446, 1442, 1445, 1444, 71, 71, 71, 71, 71, 1447, - 1450, 1451, 1448, 1452, 71, 1455, 1454, 71, 1449, 71, + 1413, 1411, 86, 1417, 86, 1414, 1425, 86, 1426, 1424, + 86, 1419, 1427, 1428, 86, 86, 1420, 86, 1421, 86, + 1422, 1429, 1423, 1430, 86, 1434, 86, 86, 86, 1431, + 1435, 86, 86, 1433, 86, 1432, 1436, 1438, 86, 86, + 86, 1444, 1439, 1440, 86, 1445, 86, 86, 1437, 86, + 86, 86, 86, 86, 1443, 1448, 86, 1441, 1442, 1446, + 1447, 1450, 86, 1449, 1454, 86, 86, 1453, 86, 1456, + 86, 1451, 86, 86, 1457, 86, 1458, 86, 1462, 86, + 1459, 1452, 86, 1455, 86, 1460, 1461, 1464, 86, 86, + 1465, 86, 86, 1469, 86, 86, 1466, 86, 86, 86, - 71, 71, 1460, 1461, 1453, 1457, 1459, 71, 71, 71, - 71, 1462, 1456, 71, 1463, 1464, 71, 71, 71, 71, - 71, 1458, 1465, 71, 71, 1467, 1466, 71, 1471, 71, - 1470, 71, 71, 1468, 71, 1469, 1474, 1473, 71, 71, - 1482, 71, 1477, 71, 1472, 1479, 1475, 1478, 71, 71, - 1480, 71, 71, 1476, 1486, 71, 71, 71, 1481, 1490, - 1483, 1485, 1484, 71, 71, 71, 1493, 71, 1491, 71, - 71, 71, 71, 1496, 1487, 1489, 1488, 1495, 71, 71, - 71, 71, 71, 71, 71, 1504, 1494, 71, 1497, 1498, - 1492, 71, 71, 71, 1505, 1501, 3108, 1499, 1503, 1500, + 1471, 86, 1463, 86, 1473, 1467, 86, 86, 1475, 86, + 1474, 86, 1477, 1468, 86, 1470, 1479, 86, 1472, 86, + 86, 1476, 1478, 1484, 1481, 1482, 86, 86, 1480, 86, + 1486, 1483, 1485, 86, 86, 86, 86, 86, 1487, 1492, + 1493, 1489, 86, 1490, 86, 86, 86, 1494, 1495, 86, + 1491, 86, 1488, 1496, 86, 1499, 86, 86, 170, 86, + 86, 1504, 1498, 1505, 86, 1507, 86, 86, 1497, 86, + 1506, 86, 86, 1501, 86, 86, 86, 1500, 86, 1502, + 1508, 86, 1515, 1503, 86, 86, 1509, 1512, 86, 86, + 1513, 170, 1510, 86, 1511, 86, 1514, 86, 1519, 1520, - 1509, 71, 71, 1502, 71, 1508, 1506, 1510, 71, 1511, - 71, 1507, 71, 71, 1512, 1513, 71, 71, 1516, 71, - 71, 1514, 1517, 71, 71, 1520, 1515, 1524, 71, 71, - 1526, 71, 1521, 71, 1525, 1518, 71, 1519, 71, 71, - 1523, 71, 71, 1522, 1529, 1530, 1527, 71, 71, 1535, - 71, 1528, 1531, 1532, 71, 71, 1536, 71, 71, 1541, - 1533, 71, 1540, 1539, 71, 71, 71, 1534, 1537, 1543, - 71, 71, 1545, 71, 1544, 1538, 71, 71, 71, 71, - 1548, 71, 1546, 71, 1542, 71, 1551, 71, 1550, 71, - 71, 71, 1547, 71, 1555, 71, 1552, 71, 1549, 71, + 86, 86, 1522, 1524, 1516, 86, 1518, 86, 1525, 86, + 1517, 86, 1521, 1528, 1523, 86, 1527, 86, 86, 1526, + 86, 86, 86, 1533, 1536, 1529, 1534, 86, 1538, 1535, + 1530, 86, 1531, 86, 86, 1532, 86, 1539, 1541, 86, + 1543, 1537, 1540, 1542, 86, 86, 86, 86, 86, 86, + 1546, 1547, 86, 86, 1550, 86, 86, 1545, 86, 1555, + 86, 86, 1544, 86, 1556, 1548, 86, 1552, 1549, 1559, + 86, 86, 1551, 1553, 1554, 86, 86, 86, 1560, 1557, + 86, 86, 1558, 86, 86, 1562, 1566, 86, 86, 1561, + 1567, 1563, 1564, 1568, 86, 1571, 1570, 86, 86, 1565, - 1557, 71, 1561, 71, 1553, 1556, 1554, 71, 1558, 71, - 1559, 1562, 1564, 1566, 71, 71, 71, 71, 1560, 1567, - 71, 1563, 71, 1569, 1565, 71, 71, 71, 71, 1572, - 71, 1571, 1574, 1575, 71, 71, 1568, 71, 71, 1570, - 71, 1582, 71, 71, 1577, 1573, 1576, 1583, 71, 71, - 71, 1580, 1586, 71, 1578, 1579, 71, 71, 1587, 1589, - 1591, 1590, 71, 1581, 71, 1593, 71, 71, 1584, 1585, - 1588, 71, 1595, 71, 71, 71, 71, 71, 1594, 71, - 1597, 1598, 1592, 71, 1600, 71, 1596, 71, 1601, 71, - 71, 1602, 1605, 71, 1606, 71, 71, 1603, 71, 1599, + 86, 86, 1569, 86, 1575, 1576, 86, 1573, 1577, 1579, + 86, 86, 1572, 86, 86, 1578, 86, 86, 86, 1580, + 1574, 1584, 1581, 1583, 1585, 1586, 1591, 86, 86, 1587, + 86, 86, 86, 1588, 1589, 86, 86, 1582, 86, 86, + 1590, 86, 86, 86, 86, 1597, 86, 86, 86, 86, + 1596, 1593, 86, 1600, 86, 1594, 1592, 1595, 1603, 86, + 1599, 1601, 86, 1604, 86, 1605, 1598, 86, 1602, 86, + 1606, 86, 86, 1608, 1607, 86, 1611, 86, 1609, 1616, + 1612, 1610, 86, 86, 86, 86, 1619, 86, 1613, 1617, + 86, 86, 86, 1622, 86, 86, 1621, 1614, 86, 86, - 1604, 1609, 1607, 1612, 1610, 71, 71, 1844, 71, 71, - 1613, 1614, 71, 71, 71, 1608, 1611, 1619, 1617, 1620, - 1624, 1616, 71, 71, 71, 71, 71, 1615, 1621, 71, - 1622, 1618, 71, 1623, 71, 1626, 71, 71, 71, 1625, - 1631, 1630, 1627, 1632, 71, 71, 71, 1634, 71, 71, - 1633, 71, 71, 71, 71, 1628, 1636, 1629, 1637, 71, - 71, 71, 71, 1646, 71, 1638, 1639, 1635, 71, 71, - 71, 71, 1640, 71, 1641, 1642, 1643, 1645, 71, 71, - 1644, 1651, 71, 71, 1653, 71, 1654, 1649, 71, 71, - 1647, 1648, 71, 71, 71, 71, 71, 71, 71, 1650, + 1615, 86, 86, 86, 86, 1630, 1620, 86, 86, 1618, + 1623, 1631, 86, 1624, 1625, 1627, 86, 1626, 1629, 1635, + 86, 1636, 86, 1628, 86, 86, 1632, 86, 1634, 1637, + 86, 1633, 86, 86, 1638, 1642, 1640, 86, 1639, 1643, + 86, 86, 86, 86, 86, 1641, 1646, 1650, 86, 1651, + 1652, 86, 1644, 86, 86, 1645, 86, 1647, 1655, 1649, + 1648, 86, 86, 86, 86, 1656, 1653, 1654, 1657, 86, + 1661, 1662, 86, 86, 86, 86, 86, 86, 1666, 1667, + 1665, 1659, 1658, 86, 86, 86, 1669, 86, 86, 1660, + 86, 1663, 86, 1670, 86, 1664, 1671, 86, 86, 86, - 71, 71, 1656, 1652, 1655, 1659, 3108, 1661, 71, 1660, - 1662, 1658, 1665, 1663, 1664, 71, 1657, 1666, 1668, 71, - 1667, 1669, 71, 1670, 71, 71, 1672, 71, 1673, 1674, - 71, 1671, 71, 71, 71, 71, 71, 71, 1677, 1678, - 1675, 71, 71, 1686, 71, 71, 1681, 71, 71, 71, - 71, 1676, 1680, 1683, 1679, 71, 1684, 1685, 1687, 71, - 1682, 1692, 1688, 1689, 71, 1690, 1693, 71, 71, 1691, - 71, 1694, 71, 1695, 71, 1699, 1696, 71, 71, 71, - 71, 1703, 71, 71, 1702, 71, 71, 1701, 1698, 71, - 1707, 1705, 1697, 1700, 1706, 1704, 71, 1711, 71, 71, + 1672, 1674, 86, 1668, 1673, 86, 1677, 86, 1676, 1678, + 86, 86, 1675, 86, 1683, 1681, 86, 86, 86, 86, + 86, 86, 1689, 1679, 86, 1682, 1680, 1684, 86, 86, + 86, 86, 1686, 86, 1685, 1692, 1694, 86, 1690, 86, + 1688, 86, 1697, 1695, 1687, 86, 1691, 86, 1693, 1696, + 86, 1700, 86, 1698, 1703, 86, 1699, 1702, 170, 86, + 86, 86, 86, 86, 86, 1711, 86, 86, 168, 1701, + 86, 1712, 1715, 86, 1704, 1706, 1709, 1705, 86, 1707, + 1708, 86, 86, 1717, 86, 86, 1719, 1713, 1710, 86, + 1714, 1716, 1721, 1723, 1720, 86, 1725, 86, 86, 86, - 71, 1708, 1712, 71, 1714, 1716, 71, 1709, 71, 1717, - 1719, 71, 1713, 1720, 1710, 71, 71, 71, 71, 71, - 1722, 1715, 1721, 71, 1718, 1726, 71, 71, 1724, 1723, - 1725, 71, 71, 1730, 71, 1728, 71, 1732, 71, 71, - 1727, 1729, 1731, 71, 71, 71, 1734, 71, 71, 1740, - 71, 71, 1735, 1742, 1743, 1733, 71, 1736, 1737, 71, - 71, 1738, 1739, 71, 1744, 71, 71, 1749, 71, 71, - 71, 1741, 71, 71, 1753, 71, 1745, 71, 71, 1748, - 71, 1746, 1755, 3108, 1747, 1751, 71, 71, 1752, 71, - 1750, 1756, 1754, 71, 1757, 1761, 1759, 71, 1758, 71, + 86, 1718, 86, 86, 86, 1722, 86, 86, 1727, 1724, + 86, 1728, 86, 1730, 86, 1731, 86, 86, 1732, 1726, + 1735, 86, 1736, 86, 86, 1733, 1743, 1729, 1737, 86, + 86, 1734, 86, 1740, 1744, 1738, 1741, 86, 86, 86, + 1745, 86, 86, 166, 1739, 1750, 1748, 1747, 1742, 1751, + 86, 1752, 1753, 86, 86, 86, 1746, 86, 86, 1754, + 86, 1755, 86, 1756, 1749, 1757, 1759, 86, 86, 86, + 1764, 86, 1758, 1760, 86, 1765, 86, 1763, 86, 1767, + 86, 86, 86, 1766, 86, 86, 86, 1761, 86, 1762, + 86, 1769, 1770, 86, 86, 1771, 86, 86, 86, 86, - 1760, 1762, 71, 71, 1766, 71, 71, 71, 71, 71, - 71, 1764, 71, 1773, 1768, 71, 1763, 71, 3108, 71, - 1767, 1769, 1765, 71, 1770, 71, 1778, 1771, 71, 1774, - 1772, 1776, 71, 1775, 1777, 71, 1779, 71, 71, 1782, - 1784, 1781, 71, 1780, 1785, 71, 1783, 71, 71, 71, - 71, 1786, 71, 71, 71, 71, 71, 71, 71, 1791, - 71, 71, 1795, 71, 1792, 71, 1801, 71, 1793, 1787, - 1789, 1790, 1788, 1794, 1796, 71, 71, 71, 1802, 1804, - 1798, 1799, 1803, 71, 71, 71, 1806, 1797, 1800, 71, - 71, 1809, 71, 1807, 71, 1812, 1805, 1813, 71, 1814, + 1772, 86, 86, 1768, 1773, 1780, 86, 86, 1774, 1781, + 1775, 1776, 1777, 86, 86, 86, 1786, 1778, 1783, 1779, + 86, 1782, 86, 86, 86, 1784, 86, 1785, 1792, 86, + 86, 86, 86, 86, 86, 1787, 1788, 1794, 1790, 86, + 1796, 86, 86, 1789, 86, 1795, 1797, 1791, 1798, 86, + 1793, 86, 86, 1801, 86, 86, 86, 86, 1803, 86, + 1800, 86, 1810, 1804, 1802, 1799, 1805, 86, 1806, 1813, + 1807, 1811, 86, 1812, 86, 1808, 86, 86, 86, 1814, + 1815, 1809, 1816, 86, 86, 86, 1818, 86, 86, 1817, + 1819, 86, 1820, 86, 86, 86, 86, 1821, 86, 1828, - 71, 1816, 71, 71, 1808, 71, 1810, 71, 1811, 71, - 1815, 71, 1817, 1820, 71, 71, 1822, 71, 3108, 1821, - 1823, 1824, 71, 1826, 1818, 1825, 1819, 71, 71, 71, - 71, 1828, 1829, 71, 1827, 71, 1830, 1831, 71, 71, - 71, 1838, 71, 71, 1842, 71, 71, 71, 1840, 1846, - 1832, 1833, 1834, 1841, 71, 71, 71, 1835, 1843, 1836, - 1837, 1845, 1839, 71, 71, 1848, 1850, 71, 71, 71, - 1852, 71, 1847, 71, 71, 1855, 1856, 71, 71, 1858, - 71, 71, 71, 71, 71, 1849, 1864, 71, 71, 71, - 1863, 1853, 1860, 1861, 1851, 1854, 71, 71, 1857, 71, + 1822, 86, 1823, 1825, 1827, 86, 1826, 1824, 1829, 86, + 1833, 1830, 86, 1835, 1831, 86, 1832, 86, 1836, 86, + 1837, 86, 86, 86, 1841, 86, 86, 86, 1834, 1838, + 86, 1845, 1844, 86, 86, 1843, 86, 86, 86, 1849, + 1840, 1842, 86, 1853, 86, 1846, 1839, 1847, 1854, 86, + 1848, 1850, 86, 86, 1859, 1852, 1855, 1851, 1858, 1856, + 86, 86, 1861, 86, 1862, 86, 86, 1864, 86, 86, + 86, 1863, 1868, 86, 1857, 1865, 86, 86, 86, 1860, + 1870, 1872, 1867, 86, 86, 1866, 1871, 86, 86, 1869, + 86, 1873, 86, 86, 165, 86, 86, 86, 1876, 1882, - 71, 71, 1870, 1862, 1866, 71, 1859, 1867, 1868, 1865, - 71, 71, 1874, 71, 71, 71, 1873, 1878, 71, 1877, - 71, 1876, 1880, 1869, 71, 71, 1872, 71, 71, 1881, - 71, 1871, 1882, 1875, 71, 71, 71, 71, 71, 1879, - 1887, 71, 71, 1883, 1884, 71, 1890, 1891, 1886, 1892, - 71, 71, 71, 71, 1885, 71, 1888, 71, 71, 1900, - 71, 1895, 1893, 1899, 71, 1894, 71, 1889, 71, 71, - 71, 1897, 71, 1904, 1898, 71, 1905, 1896, 1907, 71, - 71, 1902, 71, 1901, 1906, 71, 1908, 1903, 1911, 71, - 71, 1909, 71, 1912, 71, 71, 1910, 1915, 1918, 1913, + 86, 1877, 86, 1874, 86, 86, 1878, 1875, 1879, 1884, + 1880, 1881, 1885, 1887, 86, 86, 86, 1886, 86, 1891, + 86, 1883, 1888, 1889, 86, 1893, 86, 86, 86, 1897, + 86, 86, 86, 86, 86, 1890, 86, 1892, 1899, 86, + 86, 1900, 1903, 1895, 1901, 1902, 1896, 86, 1894, 170, + 86, 86, 1898, 1907, 86, 86, 86, 1911, 86, 86, + 86, 1905, 86, 1909, 86, 1906, 86, 1913, 86, 86, + 1904, 1918, 86, 1912, 1908, 1910, 1914, 86, 1915, 86, + 163, 1916, 1922, 86, 1919, 1921, 86, 1920, 1917, 1923, + 1924, 86, 86, 86, 1927, 1928, 86, 1925, 86, 86, - 71, 71, 1921, 71, 71, 1920, 71, 1922, 71, 1914, - 71, 71, 1923, 71, 1916, 1917, 1919, 1928, 71, 1924, - 1929, 71, 1925, 1930, 1932, 1933, 71, 1926, 1931, 71, - 71, 71, 71, 1927, 71, 1937, 71, 1935, 71, 71, - 71, 71, 1939, 1942, 71, 71, 1936, 1944, 1938, 71, - 71, 1940, 1934, 71, 71, 71, 71, 1945, 71, 1949, - 1948, 71, 1946, 71, 1950, 1941, 1943, 1951, 71, 1952, - 71, 1954, 2396, 1947, 71, 71, 71, 71, 1953, 71, - 1955, 1956, 71, 71, 1958, 1957, 1960, 1959, 71, 71, - 1962, 71, 71, 71, 1966, 71, 71, 71, 1965, 71, + 86, 1930, 1926, 86, 86, 86, 1931, 86, 86, 86, + 1929, 86, 86, 86, 1936, 86, 1937, 86, 86, 86, + 1941, 1938, 86, 161, 1932, 1934, 1935, 1933, 1940, 1939, + 86, 1942, 86, 86, 1948, 1945, 86, 1947, 1944, 1949, + 86, 1950, 1946, 86, 1943, 86, 86, 86, 86, 86, + 1956, 86, 1959, 86, 1951, 1952, 1960, 86, 1961, 86, + 86, 1954, 1953, 1957, 86, 1958, 1955, 1963, 86, 86, + 1964, 1967, 86, 1962, 86, 86, 1969, 86, 1968, 86, + 1970, 1965, 86, 1971, 1973, 1966, 1976, 86, 86, 86, + 86, 1975, 86, 1972, 86, 1979, 86, 86, 86, 1978, - 1961, 71, 1968, 1963, 1964, 1967, 1969, 1970, 71, 71, - 71, 71, 71, 71, 71, 71, 1975, 1977, 1972, 1971, - 1976, 71, 71, 71, 71, 71, 1982, 71, 1973, 71, - 1974, 1978, 1980, 1979, 71, 1981, 1985, 1983, 71, 1986, - 1984, 1988, 71, 1987, 71, 71, 1992, 71, 71, 1990, - 71, 1993, 71, 71, 71, 1998, 71, 71, 1991, 71, - 2000, 71, 71, 1989, 2001, 2003, 1994, 1997, 1995, 1996, - 2002, 71, 71, 1999, 71, 71, 2006, 71, 71, 2004, - 71, 71, 71, 71, 71, 71, 2007, 71, 71, 71, - 2014, 71, 2009, 2010, 2005, 2011, 2018, 71, 71, 2008, + 86, 86, 1983, 86, 1974, 1982, 86, 86, 1984, 1985, + 86, 86, 1977, 1980, 86, 86, 1993, 86, 1981, 1986, + 1987, 1988, 86, 1995, 1991, 86, 1989, 86, 1996, 86, + 1990, 1992, 1998, 86, 1994, 1999, 86, 2002, 2000, 1997, + 86, 86, 86, 86, 2006, 86, 86, 86, 2008, 2003, + 86, 2001, 86, 86, 2011, 2012, 86, 86, 2014, 86, + 86, 2004, 86, 2005, 86, 86, 2020, 86, 86, 2019, + 2009, 2016, 2007, 2017, 2010, 86, 86, 2013, 86, 86, + 86, 86, 2026, 86, 86, 2015, 2018, 2023, 2024, 2021, + 86, 2022, 2030, 86, 86, 2029, 2033, 86, 86, 2034, - 2013, 2017, 71, 2015, 71, 2021, 2019, 2016, 2012, 2022, - 71, 2020, 71, 71, 2025, 2024, 71, 71, 2023, 71, - 71, 2027, 71, 71, 2028, 71, 71, 2033, 2029, 71, - 71, 2026, 2031, 71, 2032, 2035, 2037, 71, 2030, 71, - 71, 71, 2040, 2036, 2039, 2034, 2041, 71, 71, 71, - 71, 2045, 2042, 71, 71, 2046, 2038, 71, 2049, 71, - 71, 71, 71, 2050, 71, 2048, 2043, 2047, 2051, 2044, - 2054, 71, 71, 2055, 71, 2053, 2058, 2056, 2052, 71, - 71, 71, 71, 2060, 2059, 71, 2064, 71, 71, 71, - 2066, 71, 2067, 2062, 2057, 71, 71, 71, 2061, 71, + 2028, 2032, 86, 86, 2025, 2036, 2037, 86, 86, 2027, + 86, 86, 86, 2031, 86, 2038, 86, 2039, 86, 86, + 86, 2043, 2035, 86, 2046, 2047, 86, 86, 2042, 2048, + 86, 86, 2040, 2041, 2051, 86, 86, 2044, 86, 86, + 86, 2050, 2056, 86, 2055, 86, 2045, 2049, 86, 86, + 2052, 86, 86, 2060, 2063, 86, 2053, 2061, 86, 2057, + 2054, 2062, 2064, 2058, 2059, 86, 2067, 86, 86, 86, + 86, 86, 86, 86, 2074, 2071, 2065, 86, 86, 86, + 86, 2066, 2076, 2069, 2077, 86, 86, 2078, 86, 2068, + 2070, 86, 2072, 2073, 2075, 2079, 86, 2080, 2083, 2084, - 2065, 2063, 2069, 71, 2068, 2073, 71, 2075, 2071, 71, - 71, 2072, 2076, 71, 2070, 71, 71, 71, 2077, 71, - 2080, 71, 2078, 71, 2081, 2085, 71, 2074, 2079, 71, - 2082, 71, 2084, 71, 71, 71, 71, 71, 71, 71, - 71, 2083, 71, 2094, 2095, 2096, 71, 2086, 2090, 2087, - 2088, 2089, 2091, 71, 2092, 2093, 71, 71, 71, 2097, - 71, 71, 2099, 2105, 71, 71, 2107, 71, 71, 2100, - 2104, 71, 2098, 2101, 2106, 2102, 71, 71, 71, 3108, - 2109, 2116, 2110, 2112, 2111, 2103, 2114, 2108, 2113, 71, - 2115, 71, 71, 71, 2119, 71, 71, 71, 2120, 2117, + 86, 2085, 86, 2086, 2088, 2089, 86, 2081, 2087, 86, + 86, 86, 2082, 86, 86, 2093, 86, 86, 2091, 86, + 86, 86, 86, 2095, 2098, 2100, 2092, 86, 2094, 2096, + 86, 86, 2090, 170, 86, 86, 86, 86, 2101, 2102, + 2106, 2105, 86, 2107, 2099, 2097, 2103, 2108, 86, 2109, + 86, 86, 2111, 86, 2104, 86, 86, 86, 86, 2112, + 2113, 86, 2114, 86, 2117, 86, 2115, 86, 2116, 86, + 2119, 2110, 86, 86, 2123, 86, 86, 2118, 2122, 2120, + 86, 86, 86, 2127, 2121, 2124, 2125, 2126, 2128, 86, + 86, 86, 86, 86, 86, 2135, 2133, 86, 86, 86, - 71, 2124, 71, 71, 2125, 71, 71, 71, 2128, 2123, - 71, 71, 2121, 2118, 71, 2129, 2132, 2126, 71, 2130, - 2131, 71, 2133, 2122, 2127, 71, 71, 2135, 71, 2134, - 2136, 71, 71, 71, 71, 71, 71, 2138, 71, 71, - 2141, 71, 71, 2147, 71, 71, 2145, 71, 2140, 2148, - 71, 71, 71, 71, 2142, 2143, 2137, 2139, 2144, 71, - 71, 71, 2149, 2152, 2146, 2150, 2154, 71, 2157, 71, - 71, 2153, 2155, 71, 71, 71, 2151, 2162, 2158, 71, - 71, 71, 71, 2168, 71, 2156, 71, 71, 3108, 71, - 2169, 71, 2159, 2160, 2165, 71, 71, 2173, 2161, 2163, + 2130, 86, 2134, 86, 86, 86, 2140, 86, 2137, 86, + 2129, 2131, 86, 2132, 86, 86, 2136, 2141, 2139, 86, + 2145, 2138, 86, 2143, 2146, 2142, 86, 86, 86, 2144, + 86, 2149, 86, 2148, 2147, 2151, 86, 86, 86, 2157, + 2150, 2152, 86, 86, 2153, 86, 2154, 2155, 86, 2159, + 86, 2156, 2160, 2161, 86, 86, 2163, 86, 86, 2158, + 86, 2164, 2167, 2162, 2166, 86, 2165, 86, 86, 86, + 86, 86, 2168, 86, 2171, 86, 86, 86, 2172, 86, + 86, 86, 86, 86, 86, 86, 86, 2174, 2175, 2169, + 2170, 2180, 2173, 2177, 2176, 2179, 2184, 2185, 86, 86, - 2164, 2167, 2166, 2171, 2170, 2174, 71, 71, 2172, 2175, - 71, 71, 71, 2178, 71, 2181, 71, 71, 71, 71, - 71, 71, 2176, 2179, 2177, 2182, 2180, 71, 2187, 71, - 71, 2186, 2183, 2188, 71, 2190, 71, 2184, 2185, 71, - 2189, 2192, 71, 71, 71, 2195, 71, 71, 2191, 2194, - 2196, 71, 71, 71, 2193, 71, 2198, 2197, 2202, 71, - 2201, 71, 2204, 71, 71, 71, 2199, 71, 71, 2208, - 2207, 2206, 2200, 2210, 71, 71, 71, 71, 71, 2213, - 2203, 71, 2205, 71, 2209, 2216, 71, 71, 71, 71, - 71, 2212, 2220, 2214, 2211, 2221, 71, 71, 71, 71, + 86, 86, 2182, 2178, 2181, 86, 2183, 86, 2188, 86, + 86, 86, 2189, 2192, 2191, 86, 86, 2186, 86, 86, + 2187, 2190, 2195, 2194, 86, 2196, 86, 86, 2193, 2200, + 86, 86, 86, 2198, 2202, 2204, 86, 2197, 2199, 86, + 86, 86, 2207, 86, 86, 2203, 2206, 86, 2208, 2201, + 86, 2212, 2209, 86, 86, 2216, 86, 86, 2213, 86, + 2217, 86, 2210, 86, 86, 2205, 86, 2214, 2215, 86, + 2211, 2218, 2221, 86, 86, 2222, 2225, 86, 2219, 2223, + 2220, 86, 86, 86, 86, 2227, 2226, 2231, 86, 2224, + 86, 86, 2229, 86, 2233, 2228, 86, 2234, 86, 86, - 2215, 71, 2223, 2217, 2219, 2226, 71, 71, 71, 2222, - 2218, 71, 71, 2224, 2225, 2228, 71, 71, 2233, 71, - 71, 2227, 2235, 71, 71, 2229, 2236, 71, 2234, 71, - 2230, 71, 2240, 2232, 2231, 71, 2239, 71, 71, 71, - 2241, 2237, 71, 2238, 2243, 71, 71, 2245, 71, 2250, - 2247, 2248, 71, 2252, 2242, 71, 71, 2253, 2244, 71, - 2251, 2254, 71, 2249, 2246, 71, 71, 71, 71, 2257, - 71, 71, 71, 71, 71, 2263, 2258, 2259, 2256, 2260, - 2261, 71, 2264, 2267, 71, 71, 2262, 2255, 71, 2265, - 71, 2268, 2269, 2266, 71, 2270, 71, 71, 71, 2276, + 2230, 86, 2232, 86, 2236, 2240, 86, 2235, 86, 2237, + 2238, 2242, 86, 2239, 86, 86, 2243, 86, 86, 86, + 2245, 2244, 86, 2247, 2248, 86, 2246, 2241, 2249, 2252, + 86, 86, 86, 86, 2251, 86, 86, 86, 86, 86, + 86, 86, 2250, 86, 2261, 2262, 86, 2256, 2258, 2253, + 2254, 2255, 2257, 2259, 86, 2263, 86, 86, 2260, 86, + 2264, 86, 2266, 2272, 86, 86, 2267, 86, 2274, 86, + 86, 86, 2268, 2265, 2271, 2276, 2273, 2269, 86, 86, + 170, 86, 2280, 2277, 2282, 2283, 2270, 2281, 86, 2275, + 86, 86, 2278, 86, 86, 86, 2284, 2287, 86, 86, - 71, 71, 71, 2271, 2272, 71, 2273, 71, 71, 71, - 71, 2278, 2274, 2275, 71, 71, 2277, 2279, 2283, 2284, - 2282, 71, 3108, 2280, 2281, 2287, 71, 71, 2288, 71, - 2285, 2289, 71, 2286, 71, 71, 2292, 2290, 2293, 71, - 2291, 71, 71, 2295, 71, 2294, 71, 71, 2296, 71, - 2301, 2297, 71, 2300, 71, 2298, 71, 71, 71, 2303, - 71, 71, 2304, 2305, 2306, 71, 2307, 71, 2299, 71, - 71, 2302, 2311, 71, 2310, 71, 2308, 71, 71, 71, - 71, 71, 2313, 71, 2320, 2317, 71, 71, 2312, 2309, - 71, 2319, 71, 2321, 2316, 71, 71, 71, 2314, 2315, + 2288, 2286, 2279, 2285, 86, 2292, 86, 86, 2293, 86, + 2296, 86, 2295, 2291, 2289, 86, 86, 86, 2298, 86, + 2297, 2294, 2299, 86, 2300, 2290, 2301, 86, 86, 86, + 86, 2302, 86, 2304, 86, 86, 2306, 86, 86, 2307, + 86, 86, 86, 2310, 86, 86, 2316, 86, 2303, 2314, + 2305, 86, 2309, 86, 86, 2317, 2312, 86, 2308, 2311, + 86, 86, 2313, 86, 86, 2319, 86, 2315, 2318, 2324, + 86, 2327, 86, 2322, 86, 2321, 86, 86, 86, 2325, + 2320, 86, 2323, 86, 2328, 86, 86, 86, 2326, 86, + 86, 86, 86, 2329, 2341, 86, 2330, 2340, 2335, 2342, - 2325, 2324, 71, 2318, 2327, 2326, 71, 71, 71, 2329, - 2322, 2323, 71, 71, 71, 2330, 71, 2332, 2333, 2334, - 71, 2328, 2336, 71, 71, 71, 2338, 71, 71, 71, - 71, 71, 2335, 2337, 71, 2342, 71, 71, 71, 2331, - 71, 2344, 2345, 2340, 2346, 71, 2339, 2341, 2347, 71, - 2348, 71, 2349, 71, 2350, 71, 71, 71, 2352, 71, - 2343, 71, 2351, 71, 2354, 2357, 71, 2359, 71, 2355, - 71, 2356, 2358, 71, 2353, 2362, 71, 71, 71, 71, - 2363, 71, 71, 2366, 2368, 2361, 2360, 2367, 71, 71, - 71, 71, 71, 71, 2372, 2371, 71, 2364, 71, 2365, + 86, 2331, 2333, 2338, 2337, 2332, 2334, 86, 2336, 2339, + 86, 86, 2343, 2344, 86, 86, 86, 86, 2348, 2349, + 86, 86, 86, 2350, 2345, 2351, 86, 86, 2346, 2347, + 2352, 86, 2354, 2357, 86, 2353, 2355, 2358, 86, 2356, + 86, 86, 86, 86, 86, 2359, 2360, 2364, 86, 2365, + 86, 86, 2367, 86, 86, 86, 2363, 2369, 86, 86, + 2371, 86, 2361, 2362, 2372, 86, 2373, 86, 86, 86, + 2366, 86, 2368, 86, 2370, 2374, 86, 2375, 2378, 2379, + 86, 2381, 86, 2376, 86, 86, 86, 86, 2385, 2384, + 2377, 2383, 2387, 86, 86, 2380, 86, 86, 86, 2390, - 2370, 71, 71, 71, 3108, 2375, 2376, 2369, 2378, 71, - 2373, 71, 2374, 2379, 71, 2380, 71, 2381, 71, 2382, - 71, 2383, 2377, 71, 71, 2386, 71, 2387, 2385, 2384, - 71, 71, 71, 71, 2392, 71, 71, 2394, 71, 2395, - 71, 71, 2388, 2389, 71, 71, 71, 71, 71, 2391, - 71, 2398, 2390, 2397, 71, 2393, 71, 2399, 71, 2401, - 2404, 71, 71, 71, 71, 2405, 2400, 2402, 2403, 71, - 71, 2411, 71, 2412, 71, 2408, 2406, 71, 2407, 71, - 71, 71, 71, 2410, 2418, 3108, 71, 2409, 71, 2413, - 2415, 2420, 2414, 2421, 2422, 71, 2419, 2423, 71, 71, + 86, 86, 2382, 2386, 2393, 86, 86, 86, 86, 2398, + 86, 2389, 2397, 2388, 86, 2391, 86, 2392, 86, 86, + 86, 2394, 2396, 2400, 2403, 86, 86, 86, 86, 2395, + 86, 2401, 86, 2399, 2402, 2405, 86, 2410, 86, 86, + 2404, 2406, 2413, 86, 2407, 2412, 86, 2411, 2408, 86, + 86, 2417, 86, 86, 86, 2418, 86, 2414, 2409, 2415, + 86, 2416, 86, 86, 86, 2422, 2420, 2424, 2425, 86, + 2427, 86, 2429, 3340, 86, 2421, 86, 2419, 86, 2426, + 86, 86, 2423, 86, 86, 2430, 2431, 2433, 86, 86, + 2428, 2434, 2435, 2436, 86, 86, 2432, 86, 2437, 2440, - 2424, 2416, 71, 2417, 71, 2425, 71, 2426, 71, 71, - 71, 71, 71, 71, 71, 71, 71, 71, 2436, 2428, - 2427, 71, 71, 2434, 71, 2440, 2441, 71, 2429, 2431, - 2430, 71, 71, 2433, 2432, 2435, 71, 2437, 71, 2438, - 2439, 2443, 2444, 71, 71, 2445, 2446, 71, 71, 71, - 71, 71, 71, 2442, 71, 2449, 2447, 2455, 71, 2456, - 71, 2457, 2448, 71, 2450, 71, 71, 71, 2451, 2452, - 2453, 2454, 71, 71, 71, 2466, 71, 2461, 71, 71, - 2459, 2458, 71, 2464, 2465, 2460, 71, 71, 2467, 2468, - 71, 71, 71, 2462, 2463, 71, 2470, 71, 2469, 71, + 2441, 2442, 86, 2438, 86, 86, 86, 86, 2445, 2439, + 2446, 86, 2447, 2444, 170, 86, 86, 86, 86, 2449, + 2448, 86, 2443, 2454, 86, 86, 86, 86, 86, 86, + 86, 2462, 86, 2452, 2453, 2450, 2455, 2451, 2456, 2457, + 2470, 2458, 2460, 2459, 86, 86, 86, 2461, 2465, 86, + 86, 2466, 2463, 2467, 86, 86, 86, 2464, 2468, 2471, + 86, 2469, 2473, 86, 86, 86, 86, 2475, 86, 2472, + 86, 86, 86, 2479, 86, 2480, 86, 86, 2474, 86, + 2476, 86, 2482, 2483, 2477, 2487, 86, 86, 2481, 2484, + 2478, 2485, 86, 86, 86, 86, 2488, 86, 2486, 2490, - 71, 71, 2474, 71, 2472, 71, 2479, 71, 2478, 71, - 2471, 2482, 71, 71, 71, 2473, 71, 71, 2481, 2475, - 2476, 2485, 71, 2477, 2480, 2483, 2487, 71, 2484, 2488, - 71, 2486, 71, 71, 71, 2493, 71, 71, 71, 71, - 2489, 71, 2496, 2497, 71, 2499, 71, 2490, 2495, 2494, - 71, 71, 71, 2491, 2492, 2500, 71, 2504, 71, 71, - 2498, 2501, 71, 2505, 2507, 71, 71, 2502, 2503, 71, - 71, 71, 2512, 71, 71, 2514, 71, 71, 71, 2508, - 2510, 2506, 2509, 2511, 71, 2513, 71, 71, 71, 2515, - 71, 2516, 2517, 2518, 71, 2519, 2520, 71, 71, 2521, + 2491, 86, 86, 86, 86, 86, 86, 2493, 86, 2500, + 2492, 86, 2497, 86, 2489, 86, 2499, 86, 86, 2496, + 86, 86, 86, 2494, 2495, 2505, 2498, 2501, 86, 86, + 86, 2502, 2510, 86, 3340, 2509, 2503, 2504, 86, 86, + 2507, 2511, 86, 2506, 2512, 2508, 86, 86, 2513, 86, + 2515, 86, 86, 2518, 2516, 86, 2520, 86, 86, 2519, + 2514, 86, 86, 2522, 86, 2524, 86, 2523, 86, 2521, + 86, 86, 86, 2517, 86, 86, 2528, 86, 86, 2525, + 2530, 86, 2526, 2531, 2532, 86, 2527, 2533, 86, 2534, + 86, 2535, 86, 2536, 86, 86, 2537, 2538, 2529, 86, - 71, 71, 2522, 2524, 71, 2525, 2527, 71, 2528, 71, - 71, 2529, 2523, 71, 71, 2530, 2526, 2533, 71, 71, - 71, 2535, 71, 71, 2534, 2538, 71, 2537, 2539, 71, - 71, 2531, 2532, 2536, 2541, 71, 71, 71, 71, 2542, - 2543, 2547, 2545, 2540, 71, 2544, 71, 71, 71, 2546, - 71, 71, 2548, 2551, 71, 2549, 71, 2554, 2555, 71, - 2550, 71, 2552, 71, 71, 71, 2556, 71, 71, 71, - 2558, 2557, 2559, 2561, 71, 71, 71, 2553, 71, 2560, - 2562, 71, 71, 2567, 71, 71, 71, 2565, 71, 2564, - 2566, 71, 2563, 2568, 2572, 71, 71, 71, 2576, 71, + 2539, 86, 2540, 2543, 86, 86, 2541, 86, 86, 2545, + 2548, 86, 86, 2542, 2544, 86, 86, 86, 86, 2549, + 86, 2552, 86, 2547, 86, 2546, 2553, 86, 86, 2554, + 86, 2550, 2558, 86, 86, 2551, 2555, 2556, 2557, 86, + 86, 86, 2563, 86, 86, 86, 2562, 2624, 2559, 2564, + 2565, 86, 2561, 2560, 2566, 86, 2567, 86, 2568, 86, + 86, 2570, 86, 86, 2572, 86, 2573, 2571, 86, 86, + 86, 86, 2569, 2578, 86, 86, 2580, 86, 2581, 86, + 2574, 2575, 86, 86, 86, 86, 86, 2577, 86, 86, + 2576, 2584, 86, 2582, 2579, 2583, 86, 2585, 2590, 86, - 71, 71, 71, 71, 2569, 2574, 2570, 2571, 71, 71, - 2573, 2583, 2575, 2580, 2581, 71, 2578, 71, 2584, 2577, - 2585, 2590, 2579, 71, 71, 71, 71, 71, 2582, 2586, - 71, 2587, 2588, 2591, 2589, 71, 71, 71, 2592, 71, - 2593, 71, 71, 2596, 71, 2598, 71, 2599, 71, 2600, - 71, 2594, 71, 71, 71, 71, 2595, 2601, 71, 2602, - 2603, 71, 2597, 2605, 2607, 71, 71, 2606, 71, 2608, - 71, 2613, 2604, 71, 2610, 2611, 71, 2612, 71, 2614, - 71, 71, 2617, 71, 71, 2609, 71, 2618, 2619, 71, - 2621, 71, 71, 71, 71, 71, 2625, 71, 2615, 2620, + 86, 2587, 86, 86, 86, 86, 2586, 86, 2588, 2589, + 170, 2591, 86, 2598, 86, 86, 2594, 86, 2592, 2596, + 2593, 86, 2597, 2599, 86, 2602, 86, 86, 2595, 2605, + 2600, 86, 2601, 86, 2609, 86, 2607, 86, 2608, 2610, + 86, 2606, 86, 2603, 86, 2611, 86, 2604, 86, 2612, + 86, 2613, 86, 2615, 86, 2614, 86, 86, 86, 86, + 86, 86, 86, 86, 2628, 2616, 86, 2617, 86, 2622, + 2629, 86, 86, 86, 2618, 2619, 2626, 86, 2620, 2621, + 86, 2623, 2625, 86, 2627, 86, 2630, 2633, 86, 2632, + 2631, 2636, 2634, 2635, 86, 2637, 86, 86, 86, 86, - 71, 2616, 71, 2626, 71, 2622, 71, 2628, 2624, 71, - 2627, 2623, 2629, 71, 71, 2633, 2634, 2631, 2630, 71, - 2632, 71, 71, 2636, 2637, 71, 2638, 71, 71, 71, - 71, 2640, 71, 2642, 71, 2639, 71, 71, 71, 2635, - 3108, 2645, 71, 2649, 71, 71, 71, 2668, 71, 2643, - 2644, 71, 2646, 71, 2641, 71, 2648, 2647, 2651, 2650, - 2653, 2655, 71, 2656, 2659, 71, 2652, 2654, 2657, 71, - 2658, 71, 2660, 71, 2661, 71, 2662, 71, 2663, 71, - 71, 71, 2666, 71, 71, 2665, 2671, 71, 71, 71, - 71, 2672, 2674, 71, 71, 2664, 2675, 2676, 71, 2677, + 2639, 86, 86, 2638, 2644, 86, 2645, 86, 86, 2649, + 86, 2650, 86, 86, 2651, 2640, 2641, 2642, 2643, 2648, + 86, 86, 2646, 86, 86, 86, 2647, 86, 86, 86, + 2656, 86, 86, 86, 2660, 2662, 2659, 86, 2653, 2652, + 86, 2655, 86, 2654, 2661, 86, 2663, 86, 2657, 2658, + 86, 2665, 86, 86, 86, 86, 2664, 86, 2669, 2666, + 86, 86, 2667, 2673, 2674, 86, 86, 2677, 86, 86, + 86, 86, 2668, 86, 2670, 2672, 2671, 2680, 86, 2676, + 2678, 2675, 2682, 2683, 86, 2679, 2681, 86, 86, 86, + 86, 2688, 86, 86, 86, 86, 2692, 86, 2691, 86, - 2678, 71, 71, 2669, 2670, 71, 71, 2667, 2673, 71, - 71, 2679, 2683, 71, 2680, 2681, 71, 71, 71, 2685, - 2684, 71, 71, 71, 71, 2689, 71, 2682, 2693, 2687, - 2690, 71, 2692, 71, 2691, 71, 2686, 2688, 2694, 2695, - 71, 2696, 71, 71, 71, 71, 71, 71, 71, 2697, - 71, 2698, 2705, 2700, 71, 71, 2703, 2701, 71, 71, - 2708, 2699, 2706, 71, 2709, 71, 2710, 71, 2704, 71, - 71, 2702, 2711, 3108, 2712, 2707, 71, 2713, 2715, 71, - 2714, 2716, 71, 2717, 71, 71, 71, 2719, 71, 2720, - 2722, 2721, 71, 2723, 2718, 71, 71, 2724, 2725, 71, + 2684, 2694, 86, 2685, 2690, 2689, 86, 86, 86, 2686, + 2687, 2695, 86, 86, 2699, 86, 2696, 86, 2693, 86, + 2700, 2702, 86, 86, 2697, 2698, 86, 86, 86, 86, + 2703, 2707, 86, 86, 2701, 2705, 2704, 2706, 2709, 86, + 86, 86, 2708, 2712, 86, 2710, 2711, 86, 86, 2713, + 86, 86, 2715, 86, 86, 2714, 86, 2716, 2717, 2719, + 86, 2720, 2722, 86, 2723, 86, 2718, 2725, 2721, 2724, + 170, 86, 86, 86, 2729, 3340, 2726, 86, 86, 2731, + 86, 86, 2730, 86, 2734, 86, 2735, 86, 2733, 86, + 2727, 2728, 2737, 86, 86, 2739, 2732, 2738, 86, 86, - 71, 71, 71, 2730, 71, 71, 2728, 2732, 71, 71, - 71, 71, 71, 2726, 2733, 71, 2734, 2735, 71, 2736, - 2729, 2727, 71, 71, 2737, 2740, 71, 71, 71, 2731, - 2738, 71, 2743, 71, 71, 71, 2741, 71, 71, 71, - 2742, 71, 2739, 2744, 2748, 2747, 71, 2745, 2750, 71, - 2752, 71, 2746, 2753, 71, 2755, 71, 2751, 71, 71, - 71, 2749, 2754, 71, 2760, 71, 2761, 2763, 2759, 71, - 71, 71, 71, 71, 2756, 2757, 2758, 71, 2762, 71, - 2766, 2769, 71, 71, 71, 2771, 2767, 71, 71, 2772, - 2765, 71, 3108, 2764, 2774, 71, 2768, 2775, 71, 2777, + 2740, 86, 2736, 2741, 2742, 86, 2744, 86, 86, 86, + 86, 2745, 86, 2746, 86, 86, 86, 2751, 2747, 2743, + 2752, 2753, 2749, 86, 86, 2748, 86, 86, 86, 86, + 86, 2755, 2757, 2756, 86, 86, 2750, 86, 86, 2754, + 2759, 86, 2758, 2760, 86, 86, 86, 2765, 86, 2768, + 2762, 86, 2761, 2763, 2764, 86, 86, 2766, 86, 2767, + 86, 86, 2769, 2773, 86, 86, 86, 86, 2774, 86, + 2770, 2778, 86, 86, 86, 2776, 86, 86, 2771, 2772, + 2782, 2785, 2777, 3340, 2775, 2783, 86, 86, 2779, 2780, + 2786, 2787, 86, 2781, 2788, 86, 86, 86, 86, 86, - 71, 71, 71, 2770, 71, 71, 71, 2782, 2776, 2773, - 71, 2780, 2779, 71, 2786, 71, 71, 2784, 71, 2778, - 71, 2787, 71, 2788, 2781, 2783, 2791, 71, 2789, 71, - 2785, 2794, 71, 2792, 71, 71, 71, 71, 2793, 71, - 2790, 2796, 71, 2799, 2797, 2795, 2802, 71, 2798, 71, - 71, 71, 71, 71, 2807, 71, 71, 3108, 71, 2800, - 2801, 71, 2803, 2810, 71, 71, 2806, 2809, 71, 2804, - 2811, 71, 71, 2812, 71, 2808, 71, 2805, 71, 2813, - 2820, 2814, 2815, 71, 2816, 71, 2817, 71, 71, 2819, - 71, 71, 2824, 2818, 2821, 71, 2822, 2825, 71, 71, + 2789, 86, 2784, 2790, 2793, 86, 86, 86, 2791, 2794, + 86, 2795, 86, 86, 2792, 86, 2798, 2800, 86, 2796, + 2801, 86, 2802, 86, 86, 86, 86, 2797, 2803, 86, + 2804, 2799, 2805, 86, 2807, 86, 2809, 86, 86, 2812, + 86, 2810, 86, 2813, 86, 86, 2806, 2808, 2814, 86, + 86, 86, 86, 2815, 2819, 86, 86, 2811, 2816, 86, + 2818, 86, 2820, 2821, 86, 2823, 86, 2822, 86, 2817, + 2827, 86, 2824, 86, 2825, 2829, 86, 2828, 86, 2830, + 86, 86, 2826, 86, 2831, 86, 2836, 86, 86, 2835, + 86, 86, 86, 2840, 2838, 86, 2832, 2839, 86, 2841, - 2823, 71, 71, 71, 2831, 71, 2832, 71, 2833, 71, - 3108, 71, 2830, 71, 71, 2828, 2837, 71, 2827, 71, - 71, 2826, 2829, 71, 2836, 2838, 71, 2840, 2839, 2834, - 2835, 2841, 2842, 71, 2844, 71, 71, 71, 71, 71, - 71, 2843, 71, 2845, 71, 2848, 71, 71, 71, 71, - 2850, 71, 71, 71, 2849, 2851, 2846, 71, 71, 2847, - 71, 71, 2867, 71, 3108, 2852, 2860, 2856, 2853, 2854, - 2855, 71, 2863, 2862, 2857, 2858, 2861, 71, 71, 2859, - 2865, 71, 2864, 2868, 71, 71, 2870, 71, 3108, 2869, - 2871, 71, 2872, 2873, 2866, 71, 2874, 2875, 71, 71, + 2833, 2834, 86, 86, 86, 2842, 2844, 86, 2845, 86, + 86, 86, 2837, 86, 2848, 2852, 86, 86, 86, 86, + 2843, 2846, 2847, 86, 2864, 86, 2854, 2851, 2849, 86, + 86, 2850, 2853, 2856, 2855, 2859, 2857, 2858, 2861, 86, + 2860, 86, 86, 2862, 86, 86, 2865, 86, 2866, 2863, + 86, 2867, 86, 2868, 86, 2869, 86, 86, 86, 2870, + 86, 86, 2871, 2873, 86, 2875, 86, 2879, 86, 86, + 2876, 2880, 86, 86, 86, 86, 2874, 2881, 2883, 86, + 2884, 86, 2872, 2958, 2877, 86, 2878, 2882, 2885, 86, + 2886, 2887, 86, 86, 86, 86, 2892, 86, 86, 2891, - 2876, 2877, 2878, 71, 71, 71, 2881, 71, 71, 2879, - 71, 71, 71, 71, 2880, 2887, 71, 71, 2886, 71, - 71, 71, 71, 2890, 2883, 71, 2882, 2889, 3108, 71, - 2891, 2884, 2885, 71, 2895, 2896, 71, 2892, 2894, 2897, - 71, 71, 2888, 2893, 71, 71, 2902, 2904, 71, 2899, - 71, 2903, 71, 71, 2900, 71, 2898, 2901, 71, 71, - 71, 2911, 71, 2908, 2909, 2906, 2912, 71, 71, 2914, - 71, 2963, 71, 2905, 2913, 71, 2907, 2915, 71, 2910, - 2916, 2917, 71, 2918, 71, 2919, 71, 2920, 71, 2921, - 71, 2922, 71, 2923, 71, 2924, 71, 2925, 71, 71, + 86, 86, 2888, 2889, 2890, 2893, 86, 2894, 86, 2898, + 86, 86, 86, 86, 2899, 86, 86, 2896, 2903, 2895, + 2902, 2901, 86, 2897, 2900, 2904, 86, 2905, 86, 86, + 86, 86, 86, 86, 86, 2907, 2906, 86, 2914, 2909, + 86, 86, 2912, 2910, 86, 86, 2917, 2908, 3340, 2915, + 2918, 86, 2919, 86, 2913, 86, 86, 2911, 2924, 86, + 2921, 2916, 2920, 86, 2922, 2925, 86, 2923, 2926, 86, + 86, 86, 86, 86, 2931, 86, 2928, 2930, 2932, 2927, + 86, 86, 2934, 86, 86, 86, 2933, 86, 2940, 86, + 2929, 86, 2938, 2935, 86, 86, 2936, 2942, 86, 2943, - 71, 2928, 71, 71, 71, 71, 71, 2933, 71, 2927, - 71, 71, 2929, 71, 71, 71, 2930, 71, 2937, 2939, - 71, 71, 71, 2935, 2932, 2926, 2931, 2936, 2934, 2938, - 71, 71, 2943, 2941, 71, 71, 2946, 2942, 2945, 2940, - 2944, 71, 71, 71, 71, 71, 2948, 71, 2947, 71, - 71, 71, 71, 2952, 71, 2956, 2955, 71, 2953, 71, - 2951, 71, 2949, 2950, 71, 2954, 71, 2957, 2958, 71, - 2959, 71, 2960, 71, 71, 2962, 71, 71, 2965, 2964, - 2961, 2968, 71, 2971, 2966, 2967, 71, 71, 2969, 71, - 71, 71, 2970, 71, 71, 71, 71, 2981, 71, 71, + 86, 86, 2946, 86, 86, 2944, 2937, 2939, 2945, 86, + 86, 86, 2951, 86, 86, 86, 2941, 86, 86, 86, + 86, 2954, 86, 2947, 2948, 2949, 86, 2952, 2953, 2955, + 86, 2950, 86, 2960, 2956, 2959, 86, 86, 2957, 86, + 2962, 2964, 86, 2966, 86, 2961, 2967, 86, 2969, 86, + 86, 86, 2963, 86, 86, 86, 2965, 2974, 86, 2973, + 2968, 86, 2977, 86, 86, 86, 2970, 2971, 86, 2972, + 2976, 86, 2980, 86, 86, 2975, 2983, 86, 2985, 2981, + 86, 86, 86, 2979, 86, 2986, 2978, 2988, 86, 2989, + 86, 86, 2982, 86, 2984, 2991, 86, 86, 86, 2996, - 2972, 71, 71, 2978, 71, 71, 2975, 2983, 2973, 2974, - 2977, 2979, 2986, 71, 71, 2988, 71, 2980, 2976, 2984, - 71, 2982, 71, 2987, 2985, 71, 2989, 2990, 71, 2991, - 71, 71, 71, 71, 2994, 71, 71, 2995, 2996, 2992, - 2999, 71, 2993, 71, 71, 71, 71, 71, 3002, 3004, - 71, 2998, 71, 3007, 71, 3000, 3001, 71, 71, 71, - 2997, 71, 3005, 3010, 71, 3003, 71, 3011, 3014, 3012, - 71, 3006, 3008, 3015, 71, 71, 3009, 71, 3013, 71, - 71, 3020, 71, 71, 3016, 3019, 3021, 71, 3017, 71, - 71, 71, 71, 71, 3025, 71, 3018, 71, 3027, 71, + 2994, 86, 2990, 2987, 2993, 86, 86, 3000, 86, 86, + 2998, 86, 3001, 86, 3002, 2992, 86, 2995, 3005, 86, + 2997, 3006, 86, 3003, 86, 86, 2999, 3008, 3007, 86, + 3011, 86, 86, 86, 3010, 86, 3004, 3009, 3014, 86, + 3012, 3017, 86, 86, 86, 86, 86, 86, 3022, 86, + 86, 3013, 86, 86, 86, 3018, 3015, 3016, 3026, 86, + 3021, 86, 3025, 3019, 3027, 86, 3028, 86, 3024, 3023, + 86, 3020, 3031, 86, 86, 3030, 3032, 86, 3033, 86, + 3035, 3029, 3036, 86, 86, 3038, 86, 3034, 86, 3037, + 86, 86, 86, 86, 3043, 3044, 86, 86, 86, 86, - 71, 71, 71, 71, 3022, 3024, 3032, 3033, 71, 3023, - 3029, 71, 3026, 3030, 3028, 3034, 71, 71, 3031, 3038, - 71, 3040, 3039, 3035, 71, 3041, 3036, 71, 71, 71, - 3037, 71, 71, 3042, 3043, 3046, 3044, 3047, 71, 71, - 71, 71, 3049, 71, 3048, 71, 71, 71, 71, 3050, - 3055, 3045, 71, 3052, 71, 71, 71, 71, 3058, 3051, - 3059, 71, 71, 71, 71, 71, 3053, 3054, 3057, 3062, - 71, 3056, 3060, 3063, 71, 3061, 71, 3066, 3065, 3067, - 71, 3064, 71, 3068, 71, 3070, 71, 3072, 71, 3073, - 71, 71, 71, 3077, 71, 3074, 3108, 71, 3075, 3080, + 86, 86, 3039, 3050, 86, 3051, 86, 86, 3340, 3049, + 3052, 86, 3040, 3041, 3042, 3047, 86, 3046, 86, 3048, + 86, 3056, 86, 3045, 86, 3055, 86, 3053, 3057, 86, + 3054, 3058, 3059, 3060, 86, 86, 3061, 3063, 86, 86, + 3064, 86, 3062, 86, 86, 86, 86, 86, 86, 3067, + 86, 86, 3069, 86, 86, 3070, 86, 3068, 86, 86, + 86, 3065, 86, 3066, 3079, 3080, 86, 3071, 3340, 3075, + 3072, 3073, 3074, 3076, 3077, 3082, 86, 86, 86, 3078, + 3085, 86, 3081, 3083, 3087, 86, 3084, 3088, 86, 3086, + 86, 3090, 86, 86, 3089, 86, 3093, 86, 3091, 3094, - 71, 3071, 3078, 71, 71, 3079, 3069, 71, 71, 71, - 71, 3076, 71, 71, 3081, 3082, 71, 3084, 3086, 71, - 71, 3088, 71, 3083, 71, 3089, 71, 3092, 3085, 3087, - 3093, 71, 3090, 71, 71, 3096, 3097, 71, 71, 3099, - 71, 3091, 71, 3094, 71, 3098, 3100, 71, 71, 3101, - 71, 71, 3095, 3102, 3108, 3103, 3106, 71, 3107, 71, - 3108, 3108, 3108, 3104, 3108, 3108, 3108, 3108, 3108, 3108, - 3105, 43, 43, 43, 43, 43, 43, 43, 48, 48, - 48, 48, 48, 48, 48, 53, 53, 53, 53, 53, - 53, 53, 59, 59, 59, 59, 59, 59, 59, 64, + 86, 3095, 3096, 86, 86, 3097, 3098, 3101, 86, 3099, + 3100, 86, 86, 86, 3092, 86, 3102, 3104, 86, 86, + 86, 86, 3103, 86, 3110, 86, 86, 86, 3109, 86, + 86, 3113, 86, 3105, 3106, 86, 3112, 86, 3340, 3107, + 86, 3108, 86, 3118, 3114, 3115, 3117, 3119, 86, 86, + 3116, 3111, 3120, 86, 3122, 3121, 86, 3125, 3127, 86, + 86, 86, 3126, 86, 86, 3123, 86, 86, 3124, 86, + 3135, 3131, 3132, 3134, 86, 3129, 86, 86, 3137, 86, + 3138, 86, 3130, 3136, 3128, 86, 86, 86, 3133, 3141, + 86, 3140, 3142, 86, 3144, 86, 3143, 3145, 86, 86, - 64, 64, 64, 64, 64, 64, 74, 74, 3108, 74, - 74, 74, 74, 142, 142, 3108, 3108, 3108, 142, 142, - 144, 144, 3108, 3108, 144, 3108, 144, 146, 3108, 3108, - 3108, 3108, 3108, 146, 149, 149, 3108, 3108, 3108, 149, - 149, 151, 3108, 3108, 3108, 3108, 3108, 151, 153, 153, - 3108, 153, 153, 153, 153, 75, 75, 3108, 75, 75, - 75, 75, 13, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, + 3139, 3146, 86, 3147, 86, 3148, 86, 3149, 86, 3150, + 86, 3151, 86, 86, 3154, 86, 86, 86, 86, 86, + 86, 86, 3153, 3159, 86, 3152, 3155, 86, 3156, 86, + 3163, 86, 86, 3162, 3160, 3165, 86, 86, 3157, 3158, + 3161, 86, 86, 3169, 3167, 86, 3164, 86, 3171, 3172, + 3166, 86, 86, 86, 86, 86, 3174, 86, 86, 86, + 86, 86, 86, 3168, 3178, 3170, 3173, 86, 3179, 86, + 3177, 3180, 3175, 86, 3183, 3176, 3181, 86, 86, 86, + 3184, 3186, 86, 3187, 86, 3189, 3182, 3188, 86, 86, + 86, 3185, 86, 3192, 3191, 86, 86, 86, 3190, 3197, - 3108, 3108, 3108 + 3196, 86, 3194, 86, 3199, 86, 3193, 3195, 86, 86, + 86, 86, 86, 86, 86, 86, 3198, 86, 3200, 86, + 3208, 3206, 3210, 3211, 86, 3203, 86, 3201, 3202, 3205, + 86, 3207, 86, 86, 3209, 3213, 3204, 3216, 86, 86, + 3218, 86, 86, 3219, 3220, 86, 3212, 3214, 3217, 3221, + 86, 86, 3215, 86, 86, 86, 86, 3224, 86, 86, + 3225, 3226, 3229, 86, 86, 86, 86, 86, 86, 86, + 3222, 3232, 3340, 3223, 3228, 86, 3231, 3230, 3233, 86, + 3235, 86, 3237, 3227, 86, 3234, 3236, 86, 3238, 3239, + 86, 3242, 86, 3241, 86, 3243, 86, 86, 86, 3240, + + 3246, 3247, 86, 86, 3244, 86, 86, 86, 3252, 86, + 3251, 86, 3248, 3253, 86, 3249, 3245, 86, 86, 86, + 86, 86, 3250, 86, 3257, 86, 3259, 86, 86, 86, + 86, 86, 3254, 3256, 3264, 3265, 86, 3255, 3258, 86, + 3261, 3262, 3260, 3272, 3263, 3266, 86, 3270, 86, 86, + 86, 3267, 86, 3273, 3268, 3271, 86, 86, 3269, 86, + 86, 3274, 3275, 3278, 3276, 3279, 86, 86, 86, 86, + 3281, 86, 3280, 86, 86, 86, 86, 3282, 3287, 3277, + 86, 3284, 86, 86, 86, 86, 3290, 3283, 3291, 86, + 86, 86, 86, 86, 3285, 3286, 3289, 3294, 86, 3288, + + 3292, 3295, 86, 3293, 86, 3298, 3297, 3299, 86, 3296, + 86, 3300, 86, 3302, 86, 3304, 86, 3305, 86, 86, + 86, 3309, 86, 3306, 3340, 86, 3307, 3312, 86, 3303, + 3310, 86, 86, 3311, 3301, 86, 86, 86, 86, 3308, + 86, 86, 3313, 3314, 86, 3316, 3318, 86, 86, 3320, + 86, 3315, 86, 3321, 86, 3324, 3317, 3319, 3325, 86, + 3322, 86, 86, 3328, 3329, 86, 86, 3331, 86, 3323, + 86, 3326, 86, 3330, 3332, 86, 86, 3333, 86, 86, + 3327, 3334, 3340, 3335, 3338, 86, 3339, 86, 3340, 3340, + 3340, 3336, 3340, 3340, 3340, 3340, 3340, 3340, 3337, 47, + + 47, 47, 47, 47, 47, 47, 52, 52, 52, 52, + 52, 52, 52, 57, 57, 57, 57, 57, 57, 57, + 63, 63, 63, 63, 63, 63, 63, 68, 68, 68, + 68, 68, 68, 68, 74, 74, 74, 74, 74, 74, + 74, 80, 80, 80, 80, 80, 80, 80, 89, 89, + 3340, 89, 89, 89, 89, 160, 160, 3340, 3340, 3340, + 160, 160, 162, 162, 3340, 3340, 162, 3340, 162, 164, + 3340, 3340, 3340, 3340, 3340, 164, 167, 167, 3340, 3340, + 3340, 167, 167, 169, 3340, 3340, 3340, 3340, 3340, 169, + 171, 171, 3340, 171, 171, 171, 171, 174, 3340, 3340, + + 3340, 3340, 3340, 174, 177, 177, 3340, 3340, 3340, 177, + 177, 90, 90, 3340, 90, 90, 90, 90, 17, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340 } ; -static const flex_int16_t yy_chk[6104] = +static const flex_int16_t yy_chk[6560] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, 4, 4, 5, 5, 6, 6, - 5, 3, 6, 20, 4, 20, 20, 5, 20, 6, - 7, 7, 7, 7, 20, 7, 8, 8, 8, 8, - 29, 8, 7, 9, 9, 9, 22, 22, 8, 10, - 10, 10, 15, 25, 9, 29, 15, 25, 3114, 31, - 10, 11, 11, 11, 11, 11, 11, 19, 79, 19, + 5, 3, 6, 24, 4, 24, 24, 5, 24, 6, + 7, 7, 7, 7, 24, 7, 8, 8, 8, 8, + 33, 8, 7, 9, 9, 9, 26, 26, 8, 10, + 10, 10, 19, 29, 9, 33, 19, 29, 3348, 35, + 10, 11, 11, 11, 11, 11, 11, 13, 13, 13, - 19, 30, 19, 11, 31, 79, 30, 25, 19, 19, - 47, 47, 11, 12, 12, 12, 12, 12, 12, 21, - 23, 23, 21, 21, 24, 12, 21, 84, 23, 24, - 34, 21, 23, 24, 12, 23, 24, 1018, 24, 24, - 21, 26, 26, 27, 27, 84, 28, 36, 32, 32, - 28, 34, 27, 28, 33, 33, 26, 32, 42, 33, - 28, 36, 28, 32, 37, 37, 127, 32, 52, 37, - 69, 52, 127, 42, 123, 33, 35, 35, 38, 37, - 37, 35, 37, 38, 69, 35, 38, 39, 39, 81, - 39, 35, 40, 38, 35, 80, 40, 38, 38, 39, + 13, 34, 13, 11, 35, 99, 34, 29, 38, 13, + 51, 51, 11, 12, 12, 12, 12, 12, 12, 14, + 14, 14, 14, 99, 14, 12, 15, 15, 15, 38, + 23, 14, 23, 23, 12, 23, 46, 15, 16, 16, + 16, 23, 23, 25, 27, 27, 25, 25, 2724, 16, + 25, 46, 27, 30, 30, 25, 27, 56, 40, 27, + 56, 73, 31, 31, 25, 28, 67, 67, 30, 32, + 28, 31, 40, 32, 28, 73, 32, 28, 92, 28, + 28, 92, 31, 32, 1097, 32, 36, 36, 37, 37, + 28, 45, 45, 37, 97, 36, 45, 97, 41, 41, - 123, 35, 151, 41, 41, 39, 40, 80, 41, 81, - 40, 40, 41, 58, 77, 58, 58, 77, 58, 63, - 63, 66, 86, 66, 66, 68, 66, 68, 68, 71, - 68, 71, 71, 66, 71, 72, 86, 88, 78, 72, - 71, 74, 78, 74, 74, 82, 74, 83, 82, 85, - 83, 89, 74, 74, 87, 88, 88, 90, 85, 91, - 87, 92, 93, 83, 102, 91, 87, 95, 87, 94, - 97, 96, 98, 89, 97, 92, 90, 98, 91, 99, - 94, 94, 93, 102, 100, 95, 101, 100, 94, 96, - 100, 103, 101, 99, 104, 105, 103, 104, 106, 149, + 45, 36, 87, 41, 93, 36, 87, 37, 93, 37, + 39, 39, 42, 41, 41, 39, 41, 42, 96, 39, + 42, 43, 43, 105, 43, 39, 44, 42, 39, 101, + 44, 42, 42, 43, 94, 39, 84, 84, 96, 43, + 44, 94, 105, 101, 44, 44, 62, 192, 62, 62, + 70, 62, 70, 70, 72, 70, 72, 72, 79, 72, + 79, 79, 70, 79, 86, 95, 86, 86, 89, 86, + 89, 89, 192, 89, 100, 86, 102, 95, 98, 89, + 89, 98, 102, 100, 103, 104, 106, 107, 102, 113, + 102, 109, 106, 113, 98, 108, 111, 140, 114, 112, - 108, 104, 107, 100, 100, 109, 107, 108, 110, 111, - 112, 101, 106, 114, 105, 110, 103, 104, 109, 105, - 113, 115, 111, 116, 113, 115, 118, 117, 119, 119, - 112, 114, 117, 120, 122, 121, 117, 124, 126, 121, - 128, 116, 129, 129, 125, 131, 118, 125, 121, 122, - 130, 126, 128, 120, 121, 132, 124, 130, 125, 133, - 129, 131, 125, 129, 135, 134, 135, 136, 130, 141, - 138, 137, 139, 140, 132, 135, 137, 161, 140, 136, - 133, 134, 138, 141, 143, 143, 145, 135, 161, 145, - 139, 147, 155, 147, 147, 155, 147, 150, 150, 152, + 177, 107, 103, 103, 110, 106, 116, 104, 115, 108, + 119, 109, 140, 115, 111, 110, 110, 112, 114, 117, + 116, 118, 117, 110, 122, 117, 120, 118, 123, 119, + 121, 120, 124, 121, 125, 130, 124, 121, 117, 117, + 127, 125, 123, 122, 126, 128, 118, 127, 122, 129, + 132, 120, 131, 121, 128, 130, 131, 126, 134, 133, + 135, 136, 129, 133, 138, 135, 137, 137, 132, 135, + 139, 141, 142, 144, 139, 256, 134, 256, 146, 150, + 151, 136, 143, 139, 138, 143, 144, 145, 149, 139, + 146, 142, 148, 145, 147, 147, 143, 141, 150, 148, - 158, 152, 152, 153, 152, 153, 153, 156, 153, 159, - 157, 160, 156, 162, 163, 153, 157, 164, 158, 160, - 166, 162, 165, 168, 159, 157, 160, 165, 167, 168, - 168, 169, 164, 163, 170, 171, 171, 167, 172, 170, - 166, 173, 176, 173, 172, 174, 173, 175, 175, 174, - 177, 180, 178, 148, 174, 177, 169, 178, 179, 174, - 182, 176, 181, 173, 182, 174, 174, 183, 181, 184, - 179, 180, 183, 185, 186, 187, 188, 189, 238, 191, - 193, 188, 189, 184, 191, 192, 186, 201, 185, 186, - 218, 181, 238, 187, 190, 190, 193, 194, 190, 198, + 143, 151, 152, 153, 149, 153, 155, 154, 156, 157, + 148, 155, 147, 226, 153, 147, 158, 159, 152, 154, + 156, 158, 161, 161, 179, 163, 153, 157, 163, 179, + 165, 159, 165, 165, 226, 165, 168, 168, 170, 181, + 170, 170, 171, 170, 171, 171, 173, 171, 175, 173, + 175, 175, 180, 175, 171, 178, 178, 181, 180, 182, + 183, 184, 185, 186, 187, 189, 188, 180, 183, 190, + 185, 188, 184, 212, 182, 183, 193, 191, 190, 187, + 176, 193, 186, 191, 191, 189, 194, 194, 195, 197, + 196, 212, 196, 197, 195, 196, 198, 198, 197, 199, - 190, 195, 195, 194, 196, 192, 218, 197, 201, 199, - 196, 200, 190, 197, 190, 199, 196, 200, 202, 198, - 203, 204, 205, 206, 202, 203, 200, 204, 205, 207, - 206, 208, 209, 210, 211, 207, 212, 213, 209, 214, - 211, 215, 216, 219, 208, 213, 215, 217, 222, 220, - 224, 216, 214, 210, 220, 220, 221, 226, 212, 225, - 223, 221, 217, 219, 223, 225, 222, 227, 228, 229, - 231, 232, 224, 227, 229, 226, 226, 230, 232, 230, - 233, 234, 235, 237, 236, 244, 233, 234, 228, 231, - 236, 239, 239, 240, 240, 237, 241, 242, 243, 245, + 200, 201, 202, 197, 203, 204, 201, 202, 205, 197, + 197, 199, 196, 206, 205, 207, 203, 206, 208, 200, + 207, 209, 213, 210, 211, 204, 214, 213, 216, 217, + 551, 214, 218, 216, 208, 209, 211, 205, 210, 211, + 215, 215, 220, 220, 215, 219, 215, 221, 218, 217, + 222, 219, 223, 221, 551, 224, 222, 227, 215, 221, + 215, 224, 225, 227, 228, 229, 230, 231, 225, 228, + 230, 229, 223, 231, 232, 234, 233, 225, 235, 236, + 237, 232, 233, 238, 235, 239, 237, 240, 234, 241, + 245, 243, 242, 239, 241, 244, 238, 246, 248, 236, - 243, 235, 241, 242, 245, 247, 246, 248, 244, 249, - 251, 250, 146, 252, 262, 248, 250, 243, 246, 252, - 241, 253, 257, 254, 247, 255, 256, 253, 254, 249, - 255, 258, 256, 251, 259, 260, 261, 257, 264, 262, - 263, 264, 266, 266, 261, 258, 263, 268, 265, 260, - 265, 267, 259, 271, 267, 269, 269, 270, 270, 272, - 273, 275, 274, 273, 277, 268, 274, 276, 281, 271, - 275, 278, 281, 276, 272, 283, 280, 278, 277, 279, - 283, 279, 280, 282, 282, 284, 285, 286, 287, 281, - 288, 284, 289, 289, 290, 291, 292, 290, 293, 144, + 240, 242, 246, 246, 247, 238, 243, 250, 249, 247, + 245, 244, 249, 251, 252, 253, 248, 254, 255, 251, + 257, 253, 259, 255, 258, 261, 263, 264, 259, 250, + 260, 258, 252, 252, 262, 270, 260, 254, 263, 257, + 262, 264, 265, 265, 261, 266, 266, 267, 268, 269, + 271, 269, 272, 267, 268, 271, 273, 274, 270, 275, + 277, 276, 288, 278, 272, 274, 276, 279, 269, 278, + 283, 267, 280, 279, 282, 273, 281, 280, 284, 275, + 282, 281, 285, 277, 286, 283, 287, 288, 290, 289, + 293, 290, 284, 293, 287, 289, 294, 291, 286, 291, - 292, 294, 296, 288, 298, 286, 285, 295, 295, 287, - 301, 297, 299, 291, 297, 304, 298, 293, 299, 294, - 296, 300, 301, 305, 300, 303, 307, 309, 305, 307, - 308, 297, 302, 304, 303, 306, 318, 318, 306, 309, - 306, 302, 142, 308, 302, 310, 313, 310, 310, 302, - 302, 302, 302, 311, 312, 314, 306, 312, 311, 311, - 315, 321, 316, 313, 317, 324, 313, 319, 320, 320, - 314, 316, 319, 317, 322, 323, 321, 315, 315, 322, - 325, 326, 327, 330, 324, 338, 331, 323, 327, 328, - 328, 331, 328, 332, 338, 70, 326, 333, 336, 332, + 285, 292, 292, 295, 295, 296, 296, 297, 299, 298, + 301, 299, 300, 302, 294, 303, 300, 304, 174, 301, + 305, 303, 302, 297, 298, 306, 305, 306, 307, 308, + 314, 304, 310, 308, 307, 309, 309, 310, 311, 312, + 313, 315, 316, 319, 311, 312, 317, 317, 314, 318, + 308, 321, 318, 320, 322, 316, 324, 320, 323, 323, + 313, 319, 315, 325, 312, 326, 325, 327, 328, 329, + 321, 328, 322, 327, 324, 333, 331, 326, 366, 332, + 333, 329, 336, 325, 330, 331, 334, 335, 337, 334, + 335, 334, 366, 330, 169, 336, 330, 332, 341, 341, - 325, 328, 333, 330, 334, 335, 339, 339, 335, 334, - 335, 337, 336, 340, 337, 334, 341, 341, 342, 340, - 345, 346, 343, 342, 347, 343, 348, 337, 358, 64, - 337, 343, 337, 351, 349, 343, 351, 352, 354, 347, - 345, 348, 346, 343, 344, 344, 355, 344, 349, 358, - 359, 352, 351, 354, 362, 355, 356, 360, 357, 433, - 344, 356, 356, 344, 357, 344, 361, 344, 353, 359, - 353, 353, 360, 362, 364, 361, 365, 366, 368, 363, - 353, 433, 353, 353, 353, 363, 369, 353, 367, 370, - 371, 366, 372, 373, 367, 376, 365, 372, 367, 377, + 337, 330, 330, 330, 330, 339, 338, 334, 338, 338, + 339, 339, 340, 342, 343, 340, 345, 344, 346, 347, + 347, 348, 349, 349, 351, 345, 348, 346, 353, 343, + 342, 350, 350, 342, 344, 344, 352, 354, 355, 351, + 353, 352, 356, 357, 360, 167, 361, 358, 358, 357, + 358, 361, 369, 369, 362, 166, 354, 356, 355, 358, + 362, 363, 364, 394, 360, 365, 363, 364, 365, 367, + 365, 368, 367, 364, 372, 370, 371, 371, 375, 372, + 368, 370, 377, 373, 378, 367, 373, 379, 367, 394, + 367, 376, 373, 382, 376, 384, 373, 377, 375, 378, - 364, 368, 375, 375, 374, 371, 369, 378, 373, 370, - 374, 377, 379, 380, 381, 376, 384, 382, 379, 385, - 387, 378, 382, 383, 383, 386, 383, 388, 389, 388, - 381, 392, 389, 390, 387, 385, 384, 390, 380, 391, - 391, 386, 393, 394, 395, 397, 396, 388, 399, 398, - 392, 400, 390, 399, 397, 400, 403, 393, 398, 394, - 396, 401, 395, 402, 405, 397, 404, 397, 405, 402, - 401, 406, 404, 407, 406, 408, 410, 403, 407, 409, - 409, 411, 411, 412, 413, 414, 414, 415, 412, 410, - 416, 417, 418, 415, 416, 408, 419, 413, 420, 421, + 381, 379, 385, 381, 373, 374, 374, 382, 374, 386, + 384, 385, 376, 388, 386, 386, 387, 389, 390, 381, + 402, 374, 387, 392, 374, 402, 374, 395, 374, 383, + 391, 383, 383, 390, 388, 396, 389, 164, 399, 391, + 393, 383, 392, 383, 383, 383, 393, 395, 383, 396, + 397, 400, 398, 401, 403, 404, 397, 398, 399, 406, + 397, 404, 405, 405, 407, 410, 408, 409, 401, 403, + 411, 400, 412, 409, 414, 398, 407, 412, 417, 406, + 408, 413, 413, 415, 413, 416, 411, 418, 423, 418, + 410, 426, 417, 419, 414, 419, 419, 424, 420, 415, - 421, 419, 422, 420, 423, 424, 417, 425, 421, 426, - 428, 427, 426, 418, 422, 427, 429, 429, 431, 425, - 430, 436, 428, 424, 423, 430, 432, 432, 435, 435, - 437, 438, 439, 442, 441, 446, 440, 444, 437, 431, - 438, 440, 436, 445, 447, 442, 449, 448, 451, 446, - 447, 457, 449, 439, 441, 444, 448, 444, 452, 450, - 454, 455, 451, 445, 450, 453, 452, 456, 453, 452, - 460, 457, 458, 456, 454, 458, 455, 459, 462, 466, - 461, 463, 464, 459, 460, 461, 464, 465, 467, 468, - 469, 470, 465, 467, 466, 473, 511, 474, 476, 475, + 421, 416, 420, 427, 421, 422, 422, 423, 425, 426, + 430, 428, 424, 419, 431, 439, 430, 427, 439, 421, + 428, 429, 432, 431, 425, 433, 429, 432, 434, 433, + 435, 428, 436, 428, 429, 429, 435, 434, 429, 429, + 437, 438, 440, 441, 443, 438, 437, 440, 442, 442, + 444, 444, 446, 436, 445, 447, 447, 443, 448, 445, + 450, 451, 449, 441, 448, 446, 449, 452, 453, 454, + 454, 455, 452, 453, 456, 450, 458, 457, 454, 461, + 464, 459, 451, 455, 459, 460, 462, 462, 458, 460, + 466, 461, 463, 470, 456, 457, 471, 463, 465, 465, - 462, 459, 463, 475, 470, 468, 477, 59, 481, 469, - 471, 471, 474, 481, 511, 473, 471, 476, 471, 478, - 480, 484, 477, 478, 471, 482, 471, 484, 479, 471, - 471, 483, 484, 479, 485, 480, 471, 479, 487, 486, - 483, 482, 486, 488, 489, 489, 490, 491, 491, 492, - 485, 494, 496, 493, 495, 497, 499, 500, 498, 54, - 497, 487, 501, 488, 492, 493, 494, 498, 501, 503, - 506, 490, 500, 495, 496, 499, 504, 505, 503, 507, - 504, 508, 506, 505, 509, 512, 510, 515, 53, 512, - 513, 514, 518, 514, 507, 515, 516, 516, 509, 517, + 472, 464, 468, 468, 471, 473, 474, 475, 476, 472, + 478, 474, 466, 479, 470, 480, 482, 484, 481, 550, + 476, 550, 482, 484, 483, 486, 473, 475, 478, 485, + 478, 479, 481, 483, 485, 480, 487, 488, 489, 486, + 488, 490, 491, 492, 487, 494, 493, 487, 491, 493, + 495, 494, 489, 496, 497, 499, 490, 498, 496, 499, + 500, 502, 501, 492, 495, 500, 502, 503, 504, 494, + 508, 505, 511, 524, 547, 510, 497, 501, 498, 510, + 509, 512, 513, 503, 505, 162, 513, 504, 506, 506, + 508, 511, 547, 524, 506, 509, 506, 512, 515, 517, - 508, 510, 519, 513, 518, 517, 520, 521, 519, 522, - 521, 523, 524, 525, 527, 526, 525, 524, 520, 529, - 530, 530, 528, 522, 526, 536, 523, 528, 528, 543, - 527, 526, 529, 532, 526, 531, 531, 533, 533, 532, - 534, 534, 535, 539, 537, 538, 536, 537, 535, 540, - 538, 541, 543, 542, 541, 544, 545, 540, 542, 546, - 545, 548, 539, 547, 549, 546, 550, 547, 552, 549, - 551, 553, 554, 552, 544, 554, 551, 555, 557, 548, - 554, 556, 556, 558, 554, 553, 550, 559, 560, 561, - 562, 564, 559, 560, 48, 555, 557, 564, 565, 558, + 514, 516, 506, 518, 506, 514, 516, 506, 506, 514, + 519, 520, 518, 515, 506, 517, 519, 521, 517, 522, + 523, 519, 522, 525, 525, 526, 520, 527, 527, 528, + 529, 530, 531, 521, 532, 533, 534, 536, 535, 539, + 533, 537, 529, 523, 528, 534, 530, 537, 539, 540, + 526, 531, 536, 540, 541, 542, 532, 535, 543, 544, + 541, 545, 546, 549, 548, 554, 552, 542, 548, 553, + 553, 554, 555, 543, 552, 545, 549, 546, 544, 556, + 557, 559, 560, 558, 555, 556, 558, 562, 561, 563, + 562, 564, 557, 561, 565, 559, 566, 560, 563, 565, - 571, 566, 567, 561, 566, 562, 567, 565, 568, 569, - 570, 572, 569, 568, 573, 570, 571, 574, 575, 576, - 580, 573, 578, 575, 577, 577, 579, 583, 567, 572, - 574, 578, 581, 583, 582, 585, 580, 584, 585, 576, - 589, 581, 592, 584, 43, 579, 582, 586, 586, 587, - 586, 588, 587, 590, 591, 594, 588, 593, 589, 591, - 594, 592, 595, 593, 603, 597, 596, 590, 595, 596, - 597, 598, 599, 600, 601, 602, 598, 598, 604, 601, - 606, 602, 14, 603, 605, 599, 600, 604, 608, 605, - 607, 607, 610, 601, 601, 608, 609, 611, 610, 609, + 565, 567, 567, 568, 568, 563, 569, 564, 563, 566, + 570, 570, 569, 571, 571, 572, 574, 573, 575, 578, + 577, 572, 573, 573, 576, 577, 579, 576, 580, 582, + 575, 580, 583, 589, 579, 581, 585, 574, 578, 584, + 581, 586, 585, 584, 587, 586, 591, 589, 588, 590, + 590, 583, 582, 588, 592, 593, 594, 595, 596, 598, + 593, 591, 587, 597, 596, 603, 600, 602, 597, 601, + 601, 599, 594, 598, 599, 592, 606, 595, 607, 599, + 610, 603, 599, 599, 600, 602, 604, 605, 609, 610, + 606, 604, 605, 607, 609, 611, 612, 613, 611, 616, - 606, 612, 613, 614, 614, 615, 612, 613, 613, 611, - 616, 619, 616, 617, 609, 618, 620, 618, 621, 622, - 623, 624, 625, 629, 626, 630, 625, 624, 627, 619, - 615, 628, 617, 626, 620, 631, 621, 632, 622, 633, - 623, 629, 634, 627, 630, 633, 628, 631, 635, 636, - 637, 638, 632, 639, 640, 638, 634, 641, 642, 643, - 635, 645, 645, 646, 647, 644, 649, 646, 636, 637, - 640, 639, 651, 648, 652, 641, 642, 642, 643, 644, - 649, 650, 653, 647, 648, 654, 650, 659, 651, 655, - 656, 657, 654, 652, 655, 653, 657, 656, 658, 660, + 612, 614, 613, 615, 614, 617, 618, 619, 615, 620, + 621, 622, 622, 618, 620, 616, 623, 624, 625, 626, + 619, 627, 612, 617, 630, 623, 628, 630, 626, 629, + 621, 634, 628, 627, 625, 629, 624, 631, 631, 632, + 631, 633, 632, 635, 637, 636, 633, 638, 640, 634, + 636, 639, 641, 638, 640, 641, 639, 635, 642, 643, + 644, 645, 646, 637, 643, 644, 644, 647, 650, 649, + 648, 652, 647, 651, 645, 646, 648, 650, 651, 653, + 653, 655, 654, 642, 655, 657, 647, 647, 649, 654, + 656, 652, 661, 658, 663, 659, 656, 657, 658, 655, - 661, 662, 663, 658, 664, 659, 660, 665, 668, 661, - 666, 663, 665, 666, 667, 662, 664, 669, 667, 670, - 672, 671, 668, 673, 673, 678, 669, 674, 674, 675, - 675, 676, 679, 680, 670, 671, 674, 682, 679, 681, - 676, 672, 683, 681, 678, 684, 685, 686, 688, 682, - 687, 689, 685, 680, 690, 686, 693, 687, 696, 699, - 13, 702, 701, 684, 700, 702, 688, 683, 699, 706, - 700, 693, 703, 703, 690, 696, 689, 691, 701, 704, - 704, 705, 691, 708, 707, 709, 691, 706, 711, 691, - 769, 709, 705, 711, 712, 713, 691, 691, 707, 691, + 659, 659, 660, 660, 662, 664, 662, 664, 665, 666, + 667, 668, 669, 663, 670, 671, 672, 661, 673, 671, + 670, 674, 675, 676, 678, 672, 665, 666, 667, 677, + 668, 679, 669, 673, 680, 681, 674, 679, 682, 678, + 675, 677, 676, 683, 686, 684, 685, 681, 680, 684, + 687, 688, 689, 690, 692, 692, 695, 682, 690, 691, + 686, 693, 683, 694, 685, 693, 697, 696, 687, 688, + 688, 689, 699, 691, 698, 695, 700, 694, 696, 698, + 697, 701, 702, 707, 704, 703, 710, 705, 699, 702, + 703, 704, 705, 706, 701, 700, 708, 709, 706, 711, - 714, 716, 716, 708, 710, 710, 710, 715, 710, 719, - 715, 710, 717, 713, 769, 712, 710, 718, 718, 717, - 720, 720, 710, 710, 719, 714, 721, 722, 723, 726, - 722, 721, 727, 723, 724, 724, 725, 729, 725, 728, - 730, 726, 731, 728, 732, 732, 733, 736, 734, 738, - 731, 727, 735, 735, 737, 740, 757, 729, 739, 730, - 740, 733, 734, 757, 739, 736, 737, 741, 741, 742, - 745, 738, 744, 746, 742, 742, 745, 744, 747, 746, - 748, 749, 750, 747, 749, 751, 748, 754, 750, 752, - 752, 753, 753, 751, 755, 754, 756, 758, 759, 760, + 710, 707, 712, 708, 713, 716, 709, 714, 711, 713, + 714, 715, 717, 718, 712, 715, 719, 720, 727, 716, + 732, 717, 721, 721, 722, 722, 723, 723, 718, 724, + 719, 725, 729, 722, 724, 728, 731, 727, 720, 730, + 725, 728, 733, 730, 734, 732, 735, 737, 731, 736, + 734, 738, 729, 739, 735, 742, 736, 745, 748, 784, + 733, 784, 749, 751, 753, 737, 752, 748, 749, 751, + 742, 755, 755, 739, 745, 752, 738, 740, 759, 740, + 753, 754, 740, 756, 756, 754, 740, 757, 758, 740, + 760, 765, 759, 764, 761, 767, 740, 740, 757, 740, - 762, 756, 761, 761, 764, 763, 765, 767, 768, 762, - 764, 771, 755, 763, 759, 758, 767, 768, 760, 770, - 771, 774, 773, 772, 770, 765, 772, 773, 775, 776, - 777, 778, 779, 779, 780, 774, 778, 778, 776, 781, - 783, 782, 788, 777, 784, 790, 786, 784, 786, 780, - 782, 787, 787, 775, 789, 784, 791, 792, 781, 789, - 793, 794, 795, 788, 783, 796, 790, 798, 797, 800, - 799, 795, 797, 803, 801, 800, 791, 792, 802, 804, - 805, 794, 793, 801, 806, 798, 805, 809, 796, 799, - 802, 807, 803, 804, 808, 808, 807, 810, 806, 811, + 761, 766, 763, 770, 768, 766, 758, 763, 768, 765, + 760, 762, 762, 762, 764, 762, 769, 771, 762, 767, + 772, 769, 770, 762, 768, 773, 775, 777, 773, 762, + 762, 774, 771, 775, 776, 776, 774, 774, 778, 779, + 779, 780, 777, 778, 781, 772, 780, 781, 782, 783, + 783, 785, 786, 782, 787, 788, 790, 789, 787, 791, + 791, 796, 792, 785, 790, 793, 794, 794, 795, 797, + 857, 786, 798, 796, 857, 788, 789, 792, 798, 793, + 799, 800, 800, 801, 804, 799, 795, 803, 801, 801, + 804, 797, 803, 805, 808, 806, 807, 808, 809, 805, - 812, 813, 814, 815, 817, 816, 810, 809, 812, 818, - 817, 819, 820, 826, 821, 824, 825, 819, 826, 811, - 821, 813, 815, 818, 814, 816, 823, 822, 825, 827, - 823, 831, 820, 822, 824, 829, 825, 828, 828, 830, - 832, 829, 830, 834, 836, 833, 835, 835, 842, 831, - 827, 833, 837, 832, 838, 838, 839, 837, 841, 841, - 840, 843, 836, 834, 840, 845, 847, 844, 848, 850, - 842, 839, 844, 851, 853, 853, 854, 855, 856, 856, - 854, 843, 848, 857, 845, 860, 859, 858, 861, 850, - 847, 858, 855, 861, 851, 852, 862, 863, 852, 860, + 806, 810, 807, 813, 809, 811, 811, 812, 812, 810, + 814, 813, 815, 816, 817, 818, 819, 815, 820, 820, + 816, 821, 823, 823, 825, 822, 829, 827, 814, 828, + 821, 818, 817, 822, 824, 819, 827, 830, 828, 831, + 824, 832, 830, 825, 832, 834, 833, 835, 831, 836, + 829, 833, 837, 839, 839, 838, 840, 841, 836, 834, + 838, 838, 843, 844, 842, 837, 844, 846, 848, 846, + 849, 840, 835, 842, 844, 849, 841, 847, 847, 850, + 856, 851, 852, 853, 854, 855, 843, 860, 858, 848, + 859, 863, 892, 860, 855, 892, 862, 864, 861, 866, - 852, 859, 863, 863, 852, 864, 852, 866, 857, 865, - 862, 852, 867, 865, 868, 869, 852, 867, 870, 864, - 869, 871, 866, 872, 873, 865, 868, 867, 874, 875, - 873, 877, 870, 879, 874, 875, 877, 872, 876, 876, - 878, 880, 871, 881, 883, 884, 878, 886, 887, 887, - 884, 885, 888, 890, 891, 879, 883, 888, 889, 886, - 880, 881, 882, 882, 892, 885, 889, 890, 882, 896, - 882, 893, 893, 891, 894, 896, 882, 897, 894, 898, - 897, 882, 882, 892, 899, 900, 902, 901, 882, 907, - 904, 900, 901, 905, 906, 907, 909, 899, 898, 904, + 850, 851, 852, 856, 854, 853, 858, 861, 862, 859, + 863, 864, 865, 866, 867, 868, 868, 869, 865, 867, + 870, 871, 872, 873, 874, 875, 877, 876, 878, 870, + 872, 879, 877, 880, 878, 881, 882, 869, 160, 880, + 886, 871, 883, 873, 875, 879, 874, 876, 883, 881, + 885, 884, 887, 888, 885, 889, 882, 884, 888, 886, + 890, 890, 891, 893, 887, 894, 896, 895, 891, 897, + 897, 898, 887, 895, 899, 901, 889, 900, 894, 899, + 902, 893, 900, 900, 902, 904, 896, 903, 903, 898, + 901, 905, 906, 907, 909, 910, 913, 906, 914, 917, - 908, 910, 905, 911, 912, 902, 910, 913, 914, 908, - 906, 917, 915, 916, 918, 909, 921, 917, 912, 919, - 914, 915, 916, 911, 923, 919, 924, 913, 925, 926, - 927, 918, 921, 936, 928, 929, 930, 933, 923, 936, - 929, 930, 933, 926, 934, 937, 924, 925, 927, 928, - 935, 935, 938, 934, 937, 939, 941, 942, 946, 945, - 943, 943, 942, 942, 943, 947, 944, 938, 939, 944, - 948, 949, 941, 945, 950, 952, 951, 953, 946, 954, - 955, 947, 951, 953, 949, 955, 956, 958, 948, 950, - 958, 959, 960, 961, 954, 952, 963, 960, 961, 962, + 912, 916, 916, 917, 919, 919, 918, 904, 920, 910, + 921, 905, 907, 912, 921, 922, 913, 924, 909, 914, + 915, 918, 924, 915, 923, 915, 925, 85, 938, 915, + 922, 915, 928, 920, 938, 927, 915, 926, 923, 930, + 925, 915, 926, 926, 927, 929, 928, 931, 932, 929, + 933, 934, 931, 935, 930, 933, 936, 937, 939, 943, + 932, 929, 931, 939, 943, 934, 937, 940, 945, 941, + 936, 942, 942, 940, 935, 941, 944, 946, 950, 947, + 949, 951, 944, 950, 953, 953, 954, 80, 952, 956, + 945, 954, 949, 955, 957, 951, 946, 947, 948, 948, - 956, 963, 964, 967, 965, 968, 973, 964, 969, 967, - 976, 970, 959, 972, 969, 962, 965, 970, 971, 971, - 974, 968, 972, 974, 973, 975, 975, 977, 976, 978, - 979, 980, 981, 979, 982, 988, 983, 984, 981, 986, - 982, 983, 984, 985, 980, 986, 977, 989, 985, 978, - 990, 993, 991, 988, 992, 992, 990, 991, 995, 994, - 993, 996, 997, 998, 996, 997, 999, 989, 994, 1000, - 1001, 1002, 1003, 1004, 998, 1005, 995, 1002, 1003, 1007, - 1005, 1000, 1006, 1006, 999, 1008, 1011, 1010, 1004, 1001, - 1009, 1010, 1012, 1013, 1014, 1016, 1017, 1017, 1007, 1008, + 952, 955, 958, 956, 948, 960, 948, 959, 962, 961, + 963, 960, 948, 957, 961, 964, 965, 948, 948, 968, + 962, 958, 972, 959, 948, 966, 966, 974, 963, 967, + 970, 964, 971, 967, 965, 971, 970, 973, 975, 968, + 974, 972, 973, 976, 975, 977, 979, 980, 976, 981, + 983, 982, 984, 985, 986, 979, 980, 982, 985, 983, + 988, 987, 992, 990, 977, 981, 989, 991, 992, 993, + 998, 984, 990, 994, 986, 987, 991, 996, 989, 994, + 988, 999, 1001, 1000, 998, 1002, 993, 1004, 1009, 1003, + 1005, 1012, 1004, 996, 1008, 1005, 1001, 1009, 1014, 1008, - 1020, 1012, 1009, 1019, 1011, 1022, 1021, 1023, 1024, 1024, - 1022, 1025, 1013, 0, 1016, 1020, 1023, 1019, 1021, 1014, - 1026, 1027, 1029, 1028, 1029, 1030, 1026, 1027, 1028, 1031, - 1030, 1025, 1032, 1033, 1034, 1035, 1037, 1036, 1033, 1038, - 1040, 1040, 1041, 1031, 1036, 1042, 1032, 1043, 1045, 1034, - 1046, 1037, 1049, 1044, 1035, 1046, 1041, 1049, 1038, 1044, - 1048, 1048, 1043, 1042, 1046, 1051, 1046, 1052, 1045, 1046, - 1050, 1050, 1051, 1053, 1054, 1056, 1053, 1055, 1057, 1058, - 1059, 1052, 1061, 1057, 1056, 1059, 1060, 1063, 1063, 1064, - 1066, 1065, 1070, 1054, 1064, 1055, 1065, 1060, 1058, 1067, + 1012, 999, 1000, 1002, 1003, 1010, 1010, 1011, 1013, 1016, + 1017, 1014, 1021, 1011, 1022, 1017, 1017, 1019, 1019, 1020, + 1023, 1019, 1020, 1013, 1024, 1016, 1021, 1025, 1026, 1027, + 1028, 1029, 1030, 1031, 1022, 1027, 1023, 1029, 1031, 1032, + 1025, 1034, 1024, 1026, 1034, 1035, 1036, 1030, 1038, 1037, + 1028, 1036, 1039, 1032, 1037, 1040, 1041, 1039, 1044, 1043, + 1040, 1045, 1049, 1046, 1038, 1043, 1035, 1045, 1041, 1046, + 1047, 1047, 1048, 1050, 1044, 1052, 1050, 1051, 1051, 1053, + 1049, 1048, 1054, 1055, 1056, 1057, 1055, 1059, 1058, 1064, + 1060, 1057, 1059, 1052, 1058, 1060, 1061, 1056, 1053, 1062, - 1069, 1061, 1068, 1071, 1067, 1072, 1068, 1070, 1073, 1069, - 1066, 1074, 1075, 1076, 1077, 1078, 1079, 1080, 1071, 1075, - 1073, 1082, 1081, 1080, 1072, 1076, 1074, 1083, 1087, 1084, - 1089, 0, 1088, 1077, 1079, 1093, 1078, 1081, 1084, 1086, - 1088, 1082, 1087, 1090, 1091, 1086, 1092, 1083, 1090, 1094, - 1089, 1092, 1092, 1095, 1093, 1098, 1091, 1096, 1096, 1100, - 1099, 1101, 1101, 1094, 0, 1100, 1095, 1097, 1098, 1099, - 1103, 1104, 1097, 1102, 1108, 1097, 1097, 1104, 1102, 1103, - 1097, 1111, 1105, 1106, 1107, 1107, 1097, 1105, 1106, 1112, - 1097, 1109, 1109, 1110, 1113, 1108, 1110, 1114, 1110, 1115, + 1065, 1061, 1054, 1066, 1071, 1062, 1067, 1064, 1069, 1066, + 1070, 1067, 1068, 1068, 1072, 1073, 1075, 1069, 1073, 1070, + 1065, 1074, 1071, 1076, 1074, 1077, 1078, 1075, 1076, 1079, + 1080, 1081, 1082, 1072, 1083, 1085, 1080, 1081, 1078, 1083, + 1084, 1084, 1086, 1077, 1089, 1087, 1088, 1082, 1079, 1090, + 1088, 1091, 1092, 1094, 1085, 1096, 1086, 1087, 1090, 1095, + 1095, 1099, 1089, 1101, 1098, 1102, 1104, 1100, 1101, 1107, + 1091, 1109, 1094, 1109, 1102, 1096, 1099, 1092, 1098, 1100, + 1103, 1103, 1105, 1106, 1111, 1107, 1104, 1108, 1105, 1106, + 1110, 1112, 1108, 1114, 1113, 1110, 1115, 1116, 1111, 1113, - 1116, 1111, 1117, 1113, 1115, 1118, 1119, 1112, 1120, 1122, - 1124, 1118, 1119, 1120, 1116, 1121, 1123, 1114, 1122, 1121, - 1117, 1123, 1131, 1122, 1124, 1122, 1127, 1122, 1130, 1122, - 1125, 1125, 1126, 1126, 1129, 1126, 1132, 1127, 1129, 1134, - 1131, 1133, 1135, 1130, 1136, 1132, 1133, 1133, 1134, 1136, - 1138, 1137, 1139, 1140, 1141, 1142, 1143, 1143, 1144, 1138, - 1145, 1142, 1146, 1147, 1135, 1137, 1144, 1146, 1141, 1148, - 1149, 1139, 1140, 1150, 1145, 1151, 1153, 1147, 1148, 1162, - 1151, 1152, 1152, 1154, 1154, 1155, 1157, 1155, 1149, 1157, - 1158, 1153, 1159, 1160, 1166, 1158, 1161, 1161, 1150, 1162, + 1118, 1117, 1120, 1120, 1116, 1112, 1121, 1122, 1114, 1123, + 1125, 1124, 75, 1126, 1132, 1115, 1117, 1124, 1126, 1118, + 1121, 1132, 1128, 1130, 1123, 1122, 1128, 1126, 1130, 1126, + 1125, 1133, 1126, 1129, 1129, 1131, 1131, 1134, 1135, 1137, + 1134, 1136, 1138, 1139, 1140, 1133, 1141, 1138, 1137, 1142, + 1143, 1141, 1144, 1146, 1146, 1147, 1140, 1135, 1149, 1136, + 1147, 1143, 1139, 1142, 1148, 1150, 1152, 1153, 1151, 1148, + 1150, 1144, 1151, 1154, 1155, 1152, 1157, 1156, 1149, 1158, + 1159, 1160, 1153, 1161, 1162, 1165, 1158, 1166, 1154, 1156, + 1163, 1157, 1159, 1155, 1164, 1168, 1163, 1167, 1169, 1170, - 1163, 1163, 1160, 1164, 1164, 1165, 1167, 1168, 1168, 1169, - 1165, 1159, 1171, 1170, 1172, 1166, 1170, 1173, 1174, 1172, - 1174, 1175, 1177, 1178, 0, 1177, 1173, 1167, 1179, 1169, - 1180, 1182, 1171, 1179, 1181, 1180, 1182, 1186, 1178, 1175, - 1183, 1185, 1181, 1184, 1184, 1183, 1185, 1187, 1189, 1188, - 1196, 1191, 1192, 1187, 1193, 1186, 1188, 1191, 1192, 1193, - 1194, 1189, 1195, 1197, 1198, 1198, 1194, 1199, 1201, 1196, - 1202, 1195, 1203, 1204, 1197, 1205, 1207, 1208, 1203, 1204, - 1209, 1205, 1207, 1210, 1211, 1212, 1214, 1199, 1201, 1213, - 1213, 1208, 1215, 1202, 1216, 1210, 1217, 1208, 1211, 1219, + 1160, 1171, 1162, 1172, 1161, 1165, 1167, 1166, 1173, 1164, + 1168, 1170, 1174, 1176, 1177, 1180, 1178, 1169, 1179, 1176, + 1171, 1181, 1182, 1173, 1183, 1185, 1179, 1182, 1172, 1177, + 1178, 1186, 1174, 1184, 1187, 1180, 1183, 1181, 1184, 1184, + 1188, 1188, 1190, 1191, 1185, 1186, 74, 1187, 1189, 1189, + 1193, 1193, 1191, 1189, 1192, 1190, 1189, 1189, 1194, 1195, + 1192, 1189, 1200, 1194, 1196, 1199, 1199, 1189, 1195, 1197, + 1196, 1189, 1198, 1203, 1197, 1201, 1201, 1198, 1204, 1202, + 1205, 1206, 1202, 1200, 1202, 1207, 1208, 1209, 1210, 1205, + 1207, 1211, 1216, 1203, 1210, 1213, 1204, 1211, 1212, 1213, - 1209, 1217, 1220, 1212, 1218, 1218, 1214, 1220, 1222, 1223, - 1224, 1225, 1216, 1226, 1223, 1223, 1227, 1215, 1228, 1229, - 1225, 1226, 1219, 1231, 1230, 1231, 1232, 1222, 1224, 1230, - 1227, 1238, 1230, 1228, 1229, 1234, 1236, 1229, 1235, 1237, - 1232, 1234, 1235, 1239, 1237, 1237, 1240, 1236, 1241, 1242, - 1238, 1243, 1244, 1241, 1246, 1247, 1243, 1248, 1249, 1249, - 1251, 1250, 1252, 1255, 1240, 1250, 1256, 1242, 1246, 1239, - 1253, 1254, 1244, 1247, 1257, 1248, 1253, 1258, 1251, 1259, - 1256, 1252, 1255, 1254, 1261, 1260, 1263, 1264, 1262, 1257, - 1260, 1261, 1258, 1262, 1265, 1265, 1264, 1266, 1259, 1267, + 1208, 1206, 1214, 1212, 1215, 1209, 1216, 1217, 1217, 1215, + 1219, 1214, 1218, 1218, 1222, 1218, 1214, 1223, 1214, 1221, + 1214, 1219, 1214, 1221, 1224, 1225, 1227, 1226, 1229, 1222, + 1225, 1225, 1228, 1224, 1230, 1223, 1226, 1228, 1231, 1232, + 1233, 1234, 1229, 1230, 1235, 1235, 1237, 1234, 1227, 1239, + 1238, 1236, 1240, 1241, 1233, 1238, 1242, 1231, 1232, 1236, + 1237, 1240, 1243, 1239, 1244, 1244, 1251, 1243, 1245, 1246, + 1246, 1241, 1247, 1249, 1247, 1250, 1249, 1252, 1253, 1253, + 1250, 1242, 1254, 1245, 1258, 1251, 1252, 1255, 1255, 1256, + 1256, 1257, 1259, 1260, 1260, 1261, 1257, 1262, 1263, 1264, - 1268, 1269, 1270, 1271, 1263, 1267, 1269, 1278, 1270, 1271, - 1272, 1272, 1266, 1273, 1273, 1275, 1275, 1277, 1276, 1279, - 1280, 1268, 1276, 1281, 1283, 1278, 1277, 1282, 1282, 1284, - 1281, 1285, 1286, 1279, 1287, 1280, 1285, 1284, 1290, 1291, - 1291, 1292, 1288, 1293, 1283, 1289, 1286, 1288, 1288, 1295, - 1289, 1289, 1294, 1287, 1295, 1296, 1297, 1298, 1290, 1299, - 1292, 1294, 1293, 1300, 1301, 1299, 1302, 1303, 1300, 1306, - 1307, 1304, 1302, 1305, 1296, 1298, 1297, 1304, 1308, 1305, - 1309, 1310, 1311, 1312, 1313, 1313, 1303, 1315, 1306, 1307, - 1301, 1314, 1316, 1317, 1314, 1310, 0, 1308, 1312, 1309, + 1262, 1265, 1254, 1267, 1264, 1258, 1266, 1270, 1266, 1269, + 1265, 1271, 1269, 1259, 1272, 1261, 1271, 1274, 1263, 1273, + 1276, 1267, 1270, 1276, 1273, 1274, 1275, 1277, 1272, 1278, + 1278, 1275, 1277, 1279, 1280, 1281, 1282, 1283, 1279, 1285, + 1286, 1281, 1287, 1282, 1289, 1285, 1286, 1287, 1288, 1290, + 1283, 1291, 1280, 1289, 1288, 1292, 1292, 1293, 1295, 1296, + 1297, 1298, 1291, 1299, 1300, 1302, 1303, 1298, 1290, 1299, + 1300, 1302, 1304, 1295, 1305, 1306, 1307, 1293, 1308, 1296, + 1303, 1309, 1309, 1297, 1310, 1311, 1303, 1306, 1312, 1315, + 1307, 68, 1304, 1313, 1305, 1318, 1308, 1316, 1313, 1314, - 1318, 1318, 1322, 1311, 1320, 1317, 1315, 1319, 1319, 1320, - 1321, 1316, 1323, 1324, 1321, 1322, 1325, 1329, 1325, 1327, - 1328, 1323, 1325, 1330, 1331, 1328, 1324, 1332, 1332, 1333, - 1334, 1335, 1329, 1340, 1333, 1325, 1334, 1327, 1336, 1337, - 1331, 1338, 1341, 1330, 1337, 1338, 1335, 1342, 1339, 1343, - 1346, 1336, 1339, 1340, 1348, 1343, 1344, 1344, 1349, 1351, - 1341, 1350, 1350, 1349, 1352, 1351, 1358, 1342, 1346, 1354, - 1354, 1356, 1357, 1357, 1356, 1348, 1359, 1361, 1362, 1363, - 1361, 1365, 1358, 1366, 1352, 1364, 1364, 1367, 1363, 1368, - 1371, 1369, 1359, 1373, 1368, 1372, 1365, 1375, 1362, 1370, + 1314, 1320, 1316, 1319, 1310, 1322, 1312, 1321, 1319, 1319, + 1311, 1323, 1315, 1322, 1318, 1324, 1321, 1325, 1326, 1320, + 1327, 1335, 1328, 1326, 1328, 1323, 1326, 1329, 1331, 1327, + 1324, 1333, 1325, 1332, 1331, 1325, 1336, 1332, 1334, 1337, + 1335, 1329, 1333, 1334, 1334, 1338, 1339, 1340, 1341, 1342, + 1338, 1339, 1343, 1345, 1342, 1346, 1347, 1337, 1348, 1348, + 1349, 1350, 1336, 1351, 1349, 1340, 1353, 1345, 1341, 1352, + 1354, 1355, 1343, 1346, 1347, 1352, 1356, 1357, 1353, 1350, + 1358, 1359, 1351, 1360, 1362, 1355, 1359, 1363, 1361, 1354, + 1360, 1356, 1357, 1361, 1364, 1364, 1363, 1365, 1366, 1358, - 1370, 1374, 1374, 1376, 1366, 1369, 1367, 1377, 1371, 1378, - 1372, 1375, 1377, 1379, 1379, 1380, 1381, 1383, 1373, 1380, - 1384, 1376, 1382, 1382, 1378, 1385, 1386, 1387, 1390, 1385, - 1391, 1384, 1387, 1389, 1389, 1392, 1381, 1393, 1394, 1383, - 1395, 1395, 1396, 1399, 1391, 1386, 1390, 1396, 1397, 1398, - 1401, 1393, 1399, 1400, 1392, 1392, 1403, 1402, 1400, 1402, - 1404, 1403, 1405, 1394, 1408, 1406, 1404, 1410, 1397, 1398, - 1401, 1406, 1409, 1409, 1411, 1414, 1413, 1417, 1408, 1418, - 1411, 1413, 1405, 1415, 1415, 1419, 1410, 1416, 1416, 1420, - 1422, 1417, 1420, 1421, 1421, 1423, 1655, 1418, 1424, 1414, + 1367, 1371, 1362, 1368, 1368, 1369, 1374, 1366, 1370, 1372, + 1372, 1369, 1365, 1373, 1370, 1371, 1375, 1385, 1376, 1373, + 1367, 1377, 1374, 1376, 1378, 1379, 1385, 1377, 1380, 1380, + 1378, 1379, 1381, 1381, 1383, 1383, 1384, 1375, 1386, 1387, + 1384, 1388, 1389, 1390, 1391, 1391, 1392, 1395, 1394, 1396, + 1390, 1387, 1393, 1394, 1399, 1388, 1386, 1389, 1397, 1401, + 1393, 1395, 1402, 1397, 1397, 1398, 1392, 1403, 1396, 1405, + 1398, 1398, 1400, 1400, 1399, 1404, 1403, 1406, 1401, 1408, + 1404, 1402, 1407, 1410, 1409, 1408, 1411, 1412, 1405, 1409, + 1413, 1415, 1411, 1414, 1416, 1417, 1413, 1406, 1418, 1414, - 1419, 1424, 1422, 1425, 1424, 1426, 1431, 1655, 1427, 1425, - 1426, 1427, 1429, 1430, 1432, 1423, 1424, 1432, 1430, 1433, - 1437, 1429, 1439, 1434, 1440, 1433, 1437, 1427, 1434, 1435, - 1435, 1431, 1436, 1436, 1438, 1439, 1441, 1442, 1443, 1438, - 1444, 1443, 1440, 1445, 1448, 1446, 1444, 1447, 1452, 1445, - 1446, 1449, 1453, 1447, 1454, 1441, 1449, 1442, 1450, 1450, - 1451, 1455, 1456, 1459, 1458, 1451, 1452, 1448, 1457, 1459, - 1460, 1461, 1453, 1462, 1454, 1455, 1456, 1458, 1463, 1467, - 1457, 1465, 1465, 1466, 1467, 1468, 1468, 1462, 1470, 1469, - 1460, 1461, 1471, 1472, 1474, 1481, 1473, 1479, 1477, 1463, + 1407, 1419, 1420, 1421, 1422, 1422, 1412, 1424, 1423, 1410, + 1415, 1423, 1425, 1416, 1417, 1419, 1426, 1418, 1421, 1427, + 1427, 1428, 1428, 1420, 1429, 1431, 1424, 1432, 1426, 1429, + 1430, 1425, 1433, 1434, 1430, 1434, 1432, 1436, 1431, 1434, + 1439, 1437, 1438, 1440, 1442, 1433, 1437, 1441, 1441, 1442, + 1443, 1444, 1434, 1446, 1445, 1436, 1443, 1438, 1446, 1440, + 1439, 1447, 1449, 1450, 1448, 1447, 1444, 1445, 1448, 1451, + 1452, 1453, 1453, 1455, 1457, 1458, 1452, 1459, 1459, 1460, + 1458, 1450, 1449, 1461, 1467, 1460, 1463, 1463, 1468, 1451, + 1465, 1455, 1471, 1465, 1474, 1457, 1466, 1466, 1470, 1472, - 1475, 1476, 1470, 1466, 1469, 1473, 0, 1475, 1486, 1474, - 1476, 1472, 1479, 1476, 1477, 1482, 1471, 1479, 1482, 1485, - 1481, 1483, 1483, 1484, 1484, 1487, 1486, 1489, 1487, 1488, - 1488, 1485, 1490, 1491, 1492, 1493, 1494, 1495, 1491, 1492, - 1489, 1496, 1501, 1499, 1497, 1505, 1495, 1503, 1498, 1499, - 1502, 1490, 1494, 1497, 1493, 1504, 1497, 1498, 1500, 1500, - 1496, 1505, 1501, 1502, 1508, 1503, 1506, 1511, 1507, 1504, - 1512, 1506, 1506, 1507, 1513, 1513, 1508, 1514, 1515, 1516, - 1517, 1517, 1518, 1520, 1516, 1519, 1521, 1515, 1512, 1526, - 1519, 1518, 1511, 1514, 1518, 1517, 1522, 1523, 1525, 1527, + 1467, 1470, 1475, 1461, 1468, 1473, 1473, 1476, 1472, 1474, + 1477, 1478, 1471, 1479, 1479, 1477, 1481, 1482, 1480, 1483, + 1484, 1485, 1485, 1475, 1486, 1478, 1476, 1480, 1487, 1492, + 1488, 1494, 1482, 1489, 1481, 1488, 1490, 1490, 1486, 1491, + 1484, 1493, 1493, 1491, 1483, 1495, 1487, 1496, 1489, 1492, + 1497, 1496, 1498, 1494, 1500, 1500, 1495, 1498, 1501, 1502, + 1504, 1503, 1505, 1506, 1507, 1507, 1508, 1509, 63, 1497, + 1510, 1508, 1511, 1511, 1501, 1503, 1505, 1502, 1513, 1504, + 1504, 1514, 1512, 1513, 1515, 1518, 1515, 1509, 1506, 1516, + 1510, 1512, 1517, 1519, 1516, 1521, 1522, 1522, 1517, 1519, - 1528, 1520, 1523, 1523, 1526, 1528, 1530, 1521, 1537, 1529, - 1531, 1531, 1525, 1532, 1522, 1529, 1538, 1533, 1546, 1532, - 1534, 1527, 1533, 1535, 1530, 1539, 1534, 1540, 1537, 1535, - 1538, 1539, 1541, 1542, 1544, 1541, 1547, 1546, 1548, 1542, - 1540, 1541, 1544, 1549, 1550, 1551, 1548, 1552, 1553, 1554, - 1554, 1557, 1549, 1555, 1556, 1547, 1558, 1550, 1551, 1555, - 1556, 1552, 1553, 1559, 1557, 1560, 1561, 1562, 1563, 1564, - 1565, 1554, 1568, 1562, 1567, 1567, 1558, 1574, 1569, 1561, - 1576, 1559, 1569, 0, 1560, 1564, 1570, 1573, 1565, 1571, - 1563, 1570, 1568, 1572, 1571, 1576, 1573, 1578, 1572, 1579, + 1523, 1514, 1524, 1527, 1530, 1518, 1526, 1531, 1524, 1521, + 1535, 1526, 1528, 1528, 1529, 1529, 1532, 1533, 1530, 1523, + 1533, 1534, 1534, 1536, 1537, 1531, 1539, 1527, 1535, 1540, + 1538, 1532, 1539, 1538, 1540, 1536, 1538, 1541, 1543, 1545, + 1541, 1544, 1546, 58, 1537, 1546, 1544, 1543, 1538, 1547, + 1547, 1548, 1549, 1555, 1550, 1556, 1541, 1548, 1549, 1550, + 1551, 1551, 1552, 1552, 1545, 1553, 1555, 1554, 1557, 1558, + 1560, 1553, 1554, 1556, 1559, 1561, 1560, 1559, 1562, 1563, + 1564, 1561, 1568, 1562, 1569, 1563, 1565, 1557, 1570, 1558, + 1567, 1565, 1566, 1566, 1575, 1567, 1571, 1572, 1573, 1574, - 1574, 1577, 1577, 1580, 1581, 1581, 1582, 1583, 1586, 1584, - 1587, 1579, 1585, 1588, 1583, 1590, 1578, 1589, 0, 1588, - 1582, 1584, 1580, 1593, 1585, 1591, 1593, 1586, 1600, 1589, - 1587, 1591, 1597, 1590, 1592, 1592, 1594, 1594, 1596, 1598, - 1600, 1597, 1601, 1596, 1601, 1598, 1599, 1599, 1602, 1603, - 1604, 1602, 1605, 1606, 1607, 1608, 1609, 1611, 1610, 1607, - 1613, 1615, 1611, 1616, 1608, 1612, 1615, 1620, 1609, 1603, - 1605, 1606, 1604, 1610, 1612, 1619, 1614, 1621, 1616, 1618, - 1613, 1614, 1617, 1617, 1622, 1618, 1620, 1612, 1614, 1623, - 1628, 1623, 1624, 1621, 1625, 1625, 1619, 1626, 1626, 1627, + 1568, 1576, 1578, 1564, 1569, 1576, 1580, 1577, 1570, 1577, + 1571, 1572, 1573, 1581, 1582, 1584, 1583, 1574, 1580, 1575, + 1585, 1578, 1583, 1586, 1587, 1581, 1588, 1582, 1590, 1590, + 1591, 1595, 1592, 1593, 1596, 1584, 1585, 1592, 1587, 1594, + 1594, 1597, 1598, 1586, 1599, 1593, 1595, 1588, 1596, 1600, + 1591, 1601, 1603, 1599, 1602, 1605, 1607, 1611, 1601, 1608, + 1598, 1612, 1608, 1602, 1600, 1597, 1602, 1616, 1603, 1611, + 1605, 1609, 1609, 1610, 1610, 1605, 1615, 1613, 1619, 1612, + 1613, 1607, 1614, 1614, 1620, 1617, 1616, 1618, 1622, 1615, + 1617, 1627, 1618, 1621, 1623, 1624, 1630, 1619, 1629, 1625, - 1627, 1629, 1629, 1631, 1622, 1632, 1624, 1639, 1624, 1641, - 1628, 1630, 1630, 1633, 1633, 1634, 1635, 1636, 0, 1634, - 1636, 1638, 1635, 1640, 1631, 1639, 1632, 1638, 1642, 1640, - 1653, 1642, 1643, 1643, 1641, 1644, 1644, 1645, 1646, 1647, - 1648, 1649, 1650, 1645, 1653, 1659, 1656, 1649, 1652, 1657, - 1646, 1646, 1646, 1652, 1652, 1657, 1654, 1646, 1654, 1647, - 1648, 1656, 1650, 1658, 1660, 1659, 1661, 1661, 1662, 1663, - 1663, 1664, 1658, 1665, 1666, 1666, 1667, 1667, 1668, 1671, - 1671, 1672, 1676, 1673, 1675, 1660, 1678, 1678, 1679, 1680, - 1677, 1664, 1673, 1675, 1662, 1665, 1677, 1683, 1668, 1682, + 1620, 1628, 1621, 1623, 1624, 1625, 1623, 1622, 1626, 1626, + 1630, 1627, 1631, 1632, 1628, 1633, 1629, 1634, 1632, 1632, + 1633, 1637, 1638, 1639, 1639, 1640, 1641, 1642, 1631, 1634, + 1643, 1643, 1642, 1646, 1645, 1641, 1647, 1648, 1644, 1645, + 1638, 1640, 1651, 1649, 1652, 1643, 1637, 1644, 1649, 1649, + 1644, 1646, 1653, 1654, 1655, 1648, 1651, 1647, 1654, 1652, + 1655, 1656, 1657, 1657, 1658, 1663, 1659, 1660, 1664, 1661, + 1658, 1659, 1665, 1660, 1653, 1661, 1666, 1667, 1665, 1656, + 1667, 1668, 1664, 1670, 1672, 1663, 1667, 1668, 1673, 1666, + 1674, 1670, 1675, 1676, 57, 1677, 1678, 1679, 1674, 1680, - 1681, 1684, 1684, 1676, 1680, 1685, 1672, 1681, 1682, 1679, - 1686, 1688, 1689, 1690, 1691, 1693, 1688, 1693, 1689, 1692, - 1695, 1691, 1696, 1683, 1700, 1692, 1686, 1698, 1696, 1697, - 1697, 1685, 1698, 1690, 1699, 1701, 1702, 1703, 1704, 1695, - 1703, 1705, 1709, 1699, 1700, 1706, 1706, 1707, 1702, 1708, - 1710, 1713, 1714, 1707, 1701, 1708, 1704, 1711, 1715, 1716, - 1716, 1711, 1709, 1715, 1717, 1710, 1718, 1705, 1720, 1721, - 1722, 1713, 1728, 1721, 1714, 1723, 1722, 1711, 1724, 1724, - 1726, 1718, 1725, 1717, 1723, 1729, 1725, 1720, 1727, 1727, - 1730, 1726, 1731, 1728, 1732, 1733, 1726, 1731, 1734, 1729, + 1680, 1675, 1685, 1672, 1683, 1686, 1676, 1673, 1677, 1681, + 1678, 1679, 1682, 1684, 1684, 1681, 1687, 1683, 1682, 1688, + 1688, 1680, 1685, 1686, 1689, 1690, 1691, 1692, 1693, 1695, + 1695, 1690, 1696, 1701, 1697, 1687, 1698, 1689, 1697, 1699, + 1700, 1698, 1701, 1692, 1699, 1700, 1693, 1702, 1691, 1704, + 1705, 1708, 1696, 1706, 1706, 1707, 1709, 1710, 1710, 1711, + 1712, 1704, 1716, 1708, 1713, 1705, 1714, 1712, 1717, 1720, + 1702, 1718, 1719, 1711, 1707, 1709, 1713, 1718, 1714, 1721, + 52, 1716, 1722, 1722, 1719, 1721, 1723, 1720, 1717, 1723, + 1724, 1724, 1726, 1727, 1728, 1729, 1729, 1726, 1730, 1731, - 1736, 1735, 1737, 1737, 1734, 1736, 1738, 1738, 1739, 1730, - 1741, 1742, 1739, 1743, 1732, 1733, 1735, 1744, 1744, 1741, - 1745, 1745, 1742, 1746, 1747, 1748, 1749, 1742, 1746, 1746, - 1747, 1748, 1750, 1743, 1751, 1752, 1754, 1750, 1755, 1756, - 1757, 1752, 1755, 1758, 1759, 1761, 1751, 1760, 1754, 1758, - 1763, 1756, 1749, 1760, 1764, 1765, 1767, 1761, 1771, 1767, - 1765, 2257, 1763, 1768, 1768, 1757, 1759, 1769, 1769, 1770, - 1770, 1772, 2257, 1764, 1773, 1776, 1774, 1772, 1771, 1775, - 1773, 1774, 1778, 1780, 1776, 1775, 1780, 1778, 1781, 1782, - 1782, 1784, 1785, 1786, 1787, 1787, 1788, 1789, 1786, 1792, + 1728, 1731, 1727, 1732, 1733, 1734, 1732, 1735, 1736, 1737, + 1730, 1738, 1739, 1741, 1737, 1742, 1738, 1740, 1744, 1747, + 1742, 1739, 1743, 47, 1733, 1735, 1736, 1734, 1741, 1740, + 1745, 1743, 1746, 1750, 1747, 1745, 1752, 1746, 1744, 1748, + 1748, 1749, 1745, 1753, 1743, 1754, 1755, 1749, 1756, 1757, + 1756, 1758, 1758, 1761, 1750, 1752, 1759, 1759, 1760, 1760, + 1764, 1754, 1753, 1757, 1765, 1757, 1755, 1762, 1762, 1763, + 1763, 1766, 1766, 1761, 1767, 1772, 1768, 1769, 1767, 1774, + 1769, 1764, 1768, 1771, 1773, 1765, 1776, 1776, 1775, 1771, + 1773, 1775, 1777, 1772, 1778, 1779, 1779, 1781, 1780, 1778, - 1781, 1790, 1789, 1784, 1785, 1788, 1790, 1791, 1791, 1793, - 1794, 1795, 1796, 1799, 1801, 1797, 1796, 1798, 1793, 1792, - 1797, 1802, 1805, 1798, 1800, 1804, 1804, 1806, 1794, 1809, - 1795, 1799, 1801, 1800, 1808, 1802, 1806, 1804, 1807, 1807, - 1805, 1809, 1810, 1808, 1811, 1812, 1815, 1815, 1817, 1811, - 1818, 1817, 1819, 1822, 1821, 1823, 1824, 1828, 1812, 1825, - 1825, 1823, 1826, 1810, 1826, 1828, 1818, 1822, 1819, 1821, - 1827, 1827, 1830, 1824, 1831, 1832, 1832, 1833, 1834, 1830, - 1835, 1836, 1838, 1837, 1840, 1839, 1833, 1842, 1845, 1843, - 1840, 1846, 1835, 1836, 1831, 1837, 1844, 1844, 1849, 1834, + 1782, 1783, 1783, 1784, 1774, 1782, 1788, 1786, 1784, 1785, + 1787, 1789, 1777, 1780, 1791, 1785, 1790, 1795, 1781, 1786, + 1786, 1786, 1790, 1793, 1788, 1794, 1786, 1797, 1793, 1793, + 1787, 1789, 1795, 1796, 1791, 1796, 1798, 1799, 1797, 1794, + 1800, 1801, 1802, 1799, 1803, 1803, 1804, 1805, 1805, 1800, + 1806, 1798, 1807, 1808, 1808, 1809, 1809, 1810, 1813, 1813, + 1814, 1801, 1815, 1802, 1817, 1818, 1820, 1820, 1821, 1819, + 1806, 1815, 1804, 1817, 1807, 1819, 1822, 1810, 1825, 1824, + 1823, 1826, 1826, 1827, 1828, 1814, 1818, 1823, 1824, 1821, + 1830, 1822, 1831, 1832, 1833, 1830, 1834, 1835, 1831, 1835, - 1839, 1843, 1847, 1840, 1848, 1847, 1845, 1842, 1838, 1848, - 1851, 1846, 1852, 1853, 1852, 1851, 1854, 1855, 1849, 1857, - 1859, 1854, 1861, 1860, 1855, 1862, 1863, 1862, 1857, 1866, - 1868, 1853, 1860, 1865, 1861, 1865, 1867, 1867, 1859, 1869, - 1870, 1871, 1870, 1866, 1869, 1863, 1871, 1872, 1873, 1874, - 1876, 1875, 1872, 1878, 1877, 1876, 1868, 1875, 1879, 1882, - 1880, 1883, 1886, 1879, 1879, 1878, 1873, 1877, 1880, 1874, - 1884, 1884, 1885, 1885, 1887, 1883, 1888, 1886, 1882, 1889, - 1891, 1890, 1888, 1890, 1889, 1892, 1893, 1893, 1894, 1895, - 1895, 1896, 1896, 1892, 1887, 1897, 1899, 1898, 1891, 1901, + 1828, 1833, 1834, 1837, 1825, 1838, 1839, 1839, 1841, 1827, + 1840, 1838, 1842, 1832, 1843, 1840, 1844, 1841, 1845, 1846, + 1847, 1845, 1837, 1848, 1848, 1849, 1852, 1851, 1844, 1850, + 1853, 1849, 1842, 1843, 1853, 1850, 1855, 1846, 1856, 1857, + 1859, 1852, 1858, 1858, 1857, 1862, 1847, 1851, 1860, 1863, + 1853, 1864, 1865, 1863, 1866, 1866, 1855, 1864, 1867, 1859, + 1856, 1865, 1867, 1860, 1862, 1868, 1869, 1869, 1870, 1871, + 1873, 1872, 1874, 1875, 1876, 1873, 1868, 1878, 1885, 1877, + 1876, 1868, 1878, 1871, 1879, 1879, 1880, 1880, 1883, 1870, + 1872, 1881, 1874, 1875, 1877, 1881, 1884, 1883, 1885, 1886, - 1894, 1892, 1898, 1902, 1897, 1902, 1903, 1904, 1901, 1905, - 1906, 1901, 1904, 1904, 1899, 1909, 1908, 1912, 1905, 1910, - 1909, 1913, 1906, 1914, 1910, 1915, 1915, 1903, 1908, 1916, - 1912, 1917, 1914, 1920, 1918, 1924, 1927, 1919, 1925, 1926, - 1922, 1913, 1923, 1925, 1926, 1927, 1933, 1916, 1920, 1917, - 1918, 1919, 1922, 1930, 1923, 1924, 1932, 1935, 1934, 1930, - 1936, 1937, 1932, 1938, 1938, 1939, 1940, 1940, 1941, 1933, - 1937, 1944, 1930, 1934, 1939, 1935, 1942, 1943, 1948, 0, - 1942, 1948, 1943, 1945, 1944, 1936, 1946, 1941, 1945, 1945, - 1947, 1949, 1946, 1950, 1953, 1953, 1947, 1954, 1954, 1949, + 1886, 1888, 1888, 1889, 1890, 1892, 1893, 1884, 1889, 1889, + 1890, 1892, 1884, 1894, 1895, 1896, 1898, 1900, 1894, 1899, + 1901, 1896, 1903, 1899, 1902, 1904, 1895, 1906, 1898, 1900, + 1902, 1904, 1893, 1905, 1908, 1909, 1910, 1912, 1905, 1906, + 1912, 1910, 1913, 1913, 1903, 1901, 1908, 1914, 1914, 1915, + 1915, 1916, 1917, 1918, 1909, 1919, 1920, 1921, 1917, 1918, + 1919, 1925, 1920, 1923, 1925, 1926, 1921, 1929, 1923, 1927, + 1927, 1916, 1930, 1931, 1932, 1932, 1933, 1926, 1931, 1929, + 1936, 1934, 1935, 1936, 1930, 1933, 1934, 1935, 1937, 1937, + 1938, 1939, 1942, 1940, 1941, 1944, 1942, 1943, 1945, 1946, - 1955, 1956, 1956, 1957, 1957, 1958, 1959, 1968, 1960, 1955, - 1961, 1964, 1954, 1950, 1960, 1961, 1964, 1958, 1962, 1962, - 1963, 1963, 1965, 1954, 1959, 1967, 1969, 1968, 1965, 1967, - 1969, 1971, 1972, 1974, 1973, 1975, 1976, 1972, 1978, 1977, - 1975, 1979, 1980, 1981, 1981, 1982, 1979, 1983, 1974, 1982, - 1985, 1986, 1987, 1997, 1976, 1977, 1971, 1973, 1978, 1989, - 1984, 1988, 1983, 1986, 1980, 1984, 1988, 1990, 1991, 1991, - 1993, 1987, 1989, 1994, 1995, 1996, 1985, 1997, 1993, 1999, - 1998, 2001, 2000, 2004, 2004, 1990, 2003, 2005, 0, 2007, - 2005, 2006, 1994, 1995, 2000, 2008, 2009, 2009, 1996, 1998, + 1939, 1944, 1943, 1947, 1948, 1950, 1950, 1951, 1946, 1953, + 1938, 1940, 1957, 1941, 1952, 1955, 1945, 1950, 1948, 1954, + 1954, 1947, 1956, 1952, 1955, 1951, 1958, 1959, 1965, 1953, + 1966, 1958, 1968, 1957, 1956, 1962, 1962, 1969, 1964, 1970, + 1959, 1964, 1971, 1980, 1965, 1970, 1966, 1968, 1972, 1972, + 1973, 1969, 1973, 1974, 1974, 1975, 1977, 1977, 1981, 1971, + 1978, 1978, 1982, 1975, 1981, 1983, 1980, 1984, 1982, 1987, + 1985, 1988, 1983, 1986, 1986, 1989, 1990, 1993, 1987, 1991, + 1994, 1992, 1997, 1998, 1999, 1995, 18, 1989, 1990, 1984, + 1985, 1995, 1988, 1992, 1991, 1994, 1999, 2000, 2000, 2001, - 1999, 2003, 2001, 2007, 2006, 2010, 2010, 2012, 2008, 2011, - 2011, 2013, 2014, 2014, 2015, 2016, 2016, 2020, 2021, 2022, - 2017, 2025, 2012, 2015, 2013, 2017, 2015, 2019, 2023, 2023, - 2027, 2022, 2019, 2024, 2024, 2026, 2026, 2020, 2021, 2029, - 2025, 2028, 2028, 2033, 2030, 2031, 2031, 2034, 2027, 2030, - 2032, 2032, 2035, 2036, 2029, 2038, 2034, 2033, 2039, 2039, - 2038, 2040, 2041, 2041, 2042, 2043, 2035, 2044, 2045, 2045, - 2044, 2043, 2036, 2046, 2046, 2047, 2048, 2049, 2051, 2049, - 2040, 2052, 2042, 2055, 2045, 2053, 2053, 2056, 2058, 2057, - 2060, 2048, 2058, 2051, 2047, 2059, 2059, 2061, 2062, 2063, + 2002, 2005, 1997, 1993, 1995, 2003, 1998, 2004, 2003, 2007, + 2009, 2008, 2004, 2008, 2007, 2011, 2013, 2001, 2010, 2015, + 2002, 2005, 2011, 2010, 2016, 2013, 2017, 2018, 2009, 2018, + 2019, 2022, 2021, 2016, 2021, 2023, 2023, 2015, 2017, 2024, + 2026, 2025, 2026, 2027, 2029, 2022, 2025, 2028, 2027, 2019, + 2030, 2031, 2028, 2032, 2033, 2035, 2034, 2031, 2032, 2038, + 2035, 2035, 2029, 2036, 2042, 2024, 2039, 2033, 2034, 2043, + 2030, 2036, 2040, 2040, 2041, 2041, 2044, 2047, 2038, 2042, + 2039, 2045, 2044, 2046, 2048, 2046, 2045, 2049, 2049, 2043, + 2050, 2055, 2048, 2051, 2051, 2047, 2052, 2052, 2053, 2054, - 2052, 2066, 2061, 2055, 2057, 2065, 2065, 2071, 2067, 2060, - 2056, 2068, 2069, 2062, 2063, 2067, 2070, 2072, 2072, 2073, - 2074, 2066, 2074, 2075, 2077, 2068, 2075, 2078, 2073, 2080, - 2069, 2081, 2078, 2071, 2070, 2079, 2077, 2082, 2084, 2090, - 2079, 2075, 2083, 2075, 2081, 2086, 2087, 2083, 2088, 2089, - 2086, 2087, 2092, 2091, 2080, 2089, 2093, 2092, 2082, 2091, - 2090, 2093, 2094, 2088, 2084, 2095, 2096, 2097, 2098, 2096, - 2099, 2100, 2101, 2106, 2108, 2102, 2097, 2098, 2095, 2099, - 2100, 2102, 2103, 2108, 2112, 2104, 2101, 2094, 2103, 2104, - 2109, 2109, 2110, 2106, 2111, 2111, 2114, 2115, 2110, 2116, + 2048, 2057, 2050, 2058, 2054, 2058, 2059, 2053, 2062, 2055, + 2057, 2060, 2061, 2057, 2064, 2068, 2060, 2060, 2065, 2066, + 2062, 2061, 2069, 2065, 2066, 2070, 2064, 2059, 2068, 2071, + 2071, 2072, 2073, 2075, 2070, 2074, 2078, 2076, 2080, 2081, + 2082, 2079, 2069, 2089, 2081, 2082, 2083, 2075, 2078, 2072, + 2073, 2074, 2076, 2079, 2086, 2083, 2088, 2090, 2080, 2091, + 2086, 2092, 2088, 2094, 2094, 2093, 2089, 2095, 2096, 2096, + 2097, 2098, 2090, 2086, 2093, 2098, 2095, 2091, 2099, 2100, + 2101, 2107, 2102, 2099, 2103, 2104, 2092, 2102, 2102, 2097, + 2103, 2104, 2100, 2105, 2116, 2106, 2105, 2110, 2110, 2111, - 2116, 2117, 2118, 2111, 2112, 2120, 2112, 2121, 2123, 2122, - 2127, 2118, 2114, 2115, 2126, 2125, 2117, 2120, 2125, 2126, - 2123, 2128, 0, 2121, 2122, 2129, 2129, 2130, 2130, 2138, - 2127, 2132, 2132, 2128, 2133, 2134, 2135, 2133, 2136, 2140, - 2134, 2141, 2135, 2138, 2136, 2137, 2137, 2139, 2139, 2142, - 2144, 2140, 2143, 2143, 2146, 2141, 2144, 2145, 2148, 2146, - 2149, 2151, 2148, 2149, 2150, 2150, 2151, 2152, 2142, 2153, - 2154, 2145, 2155, 2155, 2154, 2156, 2152, 2158, 2159, 2160, - 2161, 2162, 2158, 2163, 2165, 2162, 2164, 2166, 2156, 2153, - 2165, 2164, 2167, 2166, 2161, 2169, 2170, 2172, 2159, 2160, + 2111, 2107, 2101, 2106, 2112, 2113, 2113, 2114, 2114, 2115, + 2117, 2129, 2116, 2112, 2111, 2118, 2117, 2119, 2119, 2121, + 2118, 2115, 2120, 2120, 2121, 2111, 2122, 2124, 2125, 2126, + 2127, 2124, 2122, 2126, 2130, 2131, 2129, 2132, 2133, 2130, + 2135, 2134, 2136, 2133, 2137, 2138, 2139, 2139, 2125, 2137, + 2127, 2140, 2132, 2141, 2143, 2140, 2135, 2144, 2131, 2134, + 2142, 2145, 2136, 2146, 2147, 2142, 2148, 2138, 2141, 2147, + 2149, 2150, 2150, 2145, 2153, 2144, 2152, 2154, 2155, 2148, + 2143, 2156, 2146, 2157, 2152, 2158, 2159, 2160, 2149, 2162, + 2164, 2166, 2167, 2153, 2167, 2165, 2154, 2166, 2159, 2168, - 2171, 2170, 2173, 2163, 2173, 2172, 2171, 2176, 2177, 2177, - 2167, 2169, 2178, 2179, 2182, 2178, 2180, 2180, 2182, 2183, - 2184, 2176, 2185, 2185, 2186, 2183, 2189, 2189, 2191, 2193, - 2197, 2194, 2184, 2186, 2198, 2197, 2199, 2200, 2207, 2179, - 2208, 2199, 2200, 2193, 2201, 2201, 2191, 2194, 2203, 2203, - 2205, 2206, 2206, 2209, 2207, 2211, 2205, 2213, 2209, 2214, - 2198, 2212, 2208, 2217, 2212, 2215, 2215, 2218, 2219, 2213, - 2220, 2214, 2217, 2218, 2211, 2222, 2222, 2223, 2224, 2229, - 2223, 2225, 2227, 2227, 2229, 2220, 2219, 2228, 2228, 2230, - 2232, 2231, 2233, 2236, 2233, 2232, 2234, 2224, 2235, 2225, + 2168, 2155, 2157, 2164, 2162, 2156, 2158, 2169, 2160, 2165, + 2170, 2171, 2169, 2170, 2172, 2178, 2173, 2174, 2174, 2175, + 2175, 2176, 2179, 2176, 2171, 2177, 2177, 2181, 2172, 2173, + 2178, 2180, 2180, 2182, 2182, 2179, 2181, 2183, 2183, 2181, + 2184, 2186, 2187, 2188, 2189, 2184, 2186, 2190, 2190, 2191, + 2191, 2192, 2193, 2193, 2194, 2197, 2189, 2195, 2195, 2196, + 2197, 2200, 2187, 2188, 2198, 2198, 2199, 2199, 2201, 2202, + 2192, 2203, 2194, 2205, 2196, 2200, 2207, 2201, 2205, 2206, + 2206, 2208, 2208, 2202, 2209, 2210, 2211, 2212, 2212, 2211, + 2203, 2210, 2213, 2213, 2214, 2207, 2215, 2216, 2219, 2216, - 2231, 2237, 2238, 2239, 0, 2236, 2237, 2230, 2239, 2244, - 2234, 2245, 2235, 2240, 2240, 2241, 2241, 2242, 2242, 2243, - 2243, 2244, 2238, 2246, 2247, 2247, 2248, 2248, 2246, 2245, - 2249, 2250, 2251, 2252, 2253, 2253, 2254, 2255, 2255, 2256, - 2256, 2258, 2249, 2250, 2259, 2260, 2261, 2263, 2264, 2252, - 2267, 2259, 2251, 2258, 2262, 2254, 2266, 2260, 2268, 2262, - 2265, 2265, 2269, 2270, 2273, 2266, 2261, 2263, 2264, 2271, - 2272, 2272, 2277, 2273, 2274, 2269, 2267, 2275, 2268, 2278, - 2279, 2280, 2281, 2271, 2280, 0, 2282, 2270, 2283, 2274, - 2277, 2282, 2275, 2283, 2284, 2284, 2281, 2285, 2285, 2286, + 2218, 2222, 2209, 2212, 2220, 2220, 2223, 2224, 2225, 2226, + 2226, 2215, 2225, 2214, 2227, 2218, 2229, 2219, 2228, 2230, + 2233, 2222, 2224, 2228, 2232, 2232, 2236, 2235, 2234, 2223, + 2237, 2229, 2238, 2227, 2230, 2234, 2239, 2239, 2240, 2242, + 2233, 2235, 2242, 2241, 2236, 2241, 2245, 2240, 2237, 2244, + 2246, 2245, 2247, 2248, 2249, 2246, 2251, 2242, 2238, 2242, + 2250, 2244, 2253, 2254, 2255, 2250, 2248, 2253, 2254, 2257, + 2256, 2261, 2258, 17, 2262, 2249, 2256, 2247, 2258, 2255, + 2259, 2260, 2251, 2264, 2265, 2259, 2260, 2262, 2263, 2266, + 2257, 2263, 2264, 2265, 2267, 2268, 2261, 2271, 2266, 2269, - 2286, 2278, 2291, 2279, 2288, 2288, 2290, 2290, 2292, 2293, - 2295, 2296, 2297, 2298, 2299, 2300, 2301, 2302, 2301, 2292, - 2291, 2303, 2304, 2299, 2305, 2305, 2307, 2307, 2293, 2296, - 2295, 2308, 2309, 2298, 2297, 2300, 2312, 2302, 2314, 2303, - 2304, 2309, 2310, 2310, 2315, 2312, 2313, 2313, 2316, 2317, - 2318, 2319, 2321, 2308, 2320, 2316, 2314, 2322, 2322, 2323, - 2323, 2324, 2315, 2325, 2317, 2326, 2327, 2324, 2318, 2319, - 2320, 2321, 2328, 2329, 2330, 2333, 2333, 2328, 2331, 2337, - 2326, 2325, 2332, 2331, 2332, 2327, 2334, 2339, 2334, 2335, - 2335, 2340, 2341, 2329, 2330, 2342, 2339, 2343, 2337, 2344, + 2270, 2271, 2273, 2267, 2275, 2269, 2270, 2276, 2276, 2268, + 2277, 2278, 2278, 2275, 2279, 2280, 2277, 2282, 2283, 2279, + 2278, 2285, 2273, 2284, 2284, 2289, 2294, 2288, 2290, 2286, + 2291, 2294, 2295, 2282, 2283, 2280, 2285, 2280, 2286, 2288, + 2303, 2289, 2291, 2290, 2293, 2296, 2303, 2293, 2297, 2297, + 2298, 2298, 2295, 2300, 2300, 2301, 2302, 2296, 2301, 2304, + 2305, 2302, 2306, 2306, 2307, 2304, 2308, 2308, 2309, 2305, + 2310, 2311, 2312, 2312, 2314, 2313, 2321, 2315, 2307, 2317, + 2309, 2313, 2315, 2317, 2310, 2321, 2318, 2322, 2314, 2318, + 2311, 2319, 2319, 2320, 2323, 2324, 2322, 2326, 2320, 2324, - 2352, 2345, 2343, 2348, 2341, 2349, 2350, 2350, 2349, 2351, - 2340, 2353, 2353, 2355, 2354, 2342, 2358, 2356, 2352, 2344, - 2345, 2356, 2359, 2348, 2351, 2354, 2359, 2361, 2355, 2360, - 2360, 2358, 2363, 2364, 2365, 2366, 2366, 2368, 2370, 2369, - 2361, 2372, 2370, 2371, 2371, 2373, 2373, 2363, 2369, 2368, - 2374, 2376, 2375, 2364, 2365, 2374, 2377, 2378, 2378, 2384, - 2372, 2375, 2383, 2383, 2385, 2385, 2386, 2376, 2377, 2387, - 2391, 2388, 2390, 2390, 2389, 2393, 2393, 2401, 2398, 2386, - 2388, 2384, 2387, 2389, 2396, 2391, 2397, 2400, 2399, 2396, - 2402, 2397, 2398, 2399, 2403, 2400, 2401, 2405, 2406, 2402, + 2325, 2325, 2328, 2329, 2330, 2331, 2333, 2328, 2332, 2335, + 2326, 2334, 2332, 2337, 2323, 2335, 2334, 2338, 2339, 2331, + 2340, 2336, 2341, 2329, 2330, 2340, 2333, 2336, 2343, 2344, + 2345, 2337, 2346, 2347, 0, 2345, 2338, 2339, 2346, 2350, + 2343, 2347, 2348, 2341, 2348, 2344, 2352, 2355, 2350, 2353, + 2353, 2354, 2356, 2356, 2354, 2359, 2360, 2361, 2363, 2359, + 2352, 2368, 2360, 2362, 2362, 2366, 2366, 2363, 2370, 2361, + 2371, 2374, 2375, 2355, 2385, 2376, 2374, 2384, 2377, 2368, + 2376, 2388, 2370, 2377, 2378, 2378, 2371, 2380, 2380, 2382, + 2383, 2383, 2386, 2384, 2390, 2382, 2385, 2386, 2375, 2389, - 2407, 2408, 2403, 2406, 2411, 2407, 2409, 2409, 2410, 2410, - 2412, 2411, 2405, 2413, 2414, 2412, 2408, 2415, 2418, 2416, - 2417, 2417, 2419, 2415, 2416, 2420, 2420, 2419, 2421, 2421, - 2424, 2413, 2414, 2418, 2425, 2425, 2426, 2428, 2434, 2426, - 2427, 2430, 2428, 2424, 2429, 2427, 2427, 2430, 2431, 2429, - 2432, 2433, 2431, 2434, 2435, 2432, 2436, 2437, 2438, 2440, - 2433, 2439, 2435, 2437, 2438, 2442, 2439, 2445, 2447, 2443, - 2442, 2440, 2443, 2447, 2449, 2448, 2450, 2436, 2451, 2445, - 2448, 2452, 2453, 2453, 2454, 2457, 2458, 2451, 2459, 2450, - 2452, 2461, 2449, 2454, 2460, 2460, 2462, 2463, 2464, 2464, + 2388, 2391, 2389, 2392, 2392, 2394, 2390, 2396, 2397, 2395, + 2399, 2399, 2401, 2391, 2394, 2395, 2400, 2402, 2407, 2400, + 2404, 2404, 2415, 2397, 2406, 2396, 2405, 2405, 2408, 2406, + 2410, 2401, 2410, 2409, 2411, 2402, 2407, 2408, 2409, 2412, + 2413, 2414, 2415, 2422, 2416, 2480, 2414, 2480, 2411, 2416, + 2417, 2417, 2413, 2412, 2418, 2418, 2419, 2419, 2420, 2420, + 2421, 2422, 2423, 2424, 2424, 2425, 2425, 2423, 2426, 2427, + 2428, 2429, 2421, 2430, 2430, 2431, 2432, 2432, 2433, 2433, + 2426, 2427, 2434, 2435, 2436, 2437, 2438, 2429, 2440, 2441, + 2428, 2436, 2444, 2434, 2431, 2435, 2439, 2437, 2442, 2442, - 2465, 2467, 2469, 2472, 2457, 2462, 2458, 2459, 2481, 2470, - 2461, 2473, 2463, 2470, 2471, 2471, 2467, 2473, 2474, 2465, - 2475, 2481, 2469, 2477, 2474, 2480, 2475, 2478, 2472, 2476, - 2476, 2477, 2478, 2483, 2480, 2484, 2485, 2486, 2484, 2483, - 2485, 2487, 2489, 2489, 2490, 2491, 2491, 2492, 2492, 2494, - 2494, 2486, 2500, 2495, 2496, 2502, 2487, 2495, 2501, 2496, - 2498, 2498, 2490, 2501, 2503, 2505, 2511, 2502, 2510, 2503, - 2503, 2510, 2500, 2506, 2506, 2508, 2508, 2509, 2509, 2511, - 2513, 2515, 2516, 2516, 2519, 2505, 2517, 2517, 2518, 2518, - 2520, 2520, 2521, 2522, 2523, 2530, 2524, 2531, 2513, 2519, + 2445, 2439, 2443, 2446, 2447, 2448, 2438, 2455, 2440, 2441, + 2449, 2443, 2450, 2450, 2451, 2452, 2446, 2453, 2444, 2448, + 2445, 2456, 2449, 2451, 2457, 2455, 2458, 2459, 2447, 2458, + 2452, 2460, 2453, 2461, 2462, 2462, 2460, 2469, 2461, 2463, + 2463, 2459, 2470, 2456, 2464, 2464, 2471, 2457, 2466, 2466, + 2468, 2468, 2472, 2470, 2474, 2469, 2476, 2475, 2482, 2477, + 2478, 2479, 2481, 2484, 2484, 2471, 2483, 2472, 2488, 2478, + 2486, 2486, 2487, 2494, 2474, 2475, 2482, 2495, 2476, 2477, + 2489, 2479, 2481, 2492, 2483, 2497, 2487, 2490, 2490, 2489, + 2488, 2494, 2492, 2493, 2493, 2495, 2496, 2498, 2499, 2501, - 2532, 2515, 2524, 2525, 2525, 2521, 2526, 2529, 2523, 2533, - 2526, 2522, 2529, 2529, 2535, 2533, 2534, 2531, 2530, 2536, - 2532, 2540, 2534, 2536, 2537, 2537, 2540, 2542, 2543, 2545, - 2546, 2543, 2547, 2546, 2549, 2542, 2548, 2550, 2569, 2535, - 0, 2548, 2551, 2552, 2552, 2553, 2555, 2569, 2556, 2547, - 2547, 2559, 2549, 2557, 2545, 2554, 2551, 2550, 2554, 2553, - 2555, 2557, 2567, 2558, 2560, 2560, 2554, 2556, 2558, 2558, - 2559, 2561, 2561, 2562, 2562, 2563, 2563, 2564, 2564, 2565, - 2566, 2568, 2567, 2570, 2571, 2566, 2573, 2573, 2574, 2578, - 2575, 2574, 2577, 2577, 2580, 2565, 2578, 2579, 2579, 2580, + 2497, 2500, 2504, 2496, 2502, 2502, 2503, 2503, 2505, 2507, + 2507, 2508, 2508, 2506, 2509, 2498, 2499, 2500, 2501, 2506, + 2509, 2510, 2504, 2511, 2512, 2514, 2505, 2513, 2515, 2516, + 2514, 2517, 2518, 2520, 2518, 2520, 2517, 2523, 2511, 2510, + 2526, 2513, 2525, 2512, 2519, 2519, 2521, 2521, 2515, 2516, + 2527, 2525, 2528, 2529, 2530, 2534, 2523, 2531, 2529, 2526, + 2535, 2538, 2527, 2535, 2536, 2536, 2537, 2539, 2539, 2540, + 2541, 2544, 2528, 2542, 2530, 2534, 2531, 2542, 2545, 2538, + 2540, 2537, 2545, 2546, 2546, 2541, 2544, 2547, 2549, 2550, + 2551, 2552, 2552, 2554, 2556, 2555, 2557, 2557, 2556, 2558, - 2582, 2582, 2583, 2570, 2571, 2584, 2585, 2568, 2575, 2587, - 2590, 2583, 2588, 2588, 2584, 2585, 2589, 2591, 2592, 2590, - 2589, 2595, 2593, 2596, 2597, 2594, 2606, 2587, 2597, 2592, - 2594, 2594, 2596, 2601, 2595, 2605, 2591, 2593, 2601, 2602, - 2602, 2604, 2604, 2607, 2609, 2610, 2613, 2614, 2615, 2605, - 2618, 2606, 2616, 2609, 2620, 2622, 2614, 2610, 2616, 2623, - 2622, 2607, 2618, 2625, 2623, 2624, 2624, 2634, 2615, 2627, - 2635, 2613, 2625, 0, 2627, 2620, 2628, 2628, 2630, 2630, - 2628, 2631, 2631, 2632, 2632, 2633, 2636, 2634, 2639, 2635, - 2638, 2636, 2640, 2639, 2633, 2642, 2638, 2640, 2641, 2641, + 2547, 2559, 2559, 2549, 2555, 2554, 2560, 2561, 2562, 2550, + 2551, 2560, 2570, 2563, 2564, 2564, 2561, 2572, 2558, 2569, + 2569, 2571, 2571, 2573, 2562, 2563, 2574, 2577, 2575, 2584, + 2572, 2576, 2576, 2587, 2570, 2574, 2573, 2575, 2579, 2579, + 2582, 2583, 2577, 2584, 2585, 2582, 2583, 2586, 2588, 2585, + 2589, 2591, 2587, 2594, 2592, 2586, 2593, 2588, 2589, 2592, + 2598, 2593, 2595, 2595, 2596, 2596, 2591, 2598, 2594, 2597, + 2597, 2599, 2600, 2601, 2602, 0, 2599, 2603, 2604, 2604, + 2602, 2605, 2603, 2606, 2607, 2607, 2608, 2608, 2606, 2611, + 2600, 2601, 2612, 2612, 2613, 2614, 2605, 2613, 2615, 2616, - 2643, 2644, 2645, 2646, 2647, 2654, 2644, 2648, 2648, 2646, - 2650, 2651, 2652, 2642, 2650, 2655, 2651, 2652, 2653, 2653, - 2645, 2643, 2656, 2660, 2654, 2658, 2658, 2661, 2662, 2647, - 2655, 2664, 2662, 2665, 2663, 2668, 2660, 2666, 2670, 2667, - 2661, 2675, 2656, 2663, 2667, 2666, 2685, 2664, 2669, 2669, - 2672, 2672, 2665, 2673, 2673, 2677, 2677, 2670, 2679, 2680, - 2681, 2668, 2675, 2682, 2684, 2684, 2685, 2687, 2682, 2686, - 2688, 2689, 2692, 2687, 2679, 2680, 2681, 2693, 2686, 2691, - 2691, 2694, 2694, 2697, 2699, 2698, 2692, 2700, 2703, 2699, - 2689, 2698, 0, 2688, 2701, 2701, 2693, 2702, 2702, 2704, + 2614, 2614, 2611, 2615, 2616, 2617, 2618, 2619, 2620, 2621, + 2622, 2619, 2618, 2620, 2623, 2624, 2627, 2625, 2621, 2617, + 2626, 2627, 2623, 2625, 2630, 2622, 2626, 2628, 2631, 2632, + 2634, 2630, 2632, 2631, 2638, 2636, 2624, 2639, 2637, 2628, + 2636, 2646, 2634, 2637, 2640, 2641, 2642, 2642, 2643, 2647, + 2639, 2651, 2638, 2640, 2641, 2647, 2648, 2643, 2652, 2646, + 2653, 2655, 2648, 2654, 2654, 2656, 2657, 2658, 2655, 2660, + 2651, 2659, 2659, 2664, 2662, 2657, 2665, 2667, 2652, 2653, + 2665, 2668, 2658, 0, 2656, 2666, 2666, 2668, 2660, 2662, + 2669, 2670, 2672, 2664, 2671, 2671, 2669, 2670, 2673, 2675, - 2704, 2705, 2706, 2697, 2707, 2710, 2709, 2708, 2703, 2700, - 2711, 2706, 2705, 2708, 2712, 2712, 2718, 2710, 2713, 2704, - 2719, 2713, 2714, 2714, 2707, 2709, 2720, 2724, 2718, 2728, - 2711, 2723, 2720, 2721, 2721, 2722, 2726, 2723, 2722, 2727, - 2719, 2726, 2730, 2729, 2727, 2724, 2731, 2731, 2728, 2729, - 2733, 2734, 2735, 2736, 2737, 2737, 2738, 0, 2739, 2730, - 2730, 2754, 2733, 2741, 2741, 2744, 2736, 2739, 2743, 2734, - 2742, 2742, 2756, 2743, 2757, 2738, 2745, 2735, 2758, 2744, - 2754, 2745, 2746, 2746, 2747, 2747, 2748, 2748, 2749, 2751, - 2751, 2759, 2759, 2749, 2756, 2762, 2757, 2761, 2761, 2763, + 2672, 2676, 2667, 2673, 2678, 2681, 2679, 2680, 2675, 2679, + 2678, 2680, 2682, 2685, 2676, 2684, 2684, 2686, 2686, 2681, + 2687, 2687, 2689, 2689, 2690, 2691, 2695, 2682, 2690, 2696, + 2691, 2685, 2693, 2693, 2696, 2697, 2698, 2700, 2701, 2701, + 2710, 2698, 2698, 2703, 2703, 2706, 2695, 2697, 2704, 2704, + 2705, 2708, 2714, 2705, 2711, 2711, 2717, 2700, 2706, 2716, + 2710, 2712, 2712, 2713, 2713, 2715, 2715, 2714, 2718, 2708, + 2719, 2721, 2716, 2726, 2717, 2721, 2719, 2720, 2720, 2725, + 2727, 2728, 2718, 2729, 2725, 2725, 2730, 2731, 2736, 2729, + 2732, 2738, 2730, 2736, 2732, 2741, 2726, 2733, 2733, 2738, - 2758, 2764, 2765, 2766, 2767, 2767, 2768, 2768, 2770, 2771, - 0, 2772, 2766, 2780, 2770, 2764, 2776, 2776, 2763, 2773, - 2782, 2762, 2765, 2779, 2773, 2778, 2778, 2780, 2779, 2771, - 2772, 2781, 2782, 2783, 2784, 2784, 2787, 2781, 2785, 2788, - 2789, 2783, 2790, 2785, 2791, 2789, 2794, 2793, 2795, 2796, - 2791, 2798, 2797, 2804, 2790, 2793, 2787, 2799, 2800, 2788, - 2808, 2801, 2812, 2812, 0, 2794, 2801, 2798, 2795, 2796, - 2797, 2803, 2805, 2804, 2799, 2799, 2803, 2806, 2805, 2800, - 2808, 2809, 2806, 2813, 2813, 2814, 2818, 2818, 0, 2814, - 2820, 2820, 2821, 2821, 2809, 2821, 2822, 2822, 2824, 2822, + 2727, 2728, 2739, 2742, 2744, 2739, 2742, 2743, 2743, 2745, + 2746, 2747, 2731, 2748, 2745, 2749, 2749, 2753, 2750, 2752, + 2741, 2744, 2744, 2751, 2758, 2758, 2751, 2748, 2746, 2754, + 2757, 2747, 2750, 2752, 2751, 2755, 2753, 2754, 2756, 2763, + 2755, 2755, 2765, 2756, 2756, 2759, 2759, 2760, 2760, 2757, + 2761, 2761, 2762, 2762, 2764, 2763, 2766, 2768, 2767, 2764, + 2769, 2770, 2765, 2767, 2771, 2769, 2772, 2774, 2774, 2777, + 2770, 2775, 2775, 2780, 2776, 2871, 2768, 2776, 2779, 2779, + 2780, 2789, 2766, 2871, 2771, 2782, 2772, 2777, 2781, 2781, + 2782, 2784, 2784, 2785, 2786, 2787, 2790, 2790, 2792, 2789, - 2823, 2823, 2824, 2823, 2826, 2827, 2828, 2828, 2829, 2826, - 2830, 2833, 2834, 2835, 2827, 2836, 2836, 2839, 2835, 2841, - 2840, 2842, 2843, 2841, 2830, 2845, 2829, 2840, 0, 2846, - 2842, 2833, 2834, 2847, 2847, 2848, 2848, 2843, 2846, 2849, - 2849, 2850, 2839, 2845, 2851, 2852, 2853, 2854, 2855, 2851, - 2856, 2853, 2853, 2854, 2852, 2857, 2850, 2852, 2858, 2859, - 2860, 2861, 2861, 2858, 2859, 2856, 2862, 2936, 2863, 2864, - 2864, 2936, 2862, 2855, 2863, 2866, 2857, 2865, 2865, 2860, - 2866, 2869, 2869, 2872, 2872, 2873, 2873, 2874, 2874, 2875, - 2875, 2876, 2876, 2877, 2877, 2878, 2878, 2879, 2879, 2880, + 2793, 2791, 2785, 2786, 2787, 2791, 2794, 2792, 2795, 2796, + 2808, 2797, 2798, 2803, 2796, 2796, 2799, 2794, 2803, 2793, + 2799, 2798, 2807, 2795, 2797, 2804, 2804, 2806, 2806, 2809, + 2811, 2812, 2815, 2816, 2817, 2808, 2807, 2820, 2818, 2811, + 2822, 2824, 2816, 2812, 2818, 2825, 2824, 2809, 0, 2820, + 2825, 2826, 2826, 2827, 2817, 2829, 2836, 2815, 2832, 2832, + 2829, 2822, 2827, 2830, 2830, 2833, 2833, 2830, 2834, 2834, + 2835, 2837, 2838, 2841, 2840, 2844, 2836, 2838, 2841, 2835, + 2840, 2842, 2843, 2843, 2845, 2846, 2842, 2847, 2849, 2848, + 2837, 2850, 2847, 2844, 2849, 2853, 2845, 2851, 2851, 2853, - 2882, 2883, 2883, 2884, 2885, 2888, 2886, 2889, 2889, 2882, - 2891, 2900, 2884, 2890, 2894, 2892, 2885, 2893, 2893, 2895, - 2895, 2898, 2902, 2891, 2888, 2880, 2886, 2892, 2890, 2894, - 2899, 2901, 2901, 2899, 2906, 2904, 2905, 2900, 2904, 2898, - 2902, 2907, 2905, 2908, 2910, 2909, 2907, 2912, 2906, 2913, - 2916, 2926, 2927, 2912, 2929, 2927, 2926, 2934, 2913, 2937, - 2910, 2940, 2908, 2909, 2938, 2916, 2935, 2929, 2930, 2930, - 2931, 2931, 2932, 2932, 2941, 2935, 2942, 2944, 2938, 2937, - 2934, 2942, 2945, 2945, 2940, 2941, 2943, 2946, 2943, 2947, - 2949, 2948, 2944, 2950, 2952, 2951, 2954, 2955, 2955, 2953, + 2854, 2856, 2856, 2855, 2857, 2854, 2846, 2848, 2855, 2858, + 2859, 2861, 2863, 2863, 2865, 2866, 2850, 2867, 2869, 2870, + 2868, 2867, 2875, 2857, 2858, 2859, 2876, 2865, 2866, 2868, + 2872, 2861, 2873, 2873, 2869, 2872, 2874, 2878, 2870, 2884, + 2875, 2877, 2877, 2881, 2881, 2874, 2882, 2882, 2886, 2886, + 2888, 2889, 2876, 2890, 2891, 2894, 2878, 2893, 2893, 2891, + 2884, 2895, 2896, 2897, 2898, 2901, 2888, 2889, 2896, 2890, + 2895, 2900, 2900, 2902, 2906, 2894, 2903, 2903, 2907, 2901, + 2908, 2909, 2912, 2898, 2907, 2908, 2897, 2910, 2910, 2911, + 2911, 2915, 2902, 2914, 2906, 2913, 2913, 2916, 2919, 2917, - 2946, 2956, 2957, 2952, 2962, 2961, 2949, 2957, 2947, 2948, - 2951, 2953, 2963, 2963, 2964, 2965, 2965, 2954, 2950, 2961, - 2969, 2956, 2970, 2964, 2962, 2966, 2966, 2967, 2967, 2968, - 2968, 2971, 2972, 2973, 2971, 2974, 2975, 2972, 2973, 2969, - 2976, 2977, 2970, 2979, 2978, 2980, 2976, 2983, 2979, 2982, - 2982, 2975, 2984, 2985, 2985, 2977, 2978, 2987, 2989, 2995, - 2974, 2994, 2983, 2992, 2992, 2980, 2993, 2993, 2996, 2994, - 2998, 2984, 2987, 2997, 2996, 2999, 2989, 3000, 2995, 2997, - 3001, 3002, 3002, 3005, 2998, 3001, 3003, 3003, 2999, 3006, - 3009, 3008, 3011, 3012, 3009, 3013, 3000, 3014, 3012, 3016, + 2915, 2918, 2912, 2909, 2914, 2917, 2920, 2921, 2921, 2922, + 2919, 2927, 2922, 2923, 2923, 2913, 2928, 2916, 2929, 2933, + 2918, 2930, 2930, 2927, 2929, 2931, 2920, 2932, 2931, 2935, + 2936, 2936, 2938, 2932, 2935, 2937, 2928, 2933, 2939, 2940, + 2937, 2941, 2941, 2943, 2939, 2944, 2945, 2946, 2947, 2947, + 2948, 2938, 2949, 2950, 2961, 2943, 2940, 2940, 2952, 2952, + 2946, 2954, 2950, 2944, 2953, 2953, 2954, 2955, 2949, 2948, + 2956, 2945, 2957, 2957, 2960, 2956, 2958, 2958, 2959, 2959, + 2961, 2955, 2962, 2968, 2963, 2965, 2965, 2960, 2962, 2963, + 2970, 2971, 2972, 2973, 2973, 2975, 2975, 2976, 2977, 2979, - 3015, 3017, 3018, 3022, 3005, 3008, 3017, 3018, 3023, 3006, - 3014, 3024, 3011, 3015, 3013, 3019, 3019, 3026, 3016, 3025, - 3025, 3027, 3026, 3022, 3028, 3028, 3023, 3027, 3029, 3030, - 3024, 3031, 3032, 3029, 3030, 3033, 3031, 3035, 3035, 3036, - 3040, 3033, 3037, 3037, 3036, 3039, 3041, 3042, 3043, 3039, - 3044, 3032, 3045, 3041, 3053, 3046, 3044, 3048, 3048, 3040, - 3050, 3050, 3054, 3051, 3052, 3055, 3042, 3043, 3046, 3052, - 3058, 3045, 3051, 3053, 3057, 3051, 3056, 3056, 3055, 3057, - 3060, 3054, 3062, 3058, 3061, 3061, 3063, 3063, 3064, 3064, - 3065, 3066, 3067, 3068, 3068, 3065, 0, 3069, 3066, 3071, + 2980, 2978, 2968, 2981, 2981, 2982, 2982, 2985, 0, 2980, + 2984, 2986, 2970, 2971, 2972, 2978, 2984, 2977, 2994, 2979, + 2987, 2990, 2990, 2976, 2996, 2987, 2993, 2985, 2992, 2992, + 2986, 2993, 2994, 2995, 2997, 2999, 2996, 2998, 2998, 2995, + 2999, 3001, 2997, 3002, 3003, 3004, 3005, 3007, 3008, 3003, + 3009, 3010, 3005, 3013, 3012, 3007, 3014, 3004, 3015, 3016, + 3018, 3001, 3019, 3002, 3016, 3018, 3023, 3008, 0, 3013, + 3009, 3010, 3012, 3014, 3014, 3020, 3025, 3024, 3021, 3015, + 3024, 3020, 3019, 3021, 3028, 3028, 3023, 3029, 3029, 3025, + 3030, 3034, 3034, 3035, 3030, 3036, 3037, 3037, 3035, 3039, - 3071, 3062, 3069, 3070, 3074, 3070, 3060, 3072, 3073, 3076, - 3079, 3067, 3075, 3083, 3072, 3073, 3081, 3075, 3078, 3078, - 3082, 3081, 3084, 3074, 3088, 3082, 3085, 3085, 3076, 3079, - 3087, 3087, 3083, 3089, 3090, 3090, 3091, 3091, 3092, 3094, - 3094, 3084, 3096, 3088, 3102, 3092, 3095, 3095, 3098, 3096, - 3101, 3103, 3089, 3098, 0, 3101, 3104, 3104, 3105, 3105, - 0, 0, 0, 3102, 0, 0, 0, 0, 0, 0, - 3103, 3109, 3109, 3109, 3109, 3109, 3109, 3109, 3110, 3110, - 3110, 3110, 3110, 3110, 3110, 3111, 3111, 3111, 3111, 3111, - 3111, 3111, 3112, 3112, 3112, 3112, 3112, 3112, 3112, 3113, + 3039, 3040, 3040, 3043, 3040, 3041, 3041, 3043, 3041, 3042, + 3042, 3045, 3042, 3046, 3036, 3048, 3045, 3047, 3047, 3052, + 3049, 3053, 3046, 3054, 3055, 3055, 3058, 3060, 3054, 3059, + 3062, 3060, 3064, 3048, 3049, 3061, 3059, 3065, 0, 3052, + 3069, 3053, 3066, 3066, 3061, 3062, 3065, 3067, 3067, 3070, + 3064, 3058, 3068, 3068, 3070, 3069, 3071, 3072, 3073, 3074, + 3075, 3076, 3072, 3072, 3073, 3071, 3077, 3078, 3071, 3079, + 3081, 3077, 3078, 3080, 3080, 3075, 3081, 3082, 3083, 3083, + 3084, 3084, 3076, 3082, 3074, 3085, 3086, 3092, 3079, 3089, + 3089, 3086, 3091, 3091, 3095, 3095, 3092, 3096, 3096, 3103, - 3113, 3113, 3113, 3113, 3113, 3113, 3115, 3115, 0, 3115, - 3115, 3115, 3115, 3116, 3116, 0, 0, 0, 3116, 3116, - 3117, 3117, 0, 0, 3117, 0, 3117, 3118, 0, 0, - 0, 0, 0, 3118, 3119, 3119, 0, 0, 0, 3119, - 3119, 3120, 0, 0, 0, 0, 0, 3120, 3121, 3121, - 0, 3121, 3121, 3121, 3121, 3122, 3122, 0, 3122, 3122, - 3122, 3122, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, - 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, 3108, + 3085, 3097, 3097, 3098, 3098, 3099, 3099, 3100, 3100, 3101, + 3101, 3102, 3102, 3105, 3106, 3106, 3108, 3107, 3109, 3113, + 3111, 3115, 3105, 3112, 3112, 3103, 3107, 3114, 3108, 3116, + 3116, 3117, 3121, 3115, 3113, 3118, 3118, 3123, 3109, 3111, + 3114, 3122, 3124, 3124, 3122, 3127, 3117, 3125, 3127, 3128, + 3121, 3130, 3129, 3131, 3133, 3128, 3130, 3132, 3135, 3136, + 3143, 3140, 3160, 3123, 3135, 3125, 3129, 3139, 3136, 3152, + 3133, 3139, 3131, 3163, 3152, 3132, 3140, 3153, 3155, 3166, + 3153, 3156, 3156, 3157, 3157, 3160, 3143, 3158, 3158, 3161, + 3162, 3155, 3164, 3163, 3162, 3168, 3167, 3169, 3161, 3169, - 3108, 3108, 3108 + 3168, 3170, 3166, 3171, 3171, 3172, 3164, 3167, 3173, 3175, + 3174, 3176, 3178, 3181, 3177, 3180, 3170, 3182, 3172, 3179, + 3180, 3178, 3182, 3183, 3183, 3175, 3184, 3173, 3174, 3177, + 3185, 3179, 3190, 3189, 3181, 3185, 3176, 3191, 3191, 3192, + 3193, 3193, 3194, 3194, 3195, 3195, 3184, 3189, 3192, 3196, + 3196, 3197, 3190, 3198, 3199, 3200, 3201, 3199, 3202, 3203, + 3200, 3201, 3204, 3205, 3206, 3209, 3207, 3213, 3204, 3214, + 3197, 3207, 0, 3198, 3203, 3219, 3206, 3205, 3208, 3208, + 3210, 3210, 3213, 3202, 3217, 3209, 3212, 3212, 3214, 3215, + 3215, 3222, 3222, 3219, 3223, 3223, 3224, 3225, 3228, 3217, + + 3226, 3227, 3229, 3230, 3224, 3231, 3226, 3227, 3232, 3232, + 3231, 3237, 3228, 3234, 3234, 3229, 3225, 3238, 3243, 3240, + 3241, 3244, 3230, 3245, 3241, 3248, 3244, 3246, 3247, 3249, + 3250, 3254, 3237, 3240, 3249, 3250, 3255, 3238, 3243, 3256, + 3246, 3247, 3245, 3259, 3248, 3251, 3251, 3257, 3257, 3259, + 3258, 3254, 3260, 3260, 3255, 3258, 3261, 3262, 3256, 3263, + 3264, 3261, 3262, 3265, 3263, 3267, 3267, 3268, 3272, 3265, + 3269, 3269, 3268, 3271, 3273, 3274, 3275, 3271, 3276, 3264, + 3277, 3273, 3285, 3278, 3276, 3280, 3280, 3272, 3282, 3282, + 3286, 3283, 3284, 3287, 3274, 3275, 3278, 3284, 3290, 3277, + + 3283, 3285, 3289, 3283, 3288, 3288, 3287, 3289, 3292, 3286, + 3294, 3290, 3293, 3293, 3295, 3295, 3296, 3296, 3297, 3298, + 3299, 3300, 3300, 3297, 0, 3301, 3298, 3303, 3303, 3294, + 3301, 3302, 3306, 3302, 3292, 3304, 3305, 3308, 3311, 3299, + 3307, 3315, 3304, 3305, 3313, 3307, 3310, 3310, 3314, 3313, + 3316, 3306, 3320, 3314, 3317, 3317, 3308, 3311, 3319, 3319, + 3315, 3321, 3322, 3322, 3323, 3323, 3324, 3326, 3326, 3316, + 3328, 3320, 3334, 3324, 3327, 3327, 3330, 3328, 3333, 3335, + 3321, 3330, 0, 3333, 3336, 3336, 3337, 3337, 0, 0, + 0, 3334, 0, 0, 0, 0, 0, 0, 3335, 3341, + + 3341, 3341, 3341, 3341, 3341, 3341, 3342, 3342, 3342, 3342, + 3342, 3342, 3342, 3343, 3343, 3343, 3343, 3343, 3343, 3343, + 3344, 3344, 3344, 3344, 3344, 3344, 3344, 3345, 3345, 3345, + 3345, 3345, 3345, 3345, 3346, 3346, 3346, 3346, 3346, 3346, + 3346, 3347, 3347, 3347, 3347, 3347, 3347, 3347, 3349, 3349, + 0, 3349, 3349, 3349, 3349, 3350, 3350, 0, 0, 0, + 3350, 3350, 3351, 3351, 0, 0, 3351, 0, 3351, 3352, + 0, 0, 0, 0, 0, 3352, 3353, 3353, 0, 0, + 0, 3353, 3353, 3354, 0, 0, 0, 0, 0, 3354, + 3355, 3355, 0, 3355, 3355, 3355, 3355, 3356, 0, 0, + + 0, 0, 0, 3356, 3357, 3357, 0, 0, 0, 3357, + 3357, 3358, 3358, 0, 3358, 3358, 3358, 3358, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, + 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340, 3340 } ; static yy_state_type yy_last_accepting_state; @@ -2861,11 +3034,13 @@ struct inc_state { int line; YY_BUFFER_STATE buffer; struct inc_state* next; + int inc_toplevel; }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; +static int inc_toplevel = 0; void init_cfg_parse(void) { @@ -2873,14 +3048,15 @@ void init_cfg_parse(void) inc_depth = 0; inc_prev = 0; num_args = 0; + inc_toplevel = 0; } -static void config_start_include(const char* filename) +static void config_start_include(const char* filename, int toplevel) { FILE *input; struct inc_state* s; char* nm; - if(inc_depth++ > 100000) { + if(inc_depth+1 > 100000) { ub_c_error_msg("too many include files"); return; } @@ -2912,17 +3088,20 @@ static void config_start_include(const char* filename) return; } LEXOUT(("switch_to_include_file(%s)\n", filename)); + inc_depth++; s->filename = cfg_parser->filename; s->line = cfg_parser->line; s->buffer = YY_CURRENT_BUFFER; + s->inc_toplevel = inc_toplevel; s->next = config_include_stack; config_include_stack = s; cfg_parser->filename = nm; cfg_parser->line = 1; + inc_toplevel = toplevel; yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); } -static void config_start_include_glob(const char* filename) +static void config_start_include_glob(const char* filename, int toplevel) { /* check for wildcards */ @@ -2955,19 +3134,19 @@ static void config_start_include_glob(const char* filename) globfree(&g); if(r == GLOB_NOMATCH) return; /* no matches for pattern */ - config_start_include(filename); /* let original deal with it */ + config_start_include(filename, toplevel); /* let original deal with it */ return; } /* process files found, if any */ for(i=(int)g.gl_pathc-1; i>=0; i--) { - config_start_include(g.gl_pathv[i]); + config_start_include(g.gl_pathv[i], toplevel); } globfree(&g); return; } #endif /* HAVE_GLOB */ - config_start_include(filename); + config_start_include(filename, toplevel); } static void config_end_include(void) @@ -2981,6 +3160,7 @@ static void config_end_include(void) yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(s->buffer); config_include_stack = s->next; + inc_toplevel = s->inc_toplevel; free(s); } @@ -2993,18 +3173,18 @@ static void config_end_include(void) } #endif -#line 2995 "" +#line 3175 "" #define YY_NO_INPUT 1 -#line 184 "./util/configlexer.lex" +#line 191 "./util/configlexer.lex" #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 3004 "" +#line 3184 "" -#line 3006 "" +#line 3186 "" #define INITIAL 0 #define quotedstring 1 @@ -3012,6 +3192,8 @@ static void config_end_include(void) #define include 3 #define include_quoted 4 #define val 5 +#define include_toplevel 6 +#define include_toplevel_quoted 7 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way @@ -3224,9 +3406,9 @@ YY_DECL } { -#line 204 "./util/configlexer.lex" +#line 211 "./util/configlexer.lex" -#line 3228 "" +#line 3410 "" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -3259,13 +3441,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3109 ) + if ( yy_current_state >= 3341 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 6063 ); + while ( yy_base[yy_current_state] != 6519 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3291,1523 +3473,1618 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 205 "./util/configlexer.lex" +#line 212 "./util/configlexer.lex" { LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP -#line 207 "./util/configlexer.lex" +#line 214 "./util/configlexer.lex" { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK case 3: YY_RULE_SETUP -#line 210 "./util/configlexer.lex" +#line 217 "./util/configlexer.lex" { YDVAR(0, VAR_SERVER) } YY_BREAK case 4: YY_RULE_SETUP -#line 211 "./util/configlexer.lex" +#line 218 "./util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION) } YY_BREAK case 5: YY_RULE_SETUP -#line 212 "./util/configlexer.lex" +#line 219 "./util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } YY_BREAK case 6: YY_RULE_SETUP -#line 213 "./util/configlexer.lex" +#line 220 "./util/configlexer.lex" { YDVAR(1, VAR_NUM_THREADS) } YY_BREAK case 7: YY_RULE_SETUP -#line 214 "./util/configlexer.lex" +#line 221 "./util/configlexer.lex" { YDVAR(1, VAR_VERBOSITY) } YY_BREAK case 8: YY_RULE_SETUP -#line 215 "./util/configlexer.lex" +#line 222 "./util/configlexer.lex" { YDVAR(1, VAR_PORT) } YY_BREAK case 9: YY_RULE_SETUP -#line 216 "./util/configlexer.lex" +#line 223 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_RANGE) } YY_BREAK case 10: YY_RULE_SETUP -#line 217 "./util/configlexer.lex" +#line 224 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } YY_BREAK case 11: YY_RULE_SETUP -#line 218 "./util/configlexer.lex" +#line 225 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } YY_BREAK case 12: YY_RULE_SETUP -#line 219 "./util/configlexer.lex" +#line 226 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_NUM_TCP) } YY_BREAK case 13: YY_RULE_SETUP -#line 220 "./util/configlexer.lex" +#line 227 "./util/configlexer.lex" { YDVAR(1, VAR_INCOMING_NUM_TCP) } YY_BREAK case 14: YY_RULE_SETUP -#line 221 "./util/configlexer.lex" +#line 228 "./util/configlexer.lex" { YDVAR(1, VAR_DO_IP4) } YY_BREAK case 15: YY_RULE_SETUP -#line 222 "./util/configlexer.lex" +#line 229 "./util/configlexer.lex" { YDVAR(1, VAR_DO_IP6) } YY_BREAK case 16: YY_RULE_SETUP -#line 223 "./util/configlexer.lex" +#line 230 "./util/configlexer.lex" { YDVAR(1, VAR_PREFER_IP4) } YY_BREAK case 17: YY_RULE_SETUP -#line 224 "./util/configlexer.lex" +#line 231 "./util/configlexer.lex" { YDVAR(1, VAR_PREFER_IP6) } YY_BREAK case 18: YY_RULE_SETUP -#line 225 "./util/configlexer.lex" +#line 232 "./util/configlexer.lex" { YDVAR(1, VAR_DO_UDP) } YY_BREAK case 19: YY_RULE_SETUP -#line 226 "./util/configlexer.lex" +#line 233 "./util/configlexer.lex" { YDVAR(1, VAR_DO_TCP) } YY_BREAK case 20: YY_RULE_SETUP -#line 227 "./util/configlexer.lex" +#line 234 "./util/configlexer.lex" { YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 21: YY_RULE_SETUP -#line 228 "./util/configlexer.lex" +#line 235 "./util/configlexer.lex" { YDVAR(1, VAR_TCP_MSS) } YY_BREAK case 22: YY_RULE_SETUP -#line 229 "./util/configlexer.lex" +#line 236 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_TCP_MSS) } YY_BREAK case 23: YY_RULE_SETUP -#line 230 "./util/configlexer.lex" +#line 237 "./util/configlexer.lex" { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } YY_BREAK case 24: YY_RULE_SETUP -#line 231 "./util/configlexer.lex" +#line 238 "./util/configlexer.lex" { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } YY_BREAK case 25: YY_RULE_SETUP -#line 232 "./util/configlexer.lex" +#line 239 "./util/configlexer.lex" { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } YY_BREAK case 26: YY_RULE_SETUP -#line 233 "./util/configlexer.lex" +#line 240 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 27: YY_RULE_SETUP -#line 234 "./util/configlexer.lex" +#line 241 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 28: YY_RULE_SETUP -#line 235 "./util/configlexer.lex" +#line 242 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 29: YY_RULE_SETUP -#line 236 "./util/configlexer.lex" +#line 243 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 30: YY_RULE_SETUP -#line 237 "./util/configlexer.lex" +#line 244 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 31: YY_RULE_SETUP -#line 238 "./util/configlexer.lex" +#line 245 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 32: YY_RULE_SETUP -#line 239 "./util/configlexer.lex" +#line 246 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 33: YY_RULE_SETUP -#line 240 "./util/configlexer.lex" +#line 247 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 34: YY_RULE_SETUP -#line 241 "./util/configlexer.lex" +#line 248 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 35: YY_RULE_SETUP -#line 242 "./util/configlexer.lex" +#line 249 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 36: YY_RULE_SETUP -#line 243 "./util/configlexer.lex" +#line 250 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_WIN_CERT) } YY_BREAK case 37: YY_RULE_SETUP -#line 244 "./util/configlexer.lex" +#line 251 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 38: YY_RULE_SETUP -#line 245 "./util/configlexer.lex" +#line 252 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 39: YY_RULE_SETUP -#line 246 "./util/configlexer.lex" +#line 253 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 40: YY_RULE_SETUP -#line 247 "./util/configlexer.lex" +#line 254 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 41: YY_RULE_SETUP -#line 248 "./util/configlexer.lex" +#line 255 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } YY_BREAK case 42: YY_RULE_SETUP -#line 249 "./util/configlexer.lex" +#line 256 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CIPHERS) } YY_BREAK case 43: YY_RULE_SETUP -#line 250 "./util/configlexer.lex" +#line 257 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CIPHERSUITES) } YY_BREAK case 44: YY_RULE_SETUP -#line 251 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } +#line 258 "./util/configlexer.lex" +{ YDVAR(1, VAR_TLS_USE_SNI) } YY_BREAK case 45: YY_RULE_SETUP -#line 252 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +#line 259 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTPS_PORT) } YY_BREAK case 46: YY_RULE_SETUP -#line 253 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +#line 260 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTP_ENDPOINT) } YY_BREAK case 47: YY_RULE_SETUP -#line 254 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +#line 261 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } YY_BREAK case 48: YY_RULE_SETUP -#line 255 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +#line 262 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } YY_BREAK case 49: YY_RULE_SETUP -#line 256 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +#line 263 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } YY_BREAK case 50: YY_RULE_SETUP -#line 257 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +#line 264 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTP_NODELAY) } YY_BREAK case 51: YY_RULE_SETUP -#line 258 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +#line 265 "./util/configlexer.lex" +{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } YY_BREAK case 52: YY_RULE_SETUP -#line 259 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +#line 266 "./util/configlexer.lex" +{ YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK case 53: YY_RULE_SETUP -#line 260 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +#line 267 "./util/configlexer.lex" +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 54: YY_RULE_SETUP -#line 261 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } +#line 268 "./util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 55: YY_RULE_SETUP -#line 262 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_DSCP) } +#line 269 "./util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 56: YY_RULE_SETUP -#line 263 "./util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +#line 270 "./util/configlexer.lex" +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 57: YY_RULE_SETUP -#line 264 "./util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +#line 271 "./util/configlexer.lex" +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 58: YY_RULE_SETUP -#line 265 "./util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +#line 272 "./util/configlexer.lex" +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 59: YY_RULE_SETUP -#line 266 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +#line 273 "./util/configlexer.lex" +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 60: YY_RULE_SETUP -#line 267 "./util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +#line 274 "./util/configlexer.lex" +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 61: YY_RULE_SETUP -#line 268 "./util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +#line 275 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 62: YY_RULE_SETUP -#line 269 "./util/configlexer.lex" -{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } +#line 276 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 63: YY_RULE_SETUP -#line 270 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +#line 277 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_DSCP) } YY_BREAK case 64: YY_RULE_SETUP -#line 271 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +#line 278 "./util/configlexer.lex" +{ YDVAR(1, VAR_CHROOT) } YY_BREAK case 65: YY_RULE_SETUP -#line 272 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +#line 279 "./util/configlexer.lex" +{ YDVAR(1, VAR_USERNAME) } YY_BREAK case 66: YY_RULE_SETUP -#line 273 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +#line 280 "./util/configlexer.lex" +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 67: YY_RULE_SETUP -#line 274 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +#line 281 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK case 68: YY_RULE_SETUP -#line 275 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +#line 282 "./util/configlexer.lex" +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK case 69: YY_RULE_SETUP -#line 276 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +#line 283 "./util/configlexer.lex" +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 70: YY_RULE_SETUP -#line 277 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +#line 284 "./util/configlexer.lex" +{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } YY_BREAK case 71: YY_RULE_SETUP -#line 278 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +#line 285 "./util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 72: YY_RULE_SETUP -#line 279 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +#line 286 "./util/configlexer.lex" +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 73: YY_RULE_SETUP -#line 280 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +#line 287 "./util/configlexer.lex" +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 74: YY_RULE_SETUP -#line 281 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +#line 288 "./util/configlexer.lex" +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 75: YY_RULE_SETUP -#line 282 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +#line 289 "./util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 76: YY_RULE_SETUP -#line 283 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +#line 290 "./util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 77: YY_RULE_SETUP -#line 284 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +#line 291 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 78: YY_RULE_SETUP -#line 285 "./util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +#line 292 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 79: YY_RULE_SETUP -#line 286 "./util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +#line 293 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 80: YY_RULE_SETUP -#line 287 "./util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +#line 294 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 81: YY_RULE_SETUP -#line 288 "./util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +#line 295 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 82: YY_RULE_SETUP -#line 289 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +#line 296 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 83: YY_RULE_SETUP -#line 290 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +#line 297 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 84: YY_RULE_SETUP -#line 291 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +#line 298 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 85: YY_RULE_SETUP -#line 292 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +#line 299 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 86: YY_RULE_SETUP -#line 293 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +#line 300 "./util/configlexer.lex" +{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } YY_BREAK case 87: YY_RULE_SETUP -#line 294 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +#line 301 "./util/configlexer.lex" +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 88: YY_RULE_SETUP -#line 295 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +#line 302 "./util/configlexer.lex" +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 89: YY_RULE_SETUP -#line 296 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +#line 303 "./util/configlexer.lex" +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 90: YY_RULE_SETUP -#line 297 "./util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +#line 304 "./util/configlexer.lex" +{ YDVAR(1, VAR_UDP_CONNECT) } YY_BREAK case 91: YY_RULE_SETUP -#line 298 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +#line 305 "./util/configlexer.lex" +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 92: YY_RULE_SETUP -#line 299 "./util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +#line 306 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 93: YY_RULE_SETUP -#line 300 "./util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +#line 307 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 94: YY_RULE_SETUP -#line 301 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +#line 308 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 95: YY_RULE_SETUP -#line 302 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +#line 309 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 96: YY_RULE_SETUP -#line 303 "./util/configlexer.lex" -{ YDVAR(1, VAR_DENY_ANY) } +#line 310 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 97: YY_RULE_SETUP -#line 304 "./util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +#line 311 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 98: YY_RULE_SETUP -#line 305 "./util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +#line 312 "./util/configlexer.lex" +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 99: YY_RULE_SETUP -#line 306 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +#line 313 "./util/configlexer.lex" +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 100: YY_RULE_SETUP -#line 307 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +#line 314 "./util/configlexer.lex" +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 101: YY_RULE_SETUP -#line 308 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +#line 315 "./util/configlexer.lex" +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 102: YY_RULE_SETUP -#line 309 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +#line 316 "./util/configlexer.lex" +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 103: YY_RULE_SETUP -#line 310 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_NO_CACHE) } +#line 317 "./util/configlexer.lex" +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 104: YY_RULE_SETUP -#line 311 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +#line 318 "./util/configlexer.lex" +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 105: YY_RULE_SETUP -#line 312 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +#line 319 "./util/configlexer.lex" +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 106: YY_RULE_SETUP -#line 313 "./util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +#line 320 "./util/configlexer.lex" +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK case 107: YY_RULE_SETUP -#line 314 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +#line 321 "./util/configlexer.lex" +{ YDVAR(1, VAR_DENY_ANY) } YY_BREAK case 108: YY_RULE_SETUP -#line 315 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +#line 322 "./util/configlexer.lex" +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 109: YY_RULE_SETUP -#line 316 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +#line 323 "./util/configlexer.lex" +{ YDVAR(1, VAR_NAME) } YY_BREAK case 110: YY_RULE_SETUP -#line 317 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_NO_CACHE) } +#line 324 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 111: YY_RULE_SETUP -#line 318 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +#line 325 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 112: YY_RULE_SETUP -#line 319 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +#line 326 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 113: YY_RULE_SETUP -#line 320 "./util/configlexer.lex" -{ YDVAR(0, VAR_AUTH_ZONE) } +#line 327 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 114: YY_RULE_SETUP -#line 321 "./util/configlexer.lex" -{ YDVAR(0, VAR_RPZ) } +#line 328 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_NO_CACHE) } YY_BREAK case 115: YY_RULE_SETUP -#line 322 "./util/configlexer.lex" -{ YDVAR(1, VAR_TAGS) } +#line 329 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 116: YY_RULE_SETUP -#line 323 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } +#line 330 "./util/configlexer.lex" +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 117: YY_RULE_SETUP -#line 324 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } +#line 331 "./util/configlexer.lex" +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 118: YY_RULE_SETUP -#line 325 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG) } +#line 332 "./util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 119: YY_RULE_SETUP -#line 326 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG_NAME) } +#line 333 "./util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 120: YY_RULE_SETUP -#line 327 "./util/configlexer.lex" -{ YDVAR(1, VAR_ZONEFILE) } +#line 334 "./util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 121: YY_RULE_SETUP -#line 328 "./util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +#line 335 "./util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_NO_CACHE) } YY_BREAK case 122: YY_RULE_SETUP -#line 329 "./util/configlexer.lex" -{ YDVAR(1, VAR_URL) } +#line 336 "./util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 123: YY_RULE_SETUP -#line 330 "./util/configlexer.lex" -{ YDVAR(1, VAR_ALLOW_NOTIFY) } +#line 337 "./util/configlexer.lex" +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 124: YY_RULE_SETUP -#line 331 "./util/configlexer.lex" -{ YDVAR(1, VAR_FOR_DOWNSTREAM) } +#line 338 "./util/configlexer.lex" +{ YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK case 125: YY_RULE_SETUP -#line 332 "./util/configlexer.lex" -{ YDVAR(1, VAR_FOR_UPSTREAM) } +#line 339 "./util/configlexer.lex" +{ YDVAR(0, VAR_RPZ) } YY_BREAK case 126: YY_RULE_SETUP -#line 333 "./util/configlexer.lex" -{ YDVAR(1, VAR_FALLBACK_ENABLED) } +#line 340 "./util/configlexer.lex" +{ YDVAR(1, VAR_TAGS) } YY_BREAK case 127: YY_RULE_SETUP -#line 334 "./util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } +#line 341 "./util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } YY_BREAK case 128: YY_RULE_SETUP -#line 335 "./util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } +#line 342 "./util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } YY_BREAK case 129: YY_RULE_SETUP -#line 336 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +#line 343 "./util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_LOG) } YY_BREAK case 130: YY_RULE_SETUP -#line 337 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +#line 344 "./util/configlexer.lex" +{ YDVAR(1, VAR_RPZ_LOG_NAME) } YY_BREAK case 131: YY_RULE_SETUP -#line 338 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +#line 345 "./util/configlexer.lex" +{ YDVAR(1, VAR_ZONEFILE) } YY_BREAK case 132: YY_RULE_SETUP -#line 339 "./util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +#line 346 "./util/configlexer.lex" +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 133: YY_RULE_SETUP -#line 340 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } +#line 347 "./util/configlexer.lex" +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 134: YY_RULE_SETUP -#line 341 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +#line 348 "./util/configlexer.lex" +{ YDVAR(1, VAR_URL) } YY_BREAK case 135: YY_RULE_SETUP -#line 342 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +#line 349 "./util/configlexer.lex" +{ YDVAR(1, VAR_ALLOW_NOTIFY) } YY_BREAK case 136: YY_RULE_SETUP -#line 343 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +#line 350 "./util/configlexer.lex" +{ YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK case 137: YY_RULE_SETUP -#line 344 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } +#line 351 "./util/configlexer.lex" +{ YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK case 138: YY_RULE_SETUP -#line 345 "./util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } +#line 352 "./util/configlexer.lex" +{ YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK case 139: YY_RULE_SETUP -#line 346 "./util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } +#line 353 "./util/configlexer.lex" +{ YDVAR(0, VAR_VIEW) } YY_BREAK case 140: YY_RULE_SETUP -#line 347 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } +#line 354 "./util/configlexer.lex" +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 141: YY_RULE_SETUP -#line 348 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } +#line 355 "./util/configlexer.lex" +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 142: YY_RULE_SETUP -#line 349 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +#line 356 "./util/configlexer.lex" +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 143: YY_RULE_SETUP -#line 350 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +#line 357 "./util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 144: YY_RULE_SETUP -#line 351 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +#line 358 "./util/configlexer.lex" +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 145: YY_RULE_SETUP -#line 352 "./util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +#line 359 "./util/configlexer.lex" +{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK case 146: YY_RULE_SETUP -#line 353 "./util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +#line 360 "./util/configlexer.lex" +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 147: YY_RULE_SETUP -#line 354 "./util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +#line 361 "./util/configlexer.lex" +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 148: YY_RULE_SETUP -#line 355 "./util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +#line 362 "./util/configlexer.lex" +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 149: YY_RULE_SETUP -#line 356 "./util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +#line 363 "./util/configlexer.lex" +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 150: YY_RULE_SETUP -#line 357 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +#line 364 "./util/configlexer.lex" +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } YY_BREAK case 151: YY_RULE_SETUP -#line 358 "./util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +#line 365 "./util/configlexer.lex" +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } YY_BREAK case 152: YY_RULE_SETUP -#line 359 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +#line 366 "./util/configlexer.lex" +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } YY_BREAK case 153: YY_RULE_SETUP -#line 360 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +#line 367 "./util/configlexer.lex" +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } YY_BREAK case 154: YY_RULE_SETUP -#line 361 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } +#line 368 "./util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 155: YY_RULE_SETUP -#line 362 "./util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } +#line 369 "./util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 156: YY_RULE_SETUP -#line 363 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +#line 370 "./util/configlexer.lex" +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 157: YY_RULE_SETUP -#line 364 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +#line 371 "./util/configlexer.lex" +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 158: YY_RULE_SETUP -#line 365 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +#line 372 "./util/configlexer.lex" +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 159: YY_RULE_SETUP -#line 366 "./util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +#line 373 "./util/configlexer.lex" +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 160: YY_RULE_SETUP -#line 367 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +#line 374 "./util/configlexer.lex" +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 161: YY_RULE_SETUP -#line 368 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +#line 375 "./util/configlexer.lex" +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 162: YY_RULE_SETUP -#line 369 "./util/configlexer.lex" -{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } +#line 376 "./util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 163: YY_RULE_SETUP -#line 370 "./util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +#line 377 "./util/configlexer.lex" +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 164: YY_RULE_SETUP -#line 371 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +#line 378 "./util/configlexer.lex" +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 165: YY_RULE_SETUP -#line 372 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } +#line 379 "./util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 166: YY_RULE_SETUP -#line 373 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } +#line 380 "./util/configlexer.lex" +{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK case 167: YY_RULE_SETUP -#line 374 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } +#line 381 "./util/configlexer.lex" +{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } YY_BREAK case 168: YY_RULE_SETUP -#line 375 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } +#line 382 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 169: YY_RULE_SETUP -#line 376 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +#line 383 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 170: YY_RULE_SETUP -#line 377 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +#line 384 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 171: YY_RULE_SETUP -#line 378 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +#line 385 "./util/configlexer.lex" +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 172: YY_RULE_SETUP -#line 379 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +#line 386 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 173: YY_RULE_SETUP -#line 380 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +#line 387 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 174: YY_RULE_SETUP -#line 381 "./util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +#line 388 "./util/configlexer.lex" +{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } YY_BREAK case 175: YY_RULE_SETUP -#line 382 "./util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +#line 389 "./util/configlexer.lex" +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 176: YY_RULE_SETUP -#line 384 "./util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +#line 390 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 177: YY_RULE_SETUP -#line 385 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +#line 391 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } YY_BREAK case 178: YY_RULE_SETUP -#line 386 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +#line 392 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } YY_BREAK case 179: YY_RULE_SETUP -#line 387 "./util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +#line 393 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } YY_BREAK case 180: YY_RULE_SETUP -#line 388 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +#line 394 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } YY_BREAK case 181: YY_RULE_SETUP -#line 389 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } +#line 395 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 182: YY_RULE_SETUP -#line 390 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +#line 396 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 183: YY_RULE_SETUP -#line 391 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +#line 397 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 184: YY_RULE_SETUP -#line 392 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } +#line 398 "./util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 185: YY_RULE_SETUP -#line 393 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } +#line 399 "./util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 186: YY_RULE_SETUP -#line 394 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } +#line 400 "./util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 187: YY_RULE_SETUP -#line 395 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_SERVFAIL) } +#line 401 "./util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 188: YY_RULE_SETUP -#line 396 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +#line 403 "./util/configlexer.lex" +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 189: YY_RULE_SETUP -#line 397 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +#line 404 "./util/configlexer.lex" +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 190: YY_RULE_SETUP -#line 398 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +#line 405 "./util/configlexer.lex" +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 191: YY_RULE_SETUP -#line 399 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +#line 406 "./util/configlexer.lex" +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 192: YY_RULE_SETUP -#line 400 "./util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +#line 407 "./util/configlexer.lex" +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 193: YY_RULE_SETUP -#line 401 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +#line 408 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 194: YY_RULE_SETUP -#line 402 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +#line 409 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 195: YY_RULE_SETUP -#line 403 "./util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +#line 410 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 196: YY_RULE_SETUP -#line 404 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } +#line 411 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 197: YY_RULE_SETUP -#line 405 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } +#line 412 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK case 198: YY_RULE_SETUP -#line 406 "./util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +#line 413 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK case 199: YY_RULE_SETUP -#line 407 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +#line 414 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK case 200: YY_RULE_SETUP -#line 408 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +#line 415 "./util/configlexer.lex" +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 201: YY_RULE_SETUP -#line 409 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +#line 416 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 202: YY_RULE_SETUP -#line 410 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +#line 417 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 203: YY_RULE_SETUP -#line 411 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +#line 418 "./util/configlexer.lex" +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 204: YY_RULE_SETUP -#line 412 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +#line 419 "./util/configlexer.lex" +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 205: YY_RULE_SETUP -#line 413 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +#line 420 "./util/configlexer.lex" +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 206: YY_RULE_SETUP -#line 414 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +#line 421 "./util/configlexer.lex" +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 207: YY_RULE_SETUP -#line 415 "./util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +#line 422 "./util/configlexer.lex" +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 208: YY_RULE_SETUP -#line 416 "./util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +#line 423 "./util/configlexer.lex" +{ YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 209: YY_RULE_SETUP -#line 417 "./util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +#line 424 "./util/configlexer.lex" +{ YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 210: YY_RULE_SETUP -#line 418 "./util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +#line 425 "./util/configlexer.lex" +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 211: YY_RULE_SETUP -#line 419 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +#line 426 "./util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 212: YY_RULE_SETUP -#line 420 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } +#line 427 "./util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 213: YY_RULE_SETUP -#line 421 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +#line 428 "./util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 214: YY_RULE_SETUP -#line 422 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +#line 429 "./util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 215: YY_RULE_SETUP -#line 423 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +#line 430 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 216: YY_RULE_SETUP -#line 424 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +#line 431 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 217: YY_RULE_SETUP -#line 425 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } +#line 432 "./util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 218: YY_RULE_SETUP -#line 426 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } +#line 433 "./util/configlexer.lex" +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 219: YY_RULE_SETUP -#line 427 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +#line 434 "./util/configlexer.lex" +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 220: YY_RULE_SETUP -#line 428 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +#line 435 "./util/configlexer.lex" +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 221: YY_RULE_SETUP -#line 429 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +#line 436 "./util/configlexer.lex" +{ YDVAR(1, VAR_DYNLIB_FILE) } YY_BREAK case 222: YY_RULE_SETUP -#line 430 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +#line 437 "./util/configlexer.lex" +{ YDVAR(0, VAR_DYNLIB) } YY_BREAK case 223: YY_RULE_SETUP -#line 431 "./util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } +#line 438 "./util/configlexer.lex" +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 224: YY_RULE_SETUP -#line 432 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +#line 439 "./util/configlexer.lex" +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 225: YY_RULE_SETUP -#line 433 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +#line 440 "./util/configlexer.lex" +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 226: YY_RULE_SETUP -#line 434 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +#line 441 "./util/configlexer.lex" +{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK case 227: YY_RULE_SETUP -#line 435 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IP) } +#line 442 "./util/configlexer.lex" +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 228: YY_RULE_SETUP -#line 436 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS) } +#line 443 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 229: YY_RULE_SETUP -#line 437 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } +#line 444 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 230: YY_RULE_SETUP -#line 438 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } +#line 445 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK case 231: YY_RULE_SETUP -#line 439 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } +#line 446 "./util/configlexer.lex" +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 232: YY_RULE_SETUP -#line 441 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } +#line 447 "./util/configlexer.lex" +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 233: YY_RULE_SETUP -#line 443 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +#line 448 "./util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 234: YY_RULE_SETUP -#line 444 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +#line 449 "./util/configlexer.lex" +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 235: YY_RULE_SETUP -#line 445 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +#line 450 "./util/configlexer.lex" +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 236: YY_RULE_SETUP -#line 446 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +#line 451 "./util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 237: YY_RULE_SETUP -#line 447 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +#line 452 "./util/configlexer.lex" +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 238: YY_RULE_SETUP -#line 449 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } +#line 453 "./util/configlexer.lex" +{ YDVAR(0, VAR_DNSTAP) } YY_BREAK case 239: YY_RULE_SETUP -#line 451 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } +#line 454 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 240: YY_RULE_SETUP -#line 453 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } +#line 455 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } YY_BREAK case 241: YY_RULE_SETUP -#line 455 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } +#line 456 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK case 242: YY_RULE_SETUP #line 457 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } +{ YDVAR(1, VAR_DNSTAP_IP) } YY_BREAK case 243: YY_RULE_SETUP -#line 459 "./util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } +#line 458 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS) } YY_BREAK case 244: YY_RULE_SETUP -#line 460 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } +#line 459 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } YY_BREAK case 245: YY_RULE_SETUP -#line 461 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +#line 460 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } YY_BREAK case 246: YY_RULE_SETUP -#line 462 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } +#line 461 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } YY_BREAK case 247: YY_RULE_SETUP #line 463 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } YY_BREAK case 248: YY_RULE_SETUP -#line 464 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } +#line 465 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK case 249: YY_RULE_SETUP -#line 465 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +#line 466 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK case 250: YY_RULE_SETUP -#line 466 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +#line 467 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK case 251: YY_RULE_SETUP -#line 467 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +#line 468 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK case 252: YY_RULE_SETUP -#line 468 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } +#line 469 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK case 253: YY_RULE_SETUP -#line 469 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +#line 471 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK case 254: YY_RULE_SETUP -#line 470 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } +#line 473 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK case 255: YY_RULE_SETUP -#line 471 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } +#line 475 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK case 256: YY_RULE_SETUP -#line 472 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +#line 477 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK case 257: YY_RULE_SETUP -#line 473 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +#line 479 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK case 258: YY_RULE_SETUP -#line 474 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +#line 481 "./util/configlexer.lex" +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 259: YY_RULE_SETUP -#line 475 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } +#line 482 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 260: YY_RULE_SETUP -#line 476 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } +#line 483 "./util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 261: YY_RULE_SETUP -#line 477 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } +#line 484 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 262: YY_RULE_SETUP -#line 478 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } +#line 485 "./util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 263: YY_RULE_SETUP -#line 479 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } +#line 486 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 264: YY_RULE_SETUP -#line 480 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } +#line 487 "./util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 265: YY_RULE_SETUP -#line 481 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +#line 488 "./util/configlexer.lex" +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 266: YY_RULE_SETUP -#line 482 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +#line 489 "./util/configlexer.lex" +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 267: YY_RULE_SETUP -#line 483 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +#line 490 "./util/configlexer.lex" +{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 268: YY_RULE_SETUP -#line 484 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } +#line 491 "./util/configlexer.lex" +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 269: YY_RULE_SETUP -#line 485 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } +#line 492 "./util/configlexer.lex" +{ YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 270: YY_RULE_SETUP -#line 487 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } +#line 493 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 271: YY_RULE_SETUP -#line 489 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } +#line 494 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 272: YY_RULE_SETUP -#line 490 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +#line 495 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 273: YY_RULE_SETUP -#line 491 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES) } +#line 496 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 274: YY_RULE_SETUP -#line 492 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } +#line 497 "./util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 275: YY_RULE_SETUP -#line 493 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES) } +#line 498 "./util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 276: YY_RULE_SETUP -#line 494 "./util/configlexer.lex" -{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } +#line 499 "./util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 277: YY_RULE_SETUP -#line 495 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } +#line 500 "./util/configlexer.lex" +{ YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 278: YY_RULE_SETUP -#line 496 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } +#line 501 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 279: YY_RULE_SETUP -#line 497 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } +#line 502 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 280: YY_RULE_SETUP -#line 498 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } +#line 503 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 281: YY_RULE_SETUP -#line 499 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +#line 504 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 282: YY_RULE_SETUP -#line 500 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } +#line 505 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 283: YY_RULE_SETUP -#line 501 "./util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } +#line 506 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 284: YY_RULE_SETUP -#line 502 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } +#line 507 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 285: YY_RULE_SETUP -#line 503 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } +#line 509 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 286: YY_RULE_SETUP -#line 504 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } +#line 511 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 287: YY_RULE_SETUP -#line 505 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } +#line 512 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 288: YY_RULE_SETUP -#line 506 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +#line 513 "./util/configlexer.lex" +{ YDVAR(1, VAR_PAD_RESPONSES) } YY_BREAK case 289: YY_RULE_SETUP -#line 507 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } +#line 514 "./util/configlexer.lex" +{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } YY_BREAK case 290: YY_RULE_SETUP -#line 508 "./util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } +#line 515 "./util/configlexer.lex" +{ YDVAR(1, VAR_PAD_QUERIES) } YY_BREAK case 291: YY_RULE_SETUP -#line 509 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } +#line 516 "./util/configlexer.lex" +{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } YY_BREAK case 292: YY_RULE_SETUP -#line 510 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } +#line 517 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 293: YY_RULE_SETUP -#line 511 "./util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } +#line 518 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 294: YY_RULE_SETUP -#line 512 "./util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +#line 519 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 295: -/* rule 295 can match eol */ YY_RULE_SETUP -#line 513 "./util/configlexer.lex" +#line 520 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } + YY_BREAK +case 296: +YY_RULE_SETUP +#line 521 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } + YY_BREAK +case 297: +YY_RULE_SETUP +#line 522 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } + YY_BREAK +case 298: +YY_RULE_SETUP +#line 523 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSECMOD_STRICT) } + YY_BREAK +case 299: +YY_RULE_SETUP +#line 524 "./util/configlexer.lex" +{ YDVAR(0, VAR_CACHEDB) } + YY_BREAK +case 300: +YY_RULE_SETUP +#line 525 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_BACKEND) } + YY_BREAK +case 301: +YY_RULE_SETUP +#line 526 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } + YY_BREAK +case 302: +YY_RULE_SETUP +#line 527 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISHOST) } + YY_BREAK +case 303: +YY_RULE_SETUP +#line 528 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISPORT) } + YY_BREAK +case 304: +YY_RULE_SETUP +#line 529 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } + YY_BREAK +case 305: +YY_RULE_SETUP +#line 530 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } + YY_BREAK +case 306: +YY_RULE_SETUP +#line 531 "./util/configlexer.lex" +{ YDVAR(0, VAR_IPSET) } + YY_BREAK +case 307: +YY_RULE_SETUP +#line 532 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V4) } + YY_BREAK +case 308: +YY_RULE_SETUP +#line 533 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V6) } + YY_BREAK +case 309: +YY_RULE_SETUP +#line 534 "./util/configlexer.lex" +{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } + YY_BREAK +case 310: +YY_RULE_SETUP +#line 535 "./util/configlexer.lex" +{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } + YY_BREAK +case 311: +YY_RULE_SETUP +#line 536 "./util/configlexer.lex" +{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } + YY_BREAK +case 312: +YY_RULE_SETUP +#line 537 "./util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } + YY_BREAK +case 313: +YY_RULE_SETUP +#line 538 "./util/configlexer.lex" +{ YDVAR(1, VAR_NSID ) } + YY_BREAK +case 314: +/* rule 314 can match eol */ +YY_RULE_SETUP +#line 539 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 296: +case 315: YY_RULE_SETUP -#line 516 "./util/configlexer.lex" +#line 542 "./util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 517 "./util/configlexer.lex" +#line 543 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 297: +case 316: YY_RULE_SETUP -#line 522 "./util/configlexer.lex" +#line 548 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 298: -/* rule 298 can match eol */ +case 317: +/* rule 317 can match eol */ YY_RULE_SETUP -#line 523 "./util/configlexer.lex" +#line 549 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 299: +case 318: YY_RULE_SETUP -#line 525 "./util/configlexer.lex" +#line 551 "./util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4820,34 +5097,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 300: +case 319: YY_RULE_SETUP -#line 537 "./util/configlexer.lex" +#line 563 "./util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 538 "./util/configlexer.lex" +#line 564 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 301: +case 320: YY_RULE_SETUP -#line 543 "./util/configlexer.lex" +#line 569 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 302: -/* rule 302 can match eol */ +case 321: +/* rule 321 can match eol */ YY_RULE_SETUP -#line 544 "./util/configlexer.lex" +#line 570 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 303: +case 322: YY_RULE_SETUP -#line 546 "./util/configlexer.lex" +#line 572 "./util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4860,114 +5137,189 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 304: +case 323: YY_RULE_SETUP -#line 558 "./util/configlexer.lex" +#line 584 "./util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 560 "./util/configlexer.lex" +#line 586 "./util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 305: +case 324: YY_RULE_SETUP -#line 564 "./util/configlexer.lex" +#line 590 "./util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 306: -/* rule 306 can match eol */ +case 325: +/* rule 325 can match eol */ YY_RULE_SETUP -#line 565 "./util/configlexer.lex" +#line 591 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 307: +case 326: YY_RULE_SETUP -#line 566 "./util/configlexer.lex" +#line 592 "./util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 308: +case 327: YY_RULE_SETUP -#line 567 "./util/configlexer.lex" +#line 593 "./util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 572 "./util/configlexer.lex" +#line 598 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 309: +case 328: YY_RULE_SETUP -#line 576 "./util/configlexer.lex" +#line 602 "./util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 310: -/* rule 310 can match eol */ +case 329: +/* rule 329 can match eol */ YY_RULE_SETUP -#line 577 "./util/configlexer.lex" +#line 603 "./util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 311: +case 330: YY_RULE_SETUP -#line 579 "./util/configlexer.lex" +#line 605 "./util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 585 "./util/configlexer.lex" +#line 611 "./util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ if (!config_include_stack) { yyterminate(); } else { + int prev_toplevel = inc_toplevel; fclose(yyin); config_end_include(); + if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); } } YY_BREAK -case 312: +/* include-toplevel: directive */ +case 331: YY_RULE_SETUP -#line 596 "./util/configlexer.lex" +#line 625 "./util/configlexer.lex" +{ + LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); +} + YY_BREAK +case YY_STATE_EOF(include_toplevel): +#line 628 "./util/configlexer.lex" +{ + yyerror("EOF inside include_toplevel directive"); + BEGIN(inc_prev); +} + YY_BREAK +case 332: +YY_RULE_SETUP +#line 632 "./util/configlexer.lex" +{ LEXOUT(("ITSP ")); /* ignore */ } + YY_BREAK +case 333: +/* rule 333 can match eol */ +YY_RULE_SETUP +#line 633 "./util/configlexer.lex" +{ LEXOUT(("NL\n")); cfg_parser->line++; } + YY_BREAK +case 334: +YY_RULE_SETUP +#line 634 "./util/configlexer.lex" +{ LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } + YY_BREAK +case 335: +YY_RULE_SETUP +#line 635 "./util/configlexer.lex" +{ + LEXOUT(("ITunquotedstr(%s) ", yytext)); + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} + YY_BREAK +case YY_STATE_EOF(include_toplevel_quoted): +#line 641 "./util/configlexer.lex" +{ + yyerror("EOF inside quoted string"); + BEGIN(inc_prev); +} + YY_BREAK +case 336: +YY_RULE_SETUP +#line 645 "./util/configlexer.lex" +{ LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } + YY_BREAK +case 337: +/* rule 337 can match eol */ +YY_RULE_SETUP +#line 646 "./util/configlexer.lex" +{ + yyerror("newline before \" in include name"); + cfg_parser->line++; BEGIN(inc_prev); +} + YY_BREAK +case 338: +YY_RULE_SETUP +#line 650 "./util/configlexer.lex" +{ + LEXOUT(("ITQE ")); + yytext[yyleng - 1] = '\0'; + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} + YY_BREAK +case 339: +YY_RULE_SETUP +#line 658 "./util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 313: +case 340: YY_RULE_SETUP -#line 600 "./util/configlexer.lex" +#line 662 "./util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 314: +case 341: YY_RULE_SETUP -#line 604 "./util/configlexer.lex" +#line 666 "./util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 315: +case 342: YY_RULE_SETUP -#line 608 "./util/configlexer.lex" +#line 670 "./util/configlexer.lex" ECHO; YY_BREAK -#line 4969 "" +#line 5321 "" case YY_END_OF_BUFFER: { @@ -5262,7 +5614,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3109 ) + if ( yy_current_state >= 3341 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -5290,11 +5642,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3109 ) + if ( yy_current_state >= 3341 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 3108); + yy_is_jam = (yy_current_state == 3340); return yy_is_jam ? 0 : yy_current_state; } @@ -5933,6 +6285,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 608 "./util/configlexer.lex" +#line 670 "./util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index 66c2fd578..75d2d88b7 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -45,11 +45,13 @@ struct inc_state { int line; YY_BUFFER_STATE buffer; struct inc_state* next; + int inc_toplevel; }; static struct inc_state* config_include_stack = NULL; static int inc_depth = 0; static int inc_prev = 0; static int num_args = 0; +static int inc_toplevel = 0; void init_cfg_parse(void) { @@ -57,14 +59,15 @@ void init_cfg_parse(void) inc_depth = 0; inc_prev = 0; num_args = 0; + inc_toplevel = 0; } -static void config_start_include(const char* filename) +static void config_start_include(const char* filename, int toplevel) { FILE *input; struct inc_state* s; char* nm; - if(inc_depth++ > 100000) { + if(inc_depth+1 > 100000) { ub_c_error_msg("too many include files"); return; } @@ -96,17 +99,20 @@ static void config_start_include(const char* filename) return; } LEXOUT(("switch_to_include_file(%s)\n", filename)); + inc_depth++; s->filename = cfg_parser->filename; s->line = cfg_parser->line; s->buffer = YY_CURRENT_BUFFER; + s->inc_toplevel = inc_toplevel; s->next = config_include_stack; config_include_stack = s; cfg_parser->filename = nm; cfg_parser->line = 1; + inc_toplevel = toplevel; yy_switch_to_buffer(yy_create_buffer(input, YY_BUF_SIZE)); } -static void config_start_include_glob(const char* filename) +static void config_start_include_glob(const char* filename, int toplevel) { /* check for wildcards */ @@ -139,19 +145,19 @@ static void config_start_include_glob(const char* filename) globfree(&g); if(r == GLOB_NOMATCH) return; /* no matches for pattern */ - config_start_include(filename); /* let original deal with it */ + config_start_include(filename, toplevel); /* let original deal with it */ return; } /* process files found, if any */ for(i=(int)g.gl_pathc-1; i>=0; i--) { - config_start_include(g.gl_pathv[i]); + config_start_include(g.gl_pathv[i], toplevel); } globfree(&g); return; } #endif /* HAVE_GLOB */ - config_start_include(filename); + config_start_include(filename, toplevel); } static void config_end_include(void) @@ -165,6 +171,7 @@ static void config_end_include(void) yy_delete_buffer(YY_CURRENT_BUFFER); yy_switch_to_buffer(s->buffer); config_include_stack = s->next; + inc_toplevel = s->inc_toplevel; free(s); } @@ -199,7 +206,7 @@ COLON \: DQANY [^\"\n\r\\]|\\. SQANY [^\'\n\r\\]|\\. -%x quotedstring singlequotedstr include include_quoted val +%x quotedstring singlequotedstr include include_quoted val include_toplevel include_toplevel_quoted %% {SPACE}* { @@ -248,6 +255,14 @@ tls-additional-port{COLON} { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } tls-session-ticket-keys{COLON} { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } tls-ciphers{COLON} { YDVAR(1, VAR_TLS_CIPHERS) } tls-ciphersuites{COLON} { YDVAR(1, VAR_TLS_CIPHERSUITES) } +tls-use-sni{COLON} { YDVAR(1, VAR_TLS_USE_SNI) } +https-port{COLON} { YDVAR(1, VAR_HTTPS_PORT) } +http-endpoint{COLON} { YDVAR(1, VAR_HTTP_ENDPOINT) } +http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) } +http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } +http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } +http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) } +http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } interface{COLON} { YDVAR(1, VAR_INTERFACE) } @@ -282,9 +297,11 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) } num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } +udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) } target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } @@ -295,6 +312,7 @@ harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } +caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } @@ -326,6 +344,7 @@ rpz-log{COLON} { YDVAR(1, VAR_RPZ_LOG) } rpz-log-name{COLON} { YDVAR(1, VAR_RPZ_LOG_NAME) } zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) } master{COLON} { YDVAR(1, VAR_MASTER) } +primary{COLON} { YDVAR(1, VAR_MASTER) } url{COLON} { YDVAR(1, VAR_URL) } allow-notify{COLON} { YDVAR(1, VAR_ALLOW_NOTIFY) } for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) } @@ -414,6 +433,8 @@ control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) } control-cert-file{COLON} { YDVAR(1, VAR_CONTROL_CERT_FILE) } python-script{COLON} { YDVAR(1, VAR_PYTHON_SCRIPT) } python{COLON} { YDVAR(0, VAR_PYTHON) } +dynlib-file{COLON} { YDVAR(1, VAR_DYNLIB_FILE) } +dynlib{COLON} { YDVAR(0, VAR_DYNLIB) } domain-insecure{COLON} { YDVAR(1, VAR_DOMAIN_INSECURE) } minimal-responses{COLON} { YDVAR(1, VAR_MINIMAL_RESPONSES) } rrset-roundrobin{COLON} { YDVAR(1, VAR_RRSET_ROUNDROBIN) } @@ -431,6 +452,7 @@ access-control-view{COLON} { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } local-zone-override{COLON} { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } dnstap{COLON} { YDVAR(0, VAR_DNSTAP) } dnstap-enable{COLON} { YDVAR(1, VAR_DNSTAP_ENABLE) } +dnstap-bidirectional{COLON} { YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } dnstap-socket-path{COLON} { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } dnstap-ip{COLON} { YDVAR(1, VAR_DNSTAP_IP) } dnstap-tls{COLON} { YDVAR(1, VAR_DNSTAP_TLS) } @@ -497,6 +519,7 @@ ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } +ipsecmod-allow{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) } cachedb{COLON} { YDVAR(0, VAR_CACHEDB) } backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } @@ -510,6 +533,9 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } +edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +nsid{COLON} { YDVAR(1, VAR_NSID ) } {NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ @@ -566,7 +592,7 @@ tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } \" { LEXOUT(("IQS ")); BEGIN(include_quoted); } {UNQUOTEDLETTER}* { LEXOUT(("Iunquotedstr(%s) ", yytext)); - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } <> { @@ -579,7 +605,7 @@ tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } \" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; - config_start_include_glob(yytext); + config_start_include_glob(yytext, 0); BEGIN(inc_prev); } <> { @@ -588,11 +614,47 @@ tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } if (!config_include_stack) { yyterminate(); } else { + int prev_toplevel = inc_toplevel; fclose(yyin); config_end_include(); + if(prev_toplevel) return (VAR_FORCE_TOPLEVEL); } } + /* include-toplevel: directive */ +include-toplevel{COLON} { + LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); +} +<> { + yyerror("EOF inside include_toplevel directive"); + BEGIN(inc_prev); +} +{SPACE}* { LEXOUT(("ITSP ")); /* ignore */ } +{NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } +\" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } +{UNQUOTEDLETTER}* { + LEXOUT(("ITunquotedstr(%s) ", yytext)); + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} +<> { + yyerror("EOF inside quoted string"); + BEGIN(inc_prev); +} +{DQANY}* { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } +{NEWLINE} { + yyerror("newline before \" in include name"); + cfg_parser->line++; BEGIN(inc_prev); +} +\" { + LEXOUT(("ITQE ")); + yytext[yyleng - 1] = '\0'; + config_start_include_glob(yytext, 1); + BEGIN(inc_prev); + return (VAR_FORCE_TOPLEVEL); +} + {UNQUOTEDLETTER}* { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } diff --git a/util/configparser.c b/util/configparser.c index 367c99dc5..8c81eaf3d 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -1,23 +1,74 @@ -/* original parser id follows */ -/* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ -/* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ +/* A Bison parser, made by GNU Bison 3.7. */ -#define YYBYACC 1 -#define YYMAJOR 1 -#define YYMINOR 9 -#define YYPATCH 20140715 +/* Bison implementation for Yacc-like parsers in C -#define YYEMPTY (-1) -#define yyclearin (yychar = YYEMPTY) -#define yyerrok (yyerrflag = 0) -#define YYRECOVERING() (yyerrflag != 0) -#define YYENOMEM (-2) -#define YYEOF 0 -#define YYPREFIX "yy" + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +/* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ + +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Bison version. */ +#define YYBISON_VERSION "3.7" + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" + +/* Pure parsers. */ #define YYPURE 0 -#line 39 "./util/configparser.y" +/* Push parsers. */ +#define YYPUSH 0 + +/* Pull parsers. */ +#define YYPULL 1 + + + + +/* First part of user prologue. */ +#line 38 "./util/configparser.y" + #include "config.h" #include @@ -44,1756 +95,6760 @@ extern struct config_parser_state* cfg_parser; #define OUTYY(s) #endif -#line 66 "./util/configparser.y" -#ifdef YYSTYPE -#undef YYSTYPE_IS_DECLARED -#define YYSTYPE_IS_DECLARED 1 -#endif -#ifndef YYSTYPE_IS_DECLARED -#define YYSTYPE_IS_DECLARED 1 -typedef union { - char* str; -} YYSTYPE; -#endif /* !YYSTYPE_IS_DECLARED */ -#line 59 "util/configparser.c" -/* compatibility with bison */ -#ifdef YYPARSE_PARAM -/* compatibility with FreeBSD */ -# ifdef YYPARSE_PARAM_TYPE -# define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) -# else -# define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) +#line 100 "util/configparser.c" + +# ifndef YY_CAST +# ifdef __cplusplus +# define YY_CAST(Type, Val) static_cast (Val) +# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) +# else +# define YY_CAST(Type, Val) ((Type) (Val)) +# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) +# endif # endif +# ifndef YY_NULLPTR +# if defined __cplusplus +# if 201103L <= __cplusplus +# define YY_NULLPTR nullptr +# else +# define YY_NULLPTR 0 +# endif +# else +# define YY_NULLPTR ((void*)0) +# endif +# endif + +#include "configparser.h" +/* Symbol kind. */ +enum yysymbol_kind_t +{ + YYSYMBOL_YYEMPTY = -2, + YYSYMBOL_YYEOF = 0, /* "end of file" */ + YYSYMBOL_YYerror = 1, /* error */ + YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ + YYSYMBOL_SPACE = 3, /* SPACE */ + YYSYMBOL_LETTER = 4, /* LETTER */ + YYSYMBOL_NEWLINE = 5, /* NEWLINE */ + YYSYMBOL_COMMENT = 6, /* COMMENT */ + YYSYMBOL_COLON = 7, /* COLON */ + YYSYMBOL_ANY = 8, /* ANY */ + YYSYMBOL_ZONESTR = 9, /* ZONESTR */ + YYSYMBOL_STRING_ARG = 10, /* STRING_ARG */ + YYSYMBOL_VAR_FORCE_TOPLEVEL = 11, /* VAR_FORCE_TOPLEVEL */ + YYSYMBOL_VAR_SERVER = 12, /* VAR_SERVER */ + YYSYMBOL_VAR_VERBOSITY = 13, /* VAR_VERBOSITY */ + YYSYMBOL_VAR_NUM_THREADS = 14, /* VAR_NUM_THREADS */ + YYSYMBOL_VAR_PORT = 15, /* VAR_PORT */ + YYSYMBOL_VAR_OUTGOING_RANGE = 16, /* VAR_OUTGOING_RANGE */ + YYSYMBOL_VAR_INTERFACE = 17, /* VAR_INTERFACE */ + YYSYMBOL_VAR_PREFER_IP4 = 18, /* VAR_PREFER_IP4 */ + YYSYMBOL_VAR_DO_IP4 = 19, /* VAR_DO_IP4 */ + YYSYMBOL_VAR_DO_IP6 = 20, /* VAR_DO_IP6 */ + YYSYMBOL_VAR_PREFER_IP6 = 21, /* VAR_PREFER_IP6 */ + YYSYMBOL_VAR_DO_UDP = 22, /* VAR_DO_UDP */ + YYSYMBOL_VAR_DO_TCP = 23, /* VAR_DO_TCP */ + YYSYMBOL_VAR_TCP_MSS = 24, /* VAR_TCP_MSS */ + YYSYMBOL_VAR_OUTGOING_TCP_MSS = 25, /* VAR_OUTGOING_TCP_MSS */ + YYSYMBOL_VAR_TCP_IDLE_TIMEOUT = 26, /* VAR_TCP_IDLE_TIMEOUT */ + YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE = 27, /* VAR_EDNS_TCP_KEEPALIVE */ + YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 28, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + YYSYMBOL_VAR_CHROOT = 29, /* VAR_CHROOT */ + YYSYMBOL_VAR_USERNAME = 30, /* VAR_USERNAME */ + YYSYMBOL_VAR_DIRECTORY = 31, /* VAR_DIRECTORY */ + YYSYMBOL_VAR_LOGFILE = 32, /* VAR_LOGFILE */ + YYSYMBOL_VAR_PIDFILE = 33, /* VAR_PIDFILE */ + YYSYMBOL_VAR_MSG_CACHE_SIZE = 34, /* VAR_MSG_CACHE_SIZE */ + YYSYMBOL_VAR_MSG_CACHE_SLABS = 35, /* VAR_MSG_CACHE_SLABS */ + YYSYMBOL_VAR_NUM_QUERIES_PER_THREAD = 36, /* VAR_NUM_QUERIES_PER_THREAD */ + YYSYMBOL_VAR_RRSET_CACHE_SIZE = 37, /* VAR_RRSET_CACHE_SIZE */ + YYSYMBOL_VAR_RRSET_CACHE_SLABS = 38, /* VAR_RRSET_CACHE_SLABS */ + YYSYMBOL_VAR_OUTGOING_NUM_TCP = 39, /* VAR_OUTGOING_NUM_TCP */ + YYSYMBOL_VAR_INFRA_HOST_TTL = 40, /* VAR_INFRA_HOST_TTL */ + YYSYMBOL_VAR_INFRA_LAME_TTL = 41, /* VAR_INFRA_LAME_TTL */ + YYSYMBOL_VAR_INFRA_CACHE_SLABS = 42, /* VAR_INFRA_CACHE_SLABS */ + YYSYMBOL_VAR_INFRA_CACHE_NUMHOSTS = 43, /* VAR_INFRA_CACHE_NUMHOSTS */ + YYSYMBOL_VAR_INFRA_CACHE_LAME_SIZE = 44, /* VAR_INFRA_CACHE_LAME_SIZE */ + YYSYMBOL_VAR_NAME = 45, /* VAR_NAME */ + YYSYMBOL_VAR_STUB_ZONE = 46, /* VAR_STUB_ZONE */ + YYSYMBOL_VAR_STUB_HOST = 47, /* VAR_STUB_HOST */ + YYSYMBOL_VAR_STUB_ADDR = 48, /* VAR_STUB_ADDR */ + YYSYMBOL_VAR_TARGET_FETCH_POLICY = 49, /* VAR_TARGET_FETCH_POLICY */ + YYSYMBOL_VAR_HARDEN_SHORT_BUFSIZE = 50, /* VAR_HARDEN_SHORT_BUFSIZE */ + YYSYMBOL_VAR_HARDEN_LARGE_QUERIES = 51, /* VAR_HARDEN_LARGE_QUERIES */ + YYSYMBOL_VAR_FORWARD_ZONE = 52, /* VAR_FORWARD_ZONE */ + YYSYMBOL_VAR_FORWARD_HOST = 53, /* VAR_FORWARD_HOST */ + YYSYMBOL_VAR_FORWARD_ADDR = 54, /* VAR_FORWARD_ADDR */ + YYSYMBOL_VAR_DO_NOT_QUERY_ADDRESS = 55, /* VAR_DO_NOT_QUERY_ADDRESS */ + YYSYMBOL_VAR_HIDE_IDENTITY = 56, /* VAR_HIDE_IDENTITY */ + YYSYMBOL_VAR_HIDE_VERSION = 57, /* VAR_HIDE_VERSION */ + YYSYMBOL_VAR_IDENTITY = 58, /* VAR_IDENTITY */ + YYSYMBOL_VAR_VERSION = 59, /* VAR_VERSION */ + YYSYMBOL_VAR_HARDEN_GLUE = 60, /* VAR_HARDEN_GLUE */ + YYSYMBOL_VAR_MODULE_CONF = 61, /* VAR_MODULE_CONF */ + YYSYMBOL_VAR_TRUST_ANCHOR_FILE = 62, /* VAR_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_TRUST_ANCHOR = 63, /* VAR_TRUST_ANCHOR */ + YYSYMBOL_VAR_VAL_OVERRIDE_DATE = 64, /* VAR_VAL_OVERRIDE_DATE */ + YYSYMBOL_VAR_BOGUS_TTL = 65, /* VAR_BOGUS_TTL */ + YYSYMBOL_VAR_VAL_CLEAN_ADDITIONAL = 66, /* VAR_VAL_CLEAN_ADDITIONAL */ + YYSYMBOL_VAR_VAL_PERMISSIVE_MODE = 67, /* VAR_VAL_PERMISSIVE_MODE */ + YYSYMBOL_VAR_INCOMING_NUM_TCP = 68, /* VAR_INCOMING_NUM_TCP */ + YYSYMBOL_VAR_MSG_BUFFER_SIZE = 69, /* VAR_MSG_BUFFER_SIZE */ + YYSYMBOL_VAR_KEY_CACHE_SIZE = 70, /* VAR_KEY_CACHE_SIZE */ + YYSYMBOL_VAR_KEY_CACHE_SLABS = 71, /* VAR_KEY_CACHE_SLABS */ + YYSYMBOL_VAR_TRUSTED_KEYS_FILE = 72, /* VAR_TRUSTED_KEYS_FILE */ + YYSYMBOL_VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 73, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + YYSYMBOL_VAR_USE_SYSLOG = 74, /* VAR_USE_SYSLOG */ + YYSYMBOL_VAR_OUTGOING_INTERFACE = 75, /* VAR_OUTGOING_INTERFACE */ + YYSYMBOL_VAR_ROOT_HINTS = 76, /* VAR_ROOT_HINTS */ + YYSYMBOL_VAR_DO_NOT_QUERY_LOCALHOST = 77, /* VAR_DO_NOT_QUERY_LOCALHOST */ + YYSYMBOL_VAR_CACHE_MAX_TTL = 78, /* VAR_CACHE_MAX_TTL */ + YYSYMBOL_VAR_HARDEN_DNSSEC_STRIPPED = 79, /* VAR_HARDEN_DNSSEC_STRIPPED */ + YYSYMBOL_VAR_ACCESS_CONTROL = 80, /* VAR_ACCESS_CONTROL */ + YYSYMBOL_VAR_LOCAL_ZONE = 81, /* VAR_LOCAL_ZONE */ + YYSYMBOL_VAR_LOCAL_DATA = 82, /* VAR_LOCAL_DATA */ + YYSYMBOL_VAR_INTERFACE_AUTOMATIC = 83, /* VAR_INTERFACE_AUTOMATIC */ + YYSYMBOL_VAR_STATISTICS_INTERVAL = 84, /* VAR_STATISTICS_INTERVAL */ + YYSYMBOL_VAR_DO_DAEMONIZE = 85, /* VAR_DO_DAEMONIZE */ + YYSYMBOL_VAR_USE_CAPS_FOR_ID = 86, /* VAR_USE_CAPS_FOR_ID */ + YYSYMBOL_VAR_STATISTICS_CUMULATIVE = 87, /* VAR_STATISTICS_CUMULATIVE */ + YYSYMBOL_VAR_OUTGOING_PORT_PERMIT = 88, /* VAR_OUTGOING_PORT_PERMIT */ + YYSYMBOL_VAR_OUTGOING_PORT_AVOID = 89, /* VAR_OUTGOING_PORT_AVOID */ + YYSYMBOL_VAR_DLV_ANCHOR_FILE = 90, /* VAR_DLV_ANCHOR_FILE */ + YYSYMBOL_VAR_DLV_ANCHOR = 91, /* VAR_DLV_ANCHOR */ + YYSYMBOL_VAR_NEG_CACHE_SIZE = 92, /* VAR_NEG_CACHE_SIZE */ + YYSYMBOL_VAR_HARDEN_REFERRAL_PATH = 93, /* VAR_HARDEN_REFERRAL_PATH */ + YYSYMBOL_VAR_PRIVATE_ADDRESS = 94, /* VAR_PRIVATE_ADDRESS */ + YYSYMBOL_VAR_PRIVATE_DOMAIN = 95, /* VAR_PRIVATE_DOMAIN */ + YYSYMBOL_VAR_REMOTE_CONTROL = 96, /* VAR_REMOTE_CONTROL */ + YYSYMBOL_VAR_CONTROL_ENABLE = 97, /* VAR_CONTROL_ENABLE */ + YYSYMBOL_VAR_CONTROL_INTERFACE = 98, /* VAR_CONTROL_INTERFACE */ + YYSYMBOL_VAR_CONTROL_PORT = 99, /* VAR_CONTROL_PORT */ + YYSYMBOL_VAR_SERVER_KEY_FILE = 100, /* VAR_SERVER_KEY_FILE */ + YYSYMBOL_VAR_SERVER_CERT_FILE = 101, /* VAR_SERVER_CERT_FILE */ + YYSYMBOL_VAR_CONTROL_KEY_FILE = 102, /* VAR_CONTROL_KEY_FILE */ + YYSYMBOL_VAR_CONTROL_CERT_FILE = 103, /* VAR_CONTROL_CERT_FILE */ + YYSYMBOL_VAR_CONTROL_USE_CERT = 104, /* VAR_CONTROL_USE_CERT */ + YYSYMBOL_VAR_EXTENDED_STATISTICS = 105, /* VAR_EXTENDED_STATISTICS */ + YYSYMBOL_VAR_LOCAL_DATA_PTR = 106, /* VAR_LOCAL_DATA_PTR */ + YYSYMBOL_VAR_JOSTLE_TIMEOUT = 107, /* VAR_JOSTLE_TIMEOUT */ + YYSYMBOL_VAR_STUB_PRIME = 108, /* VAR_STUB_PRIME */ + YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 109, /* VAR_UNWANTED_REPLY_THRESHOLD */ + YYSYMBOL_VAR_LOG_TIME_ASCII = 110, /* VAR_LOG_TIME_ASCII */ + YYSYMBOL_VAR_DOMAIN_INSECURE = 111, /* VAR_DOMAIN_INSECURE */ + YYSYMBOL_VAR_PYTHON = 112, /* VAR_PYTHON */ + YYSYMBOL_VAR_PYTHON_SCRIPT = 113, /* VAR_PYTHON_SCRIPT */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 114, /* VAR_VAL_SIG_SKEW_MIN */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 115, /* VAR_VAL_SIG_SKEW_MAX */ + YYSYMBOL_VAR_CACHE_MIN_TTL = 116, /* VAR_CACHE_MIN_TTL */ + YYSYMBOL_VAR_VAL_LOG_LEVEL = 117, /* VAR_VAL_LOG_LEVEL */ + YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 118, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_KEEP_MISSING = 119, /* VAR_KEEP_MISSING */ + YYSYMBOL_VAR_ADD_HOLDDOWN = 120, /* VAR_ADD_HOLDDOWN */ + YYSYMBOL_VAR_DEL_HOLDDOWN = 121, /* VAR_DEL_HOLDDOWN */ + YYSYMBOL_VAR_SO_RCVBUF = 122, /* VAR_SO_RCVBUF */ + YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 123, /* VAR_EDNS_BUFFER_SIZE */ + YYSYMBOL_VAR_PREFETCH = 124, /* VAR_PREFETCH */ + YYSYMBOL_VAR_PREFETCH_KEY = 125, /* VAR_PREFETCH_KEY */ + YYSYMBOL_VAR_SO_SNDBUF = 126, /* VAR_SO_SNDBUF */ + YYSYMBOL_VAR_SO_REUSEPORT = 127, /* VAR_SO_REUSEPORT */ + YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 128, /* VAR_HARDEN_BELOW_NXDOMAIN */ + YYSYMBOL_VAR_IGNORE_CD_FLAG = 129, /* VAR_IGNORE_CD_FLAG */ + YYSYMBOL_VAR_LOG_QUERIES = 130, /* VAR_LOG_QUERIES */ + YYSYMBOL_VAR_LOG_REPLIES = 131, /* VAR_LOG_REPLIES */ + YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 132, /* VAR_LOG_LOCAL_ACTIONS */ + YYSYMBOL_VAR_TCP_UPSTREAM = 133, /* VAR_TCP_UPSTREAM */ + YYSYMBOL_VAR_SSL_UPSTREAM = 134, /* VAR_SSL_UPSTREAM */ + YYSYMBOL_VAR_SSL_SERVICE_KEY = 135, /* VAR_SSL_SERVICE_KEY */ + YYSYMBOL_VAR_SSL_SERVICE_PEM = 136, /* VAR_SSL_SERVICE_PEM */ + YYSYMBOL_VAR_SSL_PORT = 137, /* VAR_SSL_PORT */ + YYSYMBOL_VAR_FORWARD_FIRST = 138, /* VAR_FORWARD_FIRST */ + YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 139, /* VAR_STUB_SSL_UPSTREAM */ + YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 140, /* VAR_FORWARD_SSL_UPSTREAM */ + YYSYMBOL_VAR_TLS_CERT_BUNDLE = 141, /* VAR_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_HTTPS_PORT = 142, /* VAR_HTTPS_PORT */ + YYSYMBOL_VAR_HTTP_ENDPOINT = 143, /* VAR_HTTP_ENDPOINT */ + YYSYMBOL_VAR_HTTP_MAX_STREAMS = 144, /* VAR_HTTP_MAX_STREAMS */ + YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 145, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 146, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_NODELAY = 147, /* VAR_HTTP_NODELAY */ + YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 148, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + YYSYMBOL_VAR_STUB_FIRST = 149, /* VAR_STUB_FIRST */ + YYSYMBOL_VAR_MINIMAL_RESPONSES = 150, /* VAR_MINIMAL_RESPONSES */ + YYSYMBOL_VAR_RRSET_ROUNDROBIN = 151, /* VAR_RRSET_ROUNDROBIN */ + YYSYMBOL_VAR_MAX_UDP_SIZE = 152, /* VAR_MAX_UDP_SIZE */ + YYSYMBOL_VAR_DELAY_CLOSE = 153, /* VAR_DELAY_CLOSE */ + YYSYMBOL_VAR_UDP_CONNECT = 154, /* VAR_UDP_CONNECT */ + YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 155, /* VAR_UNBLOCK_LAN_ZONES */ + YYSYMBOL_VAR_INSECURE_LAN_ZONES = 156, /* VAR_INSECURE_LAN_ZONES */ + YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 157, /* VAR_INFRA_CACHE_MIN_RTT */ + YYSYMBOL_VAR_INFRA_KEEP_PROBING = 158, /* VAR_INFRA_KEEP_PROBING */ + YYSYMBOL_VAR_DNS64_PREFIX = 159, /* VAR_DNS64_PREFIX */ + YYSYMBOL_VAR_DNS64_SYNTHALL = 160, /* VAR_DNS64_SYNTHALL */ + YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 161, /* VAR_DNS64_IGNORE_AAAA */ + YYSYMBOL_VAR_DNSTAP = 162, /* VAR_DNSTAP */ + YYSYMBOL_VAR_DNSTAP_ENABLE = 163, /* VAR_DNSTAP_ENABLE */ + YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 164, /* VAR_DNSTAP_SOCKET_PATH */ + YYSYMBOL_VAR_DNSTAP_IP = 165, /* VAR_DNSTAP_IP */ + YYSYMBOL_VAR_DNSTAP_TLS = 166, /* VAR_DNSTAP_TLS */ + YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 167, /* VAR_DNSTAP_TLS_SERVER_NAME */ + YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 168, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 169, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 170, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 171, /* VAR_DNSTAP_SEND_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 172, /* VAR_DNSTAP_SEND_VERSION */ + YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 173, /* VAR_DNSTAP_BIDIRECTIONAL */ + YYSYMBOL_VAR_DNSTAP_IDENTITY = 174, /* VAR_DNSTAP_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_VERSION = 175, /* VAR_DNSTAP_VERSION */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 176, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 177, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 178, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 179, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 180, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 181, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_RESPONSE_IP_TAG = 182, /* VAR_RESPONSE_IP_TAG */ + YYSYMBOL_VAR_RESPONSE_IP = 183, /* VAR_RESPONSE_IP */ + YYSYMBOL_VAR_RESPONSE_IP_DATA = 184, /* VAR_RESPONSE_IP_DATA */ + YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 185, /* VAR_HARDEN_ALGO_DOWNGRADE */ + YYSYMBOL_VAR_IP_TRANSPARENT = 186, /* VAR_IP_TRANSPARENT */ + YYSYMBOL_VAR_IP_DSCP = 187, /* VAR_IP_DSCP */ + YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 188, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + YYSYMBOL_VAR_IP_RATELIMIT = 189, /* VAR_IP_RATELIMIT */ + YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 190, /* VAR_IP_RATELIMIT_SLABS */ + YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 191, /* VAR_IP_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT = 192, /* VAR_RATELIMIT */ + YYSYMBOL_VAR_RATELIMIT_SLABS = 193, /* VAR_RATELIMIT_SLABS */ + YYSYMBOL_VAR_RATELIMIT_SIZE = 194, /* VAR_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 195, /* VAR_RATELIMIT_FOR_DOMAIN */ + YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 196, /* VAR_RATELIMIT_BELOW_DOMAIN */ + YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 197, /* VAR_IP_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_RATELIMIT_FACTOR = 198, /* VAR_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 199, /* VAR_SEND_CLIENT_SUBNET */ + YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 200, /* VAR_CLIENT_SUBNET_ZONE */ + YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 201, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 202, /* VAR_CLIENT_SUBNET_OPCODE */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 203, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 204, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 205, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 206, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 207, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 208, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + YYSYMBOL_VAR_CAPS_WHITELIST = 209, /* VAR_CAPS_WHITELIST */ + YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 210, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 211, /* VAR_PERMIT_SMALL_HOLDDOWN */ + YYSYMBOL_VAR_QNAME_MINIMISATION = 212, /* VAR_QNAME_MINIMISATION */ + YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 213, /* VAR_QNAME_MINIMISATION_STRICT */ + YYSYMBOL_VAR_IP_FREEBIND = 214, /* VAR_IP_FREEBIND */ + YYSYMBOL_VAR_DEFINE_TAG = 215, /* VAR_DEFINE_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_TAG = 216, /* VAR_LOCAL_ZONE_TAG */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 217, /* VAR_ACCESS_CONTROL_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 218, /* VAR_LOCAL_ZONE_OVERRIDE */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 219, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 220, /* VAR_ACCESS_CONTROL_TAG_DATA */ + YYSYMBOL_VAR_VIEW = 221, /* VAR_VIEW */ + YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 222, /* VAR_ACCESS_CONTROL_VIEW */ + YYSYMBOL_VAR_VIEW_FIRST = 223, /* VAR_VIEW_FIRST */ + YYSYMBOL_VAR_SERVE_EXPIRED = 224, /* VAR_SERVE_EXPIRED */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 225, /* VAR_SERVE_EXPIRED_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 226, /* VAR_SERVE_EXPIRED_TTL_RESET */ + YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 227, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 228, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + YYSYMBOL_VAR_FAKE_DSA = 229, /* VAR_FAKE_DSA */ + YYSYMBOL_VAR_FAKE_SHA1 = 230, /* VAR_FAKE_SHA1 */ + YYSYMBOL_VAR_LOG_IDENTITY = 231, /* VAR_LOG_IDENTITY */ + YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 232, /* VAR_HIDE_TRUSTANCHOR */ + YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 233, /* VAR_TRUST_ANCHOR_SIGNALING */ + YYSYMBOL_VAR_AGGRESSIVE_NSEC = 234, /* VAR_AGGRESSIVE_NSEC */ + YYSYMBOL_VAR_USE_SYSTEMD = 235, /* VAR_USE_SYSTEMD */ + YYSYMBOL_VAR_SHM_ENABLE = 236, /* VAR_SHM_ENABLE */ + YYSYMBOL_VAR_SHM_KEY = 237, /* VAR_SHM_KEY */ + YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 238, /* VAR_ROOT_KEY_SENTINEL */ + YYSYMBOL_VAR_DNSCRYPT = 239, /* VAR_DNSCRYPT */ + YYSYMBOL_VAR_DNSCRYPT_ENABLE = 240, /* VAR_DNSCRYPT_ENABLE */ + YYSYMBOL_VAR_DNSCRYPT_PORT = 241, /* VAR_DNSCRYPT_PORT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 242, /* VAR_DNSCRYPT_PROVIDER */ + YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 243, /* VAR_DNSCRYPT_SECRET_KEY */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 244, /* VAR_DNSCRYPT_PROVIDER_CERT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 245, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 246, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 247, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 248, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 249, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + YYSYMBOL_VAR_PAD_RESPONSES = 250, /* VAR_PAD_RESPONSES */ + YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 251, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + YYSYMBOL_VAR_PAD_QUERIES = 252, /* VAR_PAD_QUERIES */ + YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 253, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + YYSYMBOL_VAR_IPSECMOD_ENABLED = 254, /* VAR_IPSECMOD_ENABLED */ + YYSYMBOL_VAR_IPSECMOD_HOOK = 255, /* VAR_IPSECMOD_HOOK */ + YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 256, /* VAR_IPSECMOD_IGNORE_BOGUS */ + YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 257, /* VAR_IPSECMOD_MAX_TTL */ + YYSYMBOL_VAR_IPSECMOD_WHITELIST = 258, /* VAR_IPSECMOD_WHITELIST */ + YYSYMBOL_VAR_IPSECMOD_STRICT = 259, /* VAR_IPSECMOD_STRICT */ + YYSYMBOL_VAR_CACHEDB = 260, /* VAR_CACHEDB */ + YYSYMBOL_VAR_CACHEDB_BACKEND = 261, /* VAR_CACHEDB_BACKEND */ + YYSYMBOL_VAR_CACHEDB_SECRETSEED = 262, /* VAR_CACHEDB_SECRETSEED */ + YYSYMBOL_VAR_CACHEDB_REDISHOST = 263, /* VAR_CACHEDB_REDISHOST */ + YYSYMBOL_VAR_CACHEDB_REDISPORT = 264, /* VAR_CACHEDB_REDISPORT */ + YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 265, /* VAR_CACHEDB_REDISTIMEOUT */ + YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 266, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 267, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + YYSYMBOL_VAR_FOR_UPSTREAM = 268, /* VAR_FOR_UPSTREAM */ + YYSYMBOL_VAR_AUTH_ZONE = 269, /* VAR_AUTH_ZONE */ + YYSYMBOL_VAR_ZONEFILE = 270, /* VAR_ZONEFILE */ + YYSYMBOL_VAR_MASTER = 271, /* VAR_MASTER */ + YYSYMBOL_VAR_URL = 272, /* VAR_URL */ + YYSYMBOL_VAR_FOR_DOWNSTREAM = 273, /* VAR_FOR_DOWNSTREAM */ + YYSYMBOL_VAR_FALLBACK_ENABLED = 274, /* VAR_FALLBACK_ENABLED */ + YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 275, /* VAR_TLS_ADDITIONAL_PORT */ + YYSYMBOL_VAR_LOW_RTT = 276, /* VAR_LOW_RTT */ + YYSYMBOL_VAR_LOW_RTT_PERMIL = 277, /* VAR_LOW_RTT_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_PERMIL = 278, /* VAR_FAST_SERVER_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_NUM = 279, /* VAR_FAST_SERVER_NUM */ + YYSYMBOL_VAR_ALLOW_NOTIFY = 280, /* VAR_ALLOW_NOTIFY */ + YYSYMBOL_VAR_TLS_WIN_CERT = 281, /* VAR_TLS_WIN_CERT */ + YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 282, /* VAR_TCP_CONNECTION_LIMIT */ + YYSYMBOL_VAR_FORWARD_NO_CACHE = 283, /* VAR_FORWARD_NO_CACHE */ + YYSYMBOL_VAR_STUB_NO_CACHE = 284, /* VAR_STUB_NO_CACHE */ + YYSYMBOL_VAR_LOG_SERVFAIL = 285, /* VAR_LOG_SERVFAIL */ + YYSYMBOL_VAR_DENY_ANY = 286, /* VAR_DENY_ANY */ + YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 287, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 288, /* VAR_LOG_TAG_QUERYREPLY */ + YYSYMBOL_VAR_STREAM_WAIT_SIZE = 289, /* VAR_STREAM_WAIT_SIZE */ + YYSYMBOL_VAR_TLS_CIPHERS = 290, /* VAR_TLS_CIPHERS */ + YYSYMBOL_VAR_TLS_CIPHERSUITES = 291, /* VAR_TLS_CIPHERSUITES */ + YYSYMBOL_VAR_TLS_USE_SNI = 292, /* VAR_TLS_USE_SNI */ + YYSYMBOL_VAR_IPSET = 293, /* VAR_IPSET */ + YYSYMBOL_VAR_IPSET_NAME_V4 = 294, /* VAR_IPSET_NAME_V4 */ + YYSYMBOL_VAR_IPSET_NAME_V6 = 295, /* VAR_IPSET_NAME_V6 */ + YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 296, /* VAR_TLS_SESSION_TICKET_KEYS */ + YYSYMBOL_VAR_RPZ = 297, /* VAR_RPZ */ + YYSYMBOL_VAR_TAGS = 298, /* VAR_TAGS */ + YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 299, /* VAR_RPZ_ACTION_OVERRIDE */ + YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 300, /* VAR_RPZ_CNAME_OVERRIDE */ + YYSYMBOL_VAR_RPZ_LOG = 301, /* VAR_RPZ_LOG */ + YYSYMBOL_VAR_RPZ_LOG_NAME = 302, /* VAR_RPZ_LOG_NAME */ + YYSYMBOL_VAR_DYNLIB = 303, /* VAR_DYNLIB */ + YYSYMBOL_VAR_DYNLIB_FILE = 304, /* VAR_DYNLIB_FILE */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING = 305, /* VAR_EDNS_CLIENT_STRING */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 306, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + YYSYMBOL_VAR_NSID = 307, /* VAR_NSID */ + YYSYMBOL_YYACCEPT = 308, /* $accept */ + YYSYMBOL_toplevelvars = 309, /* toplevelvars */ + YYSYMBOL_toplevelvar = 310, /* toplevelvar */ + YYSYMBOL_force_toplevel = 311, /* force_toplevel */ + YYSYMBOL_serverstart = 312, /* serverstart */ + YYSYMBOL_contents_server = 313, /* contents_server */ + YYSYMBOL_content_server = 314, /* content_server */ + YYSYMBOL_stubstart = 315, /* stubstart */ + YYSYMBOL_contents_stub = 316, /* contents_stub */ + YYSYMBOL_content_stub = 317, /* content_stub */ + YYSYMBOL_forwardstart = 318, /* forwardstart */ + YYSYMBOL_contents_forward = 319, /* contents_forward */ + YYSYMBOL_content_forward = 320, /* content_forward */ + YYSYMBOL_viewstart = 321, /* viewstart */ + YYSYMBOL_contents_view = 322, /* contents_view */ + YYSYMBOL_content_view = 323, /* content_view */ + YYSYMBOL_authstart = 324, /* authstart */ + YYSYMBOL_contents_auth = 325, /* contents_auth */ + YYSYMBOL_content_auth = 326, /* content_auth */ + YYSYMBOL_rpz_tag = 327, /* rpz_tag */ + YYSYMBOL_rpz_action_override = 328, /* rpz_action_override */ + YYSYMBOL_rpz_cname_override = 329, /* rpz_cname_override */ + YYSYMBOL_rpz_log = 330, /* rpz_log */ + YYSYMBOL_rpz_log_name = 331, /* rpz_log_name */ + YYSYMBOL_rpzstart = 332, /* rpzstart */ + YYSYMBOL_contents_rpz = 333, /* contents_rpz */ + YYSYMBOL_content_rpz = 334, /* content_rpz */ + YYSYMBOL_server_num_threads = 335, /* server_num_threads */ + YYSYMBOL_server_verbosity = 336, /* server_verbosity */ + YYSYMBOL_server_statistics_interval = 337, /* server_statistics_interval */ + YYSYMBOL_server_statistics_cumulative = 338, /* server_statistics_cumulative */ + YYSYMBOL_server_extended_statistics = 339, /* server_extended_statistics */ + YYSYMBOL_server_shm_enable = 340, /* server_shm_enable */ + YYSYMBOL_server_shm_key = 341, /* server_shm_key */ + YYSYMBOL_server_port = 342, /* server_port */ + YYSYMBOL_server_send_client_subnet = 343, /* server_send_client_subnet */ + YYSYMBOL_server_client_subnet_zone = 344, /* server_client_subnet_zone */ + YYSYMBOL_server_client_subnet_always_forward = 345, /* server_client_subnet_always_forward */ + YYSYMBOL_server_client_subnet_opcode = 346, /* server_client_subnet_opcode */ + YYSYMBOL_server_max_client_subnet_ipv4 = 347, /* server_max_client_subnet_ipv4 */ + YYSYMBOL_server_max_client_subnet_ipv6 = 348, /* server_max_client_subnet_ipv6 */ + YYSYMBOL_server_min_client_subnet_ipv4 = 349, /* server_min_client_subnet_ipv4 */ + YYSYMBOL_server_min_client_subnet_ipv6 = 350, /* server_min_client_subnet_ipv6 */ + YYSYMBOL_server_max_ecs_tree_size_ipv4 = 351, /* server_max_ecs_tree_size_ipv4 */ + YYSYMBOL_server_max_ecs_tree_size_ipv6 = 352, /* server_max_ecs_tree_size_ipv6 */ + YYSYMBOL_server_interface = 353, /* server_interface */ + YYSYMBOL_server_outgoing_interface = 354, /* server_outgoing_interface */ + YYSYMBOL_server_outgoing_range = 355, /* server_outgoing_range */ + YYSYMBOL_server_outgoing_port_permit = 356, /* server_outgoing_port_permit */ + YYSYMBOL_server_outgoing_port_avoid = 357, /* server_outgoing_port_avoid */ + YYSYMBOL_server_outgoing_num_tcp = 358, /* server_outgoing_num_tcp */ + YYSYMBOL_server_incoming_num_tcp = 359, /* server_incoming_num_tcp */ + YYSYMBOL_server_interface_automatic = 360, /* server_interface_automatic */ + YYSYMBOL_server_do_ip4 = 361, /* server_do_ip4 */ + YYSYMBOL_server_do_ip6 = 362, /* server_do_ip6 */ + YYSYMBOL_server_do_udp = 363, /* server_do_udp */ + YYSYMBOL_server_do_tcp = 364, /* server_do_tcp */ + YYSYMBOL_server_prefer_ip4 = 365, /* server_prefer_ip4 */ + YYSYMBOL_server_prefer_ip6 = 366, /* server_prefer_ip6 */ + YYSYMBOL_server_tcp_mss = 367, /* server_tcp_mss */ + YYSYMBOL_server_outgoing_tcp_mss = 368, /* server_outgoing_tcp_mss */ + YYSYMBOL_server_tcp_idle_timeout = 369, /* server_tcp_idle_timeout */ + YYSYMBOL_server_tcp_keepalive = 370, /* server_tcp_keepalive */ + YYSYMBOL_server_tcp_keepalive_timeout = 371, /* server_tcp_keepalive_timeout */ + YYSYMBOL_server_tcp_upstream = 372, /* server_tcp_upstream */ + YYSYMBOL_server_udp_upstream_without_downstream = 373, /* server_udp_upstream_without_downstream */ + YYSYMBOL_server_ssl_upstream = 374, /* server_ssl_upstream */ + YYSYMBOL_server_ssl_service_key = 375, /* server_ssl_service_key */ + YYSYMBOL_server_ssl_service_pem = 376, /* server_ssl_service_pem */ + YYSYMBOL_server_ssl_port = 377, /* server_ssl_port */ + YYSYMBOL_server_tls_cert_bundle = 378, /* server_tls_cert_bundle */ + YYSYMBOL_server_tls_win_cert = 379, /* server_tls_win_cert */ + YYSYMBOL_server_tls_additional_port = 380, /* server_tls_additional_port */ + YYSYMBOL_server_tls_ciphers = 381, /* server_tls_ciphers */ + YYSYMBOL_server_tls_ciphersuites = 382, /* server_tls_ciphersuites */ + YYSYMBOL_server_tls_session_ticket_keys = 383, /* server_tls_session_ticket_keys */ + YYSYMBOL_server_tls_use_sni = 384, /* server_tls_use_sni */ + YYSYMBOL_server_https_port = 385, /* server_https_port */ + YYSYMBOL_server_http_endpoint = 386, /* server_http_endpoint */ + YYSYMBOL_server_http_max_streams = 387, /* server_http_max_streams */ + YYSYMBOL_server_http_query_buffer_size = 388, /* server_http_query_buffer_size */ + YYSYMBOL_server_http_response_buffer_size = 389, /* server_http_response_buffer_size */ + YYSYMBOL_server_http_nodelay = 390, /* server_http_nodelay */ + YYSYMBOL_server_http_notls_downstream = 391, /* server_http_notls_downstream */ + YYSYMBOL_server_use_systemd = 392, /* server_use_systemd */ + YYSYMBOL_server_do_daemonize = 393, /* server_do_daemonize */ + YYSYMBOL_server_use_syslog = 394, /* server_use_syslog */ + YYSYMBOL_server_log_time_ascii = 395, /* server_log_time_ascii */ + YYSYMBOL_server_log_queries = 396, /* server_log_queries */ + YYSYMBOL_server_log_replies = 397, /* server_log_replies */ + YYSYMBOL_server_log_tag_queryreply = 398, /* server_log_tag_queryreply */ + YYSYMBOL_server_log_servfail = 399, /* server_log_servfail */ + YYSYMBOL_server_log_local_actions = 400, /* server_log_local_actions */ + YYSYMBOL_server_chroot = 401, /* server_chroot */ + YYSYMBOL_server_username = 402, /* server_username */ + YYSYMBOL_server_directory = 403, /* server_directory */ + YYSYMBOL_server_logfile = 404, /* server_logfile */ + YYSYMBOL_server_pidfile = 405, /* server_pidfile */ + YYSYMBOL_server_root_hints = 406, /* server_root_hints */ + YYSYMBOL_server_dlv_anchor_file = 407, /* server_dlv_anchor_file */ + YYSYMBOL_server_dlv_anchor = 408, /* server_dlv_anchor */ + YYSYMBOL_server_auto_trust_anchor_file = 409, /* server_auto_trust_anchor_file */ + YYSYMBOL_server_trust_anchor_file = 410, /* server_trust_anchor_file */ + YYSYMBOL_server_trusted_keys_file = 411, /* server_trusted_keys_file */ + YYSYMBOL_server_trust_anchor = 412, /* server_trust_anchor */ + YYSYMBOL_server_trust_anchor_signaling = 413, /* server_trust_anchor_signaling */ + YYSYMBOL_server_root_key_sentinel = 414, /* server_root_key_sentinel */ + YYSYMBOL_server_domain_insecure = 415, /* server_domain_insecure */ + YYSYMBOL_server_hide_identity = 416, /* server_hide_identity */ + YYSYMBOL_server_hide_version = 417, /* server_hide_version */ + YYSYMBOL_server_hide_trustanchor = 418, /* server_hide_trustanchor */ + YYSYMBOL_server_identity = 419, /* server_identity */ + YYSYMBOL_server_version = 420, /* server_version */ + YYSYMBOL_server_nsid = 421, /* server_nsid */ + YYSYMBOL_server_so_rcvbuf = 422, /* server_so_rcvbuf */ + YYSYMBOL_server_so_sndbuf = 423, /* server_so_sndbuf */ + YYSYMBOL_server_so_reuseport = 424, /* server_so_reuseport */ + YYSYMBOL_server_ip_transparent = 425, /* server_ip_transparent */ + YYSYMBOL_server_ip_freebind = 426, /* server_ip_freebind */ + YYSYMBOL_server_ip_dscp = 427, /* server_ip_dscp */ + YYSYMBOL_server_stream_wait_size = 428, /* server_stream_wait_size */ + YYSYMBOL_server_edns_buffer_size = 429, /* server_edns_buffer_size */ + YYSYMBOL_server_msg_buffer_size = 430, /* server_msg_buffer_size */ + YYSYMBOL_server_msg_cache_size = 431, /* server_msg_cache_size */ + YYSYMBOL_server_msg_cache_slabs = 432, /* server_msg_cache_slabs */ + YYSYMBOL_server_num_queries_per_thread = 433, /* server_num_queries_per_thread */ + YYSYMBOL_server_jostle_timeout = 434, /* server_jostle_timeout */ + YYSYMBOL_server_delay_close = 435, /* server_delay_close */ + YYSYMBOL_server_udp_connect = 436, /* server_udp_connect */ + YYSYMBOL_server_unblock_lan_zones = 437, /* server_unblock_lan_zones */ + YYSYMBOL_server_insecure_lan_zones = 438, /* server_insecure_lan_zones */ + YYSYMBOL_server_rrset_cache_size = 439, /* server_rrset_cache_size */ + YYSYMBOL_server_rrset_cache_slabs = 440, /* server_rrset_cache_slabs */ + YYSYMBOL_server_infra_host_ttl = 441, /* server_infra_host_ttl */ + YYSYMBOL_server_infra_lame_ttl = 442, /* server_infra_lame_ttl */ + YYSYMBOL_server_infra_cache_numhosts = 443, /* server_infra_cache_numhosts */ + YYSYMBOL_server_infra_cache_lame_size = 444, /* server_infra_cache_lame_size */ + YYSYMBOL_server_infra_cache_slabs = 445, /* server_infra_cache_slabs */ + YYSYMBOL_server_infra_cache_min_rtt = 446, /* server_infra_cache_min_rtt */ + YYSYMBOL_server_infra_keep_probing = 447, /* server_infra_keep_probing */ + YYSYMBOL_server_target_fetch_policy = 448, /* server_target_fetch_policy */ + YYSYMBOL_server_harden_short_bufsize = 449, /* server_harden_short_bufsize */ + YYSYMBOL_server_harden_large_queries = 450, /* server_harden_large_queries */ + YYSYMBOL_server_harden_glue = 451, /* server_harden_glue */ + YYSYMBOL_server_harden_dnssec_stripped = 452, /* server_harden_dnssec_stripped */ + YYSYMBOL_server_harden_below_nxdomain = 453, /* server_harden_below_nxdomain */ + YYSYMBOL_server_harden_referral_path = 454, /* server_harden_referral_path */ + YYSYMBOL_server_harden_algo_downgrade = 455, /* server_harden_algo_downgrade */ + YYSYMBOL_server_use_caps_for_id = 456, /* server_use_caps_for_id */ + YYSYMBOL_server_caps_whitelist = 457, /* server_caps_whitelist */ + YYSYMBOL_server_private_address = 458, /* server_private_address */ + YYSYMBOL_server_private_domain = 459, /* server_private_domain */ + YYSYMBOL_server_prefetch = 460, /* server_prefetch */ + YYSYMBOL_server_prefetch_key = 461, /* server_prefetch_key */ + YYSYMBOL_server_deny_any = 462, /* server_deny_any */ + YYSYMBOL_server_unwanted_reply_threshold = 463, /* server_unwanted_reply_threshold */ + YYSYMBOL_server_do_not_query_address = 464, /* server_do_not_query_address */ + YYSYMBOL_server_do_not_query_localhost = 465, /* server_do_not_query_localhost */ + YYSYMBOL_server_access_control = 466, /* server_access_control */ + YYSYMBOL_server_module_conf = 467, /* server_module_conf */ + YYSYMBOL_server_val_override_date = 468, /* server_val_override_date */ + YYSYMBOL_server_val_sig_skew_min = 469, /* server_val_sig_skew_min */ + YYSYMBOL_server_val_sig_skew_max = 470, /* server_val_sig_skew_max */ + YYSYMBOL_server_cache_max_ttl = 471, /* server_cache_max_ttl */ + YYSYMBOL_server_cache_max_negative_ttl = 472, /* server_cache_max_negative_ttl */ + YYSYMBOL_server_cache_min_ttl = 473, /* server_cache_min_ttl */ + YYSYMBOL_server_bogus_ttl = 474, /* server_bogus_ttl */ + YYSYMBOL_server_val_clean_additional = 475, /* server_val_clean_additional */ + YYSYMBOL_server_val_permissive_mode = 476, /* server_val_permissive_mode */ + YYSYMBOL_server_aggressive_nsec = 477, /* server_aggressive_nsec */ + YYSYMBOL_server_ignore_cd_flag = 478, /* server_ignore_cd_flag */ + YYSYMBOL_server_serve_expired = 479, /* server_serve_expired */ + YYSYMBOL_server_serve_expired_ttl = 480, /* server_serve_expired_ttl */ + YYSYMBOL_server_serve_expired_ttl_reset = 481, /* server_serve_expired_ttl_reset */ + YYSYMBOL_server_serve_expired_reply_ttl = 482, /* server_serve_expired_reply_ttl */ + YYSYMBOL_server_serve_expired_client_timeout = 483, /* server_serve_expired_client_timeout */ + YYSYMBOL_server_fake_dsa = 484, /* server_fake_dsa */ + YYSYMBOL_server_fake_sha1 = 485, /* server_fake_sha1 */ + YYSYMBOL_server_val_log_level = 486, /* server_val_log_level */ + YYSYMBOL_server_val_nsec3_keysize_iterations = 487, /* server_val_nsec3_keysize_iterations */ + YYSYMBOL_server_add_holddown = 488, /* server_add_holddown */ + YYSYMBOL_server_del_holddown = 489, /* server_del_holddown */ + YYSYMBOL_server_keep_missing = 490, /* server_keep_missing */ + YYSYMBOL_server_permit_small_holddown = 491, /* server_permit_small_holddown */ + YYSYMBOL_server_key_cache_size = 492, /* server_key_cache_size */ + YYSYMBOL_server_key_cache_slabs = 493, /* server_key_cache_slabs */ + YYSYMBOL_server_neg_cache_size = 494, /* server_neg_cache_size */ + YYSYMBOL_server_local_zone = 495, /* server_local_zone */ + YYSYMBOL_server_local_data = 496, /* server_local_data */ + YYSYMBOL_server_local_data_ptr = 497, /* server_local_data_ptr */ + YYSYMBOL_server_minimal_responses = 498, /* server_minimal_responses */ + YYSYMBOL_server_rrset_roundrobin = 499, /* server_rrset_roundrobin */ + YYSYMBOL_server_unknown_server_time_limit = 500, /* server_unknown_server_time_limit */ + YYSYMBOL_server_max_udp_size = 501, /* server_max_udp_size */ + YYSYMBOL_server_dns64_prefix = 502, /* server_dns64_prefix */ + YYSYMBOL_server_dns64_synthall = 503, /* server_dns64_synthall */ + YYSYMBOL_server_dns64_ignore_aaaa = 504, /* server_dns64_ignore_aaaa */ + YYSYMBOL_server_define_tag = 505, /* server_define_tag */ + YYSYMBOL_server_local_zone_tag = 506, /* server_local_zone_tag */ + YYSYMBOL_server_access_control_tag = 507, /* server_access_control_tag */ + YYSYMBOL_server_access_control_tag_action = 508, /* server_access_control_tag_action */ + YYSYMBOL_server_access_control_tag_data = 509, /* server_access_control_tag_data */ + YYSYMBOL_server_local_zone_override = 510, /* server_local_zone_override */ + YYSYMBOL_server_access_control_view = 511, /* server_access_control_view */ + YYSYMBOL_server_response_ip_tag = 512, /* server_response_ip_tag */ + YYSYMBOL_server_ip_ratelimit = 513, /* server_ip_ratelimit */ + YYSYMBOL_server_ratelimit = 514, /* server_ratelimit */ + YYSYMBOL_server_ip_ratelimit_size = 515, /* server_ip_ratelimit_size */ + YYSYMBOL_server_ratelimit_size = 516, /* server_ratelimit_size */ + YYSYMBOL_server_ip_ratelimit_slabs = 517, /* server_ip_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_slabs = 518, /* server_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_for_domain = 519, /* server_ratelimit_for_domain */ + YYSYMBOL_server_ratelimit_below_domain = 520, /* server_ratelimit_below_domain */ + YYSYMBOL_server_ip_ratelimit_factor = 521, /* server_ip_ratelimit_factor */ + YYSYMBOL_server_ratelimit_factor = 522, /* server_ratelimit_factor */ + YYSYMBOL_server_low_rtt = 523, /* server_low_rtt */ + YYSYMBOL_server_fast_server_num = 524, /* server_fast_server_num */ + YYSYMBOL_server_fast_server_permil = 525, /* server_fast_server_permil */ + YYSYMBOL_server_qname_minimisation = 526, /* server_qname_minimisation */ + YYSYMBOL_server_qname_minimisation_strict = 527, /* server_qname_minimisation_strict */ + YYSYMBOL_server_pad_responses = 528, /* server_pad_responses */ + YYSYMBOL_server_pad_responses_block_size = 529, /* server_pad_responses_block_size */ + YYSYMBOL_server_pad_queries = 530, /* server_pad_queries */ + YYSYMBOL_server_pad_queries_block_size = 531, /* server_pad_queries_block_size */ + YYSYMBOL_server_ipsecmod_enabled = 532, /* server_ipsecmod_enabled */ + YYSYMBOL_server_ipsecmod_ignore_bogus = 533, /* server_ipsecmod_ignore_bogus */ + YYSYMBOL_server_ipsecmod_hook = 534, /* server_ipsecmod_hook */ + YYSYMBOL_server_ipsecmod_max_ttl = 535, /* server_ipsecmod_max_ttl */ + YYSYMBOL_server_ipsecmod_whitelist = 536, /* server_ipsecmod_whitelist */ + YYSYMBOL_server_ipsecmod_strict = 537, /* server_ipsecmod_strict */ + YYSYMBOL_server_edns_client_string = 538, /* server_edns_client_string */ + YYSYMBOL_server_edns_client_string_opcode = 539, /* server_edns_client_string_opcode */ + YYSYMBOL_stub_name = 540, /* stub_name */ + YYSYMBOL_stub_host = 541, /* stub_host */ + YYSYMBOL_stub_addr = 542, /* stub_addr */ + YYSYMBOL_stub_first = 543, /* stub_first */ + YYSYMBOL_stub_no_cache = 544, /* stub_no_cache */ + YYSYMBOL_stub_ssl_upstream = 545, /* stub_ssl_upstream */ + YYSYMBOL_stub_prime = 546, /* stub_prime */ + YYSYMBOL_forward_name = 547, /* forward_name */ + YYSYMBOL_forward_host = 548, /* forward_host */ + YYSYMBOL_forward_addr = 549, /* forward_addr */ + YYSYMBOL_forward_first = 550, /* forward_first */ + YYSYMBOL_forward_no_cache = 551, /* forward_no_cache */ + YYSYMBOL_forward_ssl_upstream = 552, /* forward_ssl_upstream */ + YYSYMBOL_auth_name = 553, /* auth_name */ + YYSYMBOL_auth_zonefile = 554, /* auth_zonefile */ + YYSYMBOL_auth_master = 555, /* auth_master */ + YYSYMBOL_auth_url = 556, /* auth_url */ + YYSYMBOL_auth_allow_notify = 557, /* auth_allow_notify */ + YYSYMBOL_auth_for_downstream = 558, /* auth_for_downstream */ + YYSYMBOL_auth_for_upstream = 559, /* auth_for_upstream */ + YYSYMBOL_auth_fallback_enabled = 560, /* auth_fallback_enabled */ + YYSYMBOL_view_name = 561, /* view_name */ + YYSYMBOL_view_local_zone = 562, /* view_local_zone */ + YYSYMBOL_view_response_ip = 563, /* view_response_ip */ + YYSYMBOL_view_response_ip_data = 564, /* view_response_ip_data */ + YYSYMBOL_view_local_data = 565, /* view_local_data */ + YYSYMBOL_view_local_data_ptr = 566, /* view_local_data_ptr */ + YYSYMBOL_view_first = 567, /* view_first */ + YYSYMBOL_rcstart = 568, /* rcstart */ + YYSYMBOL_contents_rc = 569, /* contents_rc */ + YYSYMBOL_content_rc = 570, /* content_rc */ + YYSYMBOL_rc_control_enable = 571, /* rc_control_enable */ + YYSYMBOL_rc_control_port = 572, /* rc_control_port */ + YYSYMBOL_rc_control_interface = 573, /* rc_control_interface */ + YYSYMBOL_rc_control_use_cert = 574, /* rc_control_use_cert */ + YYSYMBOL_rc_server_key_file = 575, /* rc_server_key_file */ + YYSYMBOL_rc_server_cert_file = 576, /* rc_server_cert_file */ + YYSYMBOL_rc_control_key_file = 577, /* rc_control_key_file */ + YYSYMBOL_rc_control_cert_file = 578, /* rc_control_cert_file */ + YYSYMBOL_dtstart = 579, /* dtstart */ + YYSYMBOL_contents_dt = 580, /* contents_dt */ + YYSYMBOL_content_dt = 581, /* content_dt */ + YYSYMBOL_dt_dnstap_enable = 582, /* dt_dnstap_enable */ + YYSYMBOL_dt_dnstap_bidirectional = 583, /* dt_dnstap_bidirectional */ + YYSYMBOL_dt_dnstap_socket_path = 584, /* dt_dnstap_socket_path */ + YYSYMBOL_dt_dnstap_ip = 585, /* dt_dnstap_ip */ + YYSYMBOL_dt_dnstap_tls = 586, /* dt_dnstap_tls */ + YYSYMBOL_dt_dnstap_tls_server_name = 587, /* dt_dnstap_tls_server_name */ + YYSYMBOL_dt_dnstap_tls_cert_bundle = 588, /* dt_dnstap_tls_cert_bundle */ + YYSYMBOL_dt_dnstap_tls_client_key_file = 589, /* dt_dnstap_tls_client_key_file */ + YYSYMBOL_dt_dnstap_tls_client_cert_file = 590, /* dt_dnstap_tls_client_cert_file */ + YYSYMBOL_dt_dnstap_send_identity = 591, /* dt_dnstap_send_identity */ + YYSYMBOL_dt_dnstap_send_version = 592, /* dt_dnstap_send_version */ + YYSYMBOL_dt_dnstap_identity = 593, /* dt_dnstap_identity */ + YYSYMBOL_dt_dnstap_version = 594, /* dt_dnstap_version */ + YYSYMBOL_dt_dnstap_log_resolver_query_messages = 595, /* dt_dnstap_log_resolver_query_messages */ + YYSYMBOL_dt_dnstap_log_resolver_response_messages = 596, /* dt_dnstap_log_resolver_response_messages */ + YYSYMBOL_dt_dnstap_log_client_query_messages = 597, /* dt_dnstap_log_client_query_messages */ + YYSYMBOL_dt_dnstap_log_client_response_messages = 598, /* dt_dnstap_log_client_response_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 599, /* dt_dnstap_log_forwarder_query_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 600, /* dt_dnstap_log_forwarder_response_messages */ + YYSYMBOL_pythonstart = 601, /* pythonstart */ + YYSYMBOL_contents_py = 602, /* contents_py */ + YYSYMBOL_content_py = 603, /* content_py */ + YYSYMBOL_py_script = 604, /* py_script */ + YYSYMBOL_dynlibstart = 605, /* dynlibstart */ + YYSYMBOL_contents_dl = 606, /* contents_dl */ + YYSYMBOL_content_dl = 607, /* content_dl */ + YYSYMBOL_dl_file = 608, /* dl_file */ + YYSYMBOL_server_disable_dnssec_lame_check = 609, /* server_disable_dnssec_lame_check */ + YYSYMBOL_server_log_identity = 610, /* server_log_identity */ + YYSYMBOL_server_response_ip = 611, /* server_response_ip */ + YYSYMBOL_server_response_ip_data = 612, /* server_response_ip_data */ + YYSYMBOL_dnscstart = 613, /* dnscstart */ + YYSYMBOL_contents_dnsc = 614, /* contents_dnsc */ + YYSYMBOL_content_dnsc = 615, /* content_dnsc */ + YYSYMBOL_dnsc_dnscrypt_enable = 616, /* dnsc_dnscrypt_enable */ + YYSYMBOL_dnsc_dnscrypt_port = 617, /* dnsc_dnscrypt_port */ + YYSYMBOL_dnsc_dnscrypt_provider = 618, /* dnsc_dnscrypt_provider */ + YYSYMBOL_dnsc_dnscrypt_provider_cert = 619, /* dnsc_dnscrypt_provider_cert */ + YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 620, /* dnsc_dnscrypt_provider_cert_rotated */ + YYSYMBOL_dnsc_dnscrypt_secret_key = 621, /* dnsc_dnscrypt_secret_key */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 622, /* dnsc_dnscrypt_shared_secret_cache_size */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 623, /* dnsc_dnscrypt_shared_secret_cache_slabs */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 624, /* dnsc_dnscrypt_nonce_cache_size */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 625, /* dnsc_dnscrypt_nonce_cache_slabs */ + YYSYMBOL_cachedbstart = 626, /* cachedbstart */ + YYSYMBOL_contents_cachedb = 627, /* contents_cachedb */ + YYSYMBOL_content_cachedb = 628, /* content_cachedb */ + YYSYMBOL_cachedb_backend_name = 629, /* cachedb_backend_name */ + YYSYMBOL_cachedb_secret_seed = 630, /* cachedb_secret_seed */ + YYSYMBOL_redis_server_host = 631, /* redis_server_host */ + YYSYMBOL_redis_server_port = 632, /* redis_server_port */ + YYSYMBOL_redis_timeout = 633, /* redis_timeout */ + YYSYMBOL_redis_expire_records = 634, /* redis_expire_records */ + YYSYMBOL_server_tcp_connection_limit = 635, /* server_tcp_connection_limit */ + YYSYMBOL_ipsetstart = 636, /* ipsetstart */ + YYSYMBOL_contents_ipset = 637, /* contents_ipset */ + YYSYMBOL_content_ipset = 638, /* content_ipset */ + YYSYMBOL_ipset_name_v4 = 639, /* ipset_name_v4 */ + YYSYMBOL_ipset_name_v6 = 640 /* ipset_name_v6 */ +}; +typedef enum yysymbol_kind_t yysymbol_kind_t; + + + + +#ifdef short +# undef short +#endif + +/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure + and (if available) are included + so that the code can choose integer types of a good width. */ + +#ifndef __PTRDIFF_MAX__ +# include /* INFRINGES ON USER NAME SPACE */ +# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_STDINT_H +# endif +#endif + +/* Narrow types that promote to a signed type and that can represent a + signed or unsigned integer of at least N bits. In tables they can + save space and decrease cache pressure. Promoting to a signed type + helps avoid bugs in integer arithmetic. */ + +#ifdef __INT_LEAST8_MAX__ +typedef __INT_LEAST8_TYPE__ yytype_int8; +#elif defined YY_STDINT_H +typedef int_least8_t yytype_int8; #else -# define YYPARSE_DECL() yyparse(void) +typedef signed char yytype_int8; #endif -/* Parameters sent to lex. */ -#ifdef YYLEX_PARAM -# define YYLEX_DECL() yylex(void *YYLEX_PARAM) -# define YYLEX yylex(YYLEX_PARAM) +#ifdef __INT_LEAST16_MAX__ +typedef __INT_LEAST16_TYPE__ yytype_int16; +#elif defined YY_STDINT_H +typedef int_least16_t yytype_int16; #else -# define YYLEX_DECL() yylex(void) -# define YYLEX yylex() +typedef short yytype_int16; #endif -/* Parameters sent to yyerror. */ -#ifndef YYERROR_DECL -#define YYERROR_DECL() yyerror(const char *s) -#endif -#ifndef YYERROR_CALL -#define YYERROR_CALL(msg) yyerror(msg) +#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST8_TYPE__ yytype_uint8; +#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST8_MAX <= INT_MAX) +typedef uint_least8_t yytype_uint8; +#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX +typedef unsigned char yytype_uint8; +#else +typedef short yytype_uint8; #endif -extern int YYPARSE_DECL(); - -#define SPACE 257 -#define LETTER 258 -#define NEWLINE 259 -#define COMMENT 260 -#define COLON 261 -#define ANY 262 -#define ZONESTR 263 -#define STRING_ARG 264 -#define VAR_SERVER 265 -#define VAR_VERBOSITY 266 -#define VAR_NUM_THREADS 267 -#define VAR_PORT 268 -#define VAR_OUTGOING_RANGE 269 -#define VAR_INTERFACE 270 -#define VAR_PREFER_IP4 271 -#define VAR_DO_IP4 272 -#define VAR_DO_IP6 273 -#define VAR_PREFER_IP6 274 -#define VAR_DO_UDP 275 -#define VAR_DO_TCP 276 -#define VAR_TCP_MSS 277 -#define VAR_OUTGOING_TCP_MSS 278 -#define VAR_TCP_IDLE_TIMEOUT 279 -#define VAR_EDNS_TCP_KEEPALIVE 280 -#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 281 -#define VAR_CHROOT 282 -#define VAR_USERNAME 283 -#define VAR_DIRECTORY 284 -#define VAR_LOGFILE 285 -#define VAR_PIDFILE 286 -#define VAR_MSG_CACHE_SIZE 287 -#define VAR_MSG_CACHE_SLABS 288 -#define VAR_NUM_QUERIES_PER_THREAD 289 -#define VAR_RRSET_CACHE_SIZE 290 -#define VAR_RRSET_CACHE_SLABS 291 -#define VAR_OUTGOING_NUM_TCP 292 -#define VAR_INFRA_HOST_TTL 293 -#define VAR_INFRA_LAME_TTL 294 -#define VAR_INFRA_CACHE_SLABS 295 -#define VAR_INFRA_CACHE_NUMHOSTS 296 -#define VAR_INFRA_CACHE_LAME_SIZE 297 -#define VAR_NAME 298 -#define VAR_STUB_ZONE 299 -#define VAR_STUB_HOST 300 -#define VAR_STUB_ADDR 301 -#define VAR_TARGET_FETCH_POLICY 302 -#define VAR_HARDEN_SHORT_BUFSIZE 303 -#define VAR_HARDEN_LARGE_QUERIES 304 -#define VAR_FORWARD_ZONE 305 -#define VAR_FORWARD_HOST 306 -#define VAR_FORWARD_ADDR 307 -#define VAR_DO_NOT_QUERY_ADDRESS 308 -#define VAR_HIDE_IDENTITY 309 -#define VAR_HIDE_VERSION 310 -#define VAR_IDENTITY 311 -#define VAR_VERSION 312 -#define VAR_HARDEN_GLUE 313 -#define VAR_MODULE_CONF 314 -#define VAR_TRUST_ANCHOR_FILE 315 -#define VAR_TRUST_ANCHOR 316 -#define VAR_VAL_OVERRIDE_DATE 317 -#define VAR_BOGUS_TTL 318 -#define VAR_VAL_CLEAN_ADDITIONAL 319 -#define VAR_VAL_PERMISSIVE_MODE 320 -#define VAR_INCOMING_NUM_TCP 321 -#define VAR_MSG_BUFFER_SIZE 322 -#define VAR_KEY_CACHE_SIZE 323 -#define VAR_KEY_CACHE_SLABS 324 -#define VAR_TRUSTED_KEYS_FILE 325 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 326 -#define VAR_USE_SYSLOG 327 -#define VAR_OUTGOING_INTERFACE 328 -#define VAR_ROOT_HINTS 329 -#define VAR_DO_NOT_QUERY_LOCALHOST 330 -#define VAR_CACHE_MAX_TTL 331 -#define VAR_HARDEN_DNSSEC_STRIPPED 332 -#define VAR_ACCESS_CONTROL 333 -#define VAR_LOCAL_ZONE 334 -#define VAR_LOCAL_DATA 335 -#define VAR_INTERFACE_AUTOMATIC 336 -#define VAR_STATISTICS_INTERVAL 337 -#define VAR_DO_DAEMONIZE 338 -#define VAR_USE_CAPS_FOR_ID 339 -#define VAR_STATISTICS_CUMULATIVE 340 -#define VAR_OUTGOING_PORT_PERMIT 341 -#define VAR_OUTGOING_PORT_AVOID 342 -#define VAR_DLV_ANCHOR_FILE 343 -#define VAR_DLV_ANCHOR 344 -#define VAR_NEG_CACHE_SIZE 345 -#define VAR_HARDEN_REFERRAL_PATH 346 -#define VAR_PRIVATE_ADDRESS 347 -#define VAR_PRIVATE_DOMAIN 348 -#define VAR_REMOTE_CONTROL 349 -#define VAR_CONTROL_ENABLE 350 -#define VAR_CONTROL_INTERFACE 351 -#define VAR_CONTROL_PORT 352 -#define VAR_SERVER_KEY_FILE 353 -#define VAR_SERVER_CERT_FILE 354 -#define VAR_CONTROL_KEY_FILE 355 -#define VAR_CONTROL_CERT_FILE 356 -#define VAR_CONTROL_USE_CERT 357 -#define VAR_EXTENDED_STATISTICS 358 -#define VAR_LOCAL_DATA_PTR 359 -#define VAR_JOSTLE_TIMEOUT 360 -#define VAR_STUB_PRIME 361 -#define VAR_UNWANTED_REPLY_THRESHOLD 362 -#define VAR_LOG_TIME_ASCII 363 -#define VAR_DOMAIN_INSECURE 364 -#define VAR_PYTHON 365 -#define VAR_PYTHON_SCRIPT 366 -#define VAR_VAL_SIG_SKEW_MIN 367 -#define VAR_VAL_SIG_SKEW_MAX 368 -#define VAR_CACHE_MIN_TTL 369 -#define VAR_VAL_LOG_LEVEL 370 -#define VAR_AUTO_TRUST_ANCHOR_FILE 371 -#define VAR_KEEP_MISSING 372 -#define VAR_ADD_HOLDDOWN 373 -#define VAR_DEL_HOLDDOWN 374 -#define VAR_SO_RCVBUF 375 -#define VAR_EDNS_BUFFER_SIZE 376 -#define VAR_PREFETCH 377 -#define VAR_PREFETCH_KEY 378 -#define VAR_SO_SNDBUF 379 -#define VAR_SO_REUSEPORT 380 -#define VAR_HARDEN_BELOW_NXDOMAIN 381 -#define VAR_IGNORE_CD_FLAG 382 -#define VAR_LOG_QUERIES 383 -#define VAR_LOG_REPLIES 384 -#define VAR_LOG_LOCAL_ACTIONS 385 -#define VAR_TCP_UPSTREAM 386 -#define VAR_SSL_UPSTREAM 387 -#define VAR_SSL_SERVICE_KEY 388 -#define VAR_SSL_SERVICE_PEM 389 -#define VAR_SSL_PORT 390 -#define VAR_FORWARD_FIRST 391 -#define VAR_STUB_SSL_UPSTREAM 392 -#define VAR_FORWARD_SSL_UPSTREAM 393 -#define VAR_TLS_CERT_BUNDLE 394 -#define VAR_STUB_FIRST 395 -#define VAR_MINIMAL_RESPONSES 396 -#define VAR_RRSET_ROUNDROBIN 397 -#define VAR_MAX_UDP_SIZE 398 -#define VAR_DELAY_CLOSE 399 -#define VAR_UNBLOCK_LAN_ZONES 400 -#define VAR_INSECURE_LAN_ZONES 401 -#define VAR_INFRA_CACHE_MIN_RTT 402 -#define VAR_DNS64_PREFIX 403 -#define VAR_DNS64_SYNTHALL 404 -#define VAR_DNS64_IGNORE_AAAA 405 -#define VAR_DNSTAP 406 -#define VAR_DNSTAP_ENABLE 407 -#define VAR_DNSTAP_SOCKET_PATH 408 -#define VAR_DNSTAP_IP 409 -#define VAR_DNSTAP_TLS 410 -#define VAR_DNSTAP_TLS_SERVER_NAME 411 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 412 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 413 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 414 -#define VAR_DNSTAP_SEND_IDENTITY 415 -#define VAR_DNSTAP_SEND_VERSION 416 -#define VAR_DNSTAP_IDENTITY 417 -#define VAR_DNSTAP_VERSION 418 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 419 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 420 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 421 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 422 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 423 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 424 -#define VAR_RESPONSE_IP_TAG 425 -#define VAR_RESPONSE_IP 426 -#define VAR_RESPONSE_IP_DATA 427 -#define VAR_HARDEN_ALGO_DOWNGRADE 428 -#define VAR_IP_TRANSPARENT 429 -#define VAR_IP_DSCP 430 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 431 -#define VAR_IP_RATELIMIT 432 -#define VAR_IP_RATELIMIT_SLABS 433 -#define VAR_IP_RATELIMIT_SIZE 434 -#define VAR_RATELIMIT 435 -#define VAR_RATELIMIT_SLABS 436 -#define VAR_RATELIMIT_SIZE 437 -#define VAR_RATELIMIT_FOR_DOMAIN 438 -#define VAR_RATELIMIT_BELOW_DOMAIN 439 -#define VAR_IP_RATELIMIT_FACTOR 440 -#define VAR_RATELIMIT_FACTOR 441 -#define VAR_SEND_CLIENT_SUBNET 442 -#define VAR_CLIENT_SUBNET_ZONE 443 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 444 -#define VAR_CLIENT_SUBNET_OPCODE 445 -#define VAR_MAX_CLIENT_SUBNET_IPV4 446 -#define VAR_MAX_CLIENT_SUBNET_IPV6 447 -#define VAR_MIN_CLIENT_SUBNET_IPV4 448 -#define VAR_MIN_CLIENT_SUBNET_IPV6 449 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 450 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 451 -#define VAR_CAPS_WHITELIST 452 -#define VAR_CACHE_MAX_NEGATIVE_TTL 453 -#define VAR_PERMIT_SMALL_HOLDDOWN 454 -#define VAR_QNAME_MINIMISATION 455 -#define VAR_QNAME_MINIMISATION_STRICT 456 -#define VAR_IP_FREEBIND 457 -#define VAR_DEFINE_TAG 458 -#define VAR_LOCAL_ZONE_TAG 459 -#define VAR_ACCESS_CONTROL_TAG 460 -#define VAR_LOCAL_ZONE_OVERRIDE 461 -#define VAR_ACCESS_CONTROL_TAG_ACTION 462 -#define VAR_ACCESS_CONTROL_TAG_DATA 463 -#define VAR_VIEW 464 -#define VAR_ACCESS_CONTROL_VIEW 465 -#define VAR_VIEW_FIRST 466 -#define VAR_SERVE_EXPIRED 467 -#define VAR_SERVE_EXPIRED_TTL 468 -#define VAR_SERVE_EXPIRED_TTL_RESET 469 -#define VAR_SERVE_EXPIRED_REPLY_TTL 470 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 471 -#define VAR_FAKE_DSA 472 -#define VAR_FAKE_SHA1 473 -#define VAR_LOG_IDENTITY 474 -#define VAR_HIDE_TRUSTANCHOR 475 -#define VAR_TRUST_ANCHOR_SIGNALING 476 -#define VAR_AGGRESSIVE_NSEC 477 -#define VAR_USE_SYSTEMD 478 -#define VAR_SHM_ENABLE 479 -#define VAR_SHM_KEY 480 -#define VAR_ROOT_KEY_SENTINEL 481 -#define VAR_DNSCRYPT 482 -#define VAR_DNSCRYPT_ENABLE 483 -#define VAR_DNSCRYPT_PORT 484 -#define VAR_DNSCRYPT_PROVIDER 485 -#define VAR_DNSCRYPT_SECRET_KEY 486 -#define VAR_DNSCRYPT_PROVIDER_CERT 487 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 488 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 489 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 490 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 491 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 492 -#define VAR_PAD_RESPONSES 493 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 494 -#define VAR_PAD_QUERIES 495 -#define VAR_PAD_QUERIES_BLOCK_SIZE 496 -#define VAR_IPSECMOD_ENABLED 497 -#define VAR_IPSECMOD_HOOK 498 -#define VAR_IPSECMOD_IGNORE_BOGUS 499 -#define VAR_IPSECMOD_MAX_TTL 500 -#define VAR_IPSECMOD_WHITELIST 501 -#define VAR_IPSECMOD_STRICT 502 -#define VAR_CACHEDB 503 -#define VAR_CACHEDB_BACKEND 504 -#define VAR_CACHEDB_SECRETSEED 505 -#define VAR_CACHEDB_REDISHOST 506 -#define VAR_CACHEDB_REDISPORT 507 -#define VAR_CACHEDB_REDISTIMEOUT 508 -#define VAR_CACHEDB_REDISEXPIRERECORDS 509 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 510 -#define VAR_FOR_UPSTREAM 511 -#define VAR_AUTH_ZONE 512 -#define VAR_ZONEFILE 513 -#define VAR_MASTER 514 -#define VAR_URL 515 -#define VAR_FOR_DOWNSTREAM 516 -#define VAR_FALLBACK_ENABLED 517 -#define VAR_TLS_ADDITIONAL_PORT 518 -#define VAR_LOW_RTT 519 -#define VAR_LOW_RTT_PERMIL 520 -#define VAR_FAST_SERVER_PERMIL 521 -#define VAR_FAST_SERVER_NUM 522 -#define VAR_ALLOW_NOTIFY 523 -#define VAR_TLS_WIN_CERT 524 -#define VAR_TCP_CONNECTION_LIMIT 525 -#define VAR_FORWARD_NO_CACHE 526 -#define VAR_STUB_NO_CACHE 527 -#define VAR_LOG_SERVFAIL 528 -#define VAR_DENY_ANY 529 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 530 -#define VAR_LOG_TAG_QUERYREPLY 531 -#define VAR_STREAM_WAIT_SIZE 532 -#define VAR_TLS_CIPHERS 533 -#define VAR_TLS_CIPHERSUITES 534 -#define VAR_IPSET 535 -#define VAR_IPSET_NAME_V4 536 -#define VAR_IPSET_NAME_V6 537 -#define VAR_TLS_SESSION_TICKET_KEYS 538 -#define VAR_RPZ 539 -#define VAR_TAGS 540 -#define VAR_RPZ_ACTION_OVERRIDE 541 -#define VAR_RPZ_CNAME_OVERRIDE 542 -#define VAR_RPZ_LOG 543 -#define VAR_RPZ_LOG_NAME 544 -#define YYERRCODE 256 -typedef short YYINT; -static const YYINT yylhs[] = { -1, - 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 3, 3, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, - 4, 5, 5, 220, 220, 220, 220, 220, 220, 220, - 6, 7, 7, 228, 228, 228, 228, 228, 228, 14, - 15, 15, 235, 235, 235, 235, 235, 235, 235, 22, - 23, 23, 243, 243, 243, 243, 243, 243, 243, 243, - 252, 253, 254, 255, 256, 24, 25, 25, 257, 257, - 257, 257, 257, 257, 257, 257, 257, 257, 27, 28, - 91, 94, 103, 191, 192, 29, 156, 157, 158, 159, - 160, 161, 162, 163, 164, 165, 42, 82, 30, 95, - 96, 53, 75, 90, 31, 32, 35, 36, 33, 34, - 37, 38, 39, 40, 41, 126, 203, 127, 129, 130, - 131, 205, 210, 206, 217, 218, 219, 187, 92, 81, - 107, 124, 125, 215, 212, 128, 43, 44, 45, 46, - 47, 83, 97, 98, 113, 69, 79, 70, 195, 196, - 108, 63, 64, 194, 65, 66, 117, 121, 135, 144, - 170, 147, 216, 118, 76, 48, 49, 50, 105, 136, - 137, 138, 51, 52, 54, 55, 57, 58, 56, 142, - 59, 60, 61, 67, 86, 122, 100, 143, 93, 166, - 101, 102, 119, 120, 213, 106, 62, 84, 87, 68, - 71, 109, 110, 85, 167, 111, 72, 73, 74, 204, - 123, 180, 181, 182, 183, 184, 185, 193, 112, 80, - 114, 115, 116, 168, 77, 78, 99, 88, 89, 104, - 132, 133, 214, 134, 139, 140, 141, 171, 172, 174, - 176, 177, 175, 178, 188, 145, 146, 150, 151, 148, - 149, 152, 153, 155, 154, 207, 209, 208, 169, 179, - 258, 259, 260, 261, 197, 199, 198, 200, 201, 202, - 221, 222, 223, 225, 226, 227, 224, 229, 230, 231, - 232, 233, 234, 244, 245, 246, 247, 251, 248, 249, - 250, 236, 237, 240, 241, 238, 242, 239, 10, 11, - 11, 262, 262, 262, 262, 262, 262, 262, 262, 263, - 265, 264, 270, 266, 267, 268, 269, 12, 13, 13, - 271, 271, 271, 271, 271, 271, 271, 271, 271, 271, - 271, 271, 271, 271, 271, 271, 271, 271, 272, 273, - 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, - 284, 285, 286, 287, 288, 289, 8, 9, 9, 290, - 291, 173, 186, 189, 190, 16, 17, 17, 292, 292, - 292, 292, 292, 292, 292, 292, 292, 292, 293, 294, - 295, 297, 298, 296, 299, 300, 301, 302, 18, 19, - 19, 303, 303, 303, 303, 303, 303, 304, 305, 306, - 307, 308, 309, 211, 20, 21, 21, 310, 310, 311, - 312, -}; -static const YYINT yylen[] = { 2, - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 3, 3, - 4, 4, 4, 3, 3, 2, 2, 2, 2, 2, - 2, 3, 3, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 3, 3, 3, 2, 2, 2, 1, 2, - 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, - 2, 2, 2, 2, 2, 2, 2, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, - 2, 2, 2, 3, 3, 1, 2, 0, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, - 0, 1, 1, 1, 1, 1, 1, 2, 2, 2, - 2, 2, 2, 3, 1, 2, 0, 1, 1, 2, - 2, -}; -static const YYINT yydefred[] = { 1, - 0, 15, 211, 221, 489, 547, 508, 230, 556, 579, - 240, 595, 256, 2, 17, 213, 223, 549, 491, 510, - 232, 558, 581, 597, 242, 258, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 16, 18, 19, 20, 21, 22, 23, 24, 25, - 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, - 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, - 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, - 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, - 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, - 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, - 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, - 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, - 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, - 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, - 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, - 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 210, 0, 0, 0, 0, 0, - 0, 0, 212, 214, 215, 216, 217, 218, 219, 220, - 0, 0, 0, 0, 0, 0, 222, 224, 225, 226, - 227, 228, 229, 0, 548, 550, 0, 0, 0, 0, - 0, 0, 0, 0, 490, 492, 493, 494, 495, 496, - 497, 498, 499, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 509, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 0, 0, 0, 0, 0, 0, 0, 231, 233, 234, - 235, 236, 237, 238, 239, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 557, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 0, 0, 0, 0, - 0, 0, 580, 582, 583, 584, 585, 586, 587, 0, - 0, 596, 598, 599, 0, 0, 0, 0, 0, 0, - 0, 0, 241, 243, 244, 245, 246, 247, 248, 249, - 250, 0, 0, 0, 0, 0, 259, 260, 262, 263, - 264, 261, 265, 266, 267, 268, 257, 270, 269, 276, - 289, 287, 299, 295, 296, 300, 297, 298, 301, 302, - 303, 304, 305, 327, 328, 329, 330, 331, 356, 357, - 358, 363, 364, 292, 365, 366, 369, 367, 368, 371, - 372, 373, 387, 342, 343, 345, 346, 374, 390, 336, - 338, 391, 397, 398, 399, 293, 355, 415, 416, 337, - 410, 320, 288, 332, 388, 394, 375, 0, 0, 419, - 294, 271, 319, 379, 272, 290, 291, 333, 334, 417, - 377, 381, 382, 273, 420, 359, 386, 321, 341, 392, - 393, 396, 409, 335, 413, 411, 412, 347, 354, 383, - 384, 348, 349, 376, 401, 322, 323, 326, 306, 308, - 309, 310, 311, 312, 421, 422, 424, 360, 361, 362, - 370, 425, 426, 427, 0, 0, 0, 378, 350, 352, - 552, 436, 440, 438, 437, 441, 439, 0, 0, 444, - 445, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 380, 395, 414, 449, 450, 351, 428, 0, 0, - 0, 0, 0, 0, 402, 403, 404, 405, 406, 407, - 408, 553, 344, 339, 400, 318, 274, 275, 340, 455, - 457, 456, 458, 459, 460, 307, 314, 446, 448, 447, - 313, 0, 325, 385, 423, 324, 353, 315, 316, 317, - 461, 462, 463, 467, 466, 464, 465, 468, 469, 470, - 471, 473, 472, 551, 500, 502, 501, 504, 505, 506, - 507, 503, 529, 530, 531, 532, 533, 534, 535, 536, - 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, - 482, 0, 486, 487, 0, 0, 488, 569, 570, 571, - 574, 572, 573, 575, 576, 577, 578, 588, 589, 590, - 591, 592, 593, 600, 601, 474, 480, 475, 476, 477, - 479, 481, 478, 251, 252, 253, 254, 255, 389, 418, - 435, 554, 555, 442, 443, 429, 430, 0, 0, 0, - 434, 594, 483, 484, 485, 433, 431, 432, -}; -static const YYINT yydgoto[] = { 1, - 14, 15, 27, 16, 28, 17, 29, 18, 30, 19, - 31, 20, 32, 21, 33, 22, 34, 23, 35, 24, - 36, 25, 37, 26, 38, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, - 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, - 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, - 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, - 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, - 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, - 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, - 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, - 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 433, - 434, 435, 436, 437, 438, 439, 440, 447, 448, 449, - 450, 451, 452, 453, 518, 519, 520, 521, 522, 523, - 524, 525, 573, 574, 575, 576, 577, 578, 579, 580, - 581, 592, 593, 594, 595, 596, 597, 0, 0, 0, - 0, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 455, - 456, 536, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 553, 554, 555, 556, 557, 558, 559, 562, - 563, 564, -}; -static const YYINT yysindex[] = { 0, - -257, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 370, -291, -286, -360, - -301, -297, -298, -461, -442, -519, -253, -293, -251, -245, - -232, -231, -230, -229, -226, -225, -224, -223, -221, -220, - -218, -217, -207, -206, -205, -204, -196, -195, -193, -192, - -191, -190, -189, -188, -187, -186, -185, -184, -183, -182, - -179, -178, -177, -176, -175, -174, -173, -171, -167, -166, - -165, -164, -162, -161, -158, -155, -134, -133, -132, -131, - -130, -129, -128, -127, -126, -125, -124, -123, -122, -121, - -120, -119, -118, -117, -116, -114, -113, -112, -111, -110, - -109, -108, -107, -106, -105, -104, -103, -102, -101, -100, - -99, -98, -97, -95, -94, -93, -92, -91, -90, -89, - -88, -87, -86, -85, -84, -83, -82, -81, -80, -79, - -78, -77, -76, -75, -74, -73, -72, -71, -70, -69, - -68, -67, -66, -65, -64, -63, -62, -61, -60, -59, - -58, -56, -55, -54, -53, -52, -51, -50, -49, -48, - -47, -46, -45, -41, -40, -38, -37, -36, -35, -33, - -32, -31, -30, -29, -27, -26, -25, -23, -22, -21, - -20, -19, -12, -11, -10, -8, -7, -5, 7, 8, - 9, 10, 11, 12, 13, 19, 20, 21, 22, 23, - 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, - 34, 35, 40, 41, 46, 47, 48, 52, 53, 54, - 58, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 59, 60, 61, 62, 63, - 64, 65, 0, 0, 0, 0, 0, 0, 0, 0, - 66, 67, 68, 69, 70, 71, 0, 0, 0, 0, - 0, 0, 0, 72, 0, 0, 73, 74, 75, 76, - 77, 78, 79, 80, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 81, 82, 90, 91, 92, 93, 98, - 106, 107, 108, 109, 110, 111, 112, 113, 114, 120, - 121, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 122, 123, 126, 127, 128, 132, 133, 0, 0, 0, - 0, 0, 0, 0, 0, 134, 138, 139, 140, 141, - 142, 147, 148, 149, 150, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 151, 152, 153, 154, - 155, 159, 0, 0, 0, 0, 0, 0, 0, 160, - 161, 0, 0, 0, 162, 163, 164, 165, 166, 167, - 170, 171, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 172, 173, 174, 175, 176, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 178, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 182, 183, 186, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 187, 188, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 189, 190, - 191, 192, 193, 194, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 198, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 199, 0, 0, 200, 205, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 206, 207, 208, - 0, 0, 0, 0, 0, 0, 0, 0, -}; -static const YYINT yyrindex[] = { 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1, 2, 3, 4, - 14, 15, 16, 83, 84, 94, 95, 96, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, -}; -static const YYINT yygindex[] = { 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 227, 309, 320, 435, 0, 0, 0, - 436, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, -}; -#define YYTABLESIZE 908 -static const YYINT yytable[] = { 511, - 3, 4, 5, 6, 565, 454, 426, 2, 427, 428, - 0, 441, 598, 7, 8, 9, 560, 561, 599, 442, - 443, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, 600, 601, 602, 603, 512, 513, 604, 605, 606, - 607, 3, 608, 609, 565, 610, 611, 4, 457, 458, - 459, 460, 461, 462, 463, 464, 612, 613, 614, 615, - 514, 547, 548, 549, 550, 551, 552, 616, 617, 429, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 10, 11, 630, 631, 632, 633, 634, 635, - 636, 5, 637, 12, 13, 14, 638, 639, 640, 641, - 430, 642, 643, 431, 444, 644, 445, 6, 645, 474, - 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 515, 516, 646, - 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, - 657, 658, 659, 660, 661, 662, 663, 664, 7, 665, - 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, - 676, 677, 678, 679, 680, 681, 682, 517, 683, 684, - 685, 686, 687, 688, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 8, 721, 722, 723, - 724, 725, 726, 727, 728, 729, 730, 731, 732, 567, - 568, 569, 733, 734, 9, 735, 736, 737, 738, 572, - 739, 740, 741, 742, 743, 432, 744, 745, 746, 446, - 747, 748, 749, 750, 751, 10, 582, 583, 584, 585, - 586, 752, 753, 754, 11, 755, 756, 566, 757, 567, - 568, 569, 570, 571, 587, 3, 4, 5, 6, 572, - 758, 759, 760, 761, 762, 763, 764, 12, 7, 8, - 9, 13, 765, 766, 767, 768, 769, 770, 771, 772, - 773, 774, 775, 776, 777, 778, 779, 780, 781, 3, - 4, 5, 6, 782, 783, 3, 4, 5, 6, 784, - 785, 786, 7, 8, 9, 787, 788, 789, 7, 8, - 9, 790, 791, 792, 793, 794, 795, 796, 797, 798, - 799, 800, 801, 802, 803, 804, 805, 806, 807, 808, - 809, 810, 811, 812, 813, 814, 588, 10, 11, 3, - 4, 5, 6, 815, 816, 817, 818, 589, 12, 13, - 14, 819, 7, 8, 9, 3, 4, 5, 6, 820, - 821, 822, 823, 824, 825, 826, 827, 828, 7, 8, - 9, 10, 11, 829, 830, 831, 832, 10, 11, 833, - 834, 835, 12, 13, 14, 836, 837, 838, 12, 13, - 14, 839, 840, 841, 842, 843, 3, 4, 5, 6, - 844, 845, 846, 847, 848, 849, 850, 851, 852, 7, - 8, 9, 853, 854, 855, 856, 857, 858, 859, 860, - 861, 10, 11, 862, 863, 864, 865, 866, 867, 868, - 869, 870, 12, 13, 14, 871, 872, 10, 11, 873, - 874, 875, 876, 877, 878, 879, 880, 881, 12, 13, - 14, 882, 883, 884, 3, 4, 5, 6, 885, 886, - 887, 888, 590, 591, 0, 0, 0, 7, 8, 9, - 0, 0, 3, 4, 5, 6, 0, 0, 10, 11, - 0, 0, 0, 0, 0, 7, 8, 9, 0, 12, - 13, 14, 0, 3, 4, 5, 6, 0, 0, 0, - 0, 0, 3, 4, 5, 6, 7, 8, 9, 0, - 0, 0, 0, 0, 0, 7, 8, 9, 0, 0, - 0, 0, 0, 0, 0, 3, 4, 5, 6, 3, - 4, 5, 6, 0, 0, 0, 10, 11, 7, 8, - 9, 0, 7, 8, 9, 0, 0, 12, 13, 14, - 0, 0, 0, 0, 10, 11, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 12, 13, 14, 0, 0, - 0, 0, 0, 0, 0, 10, 11, 0, 0, 0, - 0, 0, 0, 0, 10, 11, 12, 13, 14, 0, - 0, 0, 0, 0, 0, 12, 13, 14, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 10, 11, 0, - 0, 10, 11, 0, 0, 0, 0, 0, 12, 13, - 14, 0, 12, 13, 14, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 0, 0, 0, - 0, 71, 72, 73, 0, 0, 0, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, - 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, - 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, - 107, 108, 109, 110, 111, 112, 113, 114, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 115, 116, 117, - 0, 118, 119, 120, 0, 0, 121, 122, 123, 124, - 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, - 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, - 0, 0, 0, 145, 0, 146, 147, 148, 149, 150, - 151, 152, 153, 154, 155, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 156, 157, 158, 159, 160, 161, - 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, - 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, - 192, 193, 194, 0, 195, 0, 196, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 211, 212, 213, 214, - 215, 216, 0, 0, 0, 0, 0, 0, 0, 217, - 0, 0, 0, 0, 0, 0, 0, 218, 219, 0, - 220, 221, 0, 222, 223, 0, 0, 224, 225, 226, - 227, 228, 229, 230, 0, 0, 0, 231, -}; -static const YYINT yycheck[] = { 298, - 0, 0, 0, 0, 298, 366, 298, 265, 300, 301, - -1, 298, 264, 0, 0, 0, 536, 537, 264, 306, - 307, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 264, 264, 264, 264, 334, 335, 264, 264, 264, - 264, 299, 264, 264, 298, 264, 264, 305, 350, 351, - 352, 353, 354, 355, 356, 357, 264, 264, 264, 264, - 359, 504, 505, 506, 507, 508, 509, 264, 264, 361, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 0, 0, 264, 264, 264, 264, 264, 264, - 264, 349, 264, 0, 0, 0, 264, 264, 264, 264, - 392, 264, 264, 395, 391, 264, 393, 365, 264, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 426, 427, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 406, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 466, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 464, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 513, - 514, 515, 264, 264, 482, 264, 264, 264, 264, 523, - 264, 264, 264, 264, 264, 527, 264, 264, 264, 526, - 264, 264, 264, 264, 264, 503, 540, 541, 542, 543, - 544, 264, 264, 264, 512, 264, 264, 511, 264, 513, - 514, 515, 516, 517, 38, 265, 265, 265, 265, 523, - 264, 264, 264, 264, 264, 264, 264, 535, 265, 265, - 265, 539, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 299, - 299, 299, 299, 264, 264, 305, 305, 305, 305, 264, - 264, 264, 299, 299, 299, 264, 264, 264, 305, 305, - 305, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 264, 264, 264, 264, 38, 265, 265, 349, - 349, 349, 349, 264, 264, 264, 264, 38, 265, 265, - 265, 264, 349, 349, 349, 365, 365, 365, 365, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 365, 365, - 365, 299, 299, 264, 264, 264, 264, 305, 305, 264, - 264, 264, 299, 299, 299, 264, 264, 264, 305, 305, - 305, 264, 264, 264, 264, 264, 406, 406, 406, 406, - 264, 264, 264, 264, 264, 264, 264, 264, 264, 406, - 406, 406, 264, 264, 264, 264, 264, 264, 264, 264, - 264, 349, 349, 264, 264, 264, 264, 264, 264, 264, - 264, 264, 349, 349, 349, 264, 264, 365, 365, 264, - 264, 264, 264, 264, 264, 264, 264, 264, 365, 365, - 365, 264, 264, 264, 464, 464, 464, 464, 264, 264, - 264, 264, 38, 38, -1, -1, -1, 464, 464, 464, - -1, -1, 482, 482, 482, 482, -1, -1, 406, 406, - -1, -1, -1, -1, -1, 482, 482, 482, -1, 406, - 406, 406, -1, 503, 503, 503, 503, -1, -1, -1, - -1, -1, 512, 512, 512, 512, 503, 503, 503, -1, - -1, -1, -1, -1, -1, 512, 512, 512, -1, -1, - -1, -1, -1, -1, -1, 535, 535, 535, 535, 539, - 539, 539, 539, -1, -1, -1, 464, 464, 535, 535, - 535, -1, 539, 539, 539, -1, -1, 464, 464, 464, - -1, -1, -1, -1, 482, 482, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 482, 482, 482, -1, -1, - -1, -1, -1, -1, -1, 503, 503, -1, -1, -1, - -1, -1, -1, -1, 512, 512, 503, 503, 503, -1, - -1, -1, -1, -1, -1, 512, 512, 512, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 535, 535, -1, - -1, 539, 539, -1, -1, -1, -1, -1, 535, 535, - 535, -1, 539, 539, 539, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, - 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, - 291, 292, 293, 294, 295, 296, 297, -1, -1, -1, - -1, 302, 303, 304, -1, -1, -1, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, - 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, - 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 358, 359, 360, - -1, 362, 363, 364, -1, -1, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - -1, -1, -1, 394, -1, 396, 397, 398, 399, 400, - 401, 402, 403, 404, 405, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, -1, 465, -1, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 497, 498, 499, 500, - 501, 502, -1, -1, -1, -1, -1, -1, -1, 510, - -1, -1, -1, -1, -1, -1, -1, 518, 519, -1, - 521, 522, -1, 524, 525, -1, -1, 528, 529, 530, - 531, 532, 533, 534, -1, -1, -1, 538, -}; -#define YYFINAL 1 -#ifndef YYDEBUG -#define YYDEBUG 0 +#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST16_TYPE__ yytype_uint16; +#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST16_MAX <= INT_MAX) +typedef uint_least16_t yytype_uint16; +#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX +typedef unsigned short yytype_uint16; +#else +typedef int yytype_uint16; #endif -#define YYMAXTOKEN 544 -#define YYUNDFTOKEN 859 -#define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) + +#ifndef YYPTRDIFF_T +# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ +# define YYPTRDIFF_T __PTRDIFF_TYPE__ +# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ +# elif defined PTRDIFF_MAX +# ifndef ptrdiff_t +# include /* INFRINGES ON USER NAME SPACE */ +# endif +# define YYPTRDIFF_T ptrdiff_t +# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX +# else +# define YYPTRDIFF_T long +# define YYPTRDIFF_MAXIMUM LONG_MAX +# endif +#endif + +#ifndef YYSIZE_T +# ifdef __SIZE_TYPE__ +# define YYSIZE_T __SIZE_TYPE__ +# elif defined size_t +# define YYSIZE_T size_t +# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# else +# define YYSIZE_T unsigned +# endif +#endif + +#define YYSIZE_MAXIMUM \ + YY_CAST (YYPTRDIFF_T, \ + (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ + ? YYPTRDIFF_MAXIMUM \ + : YY_CAST (YYSIZE_T, -1))) + +#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) + + +/* Stored state numbers (used for stacks). */ +typedef yytype_int16 yy_state_t; + +/* State numbers in computations. */ +typedef int yy_state_fast_t; + +#ifndef YY_ +# if defined YYENABLE_NLS && YYENABLE_NLS +# if ENABLE_NLS +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_(Msgid) dgettext ("bison-runtime", Msgid) +# endif +# endif +# ifndef YY_ +# define YY_(Msgid) Msgid +# endif +#endif + + +#ifndef YY_ATTRIBUTE_PURE +# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) +# else +# define YY_ATTRIBUTE_PURE +# endif +#endif + +#ifndef YY_ATTRIBUTE_UNUSED +# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +# else +# define YY_ATTRIBUTE_UNUSED +# endif +#endif + +/* Suppress unused-variable warnings by "using" E. */ +#if ! defined lint || defined __GNUC__ +# define YYUSE(E) ((void) (E)) +#else +# define YYUSE(E) /* empty */ +#endif + +#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ +/* Suppress an incorrect diagnostic about yylval being uninitialized. */ +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ + _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") +# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ + _Pragma ("GCC diagnostic pop") +#else +# define YY_INITIAL_VALUE(Value) Value +#endif +#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_END +#endif +#ifndef YY_INITIAL_VALUE +# define YY_INITIAL_VALUE(Value) /* Nothing. */ +#endif + +#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ +# define YY_IGNORE_USELESS_CAST_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") +# define YY_IGNORE_USELESS_CAST_END \ + _Pragma ("GCC diagnostic pop") +#endif +#ifndef YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_END +#endif + + +#define YY_ASSERT(E) ((void) (0 && (E))) + +#if !defined yyoverflow + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# elif defined __BUILTIN_VA_ARG_INCR +# include /* INFRINGES ON USER NAME SPACE */ +# elif defined _AIX +# define YYSTACK_ALLOC __alloca +# elif defined _MSC_VER +# include /* INFRINGES ON USER NAME SPACE */ +# define alloca _alloca +# else +# define YYSTACK_ALLOC alloca +# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS +# include /* INFRINGES ON USER NAME SPACE */ + /* Use EXIT_SUCCESS as a witness for stdlib.h. */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 +# endif +# endif +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's 'empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ +# endif +# else +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM +# endif +# if (defined __cplusplus && ! defined EXIT_SUCCESS \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 +# endif +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if ! defined malloc && ! defined EXIT_SUCCESS +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if ! defined free && ! defined EXIT_SUCCESS +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# endif +#endif /* !defined yyoverflow */ + +#if (! defined yyoverflow \ + && (! defined __cplusplus \ + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + yy_state_t yyss_alloc; + YYSTYPE yyvs_alloc; +}; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +# define YYCOPY_NEEDED 1 + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYPTRDIFF_T yynewbytes; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / YYSIZEOF (*yyptr); \ + } \ + while (0) + +#endif + +#if defined YYCOPY_NEEDED && YYCOPY_NEEDED +/* Copy COUNT objects from SRC to DST. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(Dst, Src, Count) \ + __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) +# else +# define YYCOPY(Dst, Src, Count) \ + do \ + { \ + YYPTRDIFF_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (Dst)[yyi] = (Src)[yyi]; \ + } \ + while (0) +# endif +# endif +#endif /* !YYCOPY_NEEDED */ + +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 2 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 650 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 308 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 333 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 642 +/* YYNSTATES -- Number of states. */ +#define YYNSTATES 954 + +/* YYMAXUTOK -- Last valid token kind. */ +#define YYMAXUTOK 562 + + +/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM + as returned by yylex, with out-of-bounds checking. */ +#define YYTRANSLATE(YYX) \ + (0 <= (YYX) && (YYX) <= YYMAXUTOK \ + ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ + : YYSYMBOL_YYUNDEF) + +/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM + as returned by yylex. */ +static const yytype_int16 yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, + 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, + 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, + 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, + 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, + 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, + 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, + 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, + 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, + 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, + 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 307 +}; + #if YYDEBUG -static const char *const yyname[] = { - -"end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"SPACE","LETTER","NEWLINE", -"COMMENT","COLON","ANY","ZONESTR","STRING_ARG","VAR_SERVER","VAR_VERBOSITY", -"VAR_NUM_THREADS","VAR_PORT","VAR_OUTGOING_RANGE","VAR_INTERFACE", -"VAR_PREFER_IP4","VAR_DO_IP4","VAR_DO_IP6","VAR_PREFER_IP6","VAR_DO_UDP", -"VAR_DO_TCP","VAR_TCP_MSS","VAR_OUTGOING_TCP_MSS","VAR_TCP_IDLE_TIMEOUT", -"VAR_EDNS_TCP_KEEPALIVE","VAR_EDNS_TCP_KEEPALIVE_TIMEOUT","VAR_CHROOT", -"VAR_USERNAME","VAR_DIRECTORY","VAR_LOGFILE","VAR_PIDFILE","VAR_MSG_CACHE_SIZE", -"VAR_MSG_CACHE_SLABS","VAR_NUM_QUERIES_PER_THREAD","VAR_RRSET_CACHE_SIZE", -"VAR_RRSET_CACHE_SLABS","VAR_OUTGOING_NUM_TCP","VAR_INFRA_HOST_TTL", -"VAR_INFRA_LAME_TTL","VAR_INFRA_CACHE_SLABS","VAR_INFRA_CACHE_NUMHOSTS", -"VAR_INFRA_CACHE_LAME_SIZE","VAR_NAME","VAR_STUB_ZONE","VAR_STUB_HOST", -"VAR_STUB_ADDR","VAR_TARGET_FETCH_POLICY","VAR_HARDEN_SHORT_BUFSIZE", -"VAR_HARDEN_LARGE_QUERIES","VAR_FORWARD_ZONE","VAR_FORWARD_HOST", -"VAR_FORWARD_ADDR","VAR_DO_NOT_QUERY_ADDRESS","VAR_HIDE_IDENTITY", -"VAR_HIDE_VERSION","VAR_IDENTITY","VAR_VERSION","VAR_HARDEN_GLUE", -"VAR_MODULE_CONF","VAR_TRUST_ANCHOR_FILE","VAR_TRUST_ANCHOR", -"VAR_VAL_OVERRIDE_DATE","VAR_BOGUS_TTL","VAR_VAL_CLEAN_ADDITIONAL", -"VAR_VAL_PERMISSIVE_MODE","VAR_INCOMING_NUM_TCP","VAR_MSG_BUFFER_SIZE", -"VAR_KEY_CACHE_SIZE","VAR_KEY_CACHE_SLABS","VAR_TRUSTED_KEYS_FILE", -"VAR_VAL_NSEC3_KEYSIZE_ITERATIONS","VAR_USE_SYSLOG","VAR_OUTGOING_INTERFACE", -"VAR_ROOT_HINTS","VAR_DO_NOT_QUERY_LOCALHOST","VAR_CACHE_MAX_TTL", -"VAR_HARDEN_DNSSEC_STRIPPED","VAR_ACCESS_CONTROL","VAR_LOCAL_ZONE", -"VAR_LOCAL_DATA","VAR_INTERFACE_AUTOMATIC","VAR_STATISTICS_INTERVAL", -"VAR_DO_DAEMONIZE","VAR_USE_CAPS_FOR_ID","VAR_STATISTICS_CUMULATIVE", -"VAR_OUTGOING_PORT_PERMIT","VAR_OUTGOING_PORT_AVOID","VAR_DLV_ANCHOR_FILE", -"VAR_DLV_ANCHOR","VAR_NEG_CACHE_SIZE","VAR_HARDEN_REFERRAL_PATH", -"VAR_PRIVATE_ADDRESS","VAR_PRIVATE_DOMAIN","VAR_REMOTE_CONTROL", -"VAR_CONTROL_ENABLE","VAR_CONTROL_INTERFACE","VAR_CONTROL_PORT", -"VAR_SERVER_KEY_FILE","VAR_SERVER_CERT_FILE","VAR_CONTROL_KEY_FILE", -"VAR_CONTROL_CERT_FILE","VAR_CONTROL_USE_CERT","VAR_EXTENDED_STATISTICS", -"VAR_LOCAL_DATA_PTR","VAR_JOSTLE_TIMEOUT","VAR_STUB_PRIME", -"VAR_UNWANTED_REPLY_THRESHOLD","VAR_LOG_TIME_ASCII","VAR_DOMAIN_INSECURE", -"VAR_PYTHON","VAR_PYTHON_SCRIPT","VAR_VAL_SIG_SKEW_MIN","VAR_VAL_SIG_SKEW_MAX", -"VAR_CACHE_MIN_TTL","VAR_VAL_LOG_LEVEL","VAR_AUTO_TRUST_ANCHOR_FILE", -"VAR_KEEP_MISSING","VAR_ADD_HOLDDOWN","VAR_DEL_HOLDDOWN","VAR_SO_RCVBUF", -"VAR_EDNS_BUFFER_SIZE","VAR_PREFETCH","VAR_PREFETCH_KEY","VAR_SO_SNDBUF", -"VAR_SO_REUSEPORT","VAR_HARDEN_BELOW_NXDOMAIN","VAR_IGNORE_CD_FLAG", -"VAR_LOG_QUERIES","VAR_LOG_REPLIES","VAR_LOG_LOCAL_ACTIONS","VAR_TCP_UPSTREAM", -"VAR_SSL_UPSTREAM","VAR_SSL_SERVICE_KEY","VAR_SSL_SERVICE_PEM","VAR_SSL_PORT", -"VAR_FORWARD_FIRST","VAR_STUB_SSL_UPSTREAM","VAR_FORWARD_SSL_UPSTREAM", -"VAR_TLS_CERT_BUNDLE","VAR_STUB_FIRST","VAR_MINIMAL_RESPONSES", -"VAR_RRSET_ROUNDROBIN","VAR_MAX_UDP_SIZE","VAR_DELAY_CLOSE", -"VAR_UNBLOCK_LAN_ZONES","VAR_INSECURE_LAN_ZONES","VAR_INFRA_CACHE_MIN_RTT", -"VAR_DNS64_PREFIX","VAR_DNS64_SYNTHALL","VAR_DNS64_IGNORE_AAAA","VAR_DNSTAP", -"VAR_DNSTAP_ENABLE","VAR_DNSTAP_SOCKET_PATH","VAR_DNSTAP_IP","VAR_DNSTAP_TLS", -"VAR_DNSTAP_TLS_SERVER_NAME","VAR_DNSTAP_TLS_CERT_BUNDLE", -"VAR_DNSTAP_TLS_CLIENT_KEY_FILE","VAR_DNSTAP_TLS_CLIENT_CERT_FILE", -"VAR_DNSTAP_SEND_IDENTITY","VAR_DNSTAP_SEND_VERSION","VAR_DNSTAP_IDENTITY", -"VAR_DNSTAP_VERSION","VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", -"VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", -"VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", -"VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", -"VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", -"VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES","VAR_RESPONSE_IP_TAG", -"VAR_RESPONSE_IP","VAR_RESPONSE_IP_DATA","VAR_HARDEN_ALGO_DOWNGRADE", -"VAR_IP_TRANSPARENT","VAR_IP_DSCP","VAR_DISABLE_DNSSEC_LAME_CHECK", -"VAR_IP_RATELIMIT","VAR_IP_RATELIMIT_SLABS","VAR_IP_RATELIMIT_SIZE", -"VAR_RATELIMIT","VAR_RATELIMIT_SLABS","VAR_RATELIMIT_SIZE", -"VAR_RATELIMIT_FOR_DOMAIN","VAR_RATELIMIT_BELOW_DOMAIN", -"VAR_IP_RATELIMIT_FACTOR","VAR_RATELIMIT_FACTOR","VAR_SEND_CLIENT_SUBNET", -"VAR_CLIENT_SUBNET_ZONE","VAR_CLIENT_SUBNET_ALWAYS_FORWARD", -"VAR_CLIENT_SUBNET_OPCODE","VAR_MAX_CLIENT_SUBNET_IPV4", -"VAR_MAX_CLIENT_SUBNET_IPV6","VAR_MIN_CLIENT_SUBNET_IPV4", -"VAR_MIN_CLIENT_SUBNET_IPV6","VAR_MAX_ECS_TREE_SIZE_IPV4", -"VAR_MAX_ECS_TREE_SIZE_IPV6","VAR_CAPS_WHITELIST","VAR_CACHE_MAX_NEGATIVE_TTL", -"VAR_PERMIT_SMALL_HOLDDOWN","VAR_QNAME_MINIMISATION", -"VAR_QNAME_MINIMISATION_STRICT","VAR_IP_FREEBIND","VAR_DEFINE_TAG", -"VAR_LOCAL_ZONE_TAG","VAR_ACCESS_CONTROL_TAG","VAR_LOCAL_ZONE_OVERRIDE", -"VAR_ACCESS_CONTROL_TAG_ACTION","VAR_ACCESS_CONTROL_TAG_DATA","VAR_VIEW", -"VAR_ACCESS_CONTROL_VIEW","VAR_VIEW_FIRST","VAR_SERVE_EXPIRED", -"VAR_SERVE_EXPIRED_TTL","VAR_SERVE_EXPIRED_TTL_RESET", -"VAR_SERVE_EXPIRED_REPLY_TTL","VAR_SERVE_EXPIRED_CLIENT_TIMEOUT","VAR_FAKE_DSA", -"VAR_FAKE_SHA1","VAR_LOG_IDENTITY","VAR_HIDE_TRUSTANCHOR", -"VAR_TRUST_ANCHOR_SIGNALING","VAR_AGGRESSIVE_NSEC","VAR_USE_SYSTEMD", -"VAR_SHM_ENABLE","VAR_SHM_KEY","VAR_ROOT_KEY_SENTINEL","VAR_DNSCRYPT", -"VAR_DNSCRYPT_ENABLE","VAR_DNSCRYPT_PORT","VAR_DNSCRYPT_PROVIDER", -"VAR_DNSCRYPT_SECRET_KEY","VAR_DNSCRYPT_PROVIDER_CERT", -"VAR_DNSCRYPT_PROVIDER_CERT_ROTATED","VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE", -"VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS","VAR_DNSCRYPT_NONCE_CACHE_SIZE", -"VAR_DNSCRYPT_NONCE_CACHE_SLABS","VAR_PAD_RESPONSES", -"VAR_PAD_RESPONSES_BLOCK_SIZE","VAR_PAD_QUERIES","VAR_PAD_QUERIES_BLOCK_SIZE", -"VAR_IPSECMOD_ENABLED","VAR_IPSECMOD_HOOK","VAR_IPSECMOD_IGNORE_BOGUS", -"VAR_IPSECMOD_MAX_TTL","VAR_IPSECMOD_WHITELIST","VAR_IPSECMOD_STRICT", -"VAR_CACHEDB","VAR_CACHEDB_BACKEND","VAR_CACHEDB_SECRETSEED", -"VAR_CACHEDB_REDISHOST","VAR_CACHEDB_REDISPORT","VAR_CACHEDB_REDISTIMEOUT", -"VAR_CACHEDB_REDISEXPIRERECORDS","VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", -"VAR_FOR_UPSTREAM","VAR_AUTH_ZONE","VAR_ZONEFILE","VAR_MASTER","VAR_URL", -"VAR_FOR_DOWNSTREAM","VAR_FALLBACK_ENABLED","VAR_TLS_ADDITIONAL_PORT", -"VAR_LOW_RTT","VAR_LOW_RTT_PERMIL","VAR_FAST_SERVER_PERMIL", -"VAR_FAST_SERVER_NUM","VAR_ALLOW_NOTIFY","VAR_TLS_WIN_CERT", -"VAR_TCP_CONNECTION_LIMIT","VAR_FORWARD_NO_CACHE","VAR_STUB_NO_CACHE", -"VAR_LOG_SERVFAIL","VAR_DENY_ANY","VAR_UNKNOWN_SERVER_TIME_LIMIT", -"VAR_LOG_TAG_QUERYREPLY","VAR_STREAM_WAIT_SIZE","VAR_TLS_CIPHERS", -"VAR_TLS_CIPHERSUITES","VAR_IPSET","VAR_IPSET_NAME_V4","VAR_IPSET_NAME_V6", -"VAR_TLS_SESSION_TICKET_KEYS","VAR_RPZ","VAR_TAGS","VAR_RPZ_ACTION_OVERRIDE", -"VAR_RPZ_CNAME_OVERRIDE","VAR_RPZ_LOG","VAR_RPZ_LOG_NAME",0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol", -}; -static const char *const yyrule[] = { -"$accept : toplevelvars", -"toplevelvars :", -"toplevelvars : toplevelvars toplevelvar", -"toplevelvar : serverstart contents_server", -"toplevelvar : stubstart contents_stub", -"toplevelvar : forwardstart contents_forward", -"toplevelvar : pythonstart contents_py", -"toplevelvar : rcstart contents_rc", -"toplevelvar : dtstart contents_dt", -"toplevelvar : viewstart contents_view", -"toplevelvar : dnscstart contents_dnsc", -"toplevelvar : cachedbstart contents_cachedb", -"toplevelvar : ipsetstart contents_ipset", -"toplevelvar : authstart contents_auth", -"toplevelvar : rpzstart contents_rpz", -"serverstart : VAR_SERVER", -"contents_server : contents_server content_server", -"contents_server :", -"content_server : server_num_threads", -"content_server : server_verbosity", -"content_server : server_port", -"content_server : server_outgoing_range", -"content_server : server_do_ip4", -"content_server : server_do_ip6", -"content_server : server_prefer_ip4", -"content_server : server_prefer_ip6", -"content_server : server_do_udp", -"content_server : server_do_tcp", -"content_server : server_tcp_mss", -"content_server : server_outgoing_tcp_mss", -"content_server : server_tcp_idle_timeout", -"content_server : server_tcp_keepalive", -"content_server : server_tcp_keepalive_timeout", -"content_server : server_interface", -"content_server : server_chroot", -"content_server : server_username", -"content_server : server_directory", -"content_server : server_logfile", -"content_server : server_pidfile", -"content_server : server_msg_cache_size", -"content_server : server_msg_cache_slabs", -"content_server : server_num_queries_per_thread", -"content_server : server_rrset_cache_size", -"content_server : server_rrset_cache_slabs", -"content_server : server_outgoing_num_tcp", -"content_server : server_infra_host_ttl", -"content_server : server_infra_lame_ttl", -"content_server : server_infra_cache_slabs", -"content_server : server_infra_cache_numhosts", -"content_server : server_infra_cache_lame_size", -"content_server : server_target_fetch_policy", -"content_server : server_harden_short_bufsize", -"content_server : server_harden_large_queries", -"content_server : server_do_not_query_address", -"content_server : server_hide_identity", -"content_server : server_hide_version", -"content_server : server_identity", -"content_server : server_version", -"content_server : server_harden_glue", -"content_server : server_module_conf", -"content_server : server_trust_anchor_file", -"content_server : server_trust_anchor", -"content_server : server_val_override_date", -"content_server : server_bogus_ttl", -"content_server : server_val_clean_additional", -"content_server : server_val_permissive_mode", -"content_server : server_incoming_num_tcp", -"content_server : server_msg_buffer_size", -"content_server : server_key_cache_size", -"content_server : server_key_cache_slabs", -"content_server : server_trusted_keys_file", -"content_server : server_val_nsec3_keysize_iterations", -"content_server : server_use_syslog", -"content_server : server_outgoing_interface", -"content_server : server_root_hints", -"content_server : server_do_not_query_localhost", -"content_server : server_cache_max_ttl", -"content_server : server_harden_dnssec_stripped", -"content_server : server_access_control", -"content_server : server_local_zone", -"content_server : server_local_data", -"content_server : server_interface_automatic", -"content_server : server_statistics_interval", -"content_server : server_do_daemonize", -"content_server : server_use_caps_for_id", -"content_server : server_statistics_cumulative", -"content_server : server_outgoing_port_permit", -"content_server : server_outgoing_port_avoid", -"content_server : server_dlv_anchor_file", -"content_server : server_dlv_anchor", -"content_server : server_neg_cache_size", -"content_server : server_harden_referral_path", -"content_server : server_private_address", -"content_server : server_private_domain", -"content_server : server_extended_statistics", -"content_server : server_local_data_ptr", -"content_server : server_jostle_timeout", -"content_server : server_unwanted_reply_threshold", -"content_server : server_log_time_ascii", -"content_server : server_domain_insecure", -"content_server : server_val_sig_skew_min", -"content_server : server_val_sig_skew_max", -"content_server : server_cache_min_ttl", -"content_server : server_val_log_level", -"content_server : server_auto_trust_anchor_file", -"content_server : server_add_holddown", -"content_server : server_del_holddown", -"content_server : server_keep_missing", -"content_server : server_so_rcvbuf", -"content_server : server_edns_buffer_size", -"content_server : server_prefetch", -"content_server : server_prefetch_key", -"content_server : server_so_sndbuf", -"content_server : server_harden_below_nxdomain", -"content_server : server_ignore_cd_flag", -"content_server : server_log_queries", -"content_server : server_log_replies", -"content_server : server_tcp_upstream", -"content_server : server_ssl_upstream", -"content_server : server_log_local_actions", -"content_server : server_ssl_service_key", -"content_server : server_ssl_service_pem", -"content_server : server_ssl_port", -"content_server : server_minimal_responses", -"content_server : server_rrset_roundrobin", -"content_server : server_max_udp_size", -"content_server : server_so_reuseport", -"content_server : server_delay_close", -"content_server : server_unblock_lan_zones", -"content_server : server_insecure_lan_zones", -"content_server : server_dns64_prefix", -"content_server : server_dns64_synthall", -"content_server : server_dns64_ignore_aaaa", -"content_server : server_infra_cache_min_rtt", -"content_server : server_harden_algo_downgrade", -"content_server : server_ip_transparent", -"content_server : server_ip_ratelimit", -"content_server : server_ratelimit", -"content_server : server_ip_dscp", -"content_server : server_ip_ratelimit_slabs", -"content_server : server_ratelimit_slabs", -"content_server : server_ip_ratelimit_size", -"content_server : server_ratelimit_size", -"content_server : server_ratelimit_for_domain", -"content_server : server_ratelimit_below_domain", -"content_server : server_ratelimit_factor", -"content_server : server_ip_ratelimit_factor", -"content_server : server_send_client_subnet", -"content_server : server_client_subnet_zone", -"content_server : server_client_subnet_always_forward", -"content_server : server_client_subnet_opcode", -"content_server : server_max_client_subnet_ipv4", -"content_server : server_max_client_subnet_ipv6", -"content_server : server_min_client_subnet_ipv4", -"content_server : server_min_client_subnet_ipv6", -"content_server : server_max_ecs_tree_size_ipv4", -"content_server : server_max_ecs_tree_size_ipv6", -"content_server : server_caps_whitelist", -"content_server : server_cache_max_negative_ttl", -"content_server : server_permit_small_holddown", -"content_server : server_qname_minimisation", -"content_server : server_ip_freebind", -"content_server : server_define_tag", -"content_server : server_local_zone_tag", -"content_server : server_disable_dnssec_lame_check", -"content_server : server_access_control_tag", -"content_server : server_local_zone_override", -"content_server : server_access_control_tag_action", -"content_server : server_access_control_tag_data", -"content_server : server_access_control_view", -"content_server : server_qname_minimisation_strict", -"content_server : server_serve_expired", -"content_server : server_serve_expired_ttl", -"content_server : server_serve_expired_ttl_reset", -"content_server : server_serve_expired_reply_ttl", -"content_server : server_serve_expired_client_timeout", -"content_server : server_fake_dsa", -"content_server : server_log_identity", -"content_server : server_use_systemd", -"content_server : server_response_ip_tag", -"content_server : server_response_ip", -"content_server : server_response_ip_data", -"content_server : server_shm_enable", -"content_server : server_shm_key", -"content_server : server_fake_sha1", -"content_server : server_hide_trustanchor", -"content_server : server_trust_anchor_signaling", -"content_server : server_root_key_sentinel", -"content_server : server_ipsecmod_enabled", -"content_server : server_ipsecmod_hook", -"content_server : server_ipsecmod_ignore_bogus", -"content_server : server_ipsecmod_max_ttl", -"content_server : server_ipsecmod_whitelist", -"content_server : server_ipsecmod_strict", -"content_server : server_udp_upstream_without_downstream", -"content_server : server_aggressive_nsec", -"content_server : server_tls_cert_bundle", -"content_server : server_tls_additional_port", -"content_server : server_low_rtt", -"content_server : server_fast_server_permil", -"content_server : server_fast_server_num", -"content_server : server_tls_win_cert", -"content_server : server_tcp_connection_limit", -"content_server : server_log_servfail", -"content_server : server_deny_any", -"content_server : server_unknown_server_time_limit", -"content_server : server_log_tag_queryreply", -"content_server : server_stream_wait_size", -"content_server : server_tls_ciphers", -"content_server : server_tls_ciphersuites", -"content_server : server_tls_session_ticket_keys", -"stubstart : VAR_STUB_ZONE", -"contents_stub : contents_stub content_stub", -"contents_stub :", -"content_stub : stub_name", -"content_stub : stub_host", -"content_stub : stub_addr", -"content_stub : stub_prime", -"content_stub : stub_first", -"content_stub : stub_no_cache", -"content_stub : stub_ssl_upstream", -"forwardstart : VAR_FORWARD_ZONE", -"contents_forward : contents_forward content_forward", -"contents_forward :", -"content_forward : forward_name", -"content_forward : forward_host", -"content_forward : forward_addr", -"content_forward : forward_first", -"content_forward : forward_no_cache", -"content_forward : forward_ssl_upstream", -"viewstart : VAR_VIEW", -"contents_view : contents_view content_view", -"contents_view :", -"content_view : view_name", -"content_view : view_local_zone", -"content_view : view_local_data", -"content_view : view_first", -"content_view : view_response_ip", -"content_view : view_response_ip_data", -"content_view : view_local_data_ptr", -"authstart : VAR_AUTH_ZONE", -"contents_auth : contents_auth content_auth", -"contents_auth :", -"content_auth : auth_name", -"content_auth : auth_zonefile", -"content_auth : auth_master", -"content_auth : auth_url", -"content_auth : auth_for_downstream", -"content_auth : auth_for_upstream", -"content_auth : auth_fallback_enabled", -"content_auth : auth_allow_notify", -"rpz_tag : VAR_TAGS STRING_ARG", -"rpz_action_override : VAR_RPZ_ACTION_OVERRIDE STRING_ARG", -"rpz_cname_override : VAR_RPZ_CNAME_OVERRIDE STRING_ARG", -"rpz_log : VAR_RPZ_LOG STRING_ARG", -"rpz_log_name : VAR_RPZ_LOG_NAME STRING_ARG", -"rpzstart : VAR_RPZ", -"contents_rpz : contents_rpz content_rpz", -"contents_rpz :", -"content_rpz : auth_name", -"content_rpz : auth_zonefile", -"content_rpz : rpz_tag", -"content_rpz : auth_master", -"content_rpz : auth_url", -"content_rpz : auth_allow_notify", -"content_rpz : rpz_action_override", -"content_rpz : rpz_cname_override", -"content_rpz : rpz_log", -"content_rpz : rpz_log_name", -"server_num_threads : VAR_NUM_THREADS STRING_ARG", -"server_verbosity : VAR_VERBOSITY STRING_ARG", -"server_statistics_interval : VAR_STATISTICS_INTERVAL STRING_ARG", -"server_statistics_cumulative : VAR_STATISTICS_CUMULATIVE STRING_ARG", -"server_extended_statistics : VAR_EXTENDED_STATISTICS STRING_ARG", -"server_shm_enable : VAR_SHM_ENABLE STRING_ARG", -"server_shm_key : VAR_SHM_KEY STRING_ARG", -"server_port : VAR_PORT STRING_ARG", -"server_send_client_subnet : VAR_SEND_CLIENT_SUBNET STRING_ARG", -"server_client_subnet_zone : VAR_CLIENT_SUBNET_ZONE STRING_ARG", -"server_client_subnet_always_forward : VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG", -"server_client_subnet_opcode : VAR_CLIENT_SUBNET_OPCODE STRING_ARG", -"server_max_client_subnet_ipv4 : VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG", -"server_max_client_subnet_ipv6 : VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG", -"server_min_client_subnet_ipv4 : VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG", -"server_min_client_subnet_ipv6 : VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG", -"server_max_ecs_tree_size_ipv4 : VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG", -"server_max_ecs_tree_size_ipv6 : VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG", -"server_interface : VAR_INTERFACE STRING_ARG", -"server_outgoing_interface : VAR_OUTGOING_INTERFACE STRING_ARG", -"server_outgoing_range : VAR_OUTGOING_RANGE STRING_ARG", -"server_outgoing_port_permit : VAR_OUTGOING_PORT_PERMIT STRING_ARG", -"server_outgoing_port_avoid : VAR_OUTGOING_PORT_AVOID STRING_ARG", -"server_outgoing_num_tcp : VAR_OUTGOING_NUM_TCP STRING_ARG", -"server_incoming_num_tcp : VAR_INCOMING_NUM_TCP STRING_ARG", -"server_interface_automatic : VAR_INTERFACE_AUTOMATIC STRING_ARG", -"server_do_ip4 : VAR_DO_IP4 STRING_ARG", -"server_do_ip6 : VAR_DO_IP6 STRING_ARG", -"server_do_udp : VAR_DO_UDP STRING_ARG", -"server_do_tcp : VAR_DO_TCP STRING_ARG", -"server_prefer_ip4 : VAR_PREFER_IP4 STRING_ARG", -"server_prefer_ip6 : VAR_PREFER_IP6 STRING_ARG", -"server_tcp_mss : VAR_TCP_MSS STRING_ARG", -"server_outgoing_tcp_mss : VAR_OUTGOING_TCP_MSS STRING_ARG", -"server_tcp_idle_timeout : VAR_TCP_IDLE_TIMEOUT STRING_ARG", -"server_tcp_keepalive : VAR_EDNS_TCP_KEEPALIVE STRING_ARG", -"server_tcp_keepalive_timeout : VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG", -"server_tcp_upstream : VAR_TCP_UPSTREAM STRING_ARG", -"server_udp_upstream_without_downstream : VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG", -"server_ssl_upstream : VAR_SSL_UPSTREAM STRING_ARG", -"server_ssl_service_key : VAR_SSL_SERVICE_KEY STRING_ARG", -"server_ssl_service_pem : VAR_SSL_SERVICE_PEM STRING_ARG", -"server_ssl_port : VAR_SSL_PORT STRING_ARG", -"server_tls_cert_bundle : VAR_TLS_CERT_BUNDLE STRING_ARG", -"server_tls_win_cert : VAR_TLS_WIN_CERT STRING_ARG", -"server_tls_additional_port : VAR_TLS_ADDITIONAL_PORT STRING_ARG", -"server_tls_ciphers : VAR_TLS_CIPHERS STRING_ARG", -"server_tls_ciphersuites : VAR_TLS_CIPHERSUITES STRING_ARG", -"server_tls_session_ticket_keys : VAR_TLS_SESSION_TICKET_KEYS STRING_ARG", -"server_use_systemd : VAR_USE_SYSTEMD STRING_ARG", -"server_do_daemonize : VAR_DO_DAEMONIZE STRING_ARG", -"server_use_syslog : VAR_USE_SYSLOG STRING_ARG", -"server_log_time_ascii : VAR_LOG_TIME_ASCII STRING_ARG", -"server_log_queries : VAR_LOG_QUERIES STRING_ARG", -"server_log_replies : VAR_LOG_REPLIES STRING_ARG", -"server_log_tag_queryreply : VAR_LOG_TAG_QUERYREPLY STRING_ARG", -"server_log_servfail : VAR_LOG_SERVFAIL STRING_ARG", -"server_log_local_actions : VAR_LOG_LOCAL_ACTIONS STRING_ARG", -"server_chroot : VAR_CHROOT STRING_ARG", -"server_username : VAR_USERNAME STRING_ARG", -"server_directory : VAR_DIRECTORY STRING_ARG", -"server_logfile : VAR_LOGFILE STRING_ARG", -"server_pidfile : VAR_PIDFILE STRING_ARG", -"server_root_hints : VAR_ROOT_HINTS STRING_ARG", -"server_dlv_anchor_file : VAR_DLV_ANCHOR_FILE STRING_ARG", -"server_dlv_anchor : VAR_DLV_ANCHOR STRING_ARG", -"server_auto_trust_anchor_file : VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG", -"server_trust_anchor_file : VAR_TRUST_ANCHOR_FILE STRING_ARG", -"server_trusted_keys_file : VAR_TRUSTED_KEYS_FILE STRING_ARG", -"server_trust_anchor : VAR_TRUST_ANCHOR STRING_ARG", -"server_trust_anchor_signaling : VAR_TRUST_ANCHOR_SIGNALING STRING_ARG", -"server_root_key_sentinel : VAR_ROOT_KEY_SENTINEL STRING_ARG", -"server_domain_insecure : VAR_DOMAIN_INSECURE STRING_ARG", -"server_hide_identity : VAR_HIDE_IDENTITY STRING_ARG", -"server_hide_version : VAR_HIDE_VERSION STRING_ARG", -"server_hide_trustanchor : VAR_HIDE_TRUSTANCHOR STRING_ARG", -"server_identity : VAR_IDENTITY STRING_ARG", -"server_version : VAR_VERSION STRING_ARG", -"server_so_rcvbuf : VAR_SO_RCVBUF STRING_ARG", -"server_so_sndbuf : VAR_SO_SNDBUF STRING_ARG", -"server_so_reuseport : VAR_SO_REUSEPORT STRING_ARG", -"server_ip_transparent : VAR_IP_TRANSPARENT STRING_ARG", -"server_ip_freebind : VAR_IP_FREEBIND STRING_ARG", -"server_ip_dscp : VAR_IP_DSCP STRING_ARG", -"server_stream_wait_size : VAR_STREAM_WAIT_SIZE STRING_ARG", -"server_edns_buffer_size : VAR_EDNS_BUFFER_SIZE STRING_ARG", -"server_msg_buffer_size : VAR_MSG_BUFFER_SIZE STRING_ARG", -"server_msg_cache_size : VAR_MSG_CACHE_SIZE STRING_ARG", -"server_msg_cache_slabs : VAR_MSG_CACHE_SLABS STRING_ARG", -"server_num_queries_per_thread : VAR_NUM_QUERIES_PER_THREAD STRING_ARG", -"server_jostle_timeout : VAR_JOSTLE_TIMEOUT STRING_ARG", -"server_delay_close : VAR_DELAY_CLOSE STRING_ARG", -"server_unblock_lan_zones : VAR_UNBLOCK_LAN_ZONES STRING_ARG", -"server_insecure_lan_zones : VAR_INSECURE_LAN_ZONES STRING_ARG", -"server_rrset_cache_size : VAR_RRSET_CACHE_SIZE STRING_ARG", -"server_rrset_cache_slabs : VAR_RRSET_CACHE_SLABS STRING_ARG", -"server_infra_host_ttl : VAR_INFRA_HOST_TTL STRING_ARG", -"server_infra_lame_ttl : VAR_INFRA_LAME_TTL STRING_ARG", -"server_infra_cache_numhosts : VAR_INFRA_CACHE_NUMHOSTS STRING_ARG", -"server_infra_cache_lame_size : VAR_INFRA_CACHE_LAME_SIZE STRING_ARG", -"server_infra_cache_slabs : VAR_INFRA_CACHE_SLABS STRING_ARG", -"server_infra_cache_min_rtt : VAR_INFRA_CACHE_MIN_RTT STRING_ARG", -"server_target_fetch_policy : VAR_TARGET_FETCH_POLICY STRING_ARG", -"server_harden_short_bufsize : VAR_HARDEN_SHORT_BUFSIZE STRING_ARG", -"server_harden_large_queries : VAR_HARDEN_LARGE_QUERIES STRING_ARG", -"server_harden_glue : VAR_HARDEN_GLUE STRING_ARG", -"server_harden_dnssec_stripped : VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG", -"server_harden_below_nxdomain : VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG", -"server_harden_referral_path : VAR_HARDEN_REFERRAL_PATH STRING_ARG", -"server_harden_algo_downgrade : VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG", -"server_use_caps_for_id : VAR_USE_CAPS_FOR_ID STRING_ARG", -"server_caps_whitelist : VAR_CAPS_WHITELIST STRING_ARG", -"server_private_address : VAR_PRIVATE_ADDRESS STRING_ARG", -"server_private_domain : VAR_PRIVATE_DOMAIN STRING_ARG", -"server_prefetch : VAR_PREFETCH STRING_ARG", -"server_prefetch_key : VAR_PREFETCH_KEY STRING_ARG", -"server_deny_any : VAR_DENY_ANY STRING_ARG", -"server_unwanted_reply_threshold : VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG", -"server_do_not_query_address : VAR_DO_NOT_QUERY_ADDRESS STRING_ARG", -"server_do_not_query_localhost : VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG", -"server_access_control : VAR_ACCESS_CONTROL STRING_ARG STRING_ARG", -"server_module_conf : VAR_MODULE_CONF STRING_ARG", -"server_val_override_date : VAR_VAL_OVERRIDE_DATE STRING_ARG", -"server_val_sig_skew_min : VAR_VAL_SIG_SKEW_MIN STRING_ARG", -"server_val_sig_skew_max : VAR_VAL_SIG_SKEW_MAX STRING_ARG", -"server_cache_max_ttl : VAR_CACHE_MAX_TTL STRING_ARG", -"server_cache_max_negative_ttl : VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG", -"server_cache_min_ttl : VAR_CACHE_MIN_TTL STRING_ARG", -"server_bogus_ttl : VAR_BOGUS_TTL STRING_ARG", -"server_val_clean_additional : VAR_VAL_CLEAN_ADDITIONAL STRING_ARG", -"server_val_permissive_mode : VAR_VAL_PERMISSIVE_MODE STRING_ARG", -"server_aggressive_nsec : VAR_AGGRESSIVE_NSEC STRING_ARG", -"server_ignore_cd_flag : VAR_IGNORE_CD_FLAG STRING_ARG", -"server_serve_expired : VAR_SERVE_EXPIRED STRING_ARG", -"server_serve_expired_ttl : VAR_SERVE_EXPIRED_TTL STRING_ARG", -"server_serve_expired_ttl_reset : VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG", -"server_serve_expired_reply_ttl : VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG", -"server_serve_expired_client_timeout : VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG", -"server_fake_dsa : VAR_FAKE_DSA STRING_ARG", -"server_fake_sha1 : VAR_FAKE_SHA1 STRING_ARG", -"server_val_log_level : VAR_VAL_LOG_LEVEL STRING_ARG", -"server_val_nsec3_keysize_iterations : VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG", -"server_add_holddown : VAR_ADD_HOLDDOWN STRING_ARG", -"server_del_holddown : VAR_DEL_HOLDDOWN STRING_ARG", -"server_keep_missing : VAR_KEEP_MISSING STRING_ARG", -"server_permit_small_holddown : VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG", -"server_key_cache_size : VAR_KEY_CACHE_SIZE STRING_ARG", -"server_key_cache_slabs : VAR_KEY_CACHE_SLABS STRING_ARG", -"server_neg_cache_size : VAR_NEG_CACHE_SIZE STRING_ARG", -"server_local_zone : VAR_LOCAL_ZONE STRING_ARG STRING_ARG", -"server_local_data : VAR_LOCAL_DATA STRING_ARG", -"server_local_data_ptr : VAR_LOCAL_DATA_PTR STRING_ARG", -"server_minimal_responses : VAR_MINIMAL_RESPONSES STRING_ARG", -"server_rrset_roundrobin : VAR_RRSET_ROUNDROBIN STRING_ARG", -"server_unknown_server_time_limit : VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG", -"server_max_udp_size : VAR_MAX_UDP_SIZE STRING_ARG", -"server_dns64_prefix : VAR_DNS64_PREFIX STRING_ARG", -"server_dns64_synthall : VAR_DNS64_SYNTHALL STRING_ARG", -"server_dns64_ignore_aaaa : VAR_DNS64_IGNORE_AAAA STRING_ARG", -"server_define_tag : VAR_DEFINE_TAG STRING_ARG", -"server_local_zone_tag : VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG", -"server_access_control_tag : VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG", -"server_access_control_tag_action : VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG", -"server_access_control_tag_data : VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG", -"server_local_zone_override : VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG", -"server_access_control_view : VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG", -"server_response_ip_tag : VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG", -"server_ip_ratelimit : VAR_IP_RATELIMIT STRING_ARG", -"server_ratelimit : VAR_RATELIMIT STRING_ARG", -"server_ip_ratelimit_size : VAR_IP_RATELIMIT_SIZE STRING_ARG", -"server_ratelimit_size : VAR_RATELIMIT_SIZE STRING_ARG", -"server_ip_ratelimit_slabs : VAR_IP_RATELIMIT_SLABS STRING_ARG", -"server_ratelimit_slabs : VAR_RATELIMIT_SLABS STRING_ARG", -"server_ratelimit_for_domain : VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG", -"server_ratelimit_below_domain : VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG", -"server_ip_ratelimit_factor : VAR_IP_RATELIMIT_FACTOR STRING_ARG", -"server_ratelimit_factor : VAR_RATELIMIT_FACTOR STRING_ARG", -"server_low_rtt : VAR_LOW_RTT STRING_ARG", -"server_fast_server_num : VAR_FAST_SERVER_NUM STRING_ARG", -"server_fast_server_permil : VAR_FAST_SERVER_PERMIL STRING_ARG", -"server_qname_minimisation : VAR_QNAME_MINIMISATION STRING_ARG", -"server_qname_minimisation_strict : VAR_QNAME_MINIMISATION_STRICT STRING_ARG", -"server_pad_responses : VAR_PAD_RESPONSES STRING_ARG", -"server_pad_responses_block_size : VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG", -"server_pad_queries : VAR_PAD_QUERIES STRING_ARG", -"server_pad_queries_block_size : VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG", -"server_ipsecmod_enabled : VAR_IPSECMOD_ENABLED STRING_ARG", -"server_ipsecmod_ignore_bogus : VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG", -"server_ipsecmod_hook : VAR_IPSECMOD_HOOK STRING_ARG", -"server_ipsecmod_max_ttl : VAR_IPSECMOD_MAX_TTL STRING_ARG", -"server_ipsecmod_whitelist : VAR_IPSECMOD_WHITELIST STRING_ARG", -"server_ipsecmod_strict : VAR_IPSECMOD_STRICT STRING_ARG", -"stub_name : VAR_NAME STRING_ARG", -"stub_host : VAR_STUB_HOST STRING_ARG", -"stub_addr : VAR_STUB_ADDR STRING_ARG", -"stub_first : VAR_STUB_FIRST STRING_ARG", -"stub_no_cache : VAR_STUB_NO_CACHE STRING_ARG", -"stub_ssl_upstream : VAR_STUB_SSL_UPSTREAM STRING_ARG", -"stub_prime : VAR_STUB_PRIME STRING_ARG", -"forward_name : VAR_NAME STRING_ARG", -"forward_host : VAR_FORWARD_HOST STRING_ARG", -"forward_addr : VAR_FORWARD_ADDR STRING_ARG", -"forward_first : VAR_FORWARD_FIRST STRING_ARG", -"forward_no_cache : VAR_FORWARD_NO_CACHE STRING_ARG", -"forward_ssl_upstream : VAR_FORWARD_SSL_UPSTREAM STRING_ARG", -"auth_name : VAR_NAME STRING_ARG", -"auth_zonefile : VAR_ZONEFILE STRING_ARG", -"auth_master : VAR_MASTER STRING_ARG", -"auth_url : VAR_URL STRING_ARG", -"auth_allow_notify : VAR_ALLOW_NOTIFY STRING_ARG", -"auth_for_downstream : VAR_FOR_DOWNSTREAM STRING_ARG", -"auth_for_upstream : VAR_FOR_UPSTREAM STRING_ARG", -"auth_fallback_enabled : VAR_FALLBACK_ENABLED STRING_ARG", -"view_name : VAR_NAME STRING_ARG", -"view_local_zone : VAR_LOCAL_ZONE STRING_ARG STRING_ARG", -"view_response_ip : VAR_RESPONSE_IP STRING_ARG STRING_ARG", -"view_response_ip_data : VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG", -"view_local_data : VAR_LOCAL_DATA STRING_ARG", -"view_local_data_ptr : VAR_LOCAL_DATA_PTR STRING_ARG", -"view_first : VAR_VIEW_FIRST STRING_ARG", -"rcstart : VAR_REMOTE_CONTROL", -"contents_rc : contents_rc content_rc", -"contents_rc :", -"content_rc : rc_control_enable", -"content_rc : rc_control_interface", -"content_rc : rc_control_port", -"content_rc : rc_server_key_file", -"content_rc : rc_server_cert_file", -"content_rc : rc_control_key_file", -"content_rc : rc_control_cert_file", -"content_rc : rc_control_use_cert", -"rc_control_enable : VAR_CONTROL_ENABLE STRING_ARG", -"rc_control_port : VAR_CONTROL_PORT STRING_ARG", -"rc_control_interface : VAR_CONTROL_INTERFACE STRING_ARG", -"rc_control_use_cert : VAR_CONTROL_USE_CERT STRING_ARG", -"rc_server_key_file : VAR_SERVER_KEY_FILE STRING_ARG", -"rc_server_cert_file : VAR_SERVER_CERT_FILE STRING_ARG", -"rc_control_key_file : VAR_CONTROL_KEY_FILE STRING_ARG", -"rc_control_cert_file : VAR_CONTROL_CERT_FILE STRING_ARG", -"dtstart : VAR_DNSTAP", -"contents_dt : contents_dt content_dt", -"contents_dt :", -"content_dt : dt_dnstap_enable", -"content_dt : dt_dnstap_socket_path", -"content_dt : dt_dnstap_ip", -"content_dt : dt_dnstap_tls", -"content_dt : dt_dnstap_tls_server_name", -"content_dt : dt_dnstap_tls_cert_bundle", -"content_dt : dt_dnstap_tls_client_key_file", -"content_dt : dt_dnstap_tls_client_cert_file", -"content_dt : dt_dnstap_send_identity", -"content_dt : dt_dnstap_send_version", -"content_dt : dt_dnstap_identity", -"content_dt : dt_dnstap_version", -"content_dt : dt_dnstap_log_resolver_query_messages", -"content_dt : dt_dnstap_log_resolver_response_messages", -"content_dt : dt_dnstap_log_client_query_messages", -"content_dt : dt_dnstap_log_client_response_messages", -"content_dt : dt_dnstap_log_forwarder_query_messages", -"content_dt : dt_dnstap_log_forwarder_response_messages", -"dt_dnstap_enable : VAR_DNSTAP_ENABLE STRING_ARG", -"dt_dnstap_socket_path : VAR_DNSTAP_SOCKET_PATH STRING_ARG", -"dt_dnstap_ip : VAR_DNSTAP_IP STRING_ARG", -"dt_dnstap_tls : VAR_DNSTAP_TLS STRING_ARG", -"dt_dnstap_tls_server_name : VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG", -"dt_dnstap_tls_cert_bundle : VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG", -"dt_dnstap_tls_client_key_file : VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG", -"dt_dnstap_tls_client_cert_file : VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG", -"dt_dnstap_send_identity : VAR_DNSTAP_SEND_IDENTITY STRING_ARG", -"dt_dnstap_send_version : VAR_DNSTAP_SEND_VERSION STRING_ARG", -"dt_dnstap_identity : VAR_DNSTAP_IDENTITY STRING_ARG", -"dt_dnstap_version : VAR_DNSTAP_VERSION STRING_ARG", -"dt_dnstap_log_resolver_query_messages : VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG", -"dt_dnstap_log_resolver_response_messages : VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG", -"dt_dnstap_log_client_query_messages : VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG", -"dt_dnstap_log_client_response_messages : VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG", -"dt_dnstap_log_forwarder_query_messages : VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG", -"dt_dnstap_log_forwarder_response_messages : VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG", -"pythonstart : VAR_PYTHON", -"contents_py : contents_py content_py", -"contents_py :", -"content_py : py_script", -"py_script : VAR_PYTHON_SCRIPT STRING_ARG", -"server_disable_dnssec_lame_check : VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG", -"server_log_identity : VAR_LOG_IDENTITY STRING_ARG", -"server_response_ip : VAR_RESPONSE_IP STRING_ARG STRING_ARG", -"server_response_ip_data : VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG", -"dnscstart : VAR_DNSCRYPT", -"contents_dnsc : contents_dnsc content_dnsc", -"contents_dnsc :", -"content_dnsc : dnsc_dnscrypt_enable", -"content_dnsc : dnsc_dnscrypt_port", -"content_dnsc : dnsc_dnscrypt_provider", -"content_dnsc : dnsc_dnscrypt_secret_key", -"content_dnsc : dnsc_dnscrypt_provider_cert", -"content_dnsc : dnsc_dnscrypt_provider_cert_rotated", -"content_dnsc : dnsc_dnscrypt_shared_secret_cache_size", -"content_dnsc : dnsc_dnscrypt_shared_secret_cache_slabs", -"content_dnsc : dnsc_dnscrypt_nonce_cache_size", -"content_dnsc : dnsc_dnscrypt_nonce_cache_slabs", -"dnsc_dnscrypt_enable : VAR_DNSCRYPT_ENABLE STRING_ARG", -"dnsc_dnscrypt_port : VAR_DNSCRYPT_PORT STRING_ARG", -"dnsc_dnscrypt_provider : VAR_DNSCRYPT_PROVIDER STRING_ARG", -"dnsc_dnscrypt_provider_cert : VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG", -"dnsc_dnscrypt_provider_cert_rotated : VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG", -"dnsc_dnscrypt_secret_key : VAR_DNSCRYPT_SECRET_KEY STRING_ARG", -"dnsc_dnscrypt_shared_secret_cache_size : VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG", -"dnsc_dnscrypt_shared_secret_cache_slabs : VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG", -"dnsc_dnscrypt_nonce_cache_size : VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG", -"dnsc_dnscrypt_nonce_cache_slabs : VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG", -"cachedbstart : VAR_CACHEDB", -"contents_cachedb : contents_cachedb content_cachedb", -"contents_cachedb :", -"content_cachedb : cachedb_backend_name", -"content_cachedb : cachedb_secret_seed", -"content_cachedb : redis_server_host", -"content_cachedb : redis_server_port", -"content_cachedb : redis_timeout", -"content_cachedb : redis_expire_records", -"cachedb_backend_name : VAR_CACHEDB_BACKEND STRING_ARG", -"cachedb_secret_seed : VAR_CACHEDB_SECRETSEED STRING_ARG", -"redis_server_host : VAR_CACHEDB_REDISHOST STRING_ARG", -"redis_server_port : VAR_CACHEDB_REDISPORT STRING_ARG", -"redis_timeout : VAR_CACHEDB_REDISTIMEOUT STRING_ARG", -"redis_expire_records : VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG", -"server_tcp_connection_limit : VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG", -"ipsetstart : VAR_IPSET", -"contents_ipset : contents_ipset content_ipset", -"contents_ipset :", -"content_ipset : ipset_name_v4", -"content_ipset : ipset_name_v6", -"ipset_name_v4 : VAR_IPSET_NAME_V4 STRING_ARG", -"ipset_name_v6 : VAR_IPSET_NAME_V6 STRING_ARG", - + /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ +static const yytype_int16 yyrline[] = +{ + 0, 187, 187, 187, 188, 188, 189, 189, 190, 190, + 190, 191, 191, 192, 192, 193, 193, 194, 196, 202, + 207, 208, 209, 209, 209, 210, 210, 211, 211, 211, + 212, 212, 213, 213, 213, 214, 214, 215, 215, 215, + 216, 216, 216, 217, 217, 218, 218, 219, 219, 220, + 220, 221, 221, 222, 222, 223, 223, 224, 224, 225, + 225, 225, 226, 226, 226, 227, 227, 227, 228, 228, + 229, 229, 230, 230, 231, 231, 232, 232, 232, 233, + 233, 234, 234, 235, 235, 235, 236, 236, 237, 237, + 238, 238, 239, 239, 239, 240, 240, 241, 241, 242, + 242, 243, 243, 244, 244, 245, 245, 245, 246, 246, + 247, 247, 247, 248, 248, 248, 249, 249, 249, 250, + 250, 250, 250, 251, 252, 252, 252, 253, 253, 253, + 254, 254, 255, 255, 256, 256, 256, 257, 257, 257, + 258, 258, 259, 259, 259, 260, 260, 261, 261, 261, + 262, 262, 263, 263, 264, 264, 265, 266, 266, 267, + 267, 268, 268, 269, 270, 270, 271, 271, 272, 272, + 273, 273, 274, 274, 275, 275, 275, 276, 276, 277, + 277, 278, 278, 279, 280, 280, 281, 281, 282, 283, + 283, 284, 284, 285, 285, 285, 286, 286, 286, 287, + 287, 287, 288, 288, 289, 290, 290, 291, 291, 292, + 292, 293, 293, 294, 294, 294, 295, 295, 295, 296, + 296, 296, 297, 297, 298, 298, 299, 299, 300, 300, + 301, 301, 303, 315, 316, 317, 317, 317, 317, 317, + 318, 318, 320, 332, 333, 334, 334, 334, 334, 335, + 335, 337, 351, 352, 353, 353, 353, 353, 354, 354, + 354, 356, 373, 374, 375, 375, 375, 375, 376, 376, + 376, 377, 380, 399, 416, 424, 434, 442, 459, 460, + 461, 461, 461, 461, 461, 462, 462, 462, 463, 463, + 465, 474, 483, 494, 503, 512, 521, 532, 541, 553, + 567, 582, 593, 610, 627, 644, 661, 676, 691, 704, + 719, 728, 737, 746, 755, 764, 773, 782, 791, 800, + 809, 818, 827, 836, 845, 858, 867, 880, 889, 898, + 907, 914, 921, 930, 937, 946, 954, 961, 968, 976, + 985, 993, 1009, 1017, 1025, 1033, 1041, 1049, 1058, 1067, + 1081, 1090, 1099, 1108, 1117, 1126, 1135, 1142, 1149, 1175, + 1183, 1190, 1197, 1204, 1211, 1219, 1227, 1235, 1242, 1253, + 1264, 1271, 1280, 1289, 1298, 1305, 1312, 1328, 1336, 1344, + 1354, 1364, 1374, 1388, 1396, 1409, 1420, 1428, 1441, 1450, + 1459, 1468, 1477, 1487, 1497, 1505, 1518, 1527, 1535, 1544, + 1552, 1565, 1574, 1584, 1591, 1601, 1611, 1621, 1631, 1641, + 1651, 1661, 1671, 1678, 1685, 1692, 1701, 1710, 1719, 1728, + 1735, 1745, 1765, 1772, 1790, 1803, 1816, 1825, 1834, 1843, + 1852, 1862, 1872, 1883, 1892, 1901, 1910, 1919, 1928, 1937, + 1950, 1963, 1972, 1979, 1988, 1997, 2006, 2015, 2023, 2036, + 2044, 2089, 2096, 2111, 2121, 2131, 2138, 2145, 2152, 2161, + 2169, 2183, 2204, 2225, 2237, 2249, 2261, 2270, 2291, 2301, + 2310, 2318, 2326, 2339, 2352, 2367, 2382, 2391, 2400, 2406, + 2415, 2424, 2434, 2444, 2454, 2463, 2473, 2482, 2495, 2508, + 2520, 2534, 2546, 2560, 2569, 2581, 2591, 2598, 2605, 2614, + 2623, 2633, 2643, 2653, 2660, 2667, 2676, 2685, 2695, 2705, + 2712, 2719, 2726, 2734, 2744, 2754, 2764, 2774, 2813, 2823, + 2831, 2839, 2854, 2863, 2868, 2869, 2870, 2870, 2870, 2871, + 2871, 2871, 2872, 2872, 2874, 2884, 2893, 2900, 2907, 2914, + 2921, 2928, 2935, 2940, 2941, 2942, 2942, 2942, 2943, 2943, + 2943, 2944, 2945, 2945, 2946, 2946, 2947, 2947, 2948, 2949, + 2950, 2951, 2952, 2953, 2955, 2964, 2974, 2981, 2988, 2997, + 3004, 3011, 3018, 3025, 3034, 3043, 3050, 3057, 3067, 3077, + 3087, 3097, 3107, 3117, 3122, 3123, 3124, 3126, 3132, 3137, + 3138, 3139, 3141, 3147, 3157, 3164, 3173, 3181, 3186, 3187, + 3189, 3189, 3189, 3190, 3190, 3191, 3192, 3193, 3194, 3195, + 3197, 3207, 3216, 3223, 3232, 3239, 3248, 3256, 3269, 3277, + 3290, 3295, 3296, 3297, 3297, 3298, 3298, 3298, 3299, 3301, + 3313, 3325, 3337, 3352, 3365, 3378, 3389, 3394, 3395, 3396, + 3396, 3398, 3413 }; #endif -int yydebug; -int yynerrs; +/** Accessing symbol of state STATE. */ +#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) -int yyerrflag; -int yychar; -YYSTYPE yyval; -YYSTYPE yylval; +#if YYDEBUG || 0 +/* The user-facing name of the symbol whose (internal) number is + YYSYMBOL. No bounds checking. */ +static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; -/* define the initial stack-sizes */ -#ifdef YYSTACKSIZE -#undef YYMAXDEPTH -#define YYMAXDEPTH YYSTACKSIZE -#else -#ifdef YYMAXDEPTH -#define YYSTACKSIZE YYMAXDEPTH -#else -#define YYSTACKSIZE 10000 -#define YYMAXDEPTH 10000 -#endif +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "\"end of file\"", "error", "\"invalid token\"", "SPACE", "LETTER", + "NEWLINE", "COMMENT", "COLON", "ANY", "ZONESTR", "STRING_ARG", + "VAR_FORCE_TOPLEVEL", "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", + "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", "VAR_PREFER_IP4", + "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", + "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_TCP_IDLE_TIMEOUT", + "VAR_EDNS_TCP_KEEPALIVE", "VAR_EDNS_TCP_KEEPALIVE_TIMEOUT", "VAR_CHROOT", + "VAR_USERNAME", "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", + "VAR_MSG_CACHE_SIZE", "VAR_MSG_CACHE_SLABS", + "VAR_NUM_QUERIES_PER_THREAD", "VAR_RRSET_CACHE_SIZE", + "VAR_RRSET_CACHE_SLABS", "VAR_OUTGOING_NUM_TCP", "VAR_INFRA_HOST_TTL", + "VAR_INFRA_LAME_TTL", "VAR_INFRA_CACHE_SLABS", + "VAR_INFRA_CACHE_NUMHOSTS", "VAR_INFRA_CACHE_LAME_SIZE", "VAR_NAME", + "VAR_STUB_ZONE", "VAR_STUB_HOST", "VAR_STUB_ADDR", + "VAR_TARGET_FETCH_POLICY", "VAR_HARDEN_SHORT_BUFSIZE", + "VAR_HARDEN_LARGE_QUERIES", "VAR_FORWARD_ZONE", "VAR_FORWARD_HOST", + "VAR_FORWARD_ADDR", "VAR_DO_NOT_QUERY_ADDRESS", "VAR_HIDE_IDENTITY", + "VAR_HIDE_VERSION", "VAR_IDENTITY", "VAR_VERSION", "VAR_HARDEN_GLUE", + "VAR_MODULE_CONF", "VAR_TRUST_ANCHOR_FILE", "VAR_TRUST_ANCHOR", + "VAR_VAL_OVERRIDE_DATE", "VAR_BOGUS_TTL", "VAR_VAL_CLEAN_ADDITIONAL", + "VAR_VAL_PERMISSIVE_MODE", "VAR_INCOMING_NUM_TCP", "VAR_MSG_BUFFER_SIZE", + "VAR_KEY_CACHE_SIZE", "VAR_KEY_CACHE_SLABS", "VAR_TRUSTED_KEYS_FILE", + "VAR_VAL_NSEC3_KEYSIZE_ITERATIONS", "VAR_USE_SYSLOG", + "VAR_OUTGOING_INTERFACE", "VAR_ROOT_HINTS", "VAR_DO_NOT_QUERY_LOCALHOST", + "VAR_CACHE_MAX_TTL", "VAR_HARDEN_DNSSEC_STRIPPED", "VAR_ACCESS_CONTROL", + "VAR_LOCAL_ZONE", "VAR_LOCAL_DATA", "VAR_INTERFACE_AUTOMATIC", + "VAR_STATISTICS_INTERVAL", "VAR_DO_DAEMONIZE", "VAR_USE_CAPS_FOR_ID", + "VAR_STATISTICS_CUMULATIVE", "VAR_OUTGOING_PORT_PERMIT", + "VAR_OUTGOING_PORT_AVOID", "VAR_DLV_ANCHOR_FILE", "VAR_DLV_ANCHOR", + "VAR_NEG_CACHE_SIZE", "VAR_HARDEN_REFERRAL_PATH", "VAR_PRIVATE_ADDRESS", + "VAR_PRIVATE_DOMAIN", "VAR_REMOTE_CONTROL", "VAR_CONTROL_ENABLE", + "VAR_CONTROL_INTERFACE", "VAR_CONTROL_PORT", "VAR_SERVER_KEY_FILE", + "VAR_SERVER_CERT_FILE", "VAR_CONTROL_KEY_FILE", "VAR_CONTROL_CERT_FILE", + "VAR_CONTROL_USE_CERT", "VAR_EXTENDED_STATISTICS", "VAR_LOCAL_DATA_PTR", + "VAR_JOSTLE_TIMEOUT", "VAR_STUB_PRIME", "VAR_UNWANTED_REPLY_THRESHOLD", + "VAR_LOG_TIME_ASCII", "VAR_DOMAIN_INSECURE", "VAR_PYTHON", + "VAR_PYTHON_SCRIPT", "VAR_VAL_SIG_SKEW_MIN", "VAR_VAL_SIG_SKEW_MAX", + "VAR_CACHE_MIN_TTL", "VAR_VAL_LOG_LEVEL", "VAR_AUTO_TRUST_ANCHOR_FILE", + "VAR_KEEP_MISSING", "VAR_ADD_HOLDDOWN", "VAR_DEL_HOLDDOWN", + "VAR_SO_RCVBUF", "VAR_EDNS_BUFFER_SIZE", "VAR_PREFETCH", + "VAR_PREFETCH_KEY", "VAR_SO_SNDBUF", "VAR_SO_REUSEPORT", + "VAR_HARDEN_BELOW_NXDOMAIN", "VAR_IGNORE_CD_FLAG", "VAR_LOG_QUERIES", + "VAR_LOG_REPLIES", "VAR_LOG_LOCAL_ACTIONS", "VAR_TCP_UPSTREAM", + "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", + "VAR_SSL_PORT", "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM", + "VAR_FORWARD_SSL_UPSTREAM", "VAR_TLS_CERT_BUNDLE", "VAR_HTTPS_PORT", + "VAR_HTTP_ENDPOINT", "VAR_HTTP_MAX_STREAMS", + "VAR_HTTP_QUERY_BUFFER_SIZE", "VAR_HTTP_RESPONSE_BUFFER_SIZE", + "VAR_HTTP_NODELAY", "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST", + "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", + "VAR_DELAY_CLOSE", "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", + "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", + "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", + "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", + "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS", + "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE", + "VAR_DNSTAP_TLS_CLIENT_KEY_FILE", "VAR_DNSTAP_TLS_CLIENT_CERT_FILE", + "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", + "VAR_DNSTAP_BIDIRECTIONAL", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", + "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", + "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", + "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", + "VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES", + "VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES", + "VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES", "VAR_RESPONSE_IP_TAG", + "VAR_RESPONSE_IP", "VAR_RESPONSE_IP_DATA", "VAR_HARDEN_ALGO_DOWNGRADE", + "VAR_IP_TRANSPARENT", "VAR_IP_DSCP", "VAR_DISABLE_DNSSEC_LAME_CHECK", + "VAR_IP_RATELIMIT", "VAR_IP_RATELIMIT_SLABS", "VAR_IP_RATELIMIT_SIZE", + "VAR_RATELIMIT", "VAR_RATELIMIT_SLABS", "VAR_RATELIMIT_SIZE", + "VAR_RATELIMIT_FOR_DOMAIN", "VAR_RATELIMIT_BELOW_DOMAIN", + "VAR_IP_RATELIMIT_FACTOR", "VAR_RATELIMIT_FACTOR", + "VAR_SEND_CLIENT_SUBNET", "VAR_CLIENT_SUBNET_ZONE", + "VAR_CLIENT_SUBNET_ALWAYS_FORWARD", "VAR_CLIENT_SUBNET_OPCODE", + "VAR_MAX_CLIENT_SUBNET_IPV4", "VAR_MAX_CLIENT_SUBNET_IPV6", + "VAR_MIN_CLIENT_SUBNET_IPV4", "VAR_MIN_CLIENT_SUBNET_IPV6", + "VAR_MAX_ECS_TREE_SIZE_IPV4", "VAR_MAX_ECS_TREE_SIZE_IPV6", + "VAR_CAPS_WHITELIST", "VAR_CACHE_MAX_NEGATIVE_TTL", + "VAR_PERMIT_SMALL_HOLDDOWN", "VAR_QNAME_MINIMISATION", + "VAR_QNAME_MINIMISATION_STRICT", "VAR_IP_FREEBIND", "VAR_DEFINE_TAG", + "VAR_LOCAL_ZONE_TAG", "VAR_ACCESS_CONTROL_TAG", + "VAR_LOCAL_ZONE_OVERRIDE", "VAR_ACCESS_CONTROL_TAG_ACTION", + "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", + "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_SERVE_EXPIRED_TTL", + "VAR_SERVE_EXPIRED_TTL_RESET", "VAR_SERVE_EXPIRED_REPLY_TTL", + "VAR_SERVE_EXPIRED_CLIENT_TIMEOUT", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", + "VAR_LOG_IDENTITY", "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING", + "VAR_AGGRESSIVE_NSEC", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", + "VAR_SHM_KEY", "VAR_ROOT_KEY_SENTINEL", "VAR_DNSCRYPT", + "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", + "VAR_DNSCRYPT_SECRET_KEY", "VAR_DNSCRYPT_PROVIDER_CERT", + "VAR_DNSCRYPT_PROVIDER_CERT_ROTATED", + "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE", + "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS", + "VAR_DNSCRYPT_NONCE_CACHE_SIZE", "VAR_DNSCRYPT_NONCE_CACHE_SLABS", + "VAR_PAD_RESPONSES", "VAR_PAD_RESPONSES_BLOCK_SIZE", "VAR_PAD_QUERIES", + "VAR_PAD_QUERIES_BLOCK_SIZE", "VAR_IPSECMOD_ENABLED", + "VAR_IPSECMOD_HOOK", "VAR_IPSECMOD_IGNORE_BOGUS", "VAR_IPSECMOD_MAX_TTL", + "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", "VAR_CACHEDB", + "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", "VAR_CACHEDB_REDISHOST", + "VAR_CACHEDB_REDISPORT", "VAR_CACHEDB_REDISTIMEOUT", + "VAR_CACHEDB_REDISEXPIRERECORDS", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", + "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", + "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", + "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", + "VAR_FAST_SERVER_PERMIL", "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", + "VAR_TLS_WIN_CERT", "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", + "VAR_STUB_NO_CACHE", "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", + "VAR_UNKNOWN_SERVER_TIME_LIMIT", "VAR_LOG_TAG_QUERYREPLY", + "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", "VAR_TLS_CIPHERSUITES", + "VAR_TLS_USE_SNI", "VAR_IPSET", "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", + "VAR_TLS_SESSION_TICKET_KEYS", "VAR_RPZ", "VAR_TAGS", + "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", + "VAR_RPZ_LOG_NAME", "VAR_DYNLIB", "VAR_DYNLIB_FILE", + "VAR_EDNS_CLIENT_STRING", "VAR_EDNS_CLIENT_STRING_OPCODE", "VAR_NSID", + "$accept", "toplevelvars", "toplevelvar", "force_toplevel", + "serverstart", "contents_server", "content_server", "stubstart", + "contents_stub", "content_stub", "forwardstart", "contents_forward", + "content_forward", "viewstart", "contents_view", "content_view", + "authstart", "contents_auth", "content_auth", "rpz_tag", + "rpz_action_override", "rpz_cname_override", "rpz_log", "rpz_log_name", + "rpzstart", "contents_rpz", "content_rpz", "server_num_threads", + "server_verbosity", "server_statistics_interval", + "server_statistics_cumulative", "server_extended_statistics", + "server_shm_enable", "server_shm_key", "server_port", + "server_send_client_subnet", "server_client_subnet_zone", + "server_client_subnet_always_forward", "server_client_subnet_opcode", + "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6", + "server_min_client_subnet_ipv4", "server_min_client_subnet_ipv6", + "server_max_ecs_tree_size_ipv4", "server_max_ecs_tree_size_ipv6", + "server_interface", "server_outgoing_interface", "server_outgoing_range", + "server_outgoing_port_permit", "server_outgoing_port_avoid", + "server_outgoing_num_tcp", "server_incoming_num_tcp", + "server_interface_automatic", "server_do_ip4", "server_do_ip6", + "server_do_udp", "server_do_tcp", "server_prefer_ip4", + "server_prefer_ip6", "server_tcp_mss", "server_outgoing_tcp_mss", + "server_tcp_idle_timeout", "server_tcp_keepalive", + "server_tcp_keepalive_timeout", "server_tcp_upstream", + "server_udp_upstream_without_downstream", "server_ssl_upstream", + "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", + "server_tls_cert_bundle", "server_tls_win_cert", + "server_tls_additional_port", "server_tls_ciphers", + "server_tls_ciphersuites", "server_tls_session_ticket_keys", + "server_tls_use_sni", "server_https_port", "server_http_endpoint", + "server_http_max_streams", "server_http_query_buffer_size", + "server_http_response_buffer_size", "server_http_nodelay", + "server_http_notls_downstream", "server_use_systemd", + "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", + "server_log_queries", "server_log_replies", "server_log_tag_queryreply", + "server_log_servfail", "server_log_local_actions", "server_chroot", + "server_username", "server_directory", "server_logfile", + "server_pidfile", "server_root_hints", "server_dlv_anchor_file", + "server_dlv_anchor", "server_auto_trust_anchor_file", + "server_trust_anchor_file", "server_trusted_keys_file", + "server_trust_anchor", "server_trust_anchor_signaling", + "server_root_key_sentinel", "server_domain_insecure", + "server_hide_identity", "server_hide_version", "server_hide_trustanchor", + "server_identity", "server_version", "server_nsid", "server_so_rcvbuf", + "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", + "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size", + "server_edns_buffer_size", "server_msg_buffer_size", + "server_msg_cache_size", "server_msg_cache_slabs", + "server_num_queries_per_thread", "server_jostle_timeout", + "server_delay_close", "server_udp_connect", "server_unblock_lan_zones", + "server_insecure_lan_zones", "server_rrset_cache_size", + "server_rrset_cache_slabs", "server_infra_host_ttl", + "server_infra_lame_ttl", "server_infra_cache_numhosts", + "server_infra_cache_lame_size", "server_infra_cache_slabs", + "server_infra_cache_min_rtt", "server_infra_keep_probing", + "server_target_fetch_policy", "server_harden_short_bufsize", + "server_harden_large_queries", "server_harden_glue", + "server_harden_dnssec_stripped", "server_harden_below_nxdomain", + "server_harden_referral_path", "server_harden_algo_downgrade", + "server_use_caps_for_id", "server_caps_whitelist", + "server_private_address", "server_private_domain", "server_prefetch", + "server_prefetch_key", "server_deny_any", + "server_unwanted_reply_threshold", "server_do_not_query_address", + "server_do_not_query_localhost", "server_access_control", + "server_module_conf", "server_val_override_date", + "server_val_sig_skew_min", "server_val_sig_skew_max", + "server_cache_max_ttl", "server_cache_max_negative_ttl", + "server_cache_min_ttl", "server_bogus_ttl", + "server_val_clean_additional", "server_val_permissive_mode", + "server_aggressive_nsec", "server_ignore_cd_flag", + "server_serve_expired", "server_serve_expired_ttl", + "server_serve_expired_ttl_reset", "server_serve_expired_reply_ttl", + "server_serve_expired_client_timeout", "server_fake_dsa", + "server_fake_sha1", "server_val_log_level", + "server_val_nsec3_keysize_iterations", "server_add_holddown", + "server_del_holddown", "server_keep_missing", + "server_permit_small_holddown", "server_key_cache_size", + "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", + "server_local_data", "server_local_data_ptr", "server_minimal_responses", + "server_rrset_roundrobin", "server_unknown_server_time_limit", + "server_max_udp_size", "server_dns64_prefix", "server_dns64_synthall", + "server_dns64_ignore_aaaa", "server_define_tag", "server_local_zone_tag", + "server_access_control_tag", "server_access_control_tag_action", + "server_access_control_tag_data", "server_local_zone_override", + "server_access_control_view", "server_response_ip_tag", + "server_ip_ratelimit", "server_ratelimit", "server_ip_ratelimit_size", + "server_ratelimit_size", "server_ip_ratelimit_slabs", + "server_ratelimit_slabs", "server_ratelimit_for_domain", + "server_ratelimit_below_domain", "server_ip_ratelimit_factor", + "server_ratelimit_factor", "server_low_rtt", "server_fast_server_num", + "server_fast_server_permil", "server_qname_minimisation", + "server_qname_minimisation_strict", "server_pad_responses", + "server_pad_responses_block_size", "server_pad_queries", + "server_pad_queries_block_size", "server_ipsecmod_enabled", + "server_ipsecmod_ignore_bogus", "server_ipsecmod_hook", + "server_ipsecmod_max_ttl", "server_ipsecmod_whitelist", + "server_ipsecmod_strict", "server_edns_client_string", + "server_edns_client_string_opcode", "stub_name", "stub_host", + "stub_addr", "stub_first", "stub_no_cache", "stub_ssl_upstream", + "stub_prime", "forward_name", "forward_host", "forward_addr", + "forward_first", "forward_no_cache", "forward_ssl_upstream", "auth_name", + "auth_zonefile", "auth_master", "auth_url", "auth_allow_notify", + "auth_for_downstream", "auth_for_upstream", "auth_fallback_enabled", + "view_name", "view_local_zone", "view_response_ip", + "view_response_ip_data", "view_local_data", "view_local_data_ptr", + "view_first", "rcstart", "contents_rc", "content_rc", + "rc_control_enable", "rc_control_port", "rc_control_interface", + "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", + "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", + "content_dt", "dt_dnstap_enable", "dt_dnstap_bidirectional", + "dt_dnstap_socket_path", "dt_dnstap_ip", "dt_dnstap_tls", + "dt_dnstap_tls_server_name", "dt_dnstap_tls_cert_bundle", + "dt_dnstap_tls_client_key_file", "dt_dnstap_tls_client_cert_file", + "dt_dnstap_send_identity", "dt_dnstap_send_version", + "dt_dnstap_identity", "dt_dnstap_version", + "dt_dnstap_log_resolver_query_messages", + "dt_dnstap_log_resolver_response_messages", + "dt_dnstap_log_client_query_messages", + "dt_dnstap_log_client_response_messages", + "dt_dnstap_log_forwarder_query_messages", + "dt_dnstap_log_forwarder_response_messages", "pythonstart", + "contents_py", "content_py", "py_script", "dynlibstart", "contents_dl", + "content_dl", "dl_file", "server_disable_dnssec_lame_check", + "server_log_identity", "server_response_ip", "server_response_ip_data", + "dnscstart", "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", + "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", + "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_provider_cert_rotated", + "dnsc_dnscrypt_secret_key", "dnsc_dnscrypt_shared_secret_cache_size", + "dnsc_dnscrypt_shared_secret_cache_slabs", + "dnsc_dnscrypt_nonce_cache_size", "dnsc_dnscrypt_nonce_cache_slabs", + "cachedbstart", "contents_cachedb", "content_cachedb", + "cachedb_backend_name", "cachedb_secret_seed", "redis_server_host", + "redis_server_port", "redis_timeout", "redis_expire_records", + "server_tcp_connection_limit", "ipsetstart", "contents_ipset", + "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR +}; + +static const char * +yysymbol_name (yysymbol_kind_t yysymbol) +{ + return yytname[yysymbol]; +} #endif -#define YYINITSTACKSIZE 200 +#ifdef YYPRINT +/* YYTOKNUM[NUM] -- (External) token number corresponding to the + (internal) symbol number NUM (which must be that of a token). */ +static const yytype_int16 yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, + 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562 +}; +#endif + +#define YYPACT_NINF (-295) + +#define yypact_value_is_default(Yyn) \ + ((Yyn) == YYPACT_NINF) + +#define YYTABLE_NINF (-1) + +#define yytable_value_is_error(Yyn) \ + 0 + + /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +static const yytype_int16 yypact[] = +{ + -295, 0, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, 291, -42, -38, -43, -21, -44, -11, -96, + -109, -294, -215, -244, -286, 3, 4, 13, 25, 26, + 27, 30, 31, 32, 33, 34, 35, 37, 38, 39, + 40, 41, 43, 44, 45, 46, 47, 48, 49, 50, + 51, 52, 54, 55, 84, 85, 88, 89, 91, 93, + 94, 95, 96, 98, 99, 100, 101, 103, 104, 105, + 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, + 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 128, 129, 132, 133, 134, 135, 136, 137, + 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, + 148, 149, 150, 151, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, + 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, + 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, + 210, 212, 213, 214, 215, 219, 220, 221, 222, 223, + 224, 225, 227, 228, 230, 231, 233, 234, 236, 238, + 251, 252, 253, 254, 255, 256, 257, 258, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 284, 285, 286, 288, 289, 290, 292, 326, 327, + 328, 329, 333, 334, 335, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, 377, 378, 379, 380, + 381, 382, 383, -295, -295, -295, -295, -295, -295, -295, + -295, 384, 385, 389, 393, 394, 419, -295, -295, -295, + -295, -295, -295, -295, 420, 421, 430, 443, 444, 445, + 446, -295, -295, -295, -295, -295, -295, -295, -295, 447, + 448, 449, 450, 451, 452, 453, 454, -295, -295, -295, + -295, -295, -295, -295, -295, -295, 455, 456, 457, 458, + 459, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, 460, 461, 462, 502, 504, 520, 521, 522, + -295, -295, -295, -295, -295, -295, -295, -295, -295, 523, + 524, 525, 526, 527, 528, 529, 530, 541, 542, 543, + 544, 545, 546, 547, 549, 550, 551, 552, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, 553, -295, + -295, 554, -295, -295, 555, 558, 561, 564, 565, 574, + 575, 576, 578, 579, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, 580, 581, 582, 583, 584, + 585, -295, -295, -295, -295, -295, -295, -295, 589, 590, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, 591, 592, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, 593, + 594, 595, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, 596, 597, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, 598, 599, 600, 601, 602, 603, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + 604, -295, -295, -295, -295, -295, -295, -295, -295, -295, + 605, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, 606, -295, -295, + 607, 608, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, 609, 610, 611, -295, -295, -295, -295, -295, + -295, -295, -295, -295 +}; + + /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ +static const yytype_int16 yydefact[] = +{ + 2, 0, 1, 18, 19, 232, 242, 523, 583, 542, + 251, 597, 620, 261, 636, 277, 588, 3, 17, 21, + 234, 244, 253, 263, 279, 525, 544, 585, 590, 599, + 622, 638, 4, 5, 6, 10, 14, 15, 8, 9, + 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 20, 22, 23, 86, 89, + 98, 199, 200, 24, 160, 161, 162, 163, 164, 165, + 166, 167, 168, 169, 37, 77, 25, 90, 91, 48, + 70, 85, 26, 27, 30, 31, 28, 29, 32, 33, + 34, 35, 36, 121, 211, 122, 124, 125, 126, 213, + 218, 214, 225, 226, 227, 228, 127, 128, 129, 130, + 131, 132, 133, 195, 87, 76, 102, 119, 120, 223, + 220, 123, 38, 39, 40, 41, 42, 78, 92, 93, + 108, 64, 74, 65, 203, 204, 103, 58, 59, 202, + 60, 61, 231, 112, 116, 137, 147, 174, 150, 224, + 113, 71, 43, 44, 45, 100, 138, 139, 140, 141, + 46, 47, 49, 50, 52, 53, 51, 145, 151, 54, + 55, 56, 62, 81, 117, 95, 146, 88, 170, 96, + 97, 114, 115, 221, 101, 57, 79, 82, 63, 66, + 104, 105, 80, 171, 106, 67, 68, 69, 212, 118, + 188, 189, 190, 191, 192, 193, 201, 107, 75, 109, + 110, 111, 172, 72, 73, 94, 83, 84, 99, 134, + 135, 222, 136, 142, 143, 144, 175, 176, 178, 180, + 181, 179, 182, 196, 148, 149, 154, 155, 152, 153, + 156, 157, 159, 158, 215, 217, 216, 173, 183, 184, + 185, 186, 187, 205, 207, 206, 208, 209, 210, 229, + 230, 177, 194, 197, 198, 219, 0, 0, 0, 0, + 0, 0, 0, 233, 235, 236, 237, 239, 240, 241, + 238, 0, 0, 0, 0, 0, 0, 243, 245, 246, + 247, 248, 249, 250, 0, 0, 0, 0, 0, 0, + 0, 252, 254, 255, 258, 259, 256, 260, 257, 0, + 0, 0, 0, 0, 0, 0, 0, 262, 264, 265, + 266, 267, 271, 268, 269, 270, 0, 0, 0, 0, + 0, 282, 286, 287, 288, 289, 278, 280, 281, 283, + 284, 285, 0, 0, 0, 0, 0, 0, 0, 0, + 524, 526, 528, 527, 533, 529, 530, 531, 532, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 543, 545, + 547, 546, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 0, 584, + 586, 0, 589, 591, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 598, 600, 601, 602, 604, 605, + 603, 606, 607, 608, 609, 0, 0, 0, 0, 0, + 0, 621, 623, 624, 625, 626, 627, 628, 0, 0, + 637, 639, 640, 291, 290, 297, 310, 308, 320, 316, + 317, 321, 318, 319, 322, 323, 324, 325, 326, 356, + 357, 358, 359, 360, 386, 387, 388, 394, 395, 313, + 396, 397, 400, 398, 399, 403, 404, 405, 419, 371, + 372, 374, 375, 406, 422, 365, 367, 423, 429, 430, + 431, 314, 385, 447, 448, 366, 442, 349, 309, 361, + 420, 426, 407, 0, 0, 451, 315, 292, 348, 411, + 293, 311, 312, 362, 363, 449, 409, 413, 414, 294, + 452, 389, 418, 350, 370, 424, 425, 428, 441, 364, + 445, 443, 444, 377, 384, 415, 416, 378, 379, 408, + 433, 351, 352, 355, 327, 329, 330, 331, 332, 333, + 340, 341, 342, 343, 344, 345, 346, 453, 454, 456, + 390, 391, 392, 393, 401, 402, 457, 458, 459, 0, + 0, 0, 410, 380, 382, 593, 468, 472, 470, 469, + 473, 471, 0, 0, 476, 477, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 307, 412, 427, 446, 481, + 482, 381, 460, 0, 0, 0, 0, 0, 0, 434, + 435, 436, 437, 438, 439, 440, 594, 373, 368, 432, + 347, 295, 296, 369, 483, 484, 485, 486, 487, 489, + 488, 490, 491, 492, 328, 335, 478, 480, 479, 334, + 0, 354, 417, 455, 353, 383, 336, 337, 339, 338, + 0, 494, 376, 495, 496, 497, 501, 500, 498, 499, + 502, 503, 504, 505, 507, 506, 516, 0, 520, 521, + 0, 0, 522, 508, 514, 509, 510, 511, 513, 515, + 512, 272, 273, 274, 275, 276, 534, 536, 535, 538, + 539, 540, 541, 537, 564, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 565, 575, 576, 577, 578, 579, + 580, 581, 582, 587, 592, 610, 611, 612, 615, 613, + 614, 616, 617, 618, 619, 629, 630, 631, 632, 633, + 634, 641, 642, 421, 450, 467, 595, 596, 474, 475, + 461, 462, 0, 0, 0, 466, 635, 493, 517, 518, + 519, 465, 463, 464 +}; + + /* YYPGOTO[NTERM-NUM]. */ +static const yytype_int16 yypgoto[] = +{ + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, 586, 587, 588, 612, 613, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295, -295, -295, -295, -295, -295, -295, -295, + -295, -295, -295 +}; + + /* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int16 yydefgoto[] = +{ + -1, 1, 17, 18, 19, 32, 255, 20, 33, 473, + 21, 34, 487, 22, 35, 501, 23, 36, 517, 531, + 532, 533, 534, 535, 24, 37, 536, 256, 257, 258, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, + 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, + 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, + 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, + 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, + 459, 460, 474, 475, 476, 477, 478, 479, 480, 488, + 489, 490, 491, 492, 493, 518, 519, 520, 521, 522, + 523, 524, 525, 502, 503, 504, 505, 506, 507, 508, + 25, 38, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 26, 39, 578, 579, 580, 581, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 27, 40, 599, 600, 28, 41, 602, + 603, 461, 462, 463, 464, 29, 42, 614, 615, 616, + 617, 618, 619, 620, 621, 622, 623, 624, 30, 43, + 631, 632, 633, 634, 635, 636, 637, 465, 31, 44, + 640, 641, 642 +}; + + /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule whose + number is the opposite. If YYTABLE_NINF, syntax error. */ +static const yytype_int16 yytable[] = +{ + 2, 509, 494, 466, 598, 467, 468, 481, 638, 639, + 601, 3, 4, 643, 644, 482, 483, 625, 626, 627, + 628, 629, 630, 645, 509, 604, 605, 606, 607, 608, + 609, 610, 611, 612, 613, 646, 647, 648, 495, 496, + 649, 650, 651, 652, 653, 654, 5, 655, 656, 657, + 658, 659, 6, 660, 661, 662, 663, 664, 665, 666, + 667, 668, 669, 497, 670, 671, 469, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 542, 543, 544, 545, + 546, 547, 548, 549, 672, 673, 7, 470, 674, 675, + 484, 676, 485, 677, 678, 679, 680, 471, 681, 682, + 683, 684, 8, 685, 686, 687, 688, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 498, 499, 712, 713, 714, 715, 716, 717, 718, 719, + 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, + 730, 731, 9, 732, 733, 734, 735, 736, 737, 738, + 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, + 500, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, 763, 764, 765, 766, 767, + 768, 769, 770, 771, 772, 773, 774, 775, 776, 777, + 778, 779, 780, 781, 782, 783, 784, 785, 786, 787, + 788, 10, 789, 790, 791, 792, 511, 512, 513, 793, + 794, 795, 796, 797, 798, 799, 516, 800, 801, 11, + 802, 803, 472, 804, 805, 486, 806, 510, 807, 511, + 512, 513, 514, 515, 526, 527, 528, 529, 530, 516, + 12, 808, 809, 810, 811, 812, 813, 814, 815, 13, + 816, 817, 818, 819, 820, 821, 822, 823, 824, 825, + 826, 827, 828, 829, 830, 831, 832, 833, 834, 835, + 836, 837, 838, 14, 839, 840, 841, 15, 842, 843, + 844, 0, 845, 16, 45, 46, 47, 48, 49, 50, + 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, + 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, + 71, 72, 73, 74, 75, 76, 846, 847, 848, 849, + 77, 78, 79, 850, 851, 852, 80, 81, 82, 83, + 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, + 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, + 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, + 114, 115, 116, 117, 118, 119, 120, 853, 854, 855, + 856, 857, 858, 859, 860, 861, 121, 122, 123, 862, + 124, 125, 126, 863, 864, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, + 142, 143, 144, 145, 146, 147, 148, 149, 150, 865, + 866, 867, 151, 152, 153, 154, 155, 156, 157, 158, + 868, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 869, 870, 871, 872, 873, 874, 875, + 876, 877, 878, 879, 880, 881, 882, 883, 884, 885, + 886, 887, 888, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, + 208, 209, 889, 210, 890, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, + 891, 892, 893, 894, 895, 896, 897, 898, 899, 900, + 901, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 902, 903, 904, 905, 906, 907, 908, 236, 909, + 910, 911, 912, 913, 914, 915, 237, 238, 916, 239, + 240, 917, 241, 242, 918, 919, 243, 244, 245, 246, + 247, 248, 249, 250, 920, 921, 922, 251, 923, 924, + 925, 926, 927, 928, 929, 930, 252, 253, 254, 931, + 932, 933, 934, 935, 936, 937, 938, 939, 940, 941, + 942, 943, 944, 945, 946, 947, 948, 949, 950, 951, + 952, 953, 0, 537, 538, 539, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 540, + 541 +}; + +static const yytype_int16 yycheck[] = +{ + 0, 45, 45, 45, 113, 47, 48, 45, 294, 295, + 304, 11, 12, 10, 10, 53, 54, 261, 262, 263, + 264, 265, 266, 10, 45, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 10, 10, 10, 81, 82, + 10, 10, 10, 10, 10, 10, 46, 10, 10, 10, + 10, 10, 52, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 106, 10, 10, 108, 163, 164, 165, + 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 181, 97, 98, 99, 100, + 101, 102, 103, 104, 10, 10, 96, 139, 10, 10, + 138, 10, 140, 10, 10, 10, 10, 149, 10, 10, + 10, 10, 112, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 183, 184, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 162, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 223, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 221, 10, 10, 10, 10, 270, 271, 272, 10, + 10, 10, 10, 10, 10, 10, 280, 10, 10, 239, + 10, 10, 284, 10, 10, 283, 10, 268, 10, 270, + 271, 272, 273, 274, 298, 299, 300, 301, 302, 280, + 260, 10, 10, 10, 10, 10, 10, 10, 10, 269, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 293, 10, 10, 10, 297, 10, 10, + 10, -1, 10, 303, 13, 14, 15, 16, 17, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, + 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, + 39, 40, 41, 42, 43, 44, 10, 10, 10, 10, + 49, 50, 51, 10, 10, 10, 55, 56, 57, 58, + 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, + 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, + 89, 90, 91, 92, 93, 94, 95, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 105, 106, 107, 10, + 109, 110, 111, 10, 10, 114, 115, 116, 117, 118, + 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, + 129, 130, 131, 132, 133, 134, 135, 136, 137, 10, + 10, 10, 141, 142, 143, 144, 145, 146, 147, 148, + 10, 150, 151, 152, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 182, 183, 184, 185, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 220, 10, 222, 10, 224, 225, 226, 227, 228, + 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 10, 10, 10, 10, 10, 10, 10, 267, 10, + 10, 10, 10, 10, 10, 10, 275, 276, 10, 278, + 279, 10, 281, 282, 10, 10, 285, 286, 287, 288, + 289, 290, 291, 292, 10, 10, 10, 296, 10, 10, + 10, 10, 10, 10, 10, 10, 305, 306, 307, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, -1, 37, 37, 37, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 37, + 37 +}; + + /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_int16 yystos[] = +{ + 0, 309, 0, 11, 12, 46, 52, 96, 112, 162, + 221, 239, 260, 269, 293, 297, 303, 310, 311, 312, + 315, 318, 321, 324, 332, 568, 579, 601, 605, 613, + 626, 636, 313, 316, 319, 322, 325, 333, 569, 580, + 602, 606, 614, 627, 637, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 105, 106, 107, 109, 110, 111, 114, 115, 116, + 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, + 137, 141, 142, 143, 144, 145, 146, 147, 148, 150, + 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, + 161, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, + 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, + 222, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 267, 275, 276, 278, + 279, 281, 282, 285, 286, 287, 288, 289, 290, 291, + 292, 296, 305, 306, 307, 314, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, + 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, + 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, + 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, + 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, + 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, + 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, + 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, + 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, + 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, + 539, 609, 610, 611, 612, 635, 45, 47, 48, 108, + 139, 149, 284, 317, 540, 541, 542, 543, 544, 545, + 546, 45, 53, 54, 138, 140, 283, 320, 547, 548, + 549, 550, 551, 552, 45, 81, 82, 106, 183, 184, + 223, 323, 561, 562, 563, 564, 565, 566, 567, 45, + 268, 270, 271, 272, 273, 274, 280, 326, 553, 554, + 555, 556, 557, 558, 559, 560, 298, 299, 300, 301, + 302, 327, 328, 329, 330, 331, 334, 553, 554, 555, + 556, 557, 97, 98, 99, 100, 101, 102, 103, 104, + 570, 571, 572, 573, 574, 575, 576, 577, 578, 163, + 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, + 174, 175, 176, 177, 178, 179, 180, 181, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 113, 603, + 604, 304, 607, 608, 240, 241, 242, 243, 244, 245, + 246, 247, 248, 249, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 261, 262, 263, 264, 265, + 266, 628, 629, 630, 631, 632, 633, 634, 294, 295, + 638, 639, 640, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10 +}; + + /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_int16 yyr1[] = +{ + 0, 308, 309, 309, 310, 310, 310, 310, 310, 310, + 310, 310, 310, 310, 310, 310, 310, 310, 311, 312, + 313, 313, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 314, 314, 314, 314, 314, 314, 314, 314, + 314, 314, 315, 316, 316, 317, 317, 317, 317, 317, + 317, 317, 318, 319, 319, 320, 320, 320, 320, 320, + 320, 321, 322, 322, 323, 323, 323, 323, 323, 323, + 323, 324, 325, 325, 326, 326, 326, 326, 326, 326, + 326, 326, 327, 328, 329, 330, 331, 332, 333, 333, + 334, 334, 334, 334, 334, 334, 334, 334, 334, 334, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 569, 570, 570, 570, 570, + 570, 570, 570, 570, 571, 572, 573, 574, 575, 576, + 577, 578, 579, 580, 580, 581, 581, 581, 581, 581, + 581, 581, 581, 581, 581, 581, 581, 581, 581, 581, + 581, 581, 581, 581, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 602, 603, 604, 605, 606, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 614, + 615, 615, 615, 615, 615, 615, 615, 615, 615, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 627, 628, 628, 628, 628, 628, 628, 629, + 630, 631, 632, 633, 634, 635, 636, 637, 637, 638, + 638, 639, 640 +}; + + /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ +static const yytype_int8 yyr2[] = +{ + 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, + 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, + 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 3, 3, 4, 4, 4, 3, 3, 2, 2, + 2, 2, 2, 2, 3, 3, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, + 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 1, 2, 0, 1, 2, 1, 2, + 0, 1, 2, 2, 2, 3, 3, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 2, + 2, 2, 2, 2, 2, 3, 1, 2, 0, 1, + 1, 2, 2 +}; + + +enum { YYENOMEM = -2 }; + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) + +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +#define YYRECOVERING() (!!yyerrstatus) + +#define YYBACKUP(Token, Value) \ + do \ + if (yychar == YYEMPTY) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + YYPOPSTACK (yylen); \ + yystate = *yyssp; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (0) + +/* Backward compatibility with an undocumented macro. + Use YYerror or YYUNDEF. */ +#define YYERRCODE YYUNDEF + + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +/* This macro is provided for backward compatibility. */ +# ifndef YY_LOCATION_PRINT +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif + + +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Kind, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + + +/*-----------------------------------. +| Print this symbol's value on YYO. | +`-----------------------------------*/ + +static void +yy_symbol_value_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) +{ + FILE *yyoutput = yyo; + YYUSE (yyoutput); + if (!yyvaluep) + return; +# ifdef YYPRINT + if (yykind < YYNTOKENS) + YYPRINT (yyo, yytoknum[yykind], *yyvaluep); +# endif + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END +} + + +/*---------------------------. +| Print this symbol on YYO. | +`---------------------------*/ + +static void +yy_symbol_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) +{ + YYFPRINTF (yyo, "%s %s (", + yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); + + yy_symbol_value_print (yyo, yykind, yyvaluep); + YYFPRINTF (yyo, ")"); +} + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +static void +yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) +{ + YYFPRINTF (stderr, "Stack now"); + for (; yybottom <= yytop; yybottom++) + { + int yybot = *yybottom; + YYFPRINTF (stderr, " %d", yybot); + } + YYFPRINTF (stderr, "\n"); +} + +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) + + +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ + +static void +yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, + int yyrule) +{ + int yylno = yyrline[yyrule]; + int yynrhs = yyr2[yyrule]; + int yyi; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", + yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { + YYFPRINTF (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, + YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), + &yyvsp[(yyi + 1) - (yynrhs)]); + YYFPRINTF (stderr, "\n"); + } +} + +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyssp, yyvsp, Rule); \ +} while (0) + +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) ((void) 0) +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ + + +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). + + Do not make this value too large; the results are undefined if + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ + +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + + + + + + +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +static void +yydestruct (const char *yymsg, + yysymbol_kind_t yykind, YYSTYPE *yyvaluep) +{ + YYUSE (yyvaluep); + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); + + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END +} + + +/* Lookahead token kind. */ +int yychar; + +/* The semantic value of the lookahead symbol. */ +YYSTYPE yylval; +/* Number of syntax errors so far. */ +int yynerrs; + + + + +/*----------. +| yyparse. | +`----------*/ + +int +yyparse (void) +{ + yy_state_fast_t yystate = 0; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus = 0; + + /* Refer to the stacks through separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* Their size. */ + YYPTRDIFF_T yystacksize = YYINITDEPTH; + + /* The state stack: array, bottom, top. */ + yy_state_t yyssa[YYINITDEPTH]; + yy_state_t *yyss = yyssa; + yy_state_t *yyssp = yyss; + + /* The semantic value stack: array, bottom, top. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + YYSTYPE *yyvsp = yyvs; + + int yyn; + /* The return value of yyparse. */ + int yyresult; + /* Lookahead symbol kind. */ + yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + + + +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) + + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + + YYDPRINTF ((stderr, "Starting parse\n")); + + yychar = YYEMPTY; /* Cause a token to be read. */ + goto yysetstate; + + +/*------------------------------------------------------------. +| yynewstate -- push a new state, which is found in yystate. | +`------------------------------------------------------------*/ +yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. So pushing a state here evens the stacks. */ + yyssp++; + + +/*--------------------------------------------------------------------. +| yysetstate -- set current state (the top of the stack) to yystate. | +`--------------------------------------------------------------------*/ +yysetstate: + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + YY_ASSERT (0 <= yystate && yystate < YYNSTATES); + YY_IGNORE_USELESS_CAST_BEGIN + *yyssp = YY_CAST (yy_state_t, yystate); + YY_IGNORE_USELESS_CAST_END + YY_STACK_PRINT (yyss, yyssp); + + if (yyss + yystacksize - 1 <= yyssp) +#if !defined yyoverflow && !defined YYSTACK_RELOCATE + goto yyexhaustedlab; +#else + { + /* Get the current used size of the three stacks, in elements. */ + YYPTRDIFF_T yysize = yyssp - yyss + 1; + +# if defined yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + yy_state_t *yyss1 = yyss; + YYSTYPE *yyvs1 = yyvs; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * YYSIZEOF (*yyssp), + &yyvs1, yysize * YYSIZEOF (*yyvsp), + &yystacksize); + yyss = yyss1; + yyvs = yyvs1; + } +# else /* defined YYSTACK_RELOCATE */ + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) + goto yyexhaustedlab; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) + yystacksize = YYMAXDEPTH; + + { + yy_state_t *yyss1 = yyss; + union yyalloc *yyptr = + YY_CAST (union yyalloc *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + + YY_IGNORE_USELESS_CAST_BEGIN + YYDPRINTF ((stderr, "Stack size increased to %ld\n", + YY_CAST (long, yystacksize))); + YY_IGNORE_USELESS_CAST_END + + if (yyss + yystacksize - 1 <= yyssp) + YYABORT; + } +#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ + + if (yystate == YYFINAL) + YYACCEPT; + + goto yybackup; + + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: + /* Do appropriate processing given the current state. Read a + lookahead token if we need one and don't already have one. */ + + /* First try to decide what to do without reference to lookahead token. */ + yyn = yypact[yystate]; + if (yypact_value_is_default (yyn)) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token\n")); + yychar = yylex (); + } + + if (yychar <= YYEOF) + { + yychar = YYEOF; + yytoken = YYSYMBOL_YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } + else if (yychar == YYerror) + { + /* The scanner already issued an error message, process directly + to error recovery. But do not keep the error token as + lookahead, it is too special and may lead us to an endless + loop in error recovery. */ + yychar = YYUNDEF; + yytoken = YYSYMBOL_YYerror; + goto yyerrlab1; + } + else + { + yytoken = YYTRANSLATE (yychar); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); + } + + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + goto yydefault; + yyn = yytable[yyn]; + if (yyn <= 0) + { + if (yytable_value_is_error (yyn)) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + + /* Shift the lookahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + yystate = yyn; + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END + + /* Discard the shifted token. */ + yychar = YYEMPTY; + goto yynewstate; + + +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; + + +/*-----------------------------. +| yyreduce -- do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + '$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + + + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 18: /* force_toplevel: VAR_FORCE_TOPLEVEL */ +#line 197 "./util/configparser.y" + { + OUTYY(("\nP(force-toplevel)\n")); + } +#line 2690 "util/configparser.c" + break; + + case 19: /* serverstart: VAR_SERVER */ +#line 203 "./util/configparser.y" + { + OUTYY(("\nP(server:)\n")); + } +#line 2698 "util/configparser.c" + break; + + case 232: /* stubstart: VAR_STUB_ZONE */ +#line 304 "./util/configparser.y" + { + struct config_stub* s; + OUTYY(("\nP(stub_zone:)\n")); + s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); + if(s) { + s->next = cfg_parser->cfg->stubs; + cfg_parser->cfg->stubs = s; + } else + yyerror("out of memory"); + } +#line 2713 "util/configparser.c" + break; + + case 242: /* forwardstart: VAR_FORWARD_ZONE */ +#line 321 "./util/configparser.y" + { + struct config_stub* s; + OUTYY(("\nP(forward_zone:)\n")); + s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); + if(s) { + s->next = cfg_parser->cfg->forwards; + cfg_parser->cfg->forwards = s; + } else + yyerror("out of memory"); + } +#line 2728 "util/configparser.c" + break; + + case 251: /* viewstart: VAR_VIEW */ +#line 338 "./util/configparser.y" + { + struct config_view* s; + OUTYY(("\nP(view:)\n")); + s = (struct config_view*)calloc(1, sizeof(struct config_view)); + if(s) { + s->next = cfg_parser->cfg->views; + if(s->next && !s->next->name) + yyerror("view without name"); + cfg_parser->cfg->views = s; + } else + yyerror("out of memory"); + } +#line 2745 "util/configparser.c" + break; + + case 261: /* authstart: VAR_AUTH_ZONE */ +#line 357 "./util/configparser.y" + { + struct config_auth* s; + OUTYY(("\nP(auth_zone:)\n")); + s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); + if(s) { + s->next = cfg_parser->cfg->auths; + cfg_parser->cfg->auths = s; + /* defaults for auth zone */ + s->for_downstream = 1; + s->for_upstream = 1; + s->fallback_enabled = 0; + s->isrpz = 0; + } else + yyerror("out of memory"); + } +#line 2765 "util/configparser.c" + break; + + case 272: /* rpz_tag: VAR_TAGS STRING_ARG */ +#line 381 "./util/configparser.y" + { + uint8_t* bitlist; + size_t len = 0; + OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[0].str))); + bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + if(!bitlist) { + yyerror("could not parse tags, (define-tag them first)"); + } + if(bitlist) { + cfg_parser->cfg->auths->rpz_taglist = bitlist; + cfg_parser->cfg->auths->rpz_taglistlen = len; + + } + } +#line 2786 "util/configparser.c" + break; + + case 273: /* rpz_action_override: VAR_RPZ_ACTION_OVERRIDE STRING_ARG */ +#line 400 "./util/configparser.y" + { + OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && + strcmp((yyvsp[0].str), "passthru")!=0 && strcmp((yyvsp[0].str), "drop")!=0 && + strcmp((yyvsp[0].str), "cname")!=0 && strcmp((yyvsp[0].str), "disabled")!=0) { + yyerror("rpz-action-override action: expected nxdomain, " + "nodata, passthru, drop, cname or disabled"); + free((yyvsp[0].str)); + cfg_parser->cfg->auths->rpz_action_override = NULL; + } + else { + cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); + } + } +#line 2805 "util/configparser.c" + break; + + case 274: /* rpz_cname_override: VAR_RPZ_CNAME_OVERRIDE STRING_ARG */ +#line 417 "./util/configparser.y" + { + OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->auths->rpz_cname); + cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); + } +#line 2815 "util/configparser.c" + break; + + case 275: /* rpz_log: VAR_RPZ_LOG STRING_ARG */ +#line 425 "./util/configparser.y" + { + OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2827 "util/configparser.c" + break; + + case 276: /* rpz_log_name: VAR_RPZ_LOG_NAME STRING_ARG */ +#line 435 "./util/configparser.y" + { + OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->auths->rpz_log_name); + cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); + } +#line 2837 "util/configparser.c" + break; + + case 277: /* rpzstart: VAR_RPZ */ +#line 443 "./util/configparser.y" + { + struct config_auth* s; + OUTYY(("\nP(rpz:)\n")); + s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); + if(s) { + s->next = cfg_parser->cfg->auths; + cfg_parser->cfg->auths = s; + /* defaults for RPZ auth zone */ + s->for_downstream = 0; + s->for_upstream = 0; + s->fallback_enabled = 0; + s->isrpz = 1; + } else + yyerror("out of memory"); + } +#line 2857 "util/configparser.c" + break; + + case 290: /* server_num_threads: VAR_NUM_THREADS STRING_ARG */ +#line 466 "./util/configparser.y" + { + OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 2869 "util/configparser.c" + break; + + case 291: /* server_verbosity: VAR_VERBOSITY STRING_ARG */ +#line 475 "./util/configparser.y" + { + OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 2881 "util/configparser.c" + break; + + case 292: /* server_statistics_interval: VAR_STATISTICS_INTERVAL STRING_ARG */ +#line 484 "./util/configparser.y" + { + OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) + cfg_parser->cfg->stat_interval = 0; + else if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 2895 "util/configparser.c" + break; + + case 293: /* server_statistics_cumulative: VAR_STATISTICS_CUMULATIVE STRING_ARG */ +#line 495 "./util/configparser.y" + { + OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2907 "util/configparser.c" + break; + + case 294: /* server_extended_statistics: VAR_EXTENDED_STATISTICS STRING_ARG */ +#line 504 "./util/configparser.y" + { + OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2919 "util/configparser.c" + break; + + case 295: /* server_shm_enable: VAR_SHM_ENABLE STRING_ARG */ +#line 513 "./util/configparser.y" + { + OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 2931 "util/configparser.c" + break; + + case 296: /* server_shm_key: VAR_SHM_KEY STRING_ARG */ +#line 522 "./util/configparser.y" + { + OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) + cfg_parser->cfg->shm_key = 0; + else if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 2945 "util/configparser.c" + break; + + case 297: /* server_port: VAR_PORT STRING_ARG */ +#line 533 "./util/configparser.y" + { + OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 2957 "util/configparser.c" + break; + + case 298: /* server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG */ +#line 542 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[0].str))) + fatal_exit("out of memory adding client-subnet"); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 2972 "util/configparser.c" + break; + + case 299: /* server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG */ +#line 554 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone, + (yyvsp[0].str))) + fatal_exit("out of memory adding client-subnet-zone"); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 2988 "util/configparser.c" + break; + + case 300: /* server_client_subnet_always_forward: VAR_CLIENT_SUBNET_ALWAYS_FORWARD STRING_ARG */ +#line 568 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->client_subnet_always_forward = + (strcmp((yyvsp[0].str), "yes")==0); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3006 "util/configparser.c" + break; + + case 301: /* server_client_subnet_opcode: VAR_CLIENT_SUBNET_OPCODE STRING_ARG */ +#line 583 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); + OUTYY(("P(Deprecated option, ignoring)\n")); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3020 "util/configparser.c" + break; + + case 302: /* server_max_client_subnet_ipv4: VAR_MAX_CLIENT_SUBNET_IPV4 STRING_ARG */ +#line 594 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("IPv4 subnet length expected"); + else if (atoi((yyvsp[0].str)) > 32) + cfg_parser->cfg->max_client_subnet_ipv4 = 32; + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->max_client_subnet_ipv4 = 0; + else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3040 "util/configparser.c" + break; + + case 303: /* server_max_client_subnet_ipv6: VAR_MAX_CLIENT_SUBNET_IPV6 STRING_ARG */ +#line 611 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("Ipv6 subnet length expected"); + else if (atoi((yyvsp[0].str)) > 128) + cfg_parser->cfg->max_client_subnet_ipv6 = 128; + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->max_client_subnet_ipv6 = 0; + else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3060 "util/configparser.c" + break; + + case 304: /* server_min_client_subnet_ipv4: VAR_MIN_CLIENT_SUBNET_IPV4 STRING_ARG */ +#line 628 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("IPv4 subnet length expected"); + else if (atoi((yyvsp[0].str)) > 32) + cfg_parser->cfg->min_client_subnet_ipv4 = 32; + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->min_client_subnet_ipv4 = 0; + else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3080 "util/configparser.c" + break; + + case 305: /* server_min_client_subnet_ipv6: VAR_MIN_CLIENT_SUBNET_IPV6 STRING_ARG */ +#line 645 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("Ipv6 subnet length expected"); + else if (atoi((yyvsp[0].str)) > 128) + cfg_parser->cfg->min_client_subnet_ipv6 = 128; + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->min_client_subnet_ipv6 = 0; + else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3100 "util/configparser.c" + break; + + case 306: /* server_max_ecs_tree_size_ipv4: VAR_MAX_ECS_TREE_SIZE_IPV4 STRING_ARG */ +#line 662 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("IPv4 ECS tree size expected"); + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0; + else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3118 "util/configparser.c" + break; + + case 307: /* server_max_ecs_tree_size_ipv6: VAR_MAX_ECS_TREE_SIZE_IPV6 STRING_ARG */ +#line 677 "./util/configparser.y" + { + #ifdef CLIENT_SUBNET + OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("IPv6 ECS tree size expected"); + else if (atoi((yyvsp[0].str)) < 0) + cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0; + else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 3136 "util/configparser.c" + break; + + case 308: /* server_interface: VAR_INTERFACE STRING_ARG */ +#line 692 "./util/configparser.y" + { + OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->num_ifs == 0) + cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); + else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, + (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); + if(!cfg_parser->cfg->ifs) + yyerror("out of memory"); + else + cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); + } +#line 3152 "util/configparser.c" + break; + + case 309: /* server_outgoing_interface: VAR_OUTGOING_INTERFACE STRING_ARG */ +#line 705 "./util/configparser.y" + { + OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->num_out_ifs == 0) + cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); + else cfg_parser->cfg->out_ifs = realloc( + cfg_parser->cfg->out_ifs, + (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); + if(!cfg_parser->cfg->out_ifs) + yyerror("out of memory"); + else + cfg_parser->cfg->out_ifs[ + cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); + } +#line 3170 "util/configparser.c" + break; + + case 310: /* server_outgoing_range: VAR_OUTGOING_RANGE STRING_ARG */ +#line 720 "./util/configparser.y" + { + OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3182 "util/configparser.c" + break; + + case 311: /* server_outgoing_port_permit: VAR_OUTGOING_PORT_PERMIT STRING_ARG */ +#line 729 "./util/configparser.y" + { + OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); + if(!cfg_mark_ports((yyvsp[0].str), 1, + cfg_parser->cfg->outgoing_avail_ports, 65536)) + yyerror("port number or range (\"low-high\") expected"); + free((yyvsp[0].str)); + } +#line 3194 "util/configparser.c" + break; + + case 312: /* server_outgoing_port_avoid: VAR_OUTGOING_PORT_AVOID STRING_ARG */ +#line 738 "./util/configparser.y" + { + OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); + if(!cfg_mark_ports((yyvsp[0].str), 0, + cfg_parser->cfg->outgoing_avail_ports, 65536)) + yyerror("port number or range (\"low-high\") expected"); + free((yyvsp[0].str)); + } +#line 3206 "util/configparser.c" + break; + + case 313: /* server_outgoing_num_tcp: VAR_OUTGOING_NUM_TCP STRING_ARG */ +#line 747 "./util/configparser.y" + { + OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3218 "util/configparser.c" + break; + + case 314: /* server_incoming_num_tcp: VAR_INCOMING_NUM_TCP STRING_ARG */ +#line 756 "./util/configparser.y" + { + OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3230 "util/configparser.c" + break; + + case 315: /* server_interface_automatic: VAR_INTERFACE_AUTOMATIC STRING_ARG */ +#line 765 "./util/configparser.y" + { + OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3242 "util/configparser.c" + break; + + case 316: /* server_do_ip4: VAR_DO_IP4 STRING_ARG */ +#line 774 "./util/configparser.y" + { + OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3254 "util/configparser.c" + break; + + case 317: /* server_do_ip6: VAR_DO_IP6 STRING_ARG */ +#line 783 "./util/configparser.y" + { + OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3266 "util/configparser.c" + break; + + case 318: /* server_do_udp: VAR_DO_UDP STRING_ARG */ +#line 792 "./util/configparser.y" + { + OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3278 "util/configparser.c" + break; + + case 319: /* server_do_tcp: VAR_DO_TCP STRING_ARG */ +#line 801 "./util/configparser.y" + { + OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3290 "util/configparser.c" + break; + + case 320: /* server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG */ +#line 810 "./util/configparser.y" + { + OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3302 "util/configparser.c" + break; + + case 321: /* server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG */ +#line 819 "./util/configparser.y" + { + OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3314 "util/configparser.c" + break; + + case 322: /* server_tcp_mss: VAR_TCP_MSS STRING_ARG */ +#line 828 "./util/configparser.y" + { + OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3326 "util/configparser.c" + break; + + case 323: /* server_outgoing_tcp_mss: VAR_OUTGOING_TCP_MSS STRING_ARG */ +#line 837 "./util/configparser.y" + { + OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3338 "util/configparser.c" + break; + + case 324: /* server_tcp_idle_timeout: VAR_TCP_IDLE_TIMEOUT STRING_ARG */ +#line 846 "./util/configparser.y" + { + OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) > 120000) + cfg_parser->cfg->tcp_idle_timeout = 120000; + else if (atoi((yyvsp[0].str)) < 1) + cfg_parser->cfg->tcp_idle_timeout = 1; + else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3354 "util/configparser.c" + break; + + case 325: /* server_tcp_keepalive: VAR_EDNS_TCP_KEEPALIVE STRING_ARG */ +#line 859 "./util/configparser.y" + { + OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3366 "util/configparser.c" + break; + + case 326: /* server_tcp_keepalive_timeout: VAR_EDNS_TCP_KEEPALIVE_TIMEOUT STRING_ARG */ +#line 868 "./util/configparser.y" + { + OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) > 6553500) + cfg_parser->cfg->tcp_keepalive_timeout = 6553500; + else if (atoi((yyvsp[0].str)) < 1) + cfg_parser->cfg->tcp_keepalive_timeout = 0; + else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3382 "util/configparser.c" + break; + + case 327: /* server_tcp_upstream: VAR_TCP_UPSTREAM STRING_ARG */ +#line 881 "./util/configparser.y" + { + OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3394 "util/configparser.c" + break; + + case 328: /* server_udp_upstream_without_downstream: VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM STRING_ARG */ +#line 890 "./util/configparser.y" + { + OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3406 "util/configparser.c" + break; + + case 329: /* server_ssl_upstream: VAR_SSL_UPSTREAM STRING_ARG */ +#line 899 "./util/configparser.y" + { + OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3418 "util/configparser.c" + break; + + case 330: /* server_ssl_service_key: VAR_SSL_SERVICE_KEY STRING_ARG */ +#line 908 "./util/configparser.y" + { + OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->ssl_service_key); + cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); + } +#line 3428 "util/configparser.c" + break; + + case 331: /* server_ssl_service_pem: VAR_SSL_SERVICE_PEM STRING_ARG */ +#line 915 "./util/configparser.y" + { + OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->ssl_service_pem); + cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); + } +#line 3438 "util/configparser.c" + break; + + case 332: /* server_ssl_port: VAR_SSL_PORT STRING_ARG */ +#line 922 "./util/configparser.y" + { + OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3450 "util/configparser.c" + break; + + case 333: /* server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG */ +#line 931 "./util/configparser.y" + { + OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->tls_cert_bundle); + cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); + } +#line 3460 "util/configparser.c" + break; + + case 334: /* server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG */ +#line 938 "./util/configparser.y" + { + OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3472 "util/configparser.c" + break; + + case 335: /* server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG */ +#line 947 "./util/configparser.y" + { + OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, + (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3483 "util/configparser.c" + break; + + case 336: /* server_tls_ciphers: VAR_TLS_CIPHERS STRING_ARG */ +#line 955 "./util/configparser.y" + { + OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->tls_ciphers); + cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); + } +#line 3493 "util/configparser.c" + break; + + case 337: /* server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG */ +#line 962 "./util/configparser.y" + { + OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->tls_ciphersuites); + cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); + } +#line 3503 "util/configparser.c" + break; + + case 338: /* server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG */ +#line 969 "./util/configparser.y" + { + OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, + (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3514 "util/configparser.c" + break; + + case 339: /* server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG */ +#line 977 "./util/configparser.y" + { + OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3526 "util/configparser.c" + break; + + case 340: /* server_https_port: VAR_HTTPS_PORT STRING_ARG */ +#line 986 "./util/configparser.y" + { + OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->https_port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3538 "util/configparser.c" + break; + + case 341: /* server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG */ +#line 994 "./util/configparser.y" + { + OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->http_endpoint); + if((yyvsp[0].str) && (yyvsp[0].str)[0] != '/') { + cfg_parser->cfg->http_endpoint = malloc(strlen((yyvsp[0].str))+2); + if(!cfg_parser->cfg->http_endpoint) + yyerror("out of memory"); + cfg_parser->cfg->http_endpoint[0] = '/'; + memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str), + strlen((yyvsp[0].str))+1); + free((yyvsp[0].str)); + } else { + cfg_parser->cfg->http_endpoint = (yyvsp[0].str); + } + } +#line 3558 "util/configparser.c" + break; + + case 342: /* server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG */ +#line 1010 "./util/configparser.y" + { + OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3570 "util/configparser.c" + break; + + case 343: /* server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG */ +#line 1018 "./util/configparser.y" + { + OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), + &cfg_parser->cfg->http_query_buffer_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 3582 "util/configparser.c" + break; + + case 344: /* server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG */ +#line 1026 "./util/configparser.y" + { + OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), + &cfg_parser->cfg->http_response_buffer_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 3594 "util/configparser.c" + break; + + case 345: /* server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG */ +#line 1034 "./util/configparser.y" + { + OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3606 "util/configparser.c" + break; + + case 346: /* server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG */ +#line 1042 "./util/configparser.y" + { + OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3618 "util/configparser.c" + break; + + case 347: /* server_use_systemd: VAR_USE_SYSTEMD STRING_ARG */ +#line 1050 "./util/configparser.y" + { + OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3630 "util/configparser.c" + break; + + case 348: /* server_do_daemonize: VAR_DO_DAEMONIZE STRING_ARG */ +#line 1059 "./util/configparser.y" + { + OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3642 "util/configparser.c" + break; + + case 349: /* server_use_syslog: VAR_USE_SYSLOG STRING_ARG */ +#line 1068 "./util/configparser.y" + { + OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->use_syslog = (strcmp((yyvsp[0].str), "yes")==0); +#if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) + if(strcmp((yyvsp[0].str), "yes") == 0) + yyerror("no syslog services are available. " + "(reconfigure and compile to add)"); +#endif + free((yyvsp[0].str)); + } +#line 3659 "util/configparser.c" + break; + + case 350: /* server_log_time_ascii: VAR_LOG_TIME_ASCII STRING_ARG */ +#line 1082 "./util/configparser.y" + { + OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3671 "util/configparser.c" + break; + + case 351: /* server_log_queries: VAR_LOG_QUERIES STRING_ARG */ +#line 1091 "./util/configparser.y" + { + OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3683 "util/configparser.c" + break; + + case 352: /* server_log_replies: VAR_LOG_REPLIES STRING_ARG */ +#line 1100 "./util/configparser.y" + { + OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3695 "util/configparser.c" + break; + + case 353: /* server_log_tag_queryreply: VAR_LOG_TAG_QUERYREPLY STRING_ARG */ +#line 1109 "./util/configparser.y" + { + OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3707 "util/configparser.c" + break; + + case 354: /* server_log_servfail: VAR_LOG_SERVFAIL STRING_ARG */ +#line 1118 "./util/configparser.y" + { + OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3719 "util/configparser.c" + break; + + case 355: /* server_log_local_actions: VAR_LOG_LOCAL_ACTIONS STRING_ARG */ +#line 1127 "./util/configparser.y" + { + OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3731 "util/configparser.c" + break; + + case 356: /* server_chroot: VAR_CHROOT STRING_ARG */ +#line 1136 "./util/configparser.y" + { + OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->chrootdir); + cfg_parser->cfg->chrootdir = (yyvsp[0].str); + } +#line 3741 "util/configparser.c" + break; + + case 357: /* server_username: VAR_USERNAME STRING_ARG */ +#line 1143 "./util/configparser.y" + { + OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->username); + cfg_parser->cfg->username = (yyvsp[0].str); + } +#line 3751 "util/configparser.c" + break; + + case 358: /* server_directory: VAR_DIRECTORY STRING_ARG */ +#line 1150 "./util/configparser.y" + { + OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->directory); + cfg_parser->cfg->directory = (yyvsp[0].str); + /* change there right away for includes relative to this */ + if((yyvsp[0].str)[0]) { + char* d; +#ifdef UB_ON_WINDOWS + w_config_adjust_directory(cfg_parser->cfg); +#endif + d = cfg_parser->cfg->directory; + /* adjust directory if we have already chroot, + * like, we reread after sighup */ + if(cfg_parser->chroot && cfg_parser->chroot[0] && + strncmp(d, cfg_parser->chroot, strlen( + cfg_parser->chroot)) == 0) + d += strlen(cfg_parser->chroot); + if(d[0]) { + if(chdir(d)) + log_err("cannot chdir to directory: %s (%s)", + d, strerror(errno)); + } + } + } +#line 3780 "util/configparser.c" + break; + + case 359: /* server_logfile: VAR_LOGFILE STRING_ARG */ +#line 1176 "./util/configparser.y" + { + OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->logfile); + cfg_parser->cfg->logfile = (yyvsp[0].str); + cfg_parser->cfg->use_syslog = 0; + } +#line 3791 "util/configparser.c" + break; + + case 360: /* server_pidfile: VAR_PIDFILE STRING_ARG */ +#line 1184 "./util/configparser.y" + { + OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->pidfile); + cfg_parser->cfg->pidfile = (yyvsp[0].str); + } +#line 3801 "util/configparser.c" + break; + + case 361: /* server_root_hints: VAR_ROOT_HINTS STRING_ARG */ +#line 1191 "./util/configparser.y" + { + OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3811 "util/configparser.c" + break; + + case 362: /* server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG */ +#line 1198 "./util/configparser.y" + { + OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); + log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); + free((yyvsp[0].str)); + } +#line 3821 "util/configparser.c" + break; + + case 363: /* server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG */ +#line 1205 "./util/configparser.y" + { + OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); + log_warn("option dlv-anchor ignored: DLV is decommissioned"); + free((yyvsp[0].str)); + } +#line 3831 "util/configparser.c" + break; + + case 364: /* server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG */ +#line 1212 "./util/configparser.y" + { + OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg-> + auto_trust_anchor_file_list, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3842 "util/configparser.c" + break; + + case 365: /* server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING_ARG */ +#line 1220 "./util/configparser.y" + { + OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg-> + trust_anchor_file_list, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3853 "util/configparser.c" + break; + + case 366: /* server_trusted_keys_file: VAR_TRUSTED_KEYS_FILE STRING_ARG */ +#line 1228 "./util/configparser.y" + { + OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg-> + trusted_keys_file_list, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3864 "util/configparser.c" + break; + + case 367: /* server_trust_anchor: VAR_TRUST_ANCHOR STRING_ARG */ +#line 1236 "./util/configparser.y" + { + OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3874 "util/configparser.c" + break; + + case 368: /* server_trust_anchor_signaling: VAR_TRUST_ANCHOR_SIGNALING STRING_ARG */ +#line 1243 "./util/configparser.y" + { + OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->trust_anchor_signaling = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3888 "util/configparser.c" + break; + + case 369: /* server_root_key_sentinel: VAR_ROOT_KEY_SENTINEL STRING_ARG */ +#line 1254 "./util/configparser.y" + { + OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->root_key_sentinel = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3902 "util/configparser.c" + break; + + case 370: /* server_domain_insecure: VAR_DOMAIN_INSECURE STRING_ARG */ +#line 1265 "./util/configparser.y" + { + OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 3912 "util/configparser.c" + break; + + case 371: /* server_hide_identity: VAR_HIDE_IDENTITY STRING_ARG */ +#line 1272 "./util/configparser.y" + { + OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3924 "util/configparser.c" + break; + + case 372: /* server_hide_version: VAR_HIDE_VERSION STRING_ARG */ +#line 1281 "./util/configparser.y" + { + OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3936 "util/configparser.c" + break; + + case 373: /* server_hide_trustanchor: VAR_HIDE_TRUSTANCHOR STRING_ARG */ +#line 1290 "./util/configparser.y" + { + OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3948 "util/configparser.c" + break; + + case 374: /* server_identity: VAR_IDENTITY STRING_ARG */ +#line 1299 "./util/configparser.y" + { + OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->identity); + cfg_parser->cfg->identity = (yyvsp[0].str); + } +#line 3958 "util/configparser.c" + break; + + case 375: /* server_version: VAR_VERSION STRING_ARG */ +#line 1306 "./util/configparser.y" + { + OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->version); + cfg_parser->cfg->version = (yyvsp[0].str); + } +#line 3968 "util/configparser.c" + break; + + case 376: /* server_nsid: VAR_NSID STRING_ARG */ +#line 1313 "./util/configparser.y" + { + OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->nsid_cfg_str); + cfg_parser->cfg->nsid_cfg_str = (yyvsp[0].str); + free(cfg_parser->cfg->nsid); + cfg_parser->cfg->nsid = NULL; + cfg_parser->cfg->nsid_len = 0; + if (*(yyvsp[0].str) == 0) + ; /* pass; empty string is not setting nsid */ + else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( + (yyvsp[0].str), &cfg_parser->cfg->nsid_len))) + yyerror("the NSID must be either a hex string or an " + "ascii character string prepended with ascii_."); + } +#line 3987 "util/configparser.c" + break; + + case 377: /* server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG */ +#line 1329 "./util/configparser.y" + { + OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) + yyerror("buffer size expected"); + free((yyvsp[0].str)); + } +#line 3998 "util/configparser.c" + break; + + case 378: /* server_so_sndbuf: VAR_SO_SNDBUF STRING_ARG */ +#line 1337 "./util/configparser.y" + { + OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) + yyerror("buffer size expected"); + free((yyvsp[0].str)); + } +#line 4009 "util/configparser.c" + break; + + case 379: /* server_so_reuseport: VAR_SO_REUSEPORT STRING_ARG */ +#line 1345 "./util/configparser.y" + { + OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->so_reuseport = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4022 "util/configparser.c" + break; + + case 380: /* server_ip_transparent: VAR_IP_TRANSPARENT STRING_ARG */ +#line 1355 "./util/configparser.y" + { + OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ip_transparent = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4035 "util/configparser.c" + break; + + case 381: /* server_ip_freebind: VAR_IP_FREEBIND STRING_ARG */ +#line 1365 "./util/configparser.y" + { + OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ip_freebind = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4048 "util/configparser.c" + break; + + case 382: /* server_ip_dscp: VAR_IP_DSCP STRING_ARG */ +#line 1375 "./util/configparser.y" + { + OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) > 63) + yyerror("value too large (max 63)"); + else if (atoi((yyvsp[0].str)) < 0) + yyerror("value too small (min 0)"); + else + cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4065 "util/configparser.c" + break; + + case 383: /* server_stream_wait_size: VAR_STREAM_WAIT_SIZE STRING_ARG */ +#line 1389 "./util/configparser.y" + { + OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 4076 "util/configparser.c" + break; + + case 384: /* server_edns_buffer_size: VAR_EDNS_BUFFER_SIZE STRING_ARG */ +#line 1397 "./util/configparser.y" + { + OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) < 12) + yyerror("edns buffer size too small"); + else if (atoi((yyvsp[0].str)) > 65535) + cfg_parser->cfg->edns_buffer_size = 65535; + else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4092 "util/configparser.c" + break; + + case 385: /* server_msg_buffer_size: VAR_MSG_BUFFER_SIZE STRING_ARG */ +#line 1410 "./util/configparser.y" + { + OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else if (atoi((yyvsp[0].str)) < 4096) + yyerror("message buffer size too small (use 4096)"); + else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4106 "util/configparser.c" + break; + + case 386: /* server_msg_cache_size: VAR_MSG_CACHE_SIZE STRING_ARG */ +#line 1421 "./util/configparser.y" + { + OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 4117 "util/configparser.c" + break; + + case 387: /* server_msg_cache_slabs: VAR_MSG_CACHE_SLABS STRING_ARG */ +#line 1429 "./util/configparser.y" + { + OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->msg_cache_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 4133 "util/configparser.c" + break; + + case 388: /* server_num_queries_per_thread: VAR_NUM_QUERIES_PER_THREAD STRING_ARG */ +#line 1442 "./util/configparser.y" + { + OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4145 "util/configparser.c" + break; + + case 389: /* server_jostle_timeout: VAR_JOSTLE_TIMEOUT STRING_ARG */ +#line 1451 "./util/configparser.y" + { + OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4157 "util/configparser.c" + break; + + case 390: /* server_delay_close: VAR_DELAY_CLOSE STRING_ARG */ +#line 1460 "./util/configparser.y" + { + OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4169 "util/configparser.c" + break; + + case 391: /* server_udp_connect: VAR_UDP_CONNECT STRING_ARG */ +#line 1469 "./util/configparser.y" + { + OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4181 "util/configparser.c" + break; + + case 392: /* server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG */ +#line 1478 "./util/configparser.y" + { + OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->unblock_lan_zones = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4194 "util/configparser.c" + break; + + case 393: /* server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG */ +#line 1488 "./util/configparser.y" + { + OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->insecure_lan_zones = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4207 "util/configparser.c" + break; + + case 394: /* server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG */ +#line 1498 "./util/configparser.y" + { + OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 4218 "util/configparser.c" + break; + + case 395: /* server_rrset_cache_slabs: VAR_RRSET_CACHE_SLABS STRING_ARG */ +#line 1506 "./util/configparser.y" + { + OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->rrset_cache_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 4234 "util/configparser.c" + break; + + case 396: /* server_infra_host_ttl: VAR_INFRA_HOST_TTL STRING_ARG */ +#line 1519 "./util/configparser.y" + { + OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4246 "util/configparser.c" + break; + + case 397: /* server_infra_lame_ttl: VAR_INFRA_LAME_TTL STRING_ARG */ +#line 1528 "./util/configparser.y" + { + OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); + verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " + "removed, use infra-host-ttl)", (yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4257 "util/configparser.c" + break; + + case 398: /* server_infra_cache_numhosts: VAR_INFRA_CACHE_NUMHOSTS STRING_ARG */ +#line 1536 "./util/configparser.y" + { + OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4269 "util/configparser.c" + break; + + case 399: /* server_infra_cache_lame_size: VAR_INFRA_CACHE_LAME_SIZE STRING_ARG */ +#line 1545 "./util/configparser.y" + { + OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); + verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " + "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4280 "util/configparser.c" + break; + + case 400: /* server_infra_cache_slabs: VAR_INFRA_CACHE_SLABS STRING_ARG */ +#line 1553 "./util/configparser.y" + { + OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->infra_cache_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 4296 "util/configparser.c" + break; + + case 401: /* server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG */ +#line 1566 "./util/configparser.y" + { + OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4308 "util/configparser.c" + break; + + case 402: /* server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG */ +#line 1575 "./util/configparser.y" + { + OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->infra_keep_probing = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4321 "util/configparser.c" + break; + + case 403: /* server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG */ +#line 1585 "./util/configparser.y" + { + OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->target_fetch_policy); + cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); + } +#line 4331 "util/configparser.c" + break; + + case 404: /* server_harden_short_bufsize: VAR_HARDEN_SHORT_BUFSIZE STRING_ARG */ +#line 1592 "./util/configparser.y" + { + OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_short_bufsize = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4344 "util/configparser.c" + break; + + case 405: /* server_harden_large_queries: VAR_HARDEN_LARGE_QUERIES STRING_ARG */ +#line 1602 "./util/configparser.y" + { + OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_large_queries = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4357 "util/configparser.c" + break; + + case 406: /* server_harden_glue: VAR_HARDEN_GLUE STRING_ARG */ +#line 1612 "./util/configparser.y" + { + OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_glue = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4370 "util/configparser.c" + break; + + case 407: /* server_harden_dnssec_stripped: VAR_HARDEN_DNSSEC_STRIPPED STRING_ARG */ +#line 1622 "./util/configparser.y" + { + OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_dnssec_stripped = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4383 "util/configparser.c" + break; + + case 408: /* server_harden_below_nxdomain: VAR_HARDEN_BELOW_NXDOMAIN STRING_ARG */ +#line 1632 "./util/configparser.y" + { + OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_below_nxdomain = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4396 "util/configparser.c" + break; + + case 409: /* server_harden_referral_path: VAR_HARDEN_REFERRAL_PATH STRING_ARG */ +#line 1642 "./util/configparser.y" + { + OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_referral_path = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4409 "util/configparser.c" + break; + + case 410: /* server_harden_algo_downgrade: VAR_HARDEN_ALGO_DOWNGRADE STRING_ARG */ +#line 1652 "./util/configparser.y" + { + OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->harden_algo_downgrade = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4422 "util/configparser.c" + break; + + case 411: /* server_use_caps_for_id: VAR_USE_CAPS_FOR_ID STRING_ARG */ +#line 1662 "./util/configparser.y" + { + OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->use_caps_bits_for_id = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4435 "util/configparser.c" + break; + + case 412: /* server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG */ +#line 1672 "./util/configparser.y" + { + OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 4445 "util/configparser.c" + break; + + case 413: /* server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG */ +#line 1679 "./util/configparser.y" + { + OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 4455 "util/configparser.c" + break; + + case 414: /* server_private_domain: VAR_PRIVATE_DOMAIN STRING_ARG */ +#line 1686 "./util/configparser.y" + { + OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 4465 "util/configparser.c" + break; + + case 415: /* server_prefetch: VAR_PREFETCH STRING_ARG */ +#line 1693 "./util/configparser.y" + { + OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4477 "util/configparser.c" + break; + + case 416: /* server_prefetch_key: VAR_PREFETCH_KEY STRING_ARG */ +#line 1702 "./util/configparser.y" + { + OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4489 "util/configparser.c" + break; + + case 417: /* server_deny_any: VAR_DENY_ANY STRING_ARG */ +#line 1711 "./util/configparser.y" + { + OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4501 "util/configparser.c" + break; + + case 418: /* server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG */ +#line 1720 "./util/configparser.y" + { + OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4513 "util/configparser.c" + break; + + case 419: /* server_do_not_query_address: VAR_DO_NOT_QUERY_ADDRESS STRING_ARG */ +#line 1729 "./util/configparser.y" + { + OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 4523 "util/configparser.c" + break; + + case 420: /* server_do_not_query_localhost: VAR_DO_NOT_QUERY_LOCALHOST STRING_ARG */ +#line 1736 "./util/configparser.y" + { + OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->donotquery_localhost = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4536 "util/configparser.c" + break; + + case 421: /* server_access_control: VAR_ACCESS_CONTROL STRING_ARG STRING_ARG */ +#line 1746 "./util/configparser.y" + { + OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && + strcmp((yyvsp[0].str), "deny_non_local")!=0 && + strcmp((yyvsp[0].str), "refuse_non_local")!=0 && + strcmp((yyvsp[0].str), "allow_setrd")!=0 && + strcmp((yyvsp[0].str), "allow")!=0 && + strcmp((yyvsp[0].str), "allow_snoop")!=0) { + yyerror("expected deny, refuse, deny_non_local, " + "refuse_non_local, allow, allow_setrd or " + "allow_snoop in access control action"); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } else { + if(!cfg_str2list_insert(&cfg_parser->cfg->acls, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding acl"); + } + } +#line 4559 "util/configparser.c" + break; + + case 422: /* server_module_conf: VAR_MODULE_CONF STRING_ARG */ +#line 1766 "./util/configparser.y" + { + OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->module_conf); + cfg_parser->cfg->module_conf = (yyvsp[0].str); + } +#line 4569 "util/configparser.c" + break; + + case 423: /* server_val_override_date: VAR_VAL_OVERRIDE_DATE STRING_ARG */ +#line 1773 "./util/configparser.y" + { + OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); + if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { + cfg_parser->cfg->val_date_override = 0; + } else if(strlen((yyvsp[0].str)) == 14) { + cfg_parser->cfg->val_date_override = + cfg_convert_timeval((yyvsp[0].str)); + if(!cfg_parser->cfg->val_date_override) + yyerror("bad date/time specification"); + } else { + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + cfg_parser->cfg->val_date_override = atoi((yyvsp[0].str)); + } + free((yyvsp[0].str)); + } +#line 4590 "util/configparser.c" + break; + + case 424: /* server_val_sig_skew_min: VAR_VAL_SIG_SKEW_MIN STRING_ARG */ +#line 1791 "./util/configparser.y" + { + OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); + if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { + cfg_parser->cfg->val_sig_skew_min = 0; + } else { + cfg_parser->cfg->val_sig_skew_min = atoi((yyvsp[0].str)); + if(!cfg_parser->cfg->val_sig_skew_min) + yyerror("number expected"); + } + free((yyvsp[0].str)); + } +#line 4606 "util/configparser.c" + break; + + case 425: /* server_val_sig_skew_max: VAR_VAL_SIG_SKEW_MAX STRING_ARG */ +#line 1804 "./util/configparser.y" + { + OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); + if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { + cfg_parser->cfg->val_sig_skew_max = 0; + } else { + cfg_parser->cfg->val_sig_skew_max = atoi((yyvsp[0].str)); + if(!cfg_parser->cfg->val_sig_skew_max) + yyerror("number expected"); + } + free((yyvsp[0].str)); + } +#line 4622 "util/configparser.c" + break; + + case 426: /* server_cache_max_ttl: VAR_CACHE_MAX_TTL STRING_ARG */ +#line 1817 "./util/configparser.y" + { + OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4634 "util/configparser.c" + break; + + case 427: /* server_cache_max_negative_ttl: VAR_CACHE_MAX_NEGATIVE_TTL STRING_ARG */ +#line 1826 "./util/configparser.y" + { + OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4646 "util/configparser.c" + break; + + case 428: /* server_cache_min_ttl: VAR_CACHE_MIN_TTL STRING_ARG */ +#line 1835 "./util/configparser.y" + { + OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4658 "util/configparser.c" + break; + + case 429: /* server_bogus_ttl: VAR_BOGUS_TTL STRING_ARG */ +#line 1844 "./util/configparser.y" + { + OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4670 "util/configparser.c" + break; + + case 430: /* server_val_clean_additional: VAR_VAL_CLEAN_ADDITIONAL STRING_ARG */ +#line 1853 "./util/configparser.y" + { + OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->val_clean_additional = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4683 "util/configparser.c" + break; + + case 431: /* server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG */ +#line 1863 "./util/configparser.y" + { + OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->val_permissive_mode = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4696 "util/configparser.c" + break; + + case 432: /* server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG */ +#line 1873 "./util/configparser.y" + { + OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->aggressive_nsec = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4710 "util/configparser.c" + break; + + case 433: /* server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG */ +#line 1884 "./util/configparser.y" + { + OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4722 "util/configparser.c" + break; + + case 434: /* server_serve_expired: VAR_SERVE_EXPIRED STRING_ARG */ +#line 1893 "./util/configparser.y" + { + OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4734 "util/configparser.c" + break; + + case 435: /* server_serve_expired_ttl: VAR_SERVE_EXPIRED_TTL STRING_ARG */ +#line 1902 "./util/configparser.y" + { + OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4746 "util/configparser.c" + break; + + case 436: /* server_serve_expired_ttl_reset: VAR_SERVE_EXPIRED_TTL_RESET STRING_ARG */ +#line 1911 "./util/configparser.y" + { + OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4758 "util/configparser.c" + break; + + case 437: /* server_serve_expired_reply_ttl: VAR_SERVE_EXPIRED_REPLY_TTL STRING_ARG */ +#line 1920 "./util/configparser.y" + { + OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4770 "util/configparser.c" + break; + + case 438: /* server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG */ +#line 1929 "./util/configparser.y" + { + OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4782 "util/configparser.c" + break; + + case 439: /* server_fake_dsa: VAR_FAKE_DSA STRING_ARG */ +#line 1938 "./util/configparser.y" + { + OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); +#if defined(HAVE_SSL) || defined(HAVE_NETTLE) + else fake_dsa = (strcmp((yyvsp[0].str), "yes")==0); + if(fake_dsa) + log_warn("test option fake_dsa is enabled"); +#endif + free((yyvsp[0].str)); + } +#line 4798 "util/configparser.c" + break; + + case 440: /* server_fake_sha1: VAR_FAKE_SHA1 STRING_ARG */ +#line 1951 "./util/configparser.y" + { + OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); +#if defined(HAVE_SSL) || defined(HAVE_NETTLE) + else fake_sha1 = (strcmp((yyvsp[0].str), "yes")==0); + if(fake_sha1) + log_warn("test option fake_sha1 is enabled"); +#endif + free((yyvsp[0].str)); + } +#line 4814 "util/configparser.c" + break; + + case 441: /* server_val_log_level: VAR_VAL_LOG_LEVEL STRING_ARG */ +#line 1964 "./util/configparser.y" + { + OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4826 "util/configparser.c" + break; + + case 442: /* server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG */ +#line 1973 "./util/configparser.y" + { + OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->val_nsec3_key_iterations); + cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); + } +#line 4836 "util/configparser.c" + break; + + case 443: /* server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG */ +#line 1980 "./util/configparser.y" + { + OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4848 "util/configparser.c" + break; + + case 444: /* server_del_holddown: VAR_DEL_HOLDDOWN STRING_ARG */ +#line 1989 "./util/configparser.y" + { + OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4860 "util/configparser.c" + break; + + case 445: /* server_keep_missing: VAR_KEEP_MISSING STRING_ARG */ +#line 1998 "./util/configparser.y" + { + OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 4872 "util/configparser.c" + break; + + case 446: /* server_permit_small_holddown: VAR_PERMIT_SMALL_HOLDDOWN STRING_ARG */ +#line 2007 "./util/configparser.y" + { + OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->permit_small_holddown = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4885 "util/configparser.c" + break; + + case 447: /* server_key_cache_size: VAR_KEY_CACHE_SIZE STRING_ARG */ +#line 2016 "./util/configparser.y" + { + OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 4896 "util/configparser.c" + break; + + case 448: /* server_key_cache_slabs: VAR_KEY_CACHE_SLABS STRING_ARG */ +#line 2024 "./util/configparser.y" + { + OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->key_cache_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 4912 "util/configparser.c" + break; + + case 449: /* server_neg_cache_size: VAR_NEG_CACHE_SIZE STRING_ARG */ +#line 2037 "./util/configparser.y" + { + OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 4923 "util/configparser.c" + break; + + case 450: /* server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ +#line 2045 "./util/configparser.y" + { + OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && + strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && + strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 + && strcmp((yyvsp[0].str), "typetransparent")!=0 + && strcmp((yyvsp[0].str), "always_transparent")!=0 + && strcmp((yyvsp[0].str), "always_refuse")!=0 + && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "always_nodata")!=0 + && strcmp((yyvsp[0].str), "always_deny")!=0 + && strcmp((yyvsp[0].str), "always_null")!=0 + && strcmp((yyvsp[0].str), "noview")!=0 + && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0 + && strcmp((yyvsp[0].str), "inform_redirect") != 0 + && strcmp((yyvsp[0].str), "ipset") != 0) { + yyerror("local-zone type: expected static, deny, " + "refuse, redirect, transparent, " + "typetransparent, inform, inform_deny, " + "inform_redirect, always_transparent, " + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } else if(strcmp((yyvsp[0].str), "nodefault")==0) { + if(!cfg_strlist_insert(&cfg_parser->cfg-> + local_zones_nodefault, (yyvsp[-1].str))) + fatal_exit("out of memory adding local-zone"); + free((yyvsp[0].str)); +#ifdef USE_IPSET + } else if(strcmp((yyvsp[0].str), "ipset")==0) { + if(!cfg_strlist_insert(&cfg_parser->cfg-> + local_zones_ipset, (yyvsp[-1].str))) + fatal_exit("out of memory adding local-zone"); + free((yyvsp[0].str)); +#endif + } else { + if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding local-zone"); + } + } +#line 4971 "util/configparser.c" + break; + + case 451: /* server_local_data: VAR_LOCAL_DATA STRING_ARG */ +#line 2090 "./util/configparser.y" + { + OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) + fatal_exit("out of memory adding local-data"); + } +#line 4981 "util/configparser.c" + break; + + case 452: /* server_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ +#line 2097 "./util/configparser.y" + { + char* ptr; + OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); + ptr = cfg_ptr_reverse((yyvsp[0].str)); + free((yyvsp[0].str)); + if(ptr) { + if(!cfg_strlist_insert(&cfg_parser->cfg-> + local_data, ptr)) + fatal_exit("out of memory adding local-data"); + } else { + yyerror("local-data-ptr could not be reversed"); + } + } +#line 4999 "util/configparser.c" + break; + + case 453: /* server_minimal_responses: VAR_MINIMAL_RESPONSES STRING_ARG */ +#line 2112 "./util/configparser.y" + { + OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->minimal_responses = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5012 "util/configparser.c" + break; + + case 454: /* server_rrset_roundrobin: VAR_RRSET_ROUNDROBIN STRING_ARG */ +#line 2122 "./util/configparser.y" + { + OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->rrset_roundrobin = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5025 "util/configparser.c" + break; + + case 455: /* server_unknown_server_time_limit: VAR_UNKNOWN_SERVER_TIME_LIMIT STRING_ARG */ +#line 2132 "./util/configparser.y" + { + OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); + cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5035 "util/configparser.c" + break; + + case 456: /* server_max_udp_size: VAR_MAX_UDP_SIZE STRING_ARG */ +#line 2139 "./util/configparser.y" + { + OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); + cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5045 "util/configparser.c" + break; + + case 457: /* server_dns64_prefix: VAR_DNS64_PREFIX STRING_ARG */ +#line 2146 "./util/configparser.y" + { + OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dns64_prefix); + cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); + } +#line 5055 "util/configparser.c" + break; + + case 458: /* server_dns64_synthall: VAR_DNS64_SYNTHALL STRING_ARG */ +#line 2153 "./util/configparser.y" + { + OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5067 "util/configparser.c" + break; + + case 459: /* server_dns64_ignore_aaaa: VAR_DNS64_IGNORE_AAAA STRING_ARG */ +#line 2162 "./util/configparser.y" + { + OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, + (yyvsp[0].str))) + fatal_exit("out of memory adding dns64-ignore-aaaa"); + } +#line 5078 "util/configparser.c" + break; + + case 460: /* server_define_tag: VAR_DEFINE_TAG STRING_ARG */ +#line 2170 "./util/configparser.y" + { + char* p, *s = (yyvsp[0].str); + OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); + while((p=strsep(&s, " \t\n")) != NULL) { + if(*p) { + if(!config_add_tag(cfg_parser->cfg, p)) + yyerror("could not define-tag, " + "out of memory"); + } + } + free((yyvsp[0].str)); + } +#line 5095 "util/configparser.c" + break; + + case 461: /* server_local_zone_tag: VAR_LOCAL_ZONE_TAG STRING_ARG STRING_ARG */ +#line 2184 "./util/configparser.y" + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[-1].str))); + if(!bitlist) { + yyerror("could not parse tags, (define-tag them first)"); + free((yyvsp[-1].str)); + } + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->local_zone_tags, + (yyvsp[-1].str), bitlist, len)) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + } + } + } +#line 5119 "util/configparser.c" + break; + + case 462: /* server_access_control_tag: VAR_ACCESS_CONTROL_TAG STRING_ARG STRING_ARG */ +#line 2205 "./util/configparser.y" + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + OUTYY(("P(server_access_control_tag:%s)\n", (yyvsp[-1].str))); + if(!bitlist) { + yyerror("could not parse tags, (define-tag them first)"); + free((yyvsp[-1].str)); + } + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->acl_tags, + (yyvsp[-1].str), bitlist, len)) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + } + } + } +#line 5143 "util/configparser.c" + break; + + case 463: /* server_access_control_tag_action: VAR_ACCESS_CONTROL_TAG_ACTION STRING_ARG STRING_ARG STRING_ARG */ +#line 2226 "./util/configparser.y" + { + OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, + (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-2].str)); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 5158 "util/configparser.c" + break; + + case 464: /* server_access_control_tag_data: VAR_ACCESS_CONTROL_TAG_DATA STRING_ARG STRING_ARG STRING_ARG */ +#line 2238 "./util/configparser.y" + { + OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, + (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-2].str)); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 5173 "util/configparser.c" + break; + + case 465: /* server_local_zone_override: VAR_LOCAL_ZONE_OVERRIDE STRING_ARG STRING_ARG STRING_ARG */ +#line 2250 "./util/configparser.y" + { + OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, + (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + free((yyvsp[-2].str)); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } + } +#line 5188 "util/configparser.c" + break; + + case 466: /* server_access_control_view: VAR_ACCESS_CONTROL_VIEW STRING_ARG STRING_ARG */ +#line 2262 "./util/configparser.y" + { + OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, + (yyvsp[-1].str), (yyvsp[0].str))) { + yyerror("out of memory"); + } + } +#line 5200 "util/configparser.c" + break; + + case 467: /* server_response_ip_tag: VAR_RESPONSE_IP_TAG STRING_ARG STRING_ARG */ +#line 2271 "./util/configparser.y" + { + size_t len = 0; + uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), + &len); + free((yyvsp[0].str)); + OUTYY(("P(response_ip_tag:%s)\n", (yyvsp[-1].str))); + if(!bitlist) { + yyerror("could not parse tags, (define-tag them first)"); + free((yyvsp[-1].str)); + } + if(bitlist) { + if(!cfg_strbytelist_insert( + &cfg_parser->cfg->respip_tags, + (yyvsp[-1].str), bitlist, len)) { + yyerror("out of memory"); + free((yyvsp[-1].str)); + } + } + } +#line 5224 "util/configparser.c" + break; + + case 468: /* server_ip_ratelimit: VAR_IP_RATELIMIT STRING_ARG */ +#line 2292 "./util/configparser.y" + { + OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5236 "util/configparser.c" + break; + + case 469: /* server_ratelimit: VAR_RATELIMIT STRING_ARG */ +#line 2302 "./util/configparser.y" + { + OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5248 "util/configparser.c" + break; + + case 470: /* server_ip_ratelimit_size: VAR_IP_RATELIMIT_SIZE STRING_ARG */ +#line 2311 "./util/configparser.y" + { + OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 5259 "util/configparser.c" + break; + + case 471: /* server_ratelimit_size: VAR_RATELIMIT_SIZE STRING_ARG */ +#line 2319 "./util/configparser.y" + { + OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 5270 "util/configparser.c" + break; + + case 472: /* server_ip_ratelimit_slabs: VAR_IP_RATELIMIT_SLABS STRING_ARG */ +#line 2327 "./util/configparser.y" + { + OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->ip_ratelimit_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 5286 "util/configparser.c" + break; + + case 473: /* server_ratelimit_slabs: VAR_RATELIMIT_SLABS STRING_ARG */ +#line 2340 "./util/configparser.y" + { + OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->ratelimit_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->ratelimit_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 5302 "util/configparser.c" + break; + + case 474: /* server_ratelimit_for_domain: VAR_RATELIMIT_FOR_DOMAIN STRING_ARG STRING_ARG */ +#line 2353 "./util/configparser.y" + { + OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { + yyerror("number expected"); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } else { + if(!cfg_str2list_insert(&cfg_parser->cfg-> + ratelimit_for_domain, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding " + "ratelimit-for-domain"); + } + } +#line 5320 "util/configparser.c" + break; + + case 475: /* server_ratelimit_below_domain: VAR_RATELIMIT_BELOW_DOMAIN STRING_ARG STRING_ARG */ +#line 2368 "./util/configparser.y" + { + OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { + yyerror("number expected"); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } else { + if(!cfg_str2list_insert(&cfg_parser->cfg-> + ratelimit_below_domain, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding " + "ratelimit-below-domain"); + } + } +#line 5338 "util/configparser.c" + break; + + case 476: /* server_ip_ratelimit_factor: VAR_IP_RATELIMIT_FACTOR STRING_ARG */ +#line 2383 "./util/configparser.y" + { + OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5350 "util/configparser.c" + break; + + case 477: /* server_ratelimit_factor: VAR_RATELIMIT_FACTOR STRING_ARG */ +#line 2392 "./util/configparser.y" + { + OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5362 "util/configparser.c" + break; + + case 478: /* server_low_rtt: VAR_LOW_RTT STRING_ARG */ +#line 2401 "./util/configparser.y" + { + OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); + free((yyvsp[0].str)); + } +#line 5371 "util/configparser.c" + break; + + case 479: /* server_fast_server_num: VAR_FAST_SERVER_NUM STRING_ARG */ +#line 2407 "./util/configparser.y" + { + OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) <= 0) + yyerror("number expected"); + else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5383 "util/configparser.c" + break; + + case 480: /* server_fast_server_permil: VAR_FAST_SERVER_PERMIL STRING_ARG */ +#line 2416 "./util/configparser.y" + { + OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5395 "util/configparser.c" + break; + + case 481: /* server_qname_minimisation: VAR_QNAME_MINIMISATION STRING_ARG */ +#line 2425 "./util/configparser.y" + { + OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->qname_minimisation = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5408 "util/configparser.c" + break; + + case 482: /* server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG */ +#line 2435 "./util/configparser.y" + { + OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->qname_minimisation_strict = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5421 "util/configparser.c" + break; + + case 483: /* server_pad_responses: VAR_PAD_RESPONSES STRING_ARG */ +#line 2445 "./util/configparser.y" + { + OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->pad_responses = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5434 "util/configparser.c" + break; + + case 484: /* server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG */ +#line 2455 "./util/configparser.y" + { + OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5446 "util/configparser.c" + break; + + case 485: /* server_pad_queries: VAR_PAD_QUERIES STRING_ARG */ +#line 2464 "./util/configparser.y" + { + OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->pad_queries = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5459 "util/configparser.c" + break; + + case 486: /* server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG */ +#line 2474 "./util/configparser.y" + { + OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5471 "util/configparser.c" + break; + + case 487: /* server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG */ +#line 2483 "./util/configparser.y" + { + #ifdef USE_IPSECMOD + OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ipsecmod_enabled = (strcmp((yyvsp[0].str), "yes")==0); + #else + OUTYY(("P(Compiled without IPsec module, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 5487 "util/configparser.c" + break; + + case 488: /* server_ipsecmod_ignore_bogus: VAR_IPSECMOD_IGNORE_BOGUS STRING_ARG */ +#line 2496 "./util/configparser.y" + { + #ifdef USE_IPSECMOD + OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp((yyvsp[0].str), "yes")==0); + #else + OUTYY(("P(Compiled without IPsec module, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 5503 "util/configparser.c" + break; + + case 489: /* server_ipsecmod_hook: VAR_IPSECMOD_HOOK STRING_ARG */ +#line 2509 "./util/configparser.y" + { + #ifdef USE_IPSECMOD + OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->ipsecmod_hook); + cfg_parser->cfg->ipsecmod_hook = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without IPsec module, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 5518 "util/configparser.c" + break; + + case 490: /* server_ipsecmod_max_ttl: VAR_IPSECMOD_MAX_TTL STRING_ARG */ +#line 2521 "./util/configparser.y" + { + #ifdef USE_IPSECMOD + OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->ipsecmod_max_ttl = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without IPsec module, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 5535 "util/configparser.c" + break; + + case 491: /* server_ipsecmod_whitelist: VAR_IPSECMOD_WHITELIST STRING_ARG */ +#line 2535 "./util/configparser.y" + { + #ifdef USE_IPSECMOD + OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, (yyvsp[0].str))) + yyerror("out of memory"); + #else + OUTYY(("P(Compiled without IPsec module, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 5550 "util/configparser.c" + break; + + case 492: /* server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG */ +#line 2547 "./util/configparser.y" + { + #ifdef USE_IPSECMOD + OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->ipsecmod_strict = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without IPsec module, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 5567 "util/configparser.c" + break; + + case 493: /* server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG */ +#line 2561 "./util/configparser.y" + { + OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str2list_insert( + &cfg_parser->cfg->edns_client_strings, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding " + "edns-client-string"); + } +#line 5579 "util/configparser.c" + break; + + case 494: /* server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG */ +#line 2570 "./util/configparser.y" + { + OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("option code expected"); + else if(atoi((yyvsp[0].str)) > 65535 || atoi((yyvsp[0].str)) < 0) + yyerror("option code must be in interval [0, 65535]"); + else cfg_parser->cfg->edns_client_string_opcode = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + + } +#line 5594 "util/configparser.c" + break; + + case 495: /* stub_name: VAR_NAME STRING_ARG */ +#line 2582 "./util/configparser.y" + { + OUTYY(("P(name:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->stubs->name) + yyerror("stub name override, there must be one name " + "for one stub-zone"); + free(cfg_parser->cfg->stubs->name); + cfg_parser->cfg->stubs->name = (yyvsp[0].str); + } +#line 5607 "util/configparser.c" + break; + + case 496: /* stub_host: VAR_STUB_HOST STRING_ARG */ +#line 2592 "./util/configparser.y" + { + OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5617 "util/configparser.c" + break; + + case 497: /* stub_addr: VAR_STUB_ADDR STRING_ARG */ +#line 2599 "./util/configparser.y" + { + OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5627 "util/configparser.c" + break; + + case 498: /* stub_first: VAR_STUB_FIRST STRING_ARG */ +#line 2606 "./util/configparser.y" + { + OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5639 "util/configparser.c" + break; + + case 499: /* stub_no_cache: VAR_STUB_NO_CACHE STRING_ARG */ +#line 2615 "./util/configparser.y" + { + OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5651 "util/configparser.c" + break; + + case 500: /* stub_ssl_upstream: VAR_STUB_SSL_UPSTREAM STRING_ARG */ +#line 2624 "./util/configparser.y" + { + OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stubs->ssl_upstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5664 "util/configparser.c" + break; + + case 501: /* stub_prime: VAR_STUB_PRIME STRING_ARG */ +#line 2634 "./util/configparser.y" + { + OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->stubs->isprime = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5677 "util/configparser.c" + break; + + case 502: /* forward_name: VAR_NAME STRING_ARG */ +#line 2644 "./util/configparser.y" + { + OUTYY(("P(name:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->forwards->name) + yyerror("forward name override, there must be one " + "name for one forward-zone"); + free(cfg_parser->cfg->forwards->name); + cfg_parser->cfg->forwards->name = (yyvsp[0].str); + } +#line 5690 "util/configparser.c" + break; + + case 503: /* forward_host: VAR_FORWARD_HOST STRING_ARG */ +#line 2654 "./util/configparser.y" + { + OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5700 "util/configparser.c" + break; + + case 504: /* forward_addr: VAR_FORWARD_ADDR STRING_ARG */ +#line 2661 "./util/configparser.y" + { + OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5710 "util/configparser.c" + break; + + case 505: /* forward_first: VAR_FORWARD_FIRST STRING_ARG */ +#line 2668 "./util/configparser.y" + { + OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5722 "util/configparser.c" + break; + + case 506: /* forward_no_cache: VAR_FORWARD_NO_CACHE STRING_ARG */ +#line 2677 "./util/configparser.y" + { + OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5734 "util/configparser.c" + break; + + case 507: /* forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG */ +#line 2686 "./util/configparser.y" + { + OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->forwards->ssl_upstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5747 "util/configparser.c" + break; + + case 508: /* auth_name: VAR_NAME STRING_ARG */ +#line 2696 "./util/configparser.y" + { + OUTYY(("P(name:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->auths->name) + yyerror("auth name override, there must be one name " + "for one auth-zone"); + free(cfg_parser->cfg->auths->name); + cfg_parser->cfg->auths->name = (yyvsp[0].str); + } +#line 5760 "util/configparser.c" + break; + + case 509: /* auth_zonefile: VAR_ZONEFILE STRING_ARG */ +#line 2706 "./util/configparser.y" + { + OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->auths->zonefile); + cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); + } +#line 5770 "util/configparser.c" + break; + + case 510: /* auth_master: VAR_MASTER STRING_ARG */ +#line 2713 "./util/configparser.y" + { + OUTYY(("P(master:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5780 "util/configparser.c" + break; + + case 511: /* auth_url: VAR_URL STRING_ARG */ +#line 2720 "./util/configparser.y" + { + OUTYY(("P(url:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5790 "util/configparser.c" + break; + + case 512: /* auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG */ +#line 2727 "./util/configparser.y" + { + OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, + (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 5801 "util/configparser.c" + break; + + case 513: /* auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG */ +#line 2735 "./util/configparser.y" + { + OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->for_downstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5814 "util/configparser.c" + break; + + case 514: /* auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG */ +#line 2745 "./util/configparser.y" + { + OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->for_upstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5827 "util/configparser.c" + break; + + case 515: /* auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG */ +#line 2755 "./util/configparser.y" + { + OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->fallback_enabled = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5840 "util/configparser.c" + break; + + case 516: /* view_name: VAR_NAME STRING_ARG */ +#line 2765 "./util/configparser.y" + { + OUTYY(("P(name:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->views->name) + yyerror("view name override, there must be one " + "name for one view"); + free(cfg_parser->cfg->views->name); + cfg_parser->cfg->views->name = (yyvsp[0].str); + } +#line 5853 "util/configparser.c" + break; + + case 517: /* view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG */ +#line 2775 "./util/configparser.y" + { + OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && + strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && + strcmp((yyvsp[0].str), "transparent")!=0 && strcmp((yyvsp[0].str), "nodefault")!=0 + && strcmp((yyvsp[0].str), "typetransparent")!=0 + && strcmp((yyvsp[0].str), "always_transparent")!=0 + && strcmp((yyvsp[0].str), "always_refuse")!=0 + && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "noview")!=0 + && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) { + yyerror("local-zone type: expected static, deny, " + "refuse, redirect, transparent, " + "typetransparent, inform, inform_deny, " + "always_transparent, always_refuse, " + "always_nxdomain, noview or nodefault"); + free((yyvsp[-1].str)); + free((yyvsp[0].str)); + } else if(strcmp((yyvsp[0].str), "nodefault")==0) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_zones_nodefault, (yyvsp[-1].str))) + fatal_exit("out of memory adding local-zone"); + free((yyvsp[0].str)); +#ifdef USE_IPSET + } else if(strcmp((yyvsp[0].str), "ipset")==0) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_zones_ipset, (yyvsp[-1].str))) + fatal_exit("out of memory adding local-zone"); + free((yyvsp[0].str)); +#endif + } else { + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->local_zones, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding local-zone"); + } + } +#line 5895 "util/configparser.c" + break; + + case 518: /* view_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ +#line 2814 "./util/configparser.y" + { + OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + validate_respip_action((yyvsp[0].str)); + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->respip_actions, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding per-view " + "response-ip action"); + } +#line 5908 "util/configparser.c" + break; + + case 519: /* view_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ +#line 2824 "./util/configparser.y" + { + OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); + if(!cfg_str2list_insert( + &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding response-ip-data"); + } +#line 5919 "util/configparser.c" + break; + + case 520: /* view_local_data: VAR_LOCAL_DATA STRING_ARG */ +#line 2832 "./util/configparser.y" + { + OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { + fatal_exit("out of memory adding local-data"); + } + } +#line 5930 "util/configparser.c" + break; + + case 521: /* view_local_data_ptr: VAR_LOCAL_DATA_PTR STRING_ARG */ +#line 2840 "./util/configparser.y" + { + char* ptr; + OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); + ptr = cfg_ptr_reverse((yyvsp[0].str)); + free((yyvsp[0].str)); + if(ptr) { + if(!cfg_strlist_insert(&cfg_parser->cfg->views-> + local_data, ptr)) + fatal_exit("out of memory adding local-data"); + } else { + yyerror("local-data-ptr could not be reversed"); + } + } +#line 5948 "util/configparser.c" + break; + + case 522: /* view_first: VAR_VIEW_FIRST STRING_ARG */ +#line 2855 "./util/configparser.y" + { + OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5960 "util/configparser.c" + break; + + case 523: /* rcstart: VAR_REMOTE_CONTROL */ +#line 2864 "./util/configparser.y" + { + OUTYY(("\nP(remote-control:)\n")); + } +#line 5968 "util/configparser.c" + break; + + case 534: /* rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG */ +#line 2875 "./util/configparser.y" + { + OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->remote_control_enable = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5981 "util/configparser.c" + break; + + case 535: /* rc_control_port: VAR_CONTROL_PORT STRING_ARG */ +#line 2885 "./util/configparser.y" + { + OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("control port number expected"); + else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 5993 "util/configparser.c" + break; + + case 536: /* rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG */ +#line 2894 "./util/configparser.y" + { + OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 6003 "util/configparser.c" + break; + + case 537: /* rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG */ +#line 2901 "./util/configparser.y" + { + OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); + cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6013 "util/configparser.c" + break; + + case 538: /* rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG */ +#line 2908 "./util/configparser.y" + { + OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->server_key_file); + cfg_parser->cfg->server_key_file = (yyvsp[0].str); + } +#line 6023 "util/configparser.c" + break; + + case 539: /* rc_server_cert_file: VAR_SERVER_CERT_FILE STRING_ARG */ +#line 2915 "./util/configparser.y" + { + OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->server_cert_file); + cfg_parser->cfg->server_cert_file = (yyvsp[0].str); + } +#line 6033 "util/configparser.c" + break; + + case 540: /* rc_control_key_file: VAR_CONTROL_KEY_FILE STRING_ARG */ +#line 2922 "./util/configparser.y" + { + OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->control_key_file); + cfg_parser->cfg->control_key_file = (yyvsp[0].str); + } +#line 6043 "util/configparser.c" + break; + + case 541: /* rc_control_cert_file: VAR_CONTROL_CERT_FILE STRING_ARG */ +#line 2929 "./util/configparser.y" + { + OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->control_cert_file); + cfg_parser->cfg->control_cert_file = (yyvsp[0].str); + } +#line 6053 "util/configparser.c" + break; + + case 542: /* dtstart: VAR_DNSTAP */ +#line 2936 "./util/configparser.y" + { + OUTYY(("\nP(dnstap:)\n")); + } +#line 6061 "util/configparser.c" + break; + + case 564: /* dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG */ +#line 2956 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6073 "util/configparser.c" + break; + + case 565: /* dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG */ +#line 2965 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_bidirectional = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6086 "util/configparser.c" + break; + + case 566: /* dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG */ +#line 2975 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_socket_path); + cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); + } +#line 6096 "util/configparser.c" + break; + + case 567: /* dt_dnstap_ip: VAR_DNSTAP_IP STRING_ARG */ +#line 2982 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_ip); + cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); + } +#line 6106 "util/configparser.c" + break; + + case 568: /* dt_dnstap_tls: VAR_DNSTAP_TLS STRING_ARG */ +#line 2989 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6118 "util/configparser.c" + break; + + case 569: /* dt_dnstap_tls_server_name: VAR_DNSTAP_TLS_SERVER_NAME STRING_ARG */ +#line 2998 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_server_name); + cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); + } +#line 6128 "util/configparser.c" + break; + + case 570: /* dt_dnstap_tls_cert_bundle: VAR_DNSTAP_TLS_CERT_BUNDLE STRING_ARG */ +#line 3005 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_cert_bundle); + cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); + } +#line 6138 "util/configparser.c" + break; + + case 571: /* dt_dnstap_tls_client_key_file: VAR_DNSTAP_TLS_CLIENT_KEY_FILE STRING_ARG */ +#line 3012 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_client_key_file); + cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); + } +#line 6148 "util/configparser.c" + break; + + case 572: /* dt_dnstap_tls_client_cert_file: VAR_DNSTAP_TLS_CLIENT_CERT_FILE STRING_ARG */ +#line 3019 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_tls_client_cert_file); + cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); + } +#line 6158 "util/configparser.c" + break; + + case 573: /* dt_dnstap_send_identity: VAR_DNSTAP_SEND_IDENTITY STRING_ARG */ +#line 3026 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6170 "util/configparser.c" + break; + + case 574: /* dt_dnstap_send_version: VAR_DNSTAP_SEND_VERSION STRING_ARG */ +#line 3035 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6182 "util/configparser.c" + break; + + case 575: /* dt_dnstap_identity: VAR_DNSTAP_IDENTITY STRING_ARG */ +#line 3044 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_identity); + cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); + } +#line 6192 "util/configparser.c" + break; + + case 576: /* dt_dnstap_version: VAR_DNSTAP_VERSION STRING_ARG */ +#line 3051 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnstap_version); + cfg_parser->cfg->dnstap_version = (yyvsp[0].str); + } +#line 6202 "util/configparser.c" + break; + + case 577: /* dt_dnstap_log_resolver_query_messages: VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES STRING_ARG */ +#line 3058 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_log_resolver_query_messages = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6215 "util/configparser.c" + break; + + case 578: /* dt_dnstap_log_resolver_response_messages: VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES STRING_ARG */ +#line 3068 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_log_resolver_response_messages = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6228 "util/configparser.c" + break; + + case 579: /* dt_dnstap_log_client_query_messages: VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES STRING_ARG */ +#line 3078 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_log_client_query_messages = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6241 "util/configparser.c" + break; + + case 580: /* dt_dnstap_log_client_response_messages: VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES STRING_ARG */ +#line 3088 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_log_client_response_messages = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6254 "util/configparser.c" + break; + + case 581: /* dt_dnstap_log_forwarder_query_messages: VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES STRING_ARG */ +#line 3098 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_log_forwarder_query_messages = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6267 "util/configparser.c" + break; + + case 582: /* dt_dnstap_log_forwarder_response_messages: VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES STRING_ARG */ +#line 3108 "./util/configparser.y" + { + OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_log_forwarder_response_messages = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6280 "util/configparser.c" + break; + + case 583: /* pythonstart: VAR_PYTHON */ +#line 3118 "./util/configparser.y" + { + OUTYY(("\nP(python:)\n")); + } +#line 6288 "util/configparser.c" + break; + + case 587: /* py_script: VAR_PYTHON_SCRIPT STRING_ARG */ +#line 3127 "./util/configparser.y" + { + OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 6298 "util/configparser.c" + break; + + case 588: /* dynlibstart: VAR_DYNLIB */ +#line 3133 "./util/configparser.y" + { + OUTYY(("\nP(dynlib:)\n")); + } +#line 6306 "util/configparser.c" + break; + + case 592: /* dl_file: VAR_DYNLIB_FILE STRING_ARG */ +#line 3142 "./util/configparser.y" + { + OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 6316 "util/configparser.c" + break; + + case 593: /* server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG */ +#line 3148 "./util/configparser.y" + { + OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); + if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->disable_dnssec_lame_check = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6329 "util/configparser.c" + break; + + case 594: /* server_log_identity: VAR_LOG_IDENTITY STRING_ARG */ +#line 3158 "./util/configparser.y" + { + OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->log_identity); + cfg_parser->cfg->log_identity = (yyvsp[0].str); + } +#line 6339 "util/configparser.c" + break; + + case 595: /* server_response_ip: VAR_RESPONSE_IP STRING_ARG STRING_ARG */ +#line 3165 "./util/configparser.y" + { + OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + validate_respip_action((yyvsp[0].str)); + if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding response-ip"); + } +#line 6351 "util/configparser.c" + break; + + case 596: /* server_response_ip_data: VAR_RESPONSE_IP_DATA STRING_ARG STRING_ARG */ +#line 3174 "./util/configparser.y" + { + OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); + if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, + (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding response-ip-data"); + } +#line 6362 "util/configparser.c" + break; + + case 597: /* dnscstart: VAR_DNSCRYPT */ +#line 3182 "./util/configparser.y" + { + OUTYY(("\nP(dnscrypt:)\n")); + } +#line 6370 "util/configparser.c" + break; + + case 610: /* dnsc_dnscrypt_enable: VAR_DNSCRYPT_ENABLE STRING_ARG */ +#line 3198 "./util/configparser.y" + { + OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6382 "util/configparser.c" + break; + + case 611: /* dnsc_dnscrypt_port: VAR_DNSCRYPT_PORT STRING_ARG */ +#line 3208 "./util/configparser.y" + { + OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 6394 "util/configparser.c" + break; + + case 612: /* dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG */ +#line 3217 "./util/configparser.y" + { + OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->dnscrypt_provider); + cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); + } +#line 6404 "util/configparser.c" + break; + + case 613: /* dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG */ +#line 3224 "./util/configparser.y" + { + OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); + if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) + log_warn("dnscrypt-provider-cert %s is a duplicate", (yyvsp[0].str)); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) + fatal_exit("out of memory adding dnscrypt-provider-cert"); + } +#line 6416 "util/configparser.c" + break; + + case 614: /* dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG */ +#line 3233 "./util/configparser.y" + { + OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) + fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); + } +#line 6426 "util/configparser.c" + break; + + case 615: /* dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG */ +#line 3240 "./util/configparser.y" + { + OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); + if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) + log_warn("dnscrypt-secret-key: %s is a duplicate", (yyvsp[0].str)); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) + fatal_exit("out of memory adding dnscrypt-secret-key"); + } +#line 6438 "util/configparser.c" + break; + + case 616: /* dnsc_dnscrypt_shared_secret_cache_size: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE STRING_ARG */ +#line 3249 "./util/configparser.y" + { + OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 6449 "util/configparser.c" + break; + + case 617: /* dnsc_dnscrypt_shared_secret_cache_slabs: VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS STRING_ARG */ +#line 3257 "./util/configparser.y" + { + OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 6465 "util/configparser.c" + break; + + case 618: /* dnsc_dnscrypt_nonce_cache_size: VAR_DNSCRYPT_NONCE_CACHE_SIZE STRING_ARG */ +#line 3270 "./util/configparser.y" + { + OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 6476 "util/configparser.c" + break; + + case 619: /* dnsc_dnscrypt_nonce_cache_slabs: VAR_DNSCRYPT_NONCE_CACHE_SLABS STRING_ARG */ +#line 3278 "./util/configparser.y" + { + OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else { + cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi((yyvsp[0].str)); + if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs)) + yyerror("must be a power of 2"); + } + free((yyvsp[0].str)); + } +#line 6492 "util/configparser.c" + break; + + case 620: /* cachedbstart: VAR_CACHEDB */ +#line 3291 "./util/configparser.y" + { + OUTYY(("\nP(cachedb:)\n")); + } +#line 6500 "util/configparser.c" + break; + + case 629: /* cachedb_backend_name: VAR_CACHEDB_BACKEND STRING_ARG */ +#line 3302 "./util/configparser.y" + { + #ifdef USE_CACHEDB + OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->cachedb_backend); + cfg_parser->cfg->cachedb_backend = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without cachedb, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 6515 "util/configparser.c" + break; + + case 630: /* cachedb_secret_seed: VAR_CACHEDB_SECRETSEED STRING_ARG */ +#line 3314 "./util/configparser.y" + { + #ifdef USE_CACHEDB + OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->cachedb_secret); + cfg_parser->cfg->cachedb_secret = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without cachedb, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 6530 "util/configparser.c" + break; + + case 631: /* redis_server_host: VAR_CACHEDB_REDISHOST STRING_ARG */ +#line 3326 "./util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->redis_server_host); + cfg_parser->cfg->redis_server_host = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 6545 "util/configparser.c" + break; + + case 632: /* redis_server_port: VAR_CACHEDB_REDISPORT STRING_ARG */ +#line 3338 "./util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + int port; + OUTYY(("P(redis_server_port:%s)\n", (yyvsp[0].str))); + port = atoi((yyvsp[0].str)); + if(port == 0 || port < 0 || port > 65535) + yyerror("valid redis server port number expected"); + else cfg_parser->cfg->redis_server_port = port; + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 6563 "util/configparser.c" + break; + + case 633: /* redis_timeout: VAR_CACHEDB_REDISTIMEOUT STRING_ARG */ +#line 3353 "./util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("redis timeout value expected"); + else cfg_parser->cfg->redis_timeout = atoi((yyvsp[0].str)); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 6579 "util/configparser.c" + break; + + case 634: /* redis_expire_records: VAR_CACHEDB_REDISEXPIRERECORDS STRING_ARG */ +#line 3366 "./util/configparser.y" + { + #if defined(USE_CACHEDB) && defined(USE_REDIS) + OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->redis_expire_records = (strcmp((yyvsp[0].str), "yes")==0); + #else + OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); + #endif + free((yyvsp[0].str)); + } +#line 6595 "util/configparser.c" + break; + + case 635: /* server_tcp_connection_limit: VAR_TCP_CONNECTION_LIMIT STRING_ARG STRING_ARG */ +#line 3379 "./util/configparser.y" + { + OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if (atoi((yyvsp[0].str)) < 0) + yyerror("positive number expected"); + else { + if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding tcp connection limit"); + } + } +#line 6609 "util/configparser.c" + break; + + case 636: /* ipsetstart: VAR_IPSET */ +#line 3390 "./util/configparser.y" + { + OUTYY(("\nP(ipset:)\n")); + } +#line 6617 "util/configparser.c" + break; + + case 641: /* ipset_name_v4: VAR_IPSET_NAME_V4 STRING_ARG */ +#line 3399 "./util/configparser.y" + { + #ifdef USE_IPSET + OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->ipset_name_v4) + yyerror("ipset name v4 override, there must be one " + "name for ip v4"); + free(cfg_parser->cfg->ipset_name_v4); + cfg_parser->cfg->ipset_name_v4 = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without ipset, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 6635 "util/configparser.c" + break; + + case 642: /* ipset_name_v6: VAR_IPSET_NAME_V6 STRING_ARG */ +#line 3414 "./util/configparser.y" + { + #ifdef USE_IPSET + OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->ipset_name_v6) + yyerror("ipset name v6 override, there must be one " + "name for ip v6"); + free(cfg_parser->cfg->ipset_name_v6); + cfg_parser->cfg->ipset_name_v6 = (yyvsp[0].str); + #else + OUTYY(("P(Compiled without ipset, ignoring)\n")); + free((yyvsp[0].str)); + #endif + } +#line 6653 "util/configparser.c" + break; + + +#line 6657 "util/configparser.c" + + default: break; + } + /* User semantic actions sometimes alter yychar, and that requires + that yytoken be updated with the new translation. We take the + approach of translating immediately before every use of yytoken. + One alternative is translating here after every semantic action, + but that translation would be missed if the semantic action invokes + YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or + if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an + incorrect destructor might then be invoked immediately. In the + case of YYERROR or YYBACKUP, subsequent parser actions might lead + to an incorrect destructor call or verbose syntax error message + before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); + + YYPOPSTACK (yylen); + yylen = 0; + + *++yyvsp = yyval; + + /* Now 'shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + { + const int yylhs = yyr1[yyn] - YYNTOKENS; + const int yyi = yypgoto[yylhs] + *yyssp; + yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp + ? yytable[yyi] + : yydefgoto[yylhs]); + } + + goto yynewstate; + + +/*--------------------------------------. +| yyerrlab -- here on detecting error. | +`--------------------------------------*/ +yyerrlab: + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; + yyerror (YY_("syntax error")); + } + + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } + else + { + yydestruct ("Error: discarding", + yytoken, &yylval); + yychar = YYEMPTY; + } + } + + /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + + +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + /* Pacify compilers when the user code never invokes YYERROR and the + label yyerrorlab therefore never appears in user code. */ + if (0) + YYERROR; + + /* Do not reclaim the symbols of the rule whose action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ + + /* Pop stack until we find a state that shifts the error token. */ + for (;;) + { + yyn = yypact[yystate]; + if (!yypact_value_is_default (yyn)) + { + yyn += YYSYMBOL_YYerror; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; + + + yydestruct ("Error: popping", + YY_ACCESSING_SYMBOL (yystate), yyvsp); + YYPOPSTACK (1); + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END + + + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + + +#if !defined yyoverflow +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); + yyresult = 2; + goto yyreturn; +#endif + + +/*-------------------------------------------------------. +| yyreturn -- parsing is finished, clean up and return. | +`-------------------------------------------------------*/ +yyreturn: + if (yychar != YYEMPTY) + { + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = YYTRANSLATE (yychar); + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + } + /* Do not reclaim the symbols of the rule whose action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", + YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); + YYPOPSTACK (1); + } +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif + + return yyresult; +} + +#line 3428 "./util/configparser.y" -typedef struct { - unsigned stacksize; - YYINT *s_base; - YYINT *s_mark; - YYINT *s_last; - YYSTYPE *l_base; - YYSTYPE *l_mark; -} YYSTACKDATA; -/* variables for the parser stack */ -static YYSTACKDATA yystack; -#line 3252 "./util/configparser.y" /* parse helper routines could be here */ static void @@ -1814,3444 +6869,3 @@ validate_respip_action(const char* action) } -#line 1818 "util/configparser.c" - -#if YYDEBUG -#include /* needed for printf */ -#endif - -#include /* needed for malloc, etc */ -#include /* needed for memset */ - -/* allocate initial stack or double stack size, up to YYMAXDEPTH */ -static int yygrowstack(YYSTACKDATA *data) -{ - int i; - unsigned newsize; - YYINT *newss; - YYSTYPE *newvs; - - if ((newsize = data->stacksize) == 0) - newsize = YYINITSTACKSIZE; - else if (newsize >= YYMAXDEPTH) - return YYENOMEM; - else if ((newsize *= 2) > YYMAXDEPTH) - newsize = YYMAXDEPTH; - - i = (int) (data->s_mark - data->s_base); - newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); - if (newss == 0) - return YYENOMEM; - - data->s_base = newss; - data->s_mark = newss + i; - - newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); - if (newvs == 0) - return YYENOMEM; - - data->l_base = newvs; - data->l_mark = newvs + i; - - data->stacksize = newsize; - data->s_last = data->s_base + newsize - 1; - return 0; -} - -#if YYPURE || defined(YY_NO_LEAKS) -static void yyfreestack(YYSTACKDATA *data) -{ - free(data->s_base); - free(data->l_base); - memset(data, 0, sizeof(*data)); -} -#else -#define yyfreestack(data) /* nothing */ -#endif - -#define YYABORT goto yyabort -#define YYREJECT goto yyabort -#define YYACCEPT goto yyaccept -#define YYERROR goto yyerrlab - -int -YYPARSE_DECL() -{ - int yym, yyn, yystate; -#if YYDEBUG - const char *yys; - - if ((yys = getenv("YYDEBUG")) != 0) - { - yyn = *yys; - if (yyn >= '0' && yyn <= '9') - yydebug = yyn - '0'; - } -#endif - - yynerrs = 0; - yyerrflag = 0; - yychar = YYEMPTY; - yystate = 0; - -#if YYPURE - memset(&yystack, 0, sizeof(yystack)); -#endif - - if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; - yystack.s_mark = yystack.s_base; - yystack.l_mark = yystack.l_base; - yystate = 0; - *yystack.s_mark = 0; - -yyloop: - if ((yyn = yydefred[yystate]) != 0) goto yyreduce; - if (yychar < 0) - { - if ((yychar = YYLEX) < 0) yychar = YYEOF; -#if YYDEBUG - if (yydebug) - { - yys = yyname[YYTRANSLATE(yychar)]; - printf("%sdebug: state %d, reading %d (%s)\n", - YYPREFIX, yystate, yychar, yys); - } -#endif - } - if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, shifting to state %d\n", - YYPREFIX, yystate, yytable[yyn]); -#endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) - { - goto yyoverflow; - } - yystate = yytable[yyn]; - *++yystack.s_mark = yytable[yyn]; - *++yystack.l_mark = yylval; - yychar = YYEMPTY; - if (yyerrflag > 0) --yyerrflag; - goto yyloop; - } - if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yychar) - { - yyn = yytable[yyn]; - goto yyreduce; - } - if (yyerrflag) goto yyinrecovery; - - YYERROR_CALL("syntax error"); - - goto yyerrlab; - -yyerrlab: - ++yynerrs; - -yyinrecovery: - if (yyerrflag < 3) - { - yyerrflag = 3; - for (;;) - { - if ((yyn = yysindex[*yystack.s_mark]) && (yyn += YYERRCODE) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, error recovery shifting\ - to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); -#endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) - { - goto yyoverflow; - } - yystate = yytable[yyn]; - *++yystack.s_mark = yytable[yyn]; - *++yystack.l_mark = yylval; - goto yyloop; - } - else - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: error recovery discarding state %d\n", - YYPREFIX, *yystack.s_mark); -#endif - if (yystack.s_mark <= yystack.s_base) goto yyabort; - --yystack.s_mark; - --yystack.l_mark; - } - } - } - else - { - if (yychar == YYEOF) goto yyabort; -#if YYDEBUG - if (yydebug) - { - yys = yyname[YYTRANSLATE(yychar)]; - printf("%sdebug: state %d, error recovery discards token %d (%s)\n", - YYPREFIX, yystate, yychar, yys); - } -#endif - yychar = YYEMPTY; - goto yyloop; - } - -yyreduce: -#if YYDEBUG - if (yydebug) - printf("%sdebug: state %d, reducing by rule %d (%s)\n", - YYPREFIX, yystate, yyn, yyrule[yyn]); -#endif - yym = yylen[yyn]; - if (yym) - yyval = yystack.l_mark[1-yym]; - else - memset(&yyval, 0, sizeof yyval); - switch (yyn) - { -case 15: -#line 192 "./util/configparser.y" - { - OUTYY(("\nP(server:)\n")); - } -break; -case 211: -#line 285 "./util/configparser.y" - { - struct config_stub* s; - OUTYY(("\nP(stub_zone:)\n")); - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->stubs; - cfg_parser->cfg->stubs = s; - } else - yyerror("out of memory"); - } -break; -case 221: -#line 302 "./util/configparser.y" - { - struct config_stub* s; - OUTYY(("\nP(forward_zone:)\n")); - s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); - if(s) { - s->next = cfg_parser->cfg->forwards; - cfg_parser->cfg->forwards = s; - } else - yyerror("out of memory"); - } -break; -case 230: -#line 319 "./util/configparser.y" - { - struct config_view* s; - OUTYY(("\nP(view:)\n")); - s = (struct config_view*)calloc(1, sizeof(struct config_view)); - if(s) { - s->next = cfg_parser->cfg->views; - if(s->next && !s->next->name) - yyerror("view without name"); - cfg_parser->cfg->views = s; - } else - yyerror("out of memory"); - } -break; -case 240: -#line 338 "./util/configparser.y" - { - struct config_auth* s; - OUTYY(("\nP(auth_zone:)\n")); - s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); - if(s) { - s->next = cfg_parser->cfg->auths; - cfg_parser->cfg->auths = s; - /* defaults for auth zone */ - s->for_downstream = 1; - s->for_upstream = 1; - s->fallback_enabled = 0; - s->isrpz = 0; - } else - yyerror("out of memory"); - } -break; -case 251: -#line 362 "./util/configparser.y" - { - uint8_t* bitlist; - size_t len = 0; - OUTYY(("P(server_local_zone_tag:%s)\n", yystack.l_mark[0].str)); - bitlist = config_parse_taglist(cfg_parser->cfg, yystack.l_mark[0].str, - &len); - free(yystack.l_mark[0].str); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - } - if(bitlist) { - cfg_parser->cfg->auths->rpz_taglist = bitlist; - cfg_parser->cfg->auths->rpz_taglistlen = len; - - } - } -break; -case 252: -#line 381 "./util/configparser.y" - { - OUTYY(("P(rpz_action_override:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "nxdomain")!=0 && strcmp(yystack.l_mark[0].str, "nodata")!=0 && - strcmp(yystack.l_mark[0].str, "passthru")!=0 && strcmp(yystack.l_mark[0].str, "drop")!=0 && - strcmp(yystack.l_mark[0].str, "cname")!=0 && strcmp(yystack.l_mark[0].str, "disabled")!=0) { - yyerror("rpz-action-override action: expected nxdomain, " - "nodata, passthru, drop, cname or disabled"); - free(yystack.l_mark[0].str); - cfg_parser->cfg->auths->rpz_action_override = NULL; - } - else { - cfg_parser->cfg->auths->rpz_action_override = yystack.l_mark[0].str; - } - } -break; -case 253: -#line 398 "./util/configparser.y" - { - OUTYY(("P(rpz_cname_override:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->auths->rpz_cname); - cfg_parser->cfg->auths->rpz_cname = yystack.l_mark[0].str; - } -break; -case 254: -#line 406 "./util/configparser.y" - { - OUTYY(("P(rpz_log:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->rpz_log = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 255: -#line 416 "./util/configparser.y" - { - OUTYY(("P(rpz_log_name:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->auths->rpz_log_name); - cfg_parser->cfg->auths->rpz_log_name = yystack.l_mark[0].str; - } -break; -case 256: -#line 424 "./util/configparser.y" - { - struct config_auth* s; - OUTYY(("\nP(rpz:)\n")); - s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); - if(s) { - s->next = cfg_parser->cfg->auths; - cfg_parser->cfg->auths = s; - /* defaults for RPZ auth zone */ - s->for_downstream = 0; - s->for_upstream = 0; - s->fallback_enabled = 0; - s->isrpz = 1; - } else - yyerror("out of memory"); - } -break; -case 269: -#line 447 "./util/configparser.y" - { - OUTYY(("P(server_num_threads:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->num_threads = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 270: -#line 456 "./util/configparser.y" - { - OUTYY(("P(server_verbosity:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->verbosity = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 271: -#line 465 "./util/configparser.y" - { - OUTYY(("P(server_statistics_interval:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "") == 0 || strcmp(yystack.l_mark[0].str, "0") == 0) - cfg_parser->cfg->stat_interval = 0; - else if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->stat_interval = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 272: -#line 476 "./util/configparser.y" - { - OUTYY(("P(server_statistics_cumulative:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_cumulative = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 273: -#line 485 "./util/configparser.y" - { - OUTYY(("P(server_extended_statistics:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stat_extended = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 274: -#line 494 "./util/configparser.y" - { - OUTYY(("P(server_shm_enable:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->shm_enable = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 275: -#line 503 "./util/configparser.y" - { - OUTYY(("P(server_shm_key:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "") == 0 || strcmp(yystack.l_mark[0].str, "0") == 0) - cfg_parser->cfg->shm_key = 0; - else if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->shm_key = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 276: -#line 514 "./util/configparser.y" - { - OUTYY(("P(server_port:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->port = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 277: -#line 523 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_send_client_subnet:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, yystack.l_mark[0].str)) - fatal_exit("out of memory adding client-subnet"); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 278: -#line 535 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_client_subnet_zone:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone, - yystack.l_mark[0].str)) - fatal_exit("out of memory adding client-subnet-zone"); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 279: -#line 549 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(server_client_subnet_always_forward:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->client_subnet_always_forward = - (strcmp(yystack.l_mark[0].str, "yes")==0); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 280: -#line 564 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(client_subnet_opcode:%s)\n", yystack.l_mark[0].str)); - OUTYY(("P(Deprecated option, ignoring)\n")); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 281: -#line 575 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv4:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("IPv4 subnet length expected"); - else if (atoi(yystack.l_mark[0].str) > 32) - cfg_parser->cfg->max_client_subnet_ipv4 = 32; - else if (atoi(yystack.l_mark[0].str) < 0) - cfg_parser->cfg->max_client_subnet_ipv4 = 0; - else cfg_parser->cfg->max_client_subnet_ipv4 = (uint8_t)atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 282: -#line 592 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_client_subnet_ipv6:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("Ipv6 subnet length expected"); - else if (atoi(yystack.l_mark[0].str) > 128) - cfg_parser->cfg->max_client_subnet_ipv6 = 128; - else if (atoi(yystack.l_mark[0].str) < 0) - cfg_parser->cfg->max_client_subnet_ipv6 = 0; - else cfg_parser->cfg->max_client_subnet_ipv6 = (uint8_t)atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 283: -#line 609 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(min_client_subnet_ipv4:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("IPv4 subnet length expected"); - else if (atoi(yystack.l_mark[0].str) > 32) - cfg_parser->cfg->min_client_subnet_ipv4 = 32; - else if (atoi(yystack.l_mark[0].str) < 0) - cfg_parser->cfg->min_client_subnet_ipv4 = 0; - else cfg_parser->cfg->min_client_subnet_ipv4 = (uint8_t)atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 284: -#line 626 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(min_client_subnet_ipv6:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("Ipv6 subnet length expected"); - else if (atoi(yystack.l_mark[0].str) > 128) - cfg_parser->cfg->min_client_subnet_ipv6 = 128; - else if (atoi(yystack.l_mark[0].str) < 0) - cfg_parser->cfg->min_client_subnet_ipv6 = 0; - else cfg_parser->cfg->min_client_subnet_ipv6 = (uint8_t)atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 285: -#line 643 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("IPv4 ECS tree size expected"); - else if (atoi(yystack.l_mark[0].str) < 0) - cfg_parser->cfg->max_ecs_tree_size_ipv4 = 0; - else cfg_parser->cfg->max_ecs_tree_size_ipv4 = (uint32_t)atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 286: -#line 658 "./util/configparser.y" - { - #ifdef CLIENT_SUBNET - OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("IPv6 ECS tree size expected"); - else if (atoi(yystack.l_mark[0].str) < 0) - cfg_parser->cfg->max_ecs_tree_size_ipv6 = 0; - else cfg_parser->cfg->max_ecs_tree_size_ipv6 = (uint32_t)atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 287: -#line 673 "./util/configparser.y" - { - OUTYY(("P(server_interface:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->num_ifs == 0) - cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs, - (cfg_parser->cfg->num_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = yystack.l_mark[0].str; - } -break; -case 288: -#line 686 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_interface:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->num_out_ifs == 0) - cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); - else cfg_parser->cfg->out_ifs = realloc( - cfg_parser->cfg->out_ifs, - (cfg_parser->cfg->num_out_ifs+1)*sizeof(char*)); - if(!cfg_parser->cfg->out_ifs) - yyerror("out of memory"); - else - cfg_parser->cfg->out_ifs[ - cfg_parser->cfg->num_out_ifs++] = yystack.l_mark[0].str; - } -break; -case 289: -#line 701 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_range:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_ports = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 290: -#line 710 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_port_permit:%s)\n", yystack.l_mark[0].str)); - if(!cfg_mark_ports(yystack.l_mark[0].str, 1, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free(yystack.l_mark[0].str); - } -break; -case 291: -#line 719 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_port_avoid:%s)\n", yystack.l_mark[0].str)); - if(!cfg_mark_ports(yystack.l_mark[0].str, 0, - cfg_parser->cfg->outgoing_avail_ports, 65536)) - yyerror("port number or range (\"low-high\") expected"); - free(yystack.l_mark[0].str); - } -break; -case 292: -#line 728 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_num_tcp:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_num_tcp = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 293: -#line 737 "./util/configparser.y" - { - OUTYY(("P(server_incoming_num_tcp:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->incoming_num_tcp = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 294: -#line 746 "./util/configparser.y" - { - OUTYY(("P(server_interface_automatic:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->if_automatic = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 295: -#line 755 "./util/configparser.y" - { - OUTYY(("P(server_do_ip4:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip4 = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 296: -#line 764 "./util/configparser.y" - { - OUTYY(("P(server_do_ip6:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_ip6 = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 297: -#line 773 "./util/configparser.y" - { - OUTYY(("P(server_do_udp:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_udp = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 298: -#line 782 "./util/configparser.y" - { - OUTYY(("P(server_do_tcp:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_tcp = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 299: -#line 791 "./util/configparser.y" - { - OUTYY(("P(server_prefer_ip4:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefer_ip4 = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 300: -#line 800 "./util/configparser.y" - { - OUTYY(("P(server_prefer_ip6:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefer_ip6 = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 301: -#line 809 "./util/configparser.y" - { - OUTYY(("P(server_tcp_mss:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->tcp_mss = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 302: -#line 818 "./util/configparser.y" - { - OUTYY(("P(server_outgoing_tcp_mss:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->outgoing_tcp_mss = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 303: -#line 827 "./util/configparser.y" - { - OUTYY(("P(server_tcp_idle_timeout:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else if (atoi(yystack.l_mark[0].str) > 120000) - cfg_parser->cfg->tcp_idle_timeout = 120000; - else if (atoi(yystack.l_mark[0].str) < 1) - cfg_parser->cfg->tcp_idle_timeout = 1; - else cfg_parser->cfg->tcp_idle_timeout = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 304: -#line 840 "./util/configparser.y" - { - OUTYY(("P(server_tcp_keepalive:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_tcp_keepalive = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 305: -#line 849 "./util/configparser.y" - { - OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else if (atoi(yystack.l_mark[0].str) > 6553500) - cfg_parser->cfg->tcp_keepalive_timeout = 6553500; - else if (atoi(yystack.l_mark[0].str) < 1) - cfg_parser->cfg->tcp_keepalive_timeout = 0; - else cfg_parser->cfg->tcp_keepalive_timeout = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 306: -#line 862 "./util/configparser.y" - { - OUTYY(("P(server_tcp_upstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tcp_upstream = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 307: -#line 871 "./util/configparser.y" - { - OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 308: -#line 880 "./util/configparser.y" - { - OUTYY(("P(server_ssl_upstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ssl_upstream = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 309: -#line 889 "./util/configparser.y" - { - OUTYY(("P(server_ssl_service_key:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->ssl_service_key); - cfg_parser->cfg->ssl_service_key = yystack.l_mark[0].str; - } -break; -case 310: -#line 896 "./util/configparser.y" - { - OUTYY(("P(server_ssl_service_pem:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->ssl_service_pem); - cfg_parser->cfg->ssl_service_pem = yystack.l_mark[0].str; - } -break; -case 311: -#line 903 "./util/configparser.y" - { - OUTYY(("P(server_ssl_port:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->ssl_port = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 312: -#line 912 "./util/configparser.y" - { - OUTYY(("P(server_tls_cert_bundle:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->tls_cert_bundle); - cfg_parser->cfg->tls_cert_bundle = yystack.l_mark[0].str; - } -break; -case 313: -#line 919 "./util/configparser.y" - { - OUTYY(("P(server_tls_win_cert:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->tls_win_cert = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 314: -#line 928 "./util/configparser.y" - { - OUTYY(("P(server_tls_additional_port:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, - yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 315: -#line 936 "./util/configparser.y" - { - OUTYY(("P(server_tls_ciphers:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->tls_ciphers); - cfg_parser->cfg->tls_ciphers = yystack.l_mark[0].str; - } -break; -case 316: -#line 943 "./util/configparser.y" - { - OUTYY(("P(server_tls_ciphersuites:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->tls_ciphersuites); - cfg_parser->cfg->tls_ciphersuites = yystack.l_mark[0].str; - } -break; -case 317: -#line 950 "./util/configparser.y" - { - OUTYY(("P(server_tls_session_ticket_keys:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, - yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 318: -#line 958 "./util/configparser.y" - { - OUTYY(("P(server_use_systemd:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_systemd = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 319: -#line 967 "./util/configparser.y" - { - OUTYY(("P(server_do_daemonize:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->do_daemonize = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 320: -#line 976 "./util/configparser.y" - { - OUTYY(("P(server_use_syslog:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_syslog = (strcmp(yystack.l_mark[0].str, "yes")==0); -#if !defined(HAVE_SYSLOG_H) && !defined(UB_ON_WINDOWS) - if(strcmp(yystack.l_mark[0].str, "yes") == 0) - yyerror("no syslog services are available. " - "(reconfigure and compile to add)"); -#endif - free(yystack.l_mark[0].str); - } -break; -case 321: -#line 990 "./util/configparser.y" - { - OUTYY(("P(server_log_time_ascii:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_time_ascii = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 322: -#line 999 "./util/configparser.y" - { - OUTYY(("P(server_log_queries:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_queries = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 323: -#line 1008 "./util/configparser.y" - { - OUTYY(("P(server_log_replies:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_replies = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 324: -#line 1017 "./util/configparser.y" - { - OUTYY(("P(server_log_tag_queryreply:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_tag_queryreply = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 325: -#line 1026 "./util/configparser.y" - { - OUTYY(("P(server_log_servfail:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_servfail = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 326: -#line 1035 "./util/configparser.y" - { - OUTYY(("P(server_log_local_actions:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->log_local_actions = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 327: -#line 1044 "./util/configparser.y" - { - OUTYY(("P(server_chroot:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->chrootdir); - cfg_parser->cfg->chrootdir = yystack.l_mark[0].str; - } -break; -case 328: -#line 1051 "./util/configparser.y" - { - OUTYY(("P(server_username:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->username); - cfg_parser->cfg->username = yystack.l_mark[0].str; - } -break; -case 329: -#line 1058 "./util/configparser.y" - { - OUTYY(("P(server_directory:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->directory); - cfg_parser->cfg->directory = yystack.l_mark[0].str; - /* change there right away for includes relative to this */ - if(yystack.l_mark[0].str[0]) { - char* d; -#ifdef UB_ON_WINDOWS - w_config_adjust_directory(cfg_parser->cfg); -#endif - d = cfg_parser->cfg->directory; - /* adjust directory if we have already chroot, - * like, we reread after sighup */ - if(cfg_parser->chroot && cfg_parser->chroot[0] && - strncmp(d, cfg_parser->chroot, strlen( - cfg_parser->chroot)) == 0) - d += strlen(cfg_parser->chroot); - if(d[0]) { - if(chdir(d)) - log_err("cannot chdir to directory: %s (%s)", - d, strerror(errno)); - } - } - } -break; -case 330: -#line 1084 "./util/configparser.y" - { - OUTYY(("P(server_logfile:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->logfile); - cfg_parser->cfg->logfile = yystack.l_mark[0].str; - cfg_parser->cfg->use_syslog = 0; - } -break; -case 331: -#line 1092 "./util/configparser.y" - { - OUTYY(("P(server_pidfile:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->pidfile); - cfg_parser->cfg->pidfile = yystack.l_mark[0].str; - } -break; -case 332: -#line 1099 "./util/configparser.y" - { - OUTYY(("P(server_root_hints:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 333: -#line 1106 "./util/configparser.y" - { - OUTYY(("P(server_dlv_anchor_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dlv_anchor_file); - cfg_parser->cfg->dlv_anchor_file = yystack.l_mark[0].str; - } -break; -case 334: -#line 1113 "./util/configparser.y" - { - OUTYY(("P(server_dlv_anchor:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 335: -#line 1120 "./util/configparser.y" - { - OUTYY(("P(server_auto_trust_anchor_file:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - auto_trust_anchor_file_list, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 336: -#line 1128 "./util/configparser.y" - { - OUTYY(("P(server_trust_anchor_file:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trust_anchor_file_list, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 337: -#line 1136 "./util/configparser.y" - { - OUTYY(("P(server_trusted_keys_file:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg-> - trusted_keys_file_list, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 338: -#line 1144 "./util/configparser.y" - { - OUTYY(("P(server_trust_anchor:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 339: -#line 1151 "./util/configparser.y" - { - OUTYY(("P(server_trust_anchor_signaling:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->trust_anchor_signaling = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 340: -#line 1162 "./util/configparser.y" - { - OUTYY(("P(server_root_key_sentinel:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->root_key_sentinel = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 341: -#line 1173 "./util/configparser.y" - { - OUTYY(("P(server_domain_insecure:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 342: -#line 1180 "./util/configparser.y" - { - OUTYY(("P(server_hide_identity:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_identity = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 343: -#line 1189 "./util/configparser.y" - { - OUTYY(("P(server_hide_version:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_version = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 344: -#line 1198 "./util/configparser.y" - { - OUTYY(("P(server_hide_trustanchor:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->hide_trustanchor = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 345: -#line 1207 "./util/configparser.y" - { - OUTYY(("P(server_identity:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->identity); - cfg_parser->cfg->identity = yystack.l_mark[0].str; - } -break; -case 346: -#line 1214 "./util/configparser.y" - { - OUTYY(("P(server_version:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->version); - cfg_parser->cfg->version = yystack.l_mark[0].str; - } -break; -case 347: -#line 1221 "./util/configparser.y" - { - OUTYY(("P(server_so_rcvbuf:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->so_rcvbuf)) - yyerror("buffer size expected"); - free(yystack.l_mark[0].str); - } -break; -case 348: -#line 1229 "./util/configparser.y" - { - OUTYY(("P(server_so_sndbuf:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->so_sndbuf)) - yyerror("buffer size expected"); - free(yystack.l_mark[0].str); - } -break; -case 349: -#line 1237 "./util/configparser.y" - { - OUTYY(("P(server_so_reuseport:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->so_reuseport = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 350: -#line 1247 "./util/configparser.y" - { - OUTYY(("P(server_ip_transparent:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_transparent = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 351: -#line 1257 "./util/configparser.y" - { - OUTYY(("P(server_ip_freebind:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ip_freebind = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 352: -#line 1267 "./util/configparser.y" - { - OUTYY(("P(server_ip_dscp:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else if (atoi(yystack.l_mark[0].str) > 63) - yyerror("value too large (max 63)"); - else if (atoi(yystack.l_mark[0].str) < 0) - yyerror("value too small (min 0)"); - else - cfg_parser->cfg->ip_dscp = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 353: -#line 1281 "./util/configparser.y" - { - OUTYY(("P(server_stream_wait_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->stream_wait_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 354: -#line 1289 "./util/configparser.y" - { - OUTYY(("P(server_edns_buffer_size:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else if (atoi(yystack.l_mark[0].str) < 12) - yyerror("edns buffer size too small"); - else if (atoi(yystack.l_mark[0].str) > 65535) - cfg_parser->cfg->edns_buffer_size = 65535; - else cfg_parser->cfg->edns_buffer_size = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 355: -#line 1302 "./util/configparser.y" - { - OUTYY(("P(server_msg_buffer_size:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else if (atoi(yystack.l_mark[0].str) < 4096) - yyerror("message buffer size too small (use 4096)"); - else cfg_parser->cfg->msg_buffer_size = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 356: -#line 1313 "./util/configparser.y" - { - OUTYY(("P(server_msg_cache_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->msg_cache_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 357: -#line 1321 "./util/configparser.y" - { - OUTYY(("P(server_msg_cache_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->msg_cache_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->msg_cache_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 358: -#line 1334 "./util/configparser.y" - { - OUTYY(("P(server_num_queries_per_thread:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->num_queries_per_thread = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 359: -#line 1343 "./util/configparser.y" - { - OUTYY(("P(server_jostle_timeout:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->jostle_time = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 360: -#line 1352 "./util/configparser.y" - { - OUTYY(("P(server_delay_close:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->delay_close = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 361: -#line 1361 "./util/configparser.y" - { - OUTYY(("P(server_unblock_lan_zones:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->unblock_lan_zones = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 362: -#line 1371 "./util/configparser.y" - { - OUTYY(("P(server_insecure_lan_zones:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->insecure_lan_zones = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 363: -#line 1381 "./util/configparser.y" - { - OUTYY(("P(server_rrset_cache_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->rrset_cache_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 364: -#line 1389 "./util/configparser.y" - { - OUTYY(("P(server_rrset_cache_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->rrset_cache_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->rrset_cache_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 365: -#line 1402 "./util/configparser.y" - { - OUTYY(("P(server_infra_host_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->host_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 366: -#line 1411 "./util/configparser.y" - { - OUTYY(("P(server_infra_lame_ttl:%s)\n", yystack.l_mark[0].str)); - verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " - "removed, use infra-host-ttl)", yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 367: -#line 1419 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_numhosts:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_numhosts = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 368: -#line 1428 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_lame_size:%s)\n", yystack.l_mark[0].str)); - verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " - "(option removed, use infra-cache-numhosts)", yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 369: -#line 1436 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->infra_cache_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->infra_cache_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 370: -#line 1449 "./util/configparser.y" - { - OUTYY(("P(server_infra_cache_min_rtt:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->infra_cache_min_rtt = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 371: -#line 1458 "./util/configparser.y" - { - OUTYY(("P(server_target_fetch_policy:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->target_fetch_policy); - cfg_parser->cfg->target_fetch_policy = yystack.l_mark[0].str; - } -break; -case 372: -#line 1465 "./util/configparser.y" - { - OUTYY(("P(server_harden_short_bufsize:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_short_bufsize = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 373: -#line 1475 "./util/configparser.y" - { - OUTYY(("P(server_harden_large_queries:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_large_queries = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 374: -#line 1485 "./util/configparser.y" - { - OUTYY(("P(server_harden_glue:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_glue = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 375: -#line 1495 "./util/configparser.y" - { - OUTYY(("P(server_harden_dnssec_stripped:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_dnssec_stripped = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 376: -#line 1505 "./util/configparser.y" - { - OUTYY(("P(server_harden_below_nxdomain:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_below_nxdomain = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 377: -#line 1515 "./util/configparser.y" - { - OUTYY(("P(server_harden_referral_path:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_referral_path = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 378: -#line 1525 "./util/configparser.y" - { - OUTYY(("P(server_harden_algo_downgrade:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->harden_algo_downgrade = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 379: -#line 1535 "./util/configparser.y" - { - OUTYY(("P(server_use_caps_for_id:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->use_caps_bits_for_id = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 380: -#line 1545 "./util/configparser.y" - { - OUTYY(("P(server_caps_whitelist:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 381: -#line 1552 "./util/configparser.y" - { - OUTYY(("P(server_private_address:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 382: -#line 1559 "./util/configparser.y" - { - OUTYY(("P(server_private_domain:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 383: -#line 1566 "./util/configparser.y" - { - OUTYY(("P(server_prefetch:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 384: -#line 1575 "./util/configparser.y" - { - OUTYY(("P(server_prefetch_key:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->prefetch_key = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 385: -#line 1584 "./util/configparser.y" - { - OUTYY(("P(server_deny_any:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->deny_any = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 386: -#line 1593 "./util/configparser.y" - { - OUTYY(("P(server_unwanted_reply_threshold:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->unwanted_threshold = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 387: -#line 1602 "./util/configparser.y" - { - OUTYY(("P(server_do_not_query_address:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 388: -#line 1609 "./util/configparser.y" - { - OUTYY(("P(server_do_not_query_localhost:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->donotquery_localhost = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 389: -#line 1619 "./util/configparser.y" - { - OUTYY(("P(server_access_control:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "deny")!=0 && strcmp(yystack.l_mark[0].str, "refuse")!=0 && - strcmp(yystack.l_mark[0].str, "deny_non_local")!=0 && - strcmp(yystack.l_mark[0].str, "refuse_non_local")!=0 && - strcmp(yystack.l_mark[0].str, "allow_setrd")!=0 && - strcmp(yystack.l_mark[0].str, "allow")!=0 && - strcmp(yystack.l_mark[0].str, "allow_snoop")!=0) { - yyerror("expected deny, refuse, deny_non_local, " - "refuse_non_local, allow, allow_setrd or " - "allow_snoop in access control action"); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->acls, yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding acl"); - } - } -break; -case 390: -#line 1639 "./util/configparser.y" - { - OUTYY(("P(server_module_conf:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->module_conf); - cfg_parser->cfg->module_conf = yystack.l_mark[0].str; - } -break; -case 391: -#line 1646 "./util/configparser.y" - { - OUTYY(("P(server_val_override_date:%s)\n", yystack.l_mark[0].str)); - if(*yystack.l_mark[0].str == '\0' || strcmp(yystack.l_mark[0].str, "0") == 0) { - cfg_parser->cfg->val_date_override = 0; - } else if(strlen(yystack.l_mark[0].str) == 14) { - cfg_parser->cfg->val_date_override = - cfg_convert_timeval(yystack.l_mark[0].str); - if(!cfg_parser->cfg->val_date_override) - yyerror("bad date/time specification"); - } else { - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - cfg_parser->cfg->val_date_override = atoi(yystack.l_mark[0].str); - } - free(yystack.l_mark[0].str); - } -break; -case 392: -#line 1664 "./util/configparser.y" - { - OUTYY(("P(server_val_sig_skew_min:%s)\n", yystack.l_mark[0].str)); - if(*yystack.l_mark[0].str == '\0' || strcmp(yystack.l_mark[0].str, "0") == 0) { - cfg_parser->cfg->val_sig_skew_min = 0; - } else { - cfg_parser->cfg->val_sig_skew_min = atoi(yystack.l_mark[0].str); - if(!cfg_parser->cfg->val_sig_skew_min) - yyerror("number expected"); - } - free(yystack.l_mark[0].str); - } -break; -case 393: -#line 1677 "./util/configparser.y" - { - OUTYY(("P(server_val_sig_skew_max:%s)\n", yystack.l_mark[0].str)); - if(*yystack.l_mark[0].str == '\0' || strcmp(yystack.l_mark[0].str, "0") == 0) { - cfg_parser->cfg->val_sig_skew_max = 0; - } else { - cfg_parser->cfg->val_sig_skew_max = atoi(yystack.l_mark[0].str); - if(!cfg_parser->cfg->val_sig_skew_max) - yyerror("number expected"); - } - free(yystack.l_mark[0].str); - } -break; -case 394: -#line 1690 "./util/configparser.y" - { - OUTYY(("P(server_cache_max_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 395: -#line 1699 "./util/configparser.y" - { - OUTYY(("P(server_cache_max_negative_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->max_negative_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 396: -#line 1708 "./util/configparser.y" - { - OUTYY(("P(server_cache_min_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->min_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 397: -#line 1717 "./util/configparser.y" - { - OUTYY(("P(server_bogus_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->bogus_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 398: -#line 1726 "./util/configparser.y" - { - OUTYY(("P(server_val_clean_additional:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_clean_additional = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 399: -#line 1736 "./util/configparser.y" - { - OUTYY(("P(server_val_permissive_mode:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->val_permissive_mode = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 400: -#line 1746 "./util/configparser.y" - { - OUTYY(("P(server_aggressive_nsec:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else - cfg_parser->cfg->aggressive_nsec = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 401: -#line 1757 "./util/configparser.y" - { - OUTYY(("P(server_ignore_cd_flag:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ignore_cd = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 402: -#line 1766 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_expired = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 403: -#line 1775 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->serve_expired_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 404: -#line 1784 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 405: -#line 1793 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->serve_expired_reply_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 406: -#line 1802 "./util/configparser.y" - { - OUTYY(("P(server_serve_expired_client_timeout:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->serve_expired_client_timeout = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 407: -#line 1811 "./util/configparser.y" - { - OUTYY(("P(server_fake_dsa:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); -#if defined(HAVE_SSL) || defined(HAVE_NETTLE) - else fake_dsa = (strcmp(yystack.l_mark[0].str, "yes")==0); - if(fake_dsa) - log_warn("test option fake_dsa is enabled"); -#endif - free(yystack.l_mark[0].str); - } -break; -case 408: -#line 1824 "./util/configparser.y" - { - OUTYY(("P(server_fake_sha1:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); -#if defined(HAVE_SSL) || defined(HAVE_NETTLE) - else fake_sha1 = (strcmp(yystack.l_mark[0].str, "yes")==0); - if(fake_sha1) - log_warn("test option fake_sha1 is enabled"); -#endif - free(yystack.l_mark[0].str); - } -break; -case 409: -#line 1837 "./util/configparser.y" - { - OUTYY(("P(server_val_log_level:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->val_log_level = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 410: -#line 1846 "./util/configparser.y" - { - OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->val_nsec3_key_iterations); - cfg_parser->cfg->val_nsec3_key_iterations = yystack.l_mark[0].str; - } -break; -case 411: -#line 1853 "./util/configparser.y" - { - OUTYY(("P(server_add_holddown:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->add_holddown = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 412: -#line 1862 "./util/configparser.y" - { - OUTYY(("P(server_del_holddown:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->del_holddown = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 413: -#line 1871 "./util/configparser.y" - { - OUTYY(("P(server_keep_missing:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->keep_missing = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 414: -#line 1880 "./util/configparser.y" - { - OUTYY(("P(server_permit_small_holddown:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->permit_small_holddown = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 415: -#line 1889 "./util/configparser.y" - { - OUTYY(("P(server_key_cache_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->key_cache_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 416: -#line 1897 "./util/configparser.y" - { - OUTYY(("P(server_key_cache_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->key_cache_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->key_cache_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 417: -#line 1910 "./util/configparser.y" - { - OUTYY(("P(server_neg_cache_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->neg_cache_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 418: -#line 1918 "./util/configparser.y" - { - OUTYY(("P(server_local_zone:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "static")!=0 && strcmp(yystack.l_mark[0].str, "deny")!=0 && - strcmp(yystack.l_mark[0].str, "refuse")!=0 && strcmp(yystack.l_mark[0].str, "redirect")!=0 && - strcmp(yystack.l_mark[0].str, "transparent")!=0 && strcmp(yystack.l_mark[0].str, "nodefault")!=0 - && strcmp(yystack.l_mark[0].str, "typetransparent")!=0 - && strcmp(yystack.l_mark[0].str, "always_transparent")!=0 - && strcmp(yystack.l_mark[0].str, "always_refuse")!=0 - && strcmp(yystack.l_mark[0].str, "always_nxdomain")!=0 - && strcmp(yystack.l_mark[0].str, "noview")!=0 - && strcmp(yystack.l_mark[0].str, "inform")!=0 && strcmp(yystack.l_mark[0].str, "inform_deny")!=0 - && strcmp(yystack.l_mark[0].str, "inform_redirect") != 0 - && strcmp(yystack.l_mark[0].str, "ipset") != 0) { - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "inform_redirect, always_transparent, " - "always_refuse, always_nxdomain, noview " - ", nodefault or ipset"); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } else if(strcmp(yystack.l_mark[0].str, "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_zones_nodefault, yystack.l_mark[-1].str)) - fatal_exit("out of memory adding local-zone"); - free(yystack.l_mark[0].str); -#ifdef USE_IPSET - } else if(strcmp(yystack.l_mark[0].str, "ipset")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_zones_ipset, yystack.l_mark[-1].str)) - fatal_exit("out of memory adding local-zone"); - free(yystack.l_mark[0].str); -#endif - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg->local_zones, - yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding local-zone"); - } - } -break; -case 419: -#line 1959 "./util/configparser.y" - { - OUTYY(("P(server_local_data:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, yystack.l_mark[0].str)) - fatal_exit("out of memory adding local-data"); - } -break; -case 420: -#line 1966 "./util/configparser.y" - { - char* ptr; - OUTYY(("P(server_local_data_ptr:%s)\n", yystack.l_mark[0].str)); - ptr = cfg_ptr_reverse(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } -break; -case 421: -#line 1981 "./util/configparser.y" - { - OUTYY(("P(server_minimal_responses:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->minimal_responses = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 422: -#line 1991 "./util/configparser.y" - { - OUTYY(("P(server_rrset_roundrobin:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->rrset_roundrobin = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 423: -#line 2001 "./util/configparser.y" - { - OUTYY(("P(server_unknown_server_time_limit:%s)\n", yystack.l_mark[0].str)); - cfg_parser->cfg->unknown_server_time_limit = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 424: -#line 2008 "./util/configparser.y" - { - OUTYY(("P(server_max_udp_size:%s)\n", yystack.l_mark[0].str)); - cfg_parser->cfg->max_udp_size = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 425: -#line 2015 "./util/configparser.y" - { - OUTYY(("P(dns64_prefix:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dns64_prefix); - cfg_parser->cfg->dns64_prefix = yystack.l_mark[0].str; - } -break; -case 426: -#line 2022 "./util/configparser.y" - { - OUTYY(("P(server_dns64_synthall:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dns64_synthall = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 427: -#line 2031 "./util/configparser.y" - { - OUTYY(("P(dns64_ignore_aaaa:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, - yystack.l_mark[0].str)) - fatal_exit("out of memory adding dns64-ignore-aaaa"); - } -break; -case 428: -#line 2039 "./util/configparser.y" - { - char* p, *s = yystack.l_mark[0].str; - OUTYY(("P(server_define_tag:%s)\n", yystack.l_mark[0].str)); - while((p=strsep(&s, " \t\n")) != NULL) { - if(*p) { - if(!config_add_tag(cfg_parser->cfg, p)) - yyerror("could not define-tag, " - "out of memory"); - } - } - free(yystack.l_mark[0].str); - } -break; -case 429: -#line 2053 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, yystack.l_mark[0].str, - &len); - free(yystack.l_mark[0].str); - OUTYY(("P(server_local_zone_tag:%s)\n", yystack.l_mark[-1].str)); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free(yystack.l_mark[-1].str); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->local_zone_tags, - yystack.l_mark[-1].str, bitlist, len)) { - yyerror("out of memory"); - free(yystack.l_mark[-1].str); - } - } - } -break; -case 430: -#line 2074 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, yystack.l_mark[0].str, - &len); - free(yystack.l_mark[0].str); - OUTYY(("P(server_access_control_tag:%s)\n", yystack.l_mark[-1].str)); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free(yystack.l_mark[-1].str); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->acl_tags, - yystack.l_mark[-1].str, bitlist, len)) { - yyerror("out of memory"); - free(yystack.l_mark[-1].str); - } - } - } -break; -case 431: -#line 2095 "./util/configparser.y" - { - OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", yystack.l_mark[-2].str, yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, - yystack.l_mark[-2].str, yystack.l_mark[-1].str, yystack.l_mark[0].str)) { - yyerror("out of memory"); - free(yystack.l_mark[-2].str); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } - } -break; -case 432: -#line 2107 "./util/configparser.y" - { - OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", yystack.l_mark[-2].str, yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, - yystack.l_mark[-2].str, yystack.l_mark[-1].str, yystack.l_mark[0].str)) { - yyerror("out of memory"); - free(yystack.l_mark[-2].str); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } - } -break; -case 433: -#line 2119 "./util/configparser.y" - { - OUTYY(("P(server_local_zone_override:%s %s %s)\n", yystack.l_mark[-2].str, yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, - yystack.l_mark[-2].str, yystack.l_mark[-1].str, yystack.l_mark[0].str)) { - yyerror("out of memory"); - free(yystack.l_mark[-2].str); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } - } -break; -case 434: -#line 2131 "./util/configparser.y" - { - OUTYY(("P(server_access_control_view:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, - yystack.l_mark[-1].str, yystack.l_mark[0].str)) { - yyerror("out of memory"); - } - } -break; -case 435: -#line 2140 "./util/configparser.y" - { - size_t len = 0; - uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, yystack.l_mark[0].str, - &len); - free(yystack.l_mark[0].str); - OUTYY(("P(response_ip_tag:%s)\n", yystack.l_mark[-1].str)); - if(!bitlist) { - yyerror("could not parse tags, (define-tag them first)"); - free(yystack.l_mark[-1].str); - } - if(bitlist) { - if(!cfg_strbytelist_insert( - &cfg_parser->cfg->respip_tags, - yystack.l_mark[-1].str, bitlist, len)) { - yyerror("out of memory"); - free(yystack.l_mark[-1].str); - } - } - } -break; -case 436: -#line 2161 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 437: -#line 2171 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 438: -#line 2180 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->ip_ratelimit_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 439: -#line 2188 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->ratelimit_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 440: -#line 2196 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->ip_ratelimit_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->ip_ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 441: -#line 2209 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->ratelimit_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->ratelimit_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 442: -#line 2222 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) { - yyerror("number expected"); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_for_domain, yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding " - "ratelimit-for-domain"); - } - } -break; -case 443: -#line 2237 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) { - yyerror("number expected"); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } else { - if(!cfg_str2list_insert(&cfg_parser->cfg-> - ratelimit_below_domain, yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding " - "ratelimit-below-domain"); - } - } -break; -case 444: -#line 2252 "./util/configparser.y" - { - OUTYY(("P(server_ip_ratelimit_factor:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ip_ratelimit_factor = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 445: -#line 2261 "./util/configparser.y" - { - OUTYY(("P(server_ratelimit_factor:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ratelimit_factor = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 446: -#line 2270 "./util/configparser.y" - { - OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); - free(yystack.l_mark[0].str); - } -break; -case 447: -#line 2276 "./util/configparser.y" - { - OUTYY(("P(server_fast_server_num:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) <= 0) - yyerror("number expected"); - else cfg_parser->cfg->fast_server_num = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 448: -#line 2285 "./util/configparser.y" - { - OUTYY(("P(server_fast_server_permil:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->fast_server_permil = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 449: -#line 2294 "./util/configparser.y" - { - OUTYY(("P(server_qname_minimisation:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 450: -#line 2304 "./util/configparser.y" - { - OUTYY(("P(server_qname_minimisation_strict:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->qname_minimisation_strict = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 451: -#line 2314 "./util/configparser.y" - { - OUTYY(("P(server_pad_responses:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->pad_responses = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 452: -#line 2324 "./util/configparser.y" - { - OUTYY(("P(server_pad_responses_block_size:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->pad_responses_block_size = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 453: -#line 2333 "./util/configparser.y" - { - OUTYY(("P(server_pad_queries:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->pad_queries = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 454: -#line 2343 "./util/configparser.y" - { - OUTYY(("P(server_pad_queries_block_size:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else cfg_parser->cfg->pad_queries_block_size = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 455: -#line 2352 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_enabled:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ipsecmod_enabled = (strcmp(yystack.l_mark[0].str, "yes")==0); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 456: -#line 2365 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ipsecmod_ignore_bogus = (strcmp(yystack.l_mark[0].str, "yes")==0); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 457: -#line 2378 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_hook:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->ipsecmod_hook); - cfg_parser->cfg->ipsecmod_hook = yystack.l_mark[0].str; - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 458: -#line 2390 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0 && strcmp(yystack.l_mark[0].str, "0") != 0) - yyerror("number expected"); - else cfg_parser->cfg->ipsecmod_max_ttl = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 459: -#line 2404 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_whitelist:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, yystack.l_mark[0].str)) - yyerror("out of memory"); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 460: -#line 2416 "./util/configparser.y" - { - #ifdef USE_IPSECMOD - OUTYY(("P(server_ipsecmod_strict:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->ipsecmod_strict = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without IPsec module, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 461: -#line 2430 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->stubs->name) - yyerror("stub name override, there must be one name " - "for one stub-zone"); - free(cfg_parser->cfg->stubs->name); - cfg_parser->cfg->stubs->name = yystack.l_mark[0].str; - } -break; -case 462: -#line 2440 "./util/configparser.y" - { - OUTYY(("P(stub-host:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 463: -#line 2447 "./util/configparser.y" - { - OUTYY(("P(stub-addr:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 464: -#line 2454 "./util/configparser.y" - { - OUTYY(("P(stub-first:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isfirst=(strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 465: -#line 2463 "./util/configparser.y" - { - OUTYY(("P(stub-no-cache:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->no_cache=(strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 466: -#line 2472 "./util/configparser.y" - { - OUTYY(("P(stub-ssl-upstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->ssl_upstream = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 467: -#line 2482 "./util/configparser.y" - { - OUTYY(("P(stub-prime:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->stubs->isprime = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 468: -#line 2492 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->forwards->name) - yyerror("forward name override, there must be one " - "name for one forward-zone"); - free(cfg_parser->cfg->forwards->name); - cfg_parser->cfg->forwards->name = yystack.l_mark[0].str; - } -break; -case 469: -#line 2502 "./util/configparser.y" - { - OUTYY(("P(forward-host:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 470: -#line 2509 "./util/configparser.y" - { - OUTYY(("P(forward-addr:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 471: -#line 2516 "./util/configparser.y" - { - OUTYY(("P(forward-first:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->isfirst=(strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 472: -#line 2525 "./util/configparser.y" - { - OUTYY(("P(forward-no-cache:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->no_cache=(strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 473: -#line 2534 "./util/configparser.y" - { - OUTYY(("P(forward-ssl-upstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->forwards->ssl_upstream = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 474: -#line 2544 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->auths->name) - yyerror("auth name override, there must be one name " - "for one auth-zone"); - free(cfg_parser->cfg->auths->name); - cfg_parser->cfg->auths->name = yystack.l_mark[0].str; - } -break; -case 475: -#line 2554 "./util/configparser.y" - { - OUTYY(("P(zonefile:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->auths->zonefile); - cfg_parser->cfg->auths->zonefile = yystack.l_mark[0].str; - } -break; -case 476: -#line 2561 "./util/configparser.y" - { - OUTYY(("P(master:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 477: -#line 2568 "./util/configparser.y" - { - OUTYY(("P(url:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 478: -#line 2575 "./util/configparser.y" - { - OUTYY(("P(allow-notify:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, - yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 479: -#line 2583 "./util/configparser.y" - { - OUTYY(("P(for-downstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->for_downstream = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 480: -#line 2593 "./util/configparser.y" - { - OUTYY(("P(for-upstream:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->for_upstream = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 481: -#line 2603 "./util/configparser.y" - { - OUTYY(("P(fallback-enabled:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->auths->fallback_enabled = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 482: -#line 2613 "./util/configparser.y" - { - OUTYY(("P(name:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->views->name) - yyerror("view name override, there must be one " - "name for one view"); - free(cfg_parser->cfg->views->name); - cfg_parser->cfg->views->name = yystack.l_mark[0].str; - } -break; -case 483: -#line 2623 "./util/configparser.y" - { - OUTYY(("P(view_local_zone:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "static")!=0 && strcmp(yystack.l_mark[0].str, "deny")!=0 && - strcmp(yystack.l_mark[0].str, "refuse")!=0 && strcmp(yystack.l_mark[0].str, "redirect")!=0 && - strcmp(yystack.l_mark[0].str, "transparent")!=0 && strcmp(yystack.l_mark[0].str, "nodefault")!=0 - && strcmp(yystack.l_mark[0].str, "typetransparent")!=0 - && strcmp(yystack.l_mark[0].str, "always_transparent")!=0 - && strcmp(yystack.l_mark[0].str, "always_refuse")!=0 - && strcmp(yystack.l_mark[0].str, "always_nxdomain")!=0 - && strcmp(yystack.l_mark[0].str, "noview")!=0 - && strcmp(yystack.l_mark[0].str, "inform")!=0 && strcmp(yystack.l_mark[0].str, "inform_deny")!=0) { - yyerror("local-zone type: expected static, deny, " - "refuse, redirect, transparent, " - "typetransparent, inform, inform_deny, " - "always_transparent, always_refuse, " - "always_nxdomain, noview or nodefault"); - free(yystack.l_mark[-1].str); - free(yystack.l_mark[0].str); - } else if(strcmp(yystack.l_mark[0].str, "nodefault")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_zones_nodefault, yystack.l_mark[-1].str)) - fatal_exit("out of memory adding local-zone"); - free(yystack.l_mark[0].str); -#ifdef USE_IPSET - } else if(strcmp(yystack.l_mark[0].str, "ipset")==0) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_zones_ipset, yystack.l_mark[-1].str)) - fatal_exit("out of memory adding local-zone"); - free(yystack.l_mark[0].str); -#endif - } else { - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->local_zones, - yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding local-zone"); - } - } -break; -case 484: -#line 2662 "./util/configparser.y" - { - OUTYY(("P(view_response_ip:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - validate_respip_action(yystack.l_mark[0].str); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_actions, yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding per-view " - "response-ip action"); - } -break; -case 485: -#line 2672 "./util/configparser.y" - { - OUTYY(("P(view_response_ip_data:%s)\n", yystack.l_mark[-1].str)); - if(!cfg_str2list_insert( - &cfg_parser->cfg->views->respip_data, yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding response-ip-data"); - } -break; -case 486: -#line 2680 "./util/configparser.y" - { - OUTYY(("P(view_local_data:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, yystack.l_mark[0].str)) { - fatal_exit("out of memory adding local-data"); - } - } -break; -case 487: -#line 2688 "./util/configparser.y" - { - char* ptr; - OUTYY(("P(view_local_data_ptr:%s)\n", yystack.l_mark[0].str)); - ptr = cfg_ptr_reverse(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - if(ptr) { - if(!cfg_strlist_insert(&cfg_parser->cfg->views-> - local_data, ptr)) - fatal_exit("out of memory adding local-data"); - } else { - yyerror("local-data-ptr could not be reversed"); - } - } -break; -case 488: -#line 2703 "./util/configparser.y" - { - OUTYY(("P(view-first:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->views->isfirst=(strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 489: -#line 2712 "./util/configparser.y" - { - OUTYY(("\nP(remote-control:)\n")); - } -break; -case 500: -#line 2723 "./util/configparser.y" - { - OUTYY(("P(control_enable:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->remote_control_enable = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 501: -#line 2733 "./util/configparser.y" - { - OUTYY(("P(control_port:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("control port number expected"); - else cfg_parser->cfg->control_port = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 502: -#line 2742 "./util/configparser.y" - { - OUTYY(("P(control_interface:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 503: -#line 2749 "./util/configparser.y" - { - OUTYY(("P(control_use_cert:%s)\n", yystack.l_mark[0].str)); - cfg_parser->cfg->control_use_cert = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 504: -#line 2756 "./util/configparser.y" - { - OUTYY(("P(rc_server_key_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->server_key_file); - cfg_parser->cfg->server_key_file = yystack.l_mark[0].str; - } -break; -case 505: -#line 2763 "./util/configparser.y" - { - OUTYY(("P(rc_server_cert_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->server_cert_file); - cfg_parser->cfg->server_cert_file = yystack.l_mark[0].str; - } -break; -case 506: -#line 2770 "./util/configparser.y" - { - OUTYY(("P(rc_control_key_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->control_key_file); - cfg_parser->cfg->control_key_file = yystack.l_mark[0].str; - } -break; -case 507: -#line 2777 "./util/configparser.y" - { - OUTYY(("P(rc_control_cert_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->control_cert_file); - cfg_parser->cfg->control_cert_file = yystack.l_mark[0].str; - } -break; -case 508: -#line 2784 "./util/configparser.y" - { - OUTYY(("\nP(dnstap:)\n")); - } -break; -case 529: -#line 2804 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_enable:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 530: -#line 2813 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_socket_path:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_socket_path); - cfg_parser->cfg->dnstap_socket_path = yystack.l_mark[0].str; - } -break; -case 531: -#line 2820 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_ip:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_ip); - cfg_parser->cfg->dnstap_ip = yystack.l_mark[0].str; - } -break; -case 532: -#line 2827 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_tls = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 533: -#line 2836 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_tls_server_name); - cfg_parser->cfg->dnstap_tls_server_name = yystack.l_mark[0].str; - } -break; -case 534: -#line 2843 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_tls_cert_bundle); - cfg_parser->cfg->dnstap_tls_cert_bundle = yystack.l_mark[0].str; - } -break; -case 535: -#line 2850 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_tls_client_key_file); - cfg_parser->cfg->dnstap_tls_client_key_file = yystack.l_mark[0].str; - } -break; -case 536: -#line 2857 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_tls_client_cert_file); - cfg_parser->cfg->dnstap_tls_client_cert_file = yystack.l_mark[0].str; - } -break; -case 537: -#line 2864 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_send_identity:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_identity = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 538: -#line 2873 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_send_version:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_send_version = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 539: -#line 2882 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_identity:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_identity); - cfg_parser->cfg->dnstap_identity = yystack.l_mark[0].str; - } -break; -case 540: -#line 2889 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_version:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnstap_version); - cfg_parser->cfg->dnstap_version = yystack.l_mark[0].str; - } -break; -case 541: -#line 2896 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_query_messages = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 542: -#line 2906 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_resolver_response_messages = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 543: -#line 2916 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_query_messages = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 544: -#line 2926 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_client_response_messages = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 545: -#line 2936 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_query_messages = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 546: -#line 2946 "./util/configparser.y" - { - OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnstap_log_forwarder_response_messages = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 547: -#line 2956 "./util/configparser.y" - { - OUTYY(("\nP(python:)\n")); - } -break; -case 551: -#line 2965 "./util/configparser.y" - { - OUTYY(("P(python-script:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, yystack.l_mark[0].str)) - yyerror("out of memory"); - } -break; -case 552: -#line 2971 "./util/configparser.y" - { - OUTYY(("P(disable_dnssec_lame_check:%s)\n", yystack.l_mark[0].str)); - if (strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->disable_dnssec_lame_check = - (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 553: -#line 2981 "./util/configparser.y" - { - OUTYY(("P(server_log_identity:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->log_identity); - cfg_parser->cfg->log_identity = yystack.l_mark[0].str; - } -break; -case 554: -#line 2988 "./util/configparser.y" - { - OUTYY(("P(server_response_ip:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - validate_respip_action(yystack.l_mark[0].str); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, - yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding response-ip"); - } -break; -case 555: -#line 2997 "./util/configparser.y" - { - OUTYY(("P(server_response_ip_data:%s)\n", yystack.l_mark[-1].str)); - if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, - yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding response-ip-data"); - } -break; -case 556: -#line 3005 "./util/configparser.y" - { - OUTYY(("\nP(dnscrypt:)\n")); - } -break; -case 569: -#line 3021 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->dnscrypt = (strcmp(yystack.l_mark[0].str, "yes")==0); - free(yystack.l_mark[0].str); - } -break; -case 570: -#line 3031 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_port:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("port number expected"); - else cfg_parser->cfg->dnscrypt_port = atoi(yystack.l_mark[0].str); - free(yystack.l_mark[0].str); - } -break; -case 571: -#line 3040 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->dnscrypt_provider); - cfg_parser->cfg->dnscrypt_provider = yystack.l_mark[0].str; - } -break; -case 572: -#line 3047 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", yystack.l_mark[0].str)); - if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, yystack.l_mark[0].str)) - log_warn("dnscrypt-provider-cert %s is a duplicate", yystack.l_mark[0].str); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, yystack.l_mark[0].str)) - fatal_exit("out of memory adding dnscrypt-provider-cert"); - } -break; -case 573: -#line 3056 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", yystack.l_mark[0].str)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, yystack.l_mark[0].str)) - fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); - } -break; -case 574: -#line 3063 "./util/configparser.y" - { - OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", yystack.l_mark[0].str)); - if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, yystack.l_mark[0].str)) - log_warn("dnscrypt-secret-key: %s is a duplicate", yystack.l_mark[0].str); - if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, yystack.l_mark[0].str)) - fatal_exit("out of memory adding dnscrypt-secret-key"); - } -break; -case 575: -#line 3072 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 576: -#line 3080 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->dnscrypt_shared_secret_cache_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 577: -#line 3093 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", yystack.l_mark[0].str)); - if(!cfg_parse_memsize(yystack.l_mark[0].str, &cfg_parser->cfg->dnscrypt_nonce_cache_size)) - yyerror("memory size expected"); - free(yystack.l_mark[0].str); - } -break; -case 578: -#line 3101 "./util/configparser.y" - { - OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("number expected"); - else { - cfg_parser->cfg->dnscrypt_nonce_cache_slabs = atoi(yystack.l_mark[0].str); - if(!is_pow2(cfg_parser->cfg->dnscrypt_nonce_cache_slabs)) - yyerror("must be a power of 2"); - } - free(yystack.l_mark[0].str); - } -break; -case 579: -#line 3114 "./util/configparser.y" - { - OUTYY(("\nP(cachedb:)\n")); - } -break; -case 588: -#line 3125 "./util/configparser.y" - { - #ifdef USE_CACHEDB - OUTYY(("P(backend:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->cachedb_backend); - cfg_parser->cfg->cachedb_backend = yystack.l_mark[0].str; - #else - OUTYY(("P(Compiled without cachedb, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 589: -#line 3137 "./util/configparser.y" - { - #ifdef USE_CACHEDB - OUTYY(("P(secret-seed:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->cachedb_secret); - cfg_parser->cfg->cachedb_secret = yystack.l_mark[0].str; - #else - OUTYY(("P(Compiled without cachedb, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 590: -#line 3149 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - OUTYY(("P(redis_server_host:%s)\n", yystack.l_mark[0].str)); - free(cfg_parser->cfg->redis_server_host); - cfg_parser->cfg->redis_server_host = yystack.l_mark[0].str; - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 591: -#line 3161 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - int port; - OUTYY(("P(redis_server_port:%s)\n", yystack.l_mark[0].str)); - port = atoi(yystack.l_mark[0].str); - if(port == 0 || port < 0 || port > 65535) - yyerror("valid redis server port number expected"); - else cfg_parser->cfg->redis_server_port = port; - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 592: -#line 3176 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - OUTYY(("P(redis_timeout:%s)\n", yystack.l_mark[0].str)); - if(atoi(yystack.l_mark[0].str) == 0) - yyerror("redis timeout value expected"); - else cfg_parser->cfg->redis_timeout = atoi(yystack.l_mark[0].str); - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 593: -#line 3189 "./util/configparser.y" - { - #if defined(USE_CACHEDB) && defined(USE_REDIS) - OUTYY(("P(redis_expire_records:%s)\n", yystack.l_mark[0].str)); - if(strcmp(yystack.l_mark[0].str, "yes") != 0 && strcmp(yystack.l_mark[0].str, "no") != 0) - yyerror("expected yes or no."); - else cfg_parser->cfg->redis_expire_records = (strcmp(yystack.l_mark[0].str, "yes")==0); - #else - OUTYY(("P(Compiled without cachedb or redis, ignoring)\n")); - #endif - free(yystack.l_mark[0].str); - } -break; -case 594: -#line 3202 "./util/configparser.y" - { - OUTYY(("P(server_tcp_connection_limit:%s %s)\n", yystack.l_mark[-1].str, yystack.l_mark[0].str)); - if (atoi(yystack.l_mark[0].str) < 0) - yyerror("positive number expected"); - else { - if(!cfg_str2list_insert(&cfg_parser->cfg->tcp_connection_limits, yystack.l_mark[-1].str, yystack.l_mark[0].str)) - fatal_exit("out of memory adding tcp connection limit"); - } - } -break; -case 595: -#line 3213 "./util/configparser.y" - { - OUTYY(("\nP(ipset:)\n")); - } -break; -case 600: -#line 3222 "./util/configparser.y" - { - #ifdef USE_IPSET - OUTYY(("P(name-v4:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->ipset_name_v4) - yyerror("ipset name v4 override, there must be one " - "name for ip v4"); - free(cfg_parser->cfg->ipset_name_v4); - cfg_parser->cfg->ipset_name_v4 = yystack.l_mark[0].str; - #else - OUTYY(("P(Compiled without ipset, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -case 601: -#line 3237 "./util/configparser.y" - { - #ifdef USE_IPSET - OUTYY(("P(name-v6:%s)\n", yystack.l_mark[0].str)); - if(cfg_parser->cfg->ipset_name_v6) - yyerror("ipset name v6 override, there must be one " - "name for ip v6"); - free(cfg_parser->cfg->ipset_name_v6); - cfg_parser->cfg->ipset_name_v6 = yystack.l_mark[0].str; - #else - OUTYY(("P(Compiled without ipset, ignoring)\n")); - free(yystack.l_mark[0].str); - #endif - } -break; -#line 5199 "util/configparser.c" - } - yystack.s_mark -= yym; - yystate = *yystack.s_mark; - yystack.l_mark -= yym; - yym = yylhs[yyn]; - if (yystate == 0 && yym == 0) - { -#if YYDEBUG - if (yydebug) - printf("%sdebug: after reduction, shifting from state 0 to\ - state %d\n", YYPREFIX, YYFINAL); -#endif - yystate = YYFINAL; - *++yystack.s_mark = YYFINAL; - *++yystack.l_mark = yyval; - if (yychar < 0) - { - if ((yychar = YYLEX) < 0) yychar = YYEOF; -#if YYDEBUG - if (yydebug) - { - yys = yyname[YYTRANSLATE(yychar)]; - printf("%sdebug: state %d, reading %d (%s)\n", - YYPREFIX, YYFINAL, yychar, yys); - } -#endif - } - if (yychar == YYEOF) goto yyaccept; - goto yyloop; - } - if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 && - yyn <= YYTABLESIZE && yycheck[yyn] == yystate) - yystate = yytable[yyn]; - else - yystate = yydgoto[yym]; -#if YYDEBUG - if (yydebug) - printf("%sdebug: after reduction, shifting from state %d \ -to state %d\n", YYPREFIX, *yystack.s_mark, yystate); -#endif - if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) - { - goto yyoverflow; - } - *++yystack.s_mark = (YYINT) yystate; - *++yystack.l_mark = yyval; - goto yyloop; - -yyoverflow: - YYERROR_CALL("yacc stack overflow"); - -yyabort: - yyfreestack(&yystack); - return (1); - -yyaccept: - yyfreestack(&yystack); - return (0); -} diff --git a/util/configparser.h b/util/configparser.h index 9f42995bc..02428a1a5 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -1,299 +1,696 @@ -#define SPACE 257 -#define LETTER 258 -#define NEWLINE 259 -#define COMMENT 260 -#define COLON 261 -#define ANY 262 -#define ZONESTR 263 -#define STRING_ARG 264 -#define VAR_SERVER 265 -#define VAR_VERBOSITY 266 -#define VAR_NUM_THREADS 267 -#define VAR_PORT 268 -#define VAR_OUTGOING_RANGE 269 -#define VAR_INTERFACE 270 -#define VAR_PREFER_IP4 271 -#define VAR_DO_IP4 272 -#define VAR_DO_IP6 273 -#define VAR_PREFER_IP6 274 -#define VAR_DO_UDP 275 -#define VAR_DO_TCP 276 -#define VAR_TCP_MSS 277 -#define VAR_OUTGOING_TCP_MSS 278 -#define VAR_TCP_IDLE_TIMEOUT 279 -#define VAR_EDNS_TCP_KEEPALIVE 280 -#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 281 -#define VAR_CHROOT 282 -#define VAR_USERNAME 283 -#define VAR_DIRECTORY 284 -#define VAR_LOGFILE 285 -#define VAR_PIDFILE 286 -#define VAR_MSG_CACHE_SIZE 287 -#define VAR_MSG_CACHE_SLABS 288 -#define VAR_NUM_QUERIES_PER_THREAD 289 -#define VAR_RRSET_CACHE_SIZE 290 -#define VAR_RRSET_CACHE_SLABS 291 -#define VAR_OUTGOING_NUM_TCP 292 -#define VAR_INFRA_HOST_TTL 293 -#define VAR_INFRA_LAME_TTL 294 -#define VAR_INFRA_CACHE_SLABS 295 -#define VAR_INFRA_CACHE_NUMHOSTS 296 -#define VAR_INFRA_CACHE_LAME_SIZE 297 -#define VAR_NAME 298 -#define VAR_STUB_ZONE 299 -#define VAR_STUB_HOST 300 -#define VAR_STUB_ADDR 301 -#define VAR_TARGET_FETCH_POLICY 302 -#define VAR_HARDEN_SHORT_BUFSIZE 303 -#define VAR_HARDEN_LARGE_QUERIES 304 -#define VAR_FORWARD_ZONE 305 -#define VAR_FORWARD_HOST 306 -#define VAR_FORWARD_ADDR 307 -#define VAR_DO_NOT_QUERY_ADDRESS 308 -#define VAR_HIDE_IDENTITY 309 -#define VAR_HIDE_VERSION 310 -#define VAR_IDENTITY 311 -#define VAR_VERSION 312 -#define VAR_HARDEN_GLUE 313 -#define VAR_MODULE_CONF 314 -#define VAR_TRUST_ANCHOR_FILE 315 -#define VAR_TRUST_ANCHOR 316 -#define VAR_VAL_OVERRIDE_DATE 317 -#define VAR_BOGUS_TTL 318 -#define VAR_VAL_CLEAN_ADDITIONAL 319 -#define VAR_VAL_PERMISSIVE_MODE 320 -#define VAR_INCOMING_NUM_TCP 321 -#define VAR_MSG_BUFFER_SIZE 322 -#define VAR_KEY_CACHE_SIZE 323 -#define VAR_KEY_CACHE_SLABS 324 -#define VAR_TRUSTED_KEYS_FILE 325 -#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 326 -#define VAR_USE_SYSLOG 327 -#define VAR_OUTGOING_INTERFACE 328 -#define VAR_ROOT_HINTS 329 -#define VAR_DO_NOT_QUERY_LOCALHOST 330 -#define VAR_CACHE_MAX_TTL 331 -#define VAR_HARDEN_DNSSEC_STRIPPED 332 -#define VAR_ACCESS_CONTROL 333 -#define VAR_LOCAL_ZONE 334 -#define VAR_LOCAL_DATA 335 -#define VAR_INTERFACE_AUTOMATIC 336 -#define VAR_STATISTICS_INTERVAL 337 -#define VAR_DO_DAEMONIZE 338 -#define VAR_USE_CAPS_FOR_ID 339 -#define VAR_STATISTICS_CUMULATIVE 340 -#define VAR_OUTGOING_PORT_PERMIT 341 -#define VAR_OUTGOING_PORT_AVOID 342 -#define VAR_DLV_ANCHOR_FILE 343 -#define VAR_DLV_ANCHOR 344 -#define VAR_NEG_CACHE_SIZE 345 -#define VAR_HARDEN_REFERRAL_PATH 346 -#define VAR_PRIVATE_ADDRESS 347 -#define VAR_PRIVATE_DOMAIN 348 -#define VAR_REMOTE_CONTROL 349 -#define VAR_CONTROL_ENABLE 350 -#define VAR_CONTROL_INTERFACE 351 -#define VAR_CONTROL_PORT 352 -#define VAR_SERVER_KEY_FILE 353 -#define VAR_SERVER_CERT_FILE 354 -#define VAR_CONTROL_KEY_FILE 355 -#define VAR_CONTROL_CERT_FILE 356 -#define VAR_CONTROL_USE_CERT 357 -#define VAR_EXTENDED_STATISTICS 358 -#define VAR_LOCAL_DATA_PTR 359 -#define VAR_JOSTLE_TIMEOUT 360 -#define VAR_STUB_PRIME 361 -#define VAR_UNWANTED_REPLY_THRESHOLD 362 -#define VAR_LOG_TIME_ASCII 363 -#define VAR_DOMAIN_INSECURE 364 -#define VAR_PYTHON 365 -#define VAR_PYTHON_SCRIPT 366 -#define VAR_VAL_SIG_SKEW_MIN 367 -#define VAR_VAL_SIG_SKEW_MAX 368 -#define VAR_CACHE_MIN_TTL 369 -#define VAR_VAL_LOG_LEVEL 370 -#define VAR_AUTO_TRUST_ANCHOR_FILE 371 -#define VAR_KEEP_MISSING 372 -#define VAR_ADD_HOLDDOWN 373 -#define VAR_DEL_HOLDDOWN 374 -#define VAR_SO_RCVBUF 375 -#define VAR_EDNS_BUFFER_SIZE 376 -#define VAR_PREFETCH 377 -#define VAR_PREFETCH_KEY 378 -#define VAR_SO_SNDBUF 379 -#define VAR_SO_REUSEPORT 380 -#define VAR_HARDEN_BELOW_NXDOMAIN 381 -#define VAR_IGNORE_CD_FLAG 382 -#define VAR_LOG_QUERIES 383 -#define VAR_LOG_REPLIES 384 -#define VAR_LOG_LOCAL_ACTIONS 385 -#define VAR_TCP_UPSTREAM 386 -#define VAR_SSL_UPSTREAM 387 -#define VAR_SSL_SERVICE_KEY 388 -#define VAR_SSL_SERVICE_PEM 389 -#define VAR_SSL_PORT 390 -#define VAR_FORWARD_FIRST 391 -#define VAR_STUB_SSL_UPSTREAM 392 -#define VAR_FORWARD_SSL_UPSTREAM 393 -#define VAR_TLS_CERT_BUNDLE 394 -#define VAR_STUB_FIRST 395 -#define VAR_MINIMAL_RESPONSES 396 -#define VAR_RRSET_ROUNDROBIN 397 -#define VAR_MAX_UDP_SIZE 398 -#define VAR_DELAY_CLOSE 399 -#define VAR_UNBLOCK_LAN_ZONES 400 -#define VAR_INSECURE_LAN_ZONES 401 -#define VAR_INFRA_CACHE_MIN_RTT 402 -#define VAR_DNS64_PREFIX 403 -#define VAR_DNS64_SYNTHALL 404 -#define VAR_DNS64_IGNORE_AAAA 405 -#define VAR_DNSTAP 406 -#define VAR_DNSTAP_ENABLE 407 -#define VAR_DNSTAP_SOCKET_PATH 408 -#define VAR_DNSTAP_IP 409 -#define VAR_DNSTAP_TLS 410 -#define VAR_DNSTAP_TLS_SERVER_NAME 411 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 412 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 413 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 414 -#define VAR_DNSTAP_SEND_IDENTITY 415 -#define VAR_DNSTAP_SEND_VERSION 416 -#define VAR_DNSTAP_IDENTITY 417 -#define VAR_DNSTAP_VERSION 418 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 419 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 420 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 421 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 422 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 423 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 424 -#define VAR_RESPONSE_IP_TAG 425 -#define VAR_RESPONSE_IP 426 -#define VAR_RESPONSE_IP_DATA 427 -#define VAR_HARDEN_ALGO_DOWNGRADE 428 -#define VAR_IP_TRANSPARENT 429 -#define VAR_IP_DSCP 430 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 431 -#define VAR_IP_RATELIMIT 432 -#define VAR_IP_RATELIMIT_SLABS 433 -#define VAR_IP_RATELIMIT_SIZE 434 -#define VAR_RATELIMIT 435 -#define VAR_RATELIMIT_SLABS 436 -#define VAR_RATELIMIT_SIZE 437 -#define VAR_RATELIMIT_FOR_DOMAIN 438 -#define VAR_RATELIMIT_BELOW_DOMAIN 439 -#define VAR_IP_RATELIMIT_FACTOR 440 -#define VAR_RATELIMIT_FACTOR 441 -#define VAR_SEND_CLIENT_SUBNET 442 -#define VAR_CLIENT_SUBNET_ZONE 443 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 444 -#define VAR_CLIENT_SUBNET_OPCODE 445 -#define VAR_MAX_CLIENT_SUBNET_IPV4 446 -#define VAR_MAX_CLIENT_SUBNET_IPV6 447 -#define VAR_MIN_CLIENT_SUBNET_IPV4 448 -#define VAR_MIN_CLIENT_SUBNET_IPV6 449 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 450 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 451 -#define VAR_CAPS_WHITELIST 452 -#define VAR_CACHE_MAX_NEGATIVE_TTL 453 -#define VAR_PERMIT_SMALL_HOLDDOWN 454 -#define VAR_QNAME_MINIMISATION 455 -#define VAR_QNAME_MINIMISATION_STRICT 456 -#define VAR_IP_FREEBIND 457 -#define VAR_DEFINE_TAG 458 -#define VAR_LOCAL_ZONE_TAG 459 -#define VAR_ACCESS_CONTROL_TAG 460 -#define VAR_LOCAL_ZONE_OVERRIDE 461 -#define VAR_ACCESS_CONTROL_TAG_ACTION 462 -#define VAR_ACCESS_CONTROL_TAG_DATA 463 -#define VAR_VIEW 464 -#define VAR_ACCESS_CONTROL_VIEW 465 -#define VAR_VIEW_FIRST 466 -#define VAR_SERVE_EXPIRED 467 -#define VAR_SERVE_EXPIRED_TTL 468 -#define VAR_SERVE_EXPIRED_TTL_RESET 469 -#define VAR_SERVE_EXPIRED_REPLY_TTL 470 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 471 -#define VAR_FAKE_DSA 472 -#define VAR_FAKE_SHA1 473 -#define VAR_LOG_IDENTITY 474 -#define VAR_HIDE_TRUSTANCHOR 475 -#define VAR_TRUST_ANCHOR_SIGNALING 476 -#define VAR_AGGRESSIVE_NSEC 477 -#define VAR_USE_SYSTEMD 478 -#define VAR_SHM_ENABLE 479 -#define VAR_SHM_KEY 480 -#define VAR_ROOT_KEY_SENTINEL 481 -#define VAR_DNSCRYPT 482 -#define VAR_DNSCRYPT_ENABLE 483 -#define VAR_DNSCRYPT_PORT 484 -#define VAR_DNSCRYPT_PROVIDER 485 -#define VAR_DNSCRYPT_SECRET_KEY 486 -#define VAR_DNSCRYPT_PROVIDER_CERT 487 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 488 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 489 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 490 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 491 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 492 -#define VAR_PAD_RESPONSES 493 -#define VAR_PAD_RESPONSES_BLOCK_SIZE 494 -#define VAR_PAD_QUERIES 495 -#define VAR_PAD_QUERIES_BLOCK_SIZE 496 -#define VAR_IPSECMOD_ENABLED 497 -#define VAR_IPSECMOD_HOOK 498 -#define VAR_IPSECMOD_IGNORE_BOGUS 499 -#define VAR_IPSECMOD_MAX_TTL 500 -#define VAR_IPSECMOD_WHITELIST 501 -#define VAR_IPSECMOD_STRICT 502 -#define VAR_CACHEDB 503 -#define VAR_CACHEDB_BACKEND 504 -#define VAR_CACHEDB_SECRETSEED 505 -#define VAR_CACHEDB_REDISHOST 506 -#define VAR_CACHEDB_REDISPORT 507 -#define VAR_CACHEDB_REDISTIMEOUT 508 -#define VAR_CACHEDB_REDISEXPIRERECORDS 509 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 510 -#define VAR_FOR_UPSTREAM 511 -#define VAR_AUTH_ZONE 512 -#define VAR_ZONEFILE 513 -#define VAR_MASTER 514 -#define VAR_URL 515 -#define VAR_FOR_DOWNSTREAM 516 -#define VAR_FALLBACK_ENABLED 517 -#define VAR_TLS_ADDITIONAL_PORT 518 -#define VAR_LOW_RTT 519 -#define VAR_LOW_RTT_PERMIL 520 -#define VAR_FAST_SERVER_PERMIL 521 -#define VAR_FAST_SERVER_NUM 522 -#define VAR_ALLOW_NOTIFY 523 -#define VAR_TLS_WIN_CERT 524 -#define VAR_TCP_CONNECTION_LIMIT 525 -#define VAR_FORWARD_NO_CACHE 526 -#define VAR_STUB_NO_CACHE 527 -#define VAR_LOG_SERVFAIL 528 -#define VAR_DENY_ANY 529 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 530 -#define VAR_LOG_TAG_QUERYREPLY 531 -#define VAR_STREAM_WAIT_SIZE 532 -#define VAR_TLS_CIPHERS 533 -#define VAR_TLS_CIPHERSUITES 534 -#define VAR_IPSET 535 -#define VAR_IPSET_NAME_V4 536 -#define VAR_IPSET_NAME_V6 537 -#define VAR_TLS_SESSION_TICKET_KEYS 538 -#define VAR_RPZ 539 -#define VAR_TAGS 540 -#define VAR_RPZ_ACTION_OVERRIDE 541 -#define VAR_RPZ_CNAME_OVERRIDE 542 -#define VAR_RPZ_LOG 543 -#define VAR_RPZ_LOG_NAME 544 -#ifdef YYSTYPE -#undef YYSTYPE_IS_DECLARED -#define YYSTYPE_IS_DECLARED 1 +/* A Bison parser, made by GNU Bison 3.7. */ + +/* Bison interface for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + +#ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED +# define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED +/* Debug traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 #endif -#ifndef YYSTYPE_IS_DECLARED -#define YYSTYPE_IS_DECLARED 1 -typedef union { +#if YYDEBUG +extern int yydebug; +#endif + +/* Token kinds. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + enum yytokentype + { + YYEMPTY = -2, + YYEOF = 0, /* "end of file" */ + YYerror = 256, /* error */ + YYUNDEF = 257, /* "invalid token" */ + SPACE = 258, /* SPACE */ + LETTER = 259, /* LETTER */ + NEWLINE = 260, /* NEWLINE */ + COMMENT = 261, /* COMMENT */ + COLON = 262, /* COLON */ + ANY = 263, /* ANY */ + ZONESTR = 264, /* ZONESTR */ + STRING_ARG = 265, /* STRING_ARG */ + VAR_FORCE_TOPLEVEL = 266, /* VAR_FORCE_TOPLEVEL */ + VAR_SERVER = 267, /* VAR_SERVER */ + VAR_VERBOSITY = 268, /* VAR_VERBOSITY */ + VAR_NUM_THREADS = 269, /* VAR_NUM_THREADS */ + VAR_PORT = 270, /* VAR_PORT */ + VAR_OUTGOING_RANGE = 271, /* VAR_OUTGOING_RANGE */ + VAR_INTERFACE = 272, /* VAR_INTERFACE */ + VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */ + VAR_DO_IP4 = 274, /* VAR_DO_IP4 */ + VAR_DO_IP6 = 275, /* VAR_DO_IP6 */ + VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */ + VAR_DO_UDP = 277, /* VAR_DO_UDP */ + VAR_DO_TCP = 278, /* VAR_DO_TCP */ + VAR_TCP_MSS = 279, /* VAR_TCP_MSS */ + VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */ + VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */ + VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */ + VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + VAR_CHROOT = 284, /* VAR_CHROOT */ + VAR_USERNAME = 285, /* VAR_USERNAME */ + VAR_DIRECTORY = 286, /* VAR_DIRECTORY */ + VAR_LOGFILE = 287, /* VAR_LOGFILE */ + VAR_PIDFILE = 288, /* VAR_PIDFILE */ + VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */ + VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */ + VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */ + VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */ + VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */ + VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */ + VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */ + VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */ + VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */ + VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */ + VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */ + VAR_NAME = 300, /* VAR_NAME */ + VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */ + VAR_STUB_HOST = 302, /* VAR_STUB_HOST */ + VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */ + VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */ + VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */ + VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */ + VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */ + VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */ + VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */ + VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */ + VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */ + VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */ + VAR_IDENTITY = 313, /* VAR_IDENTITY */ + VAR_VERSION = 314, /* VAR_VERSION */ + VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */ + VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */ + VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */ + VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */ + VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */ + VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */ + VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */ + VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */ + VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */ + VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */ + VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */ + VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */ + VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */ + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */ + VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */ + VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */ + VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */ + VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */ + VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */ + VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */ + VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */ + VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */ + VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */ + VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */ + VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */ + VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */ + VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */ + VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */ + VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */ + VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */ + VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */ + VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */ + VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */ + VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */ + VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */ + VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */ + VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */ + VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */ + VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */ + VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */ + VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */ + VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ + VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ + VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ + VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */ + VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */ + VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */ + VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */ + VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */ + VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */ + VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */ + VAR_PYTHON = 367, /* VAR_PYTHON */ + VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */ + VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */ + VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */ + VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */ + VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */ + VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */ + VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */ + VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */ + VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */ + VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */ + VAR_PREFETCH = 379, /* VAR_PREFETCH */ + VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */ + VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */ + VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */ + VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */ + VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */ + VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */ + VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */ + VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */ + VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */ + VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */ + VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */ + VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */ + VAR_SSL_PORT = 392, /* VAR_SSL_PORT */ + VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */ + VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */ + VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */ + VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */ + VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */ + VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */ + VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */ + VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */ + VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */ + VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */ + VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */ + VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */ + VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */ + VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */ + VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */ + VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */ + VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */ + VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */ + VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */ + VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */ + VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */ + VAR_DNSTAP = 417, /* VAR_DNSTAP */ + VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */ + VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */ + VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */ + VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */ + VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */ + VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */ + VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */ + VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */ + VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */ + VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */ + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */ + VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */ + VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */ + VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */ + VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */ + VAR_IP_DSCP = 442, /* VAR_IP_DSCP */ + VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */ + VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */ + VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */ + VAR_RATELIMIT = 447, /* VAR_RATELIMIT */ + VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */ + VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */ + VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */ + VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 476, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_FAKE_DSA = 484, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 485, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 486, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 487, /* VAR_HIDE_TRUSTANCHOR */ + VAR_TRUST_ANCHOR_SIGNALING = 488, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 489, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 490, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 491, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 492, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 493, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 494, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 495, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 496, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 497, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 498, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 499, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 505, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 506, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + VAR_PAD_QUERIES = 507, /* VAR_PAD_QUERIES */ + VAR_PAD_QUERIES_BLOCK_SIZE = 508, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + VAR_IPSECMOD_ENABLED = 509, /* VAR_IPSECMOD_ENABLED */ + VAR_IPSECMOD_HOOK = 510, /* VAR_IPSECMOD_HOOK */ + VAR_IPSECMOD_IGNORE_BOGUS = 511, /* VAR_IPSECMOD_IGNORE_BOGUS */ + VAR_IPSECMOD_MAX_TTL = 512, /* VAR_IPSECMOD_MAX_TTL */ + VAR_IPSECMOD_WHITELIST = 513, /* VAR_IPSECMOD_WHITELIST */ + VAR_IPSECMOD_STRICT = 514, /* VAR_IPSECMOD_STRICT */ + VAR_CACHEDB = 515, /* VAR_CACHEDB */ + VAR_CACHEDB_BACKEND = 516, /* VAR_CACHEDB_BACKEND */ + VAR_CACHEDB_SECRETSEED = 517, /* VAR_CACHEDB_SECRETSEED */ + VAR_CACHEDB_REDISHOST = 518, /* VAR_CACHEDB_REDISHOST */ + VAR_CACHEDB_REDISPORT = 519, /* VAR_CACHEDB_REDISPORT */ + VAR_CACHEDB_REDISTIMEOUT = 520, /* VAR_CACHEDB_REDISTIMEOUT */ + VAR_CACHEDB_REDISEXPIRERECORDS = 521, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 522, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + VAR_FOR_UPSTREAM = 523, /* VAR_FOR_UPSTREAM */ + VAR_AUTH_ZONE = 524, /* VAR_AUTH_ZONE */ + VAR_ZONEFILE = 525, /* VAR_ZONEFILE */ + VAR_MASTER = 526, /* VAR_MASTER */ + VAR_URL = 527, /* VAR_URL */ + VAR_FOR_DOWNSTREAM = 528, /* VAR_FOR_DOWNSTREAM */ + VAR_FALLBACK_ENABLED = 529, /* VAR_FALLBACK_ENABLED */ + VAR_TLS_ADDITIONAL_PORT = 530, /* VAR_TLS_ADDITIONAL_PORT */ + VAR_LOW_RTT = 531, /* VAR_LOW_RTT */ + VAR_LOW_RTT_PERMIL = 532, /* VAR_LOW_RTT_PERMIL */ + VAR_FAST_SERVER_PERMIL = 533, /* VAR_FAST_SERVER_PERMIL */ + VAR_FAST_SERVER_NUM = 534, /* VAR_FAST_SERVER_NUM */ + VAR_ALLOW_NOTIFY = 535, /* VAR_ALLOW_NOTIFY */ + VAR_TLS_WIN_CERT = 536, /* VAR_TLS_WIN_CERT */ + VAR_TCP_CONNECTION_LIMIT = 537, /* VAR_TCP_CONNECTION_LIMIT */ + VAR_FORWARD_NO_CACHE = 538, /* VAR_FORWARD_NO_CACHE */ + VAR_STUB_NO_CACHE = 539, /* VAR_STUB_NO_CACHE */ + VAR_LOG_SERVFAIL = 540, /* VAR_LOG_SERVFAIL */ + VAR_DENY_ANY = 541, /* VAR_DENY_ANY */ + VAR_UNKNOWN_SERVER_TIME_LIMIT = 542, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + VAR_LOG_TAG_QUERYREPLY = 543, /* VAR_LOG_TAG_QUERYREPLY */ + VAR_STREAM_WAIT_SIZE = 544, /* VAR_STREAM_WAIT_SIZE */ + VAR_TLS_CIPHERS = 545, /* VAR_TLS_CIPHERS */ + VAR_TLS_CIPHERSUITES = 546, /* VAR_TLS_CIPHERSUITES */ + VAR_TLS_USE_SNI = 547, /* VAR_TLS_USE_SNI */ + VAR_IPSET = 548, /* VAR_IPSET */ + VAR_IPSET_NAME_V4 = 549, /* VAR_IPSET_NAME_V4 */ + VAR_IPSET_NAME_V6 = 550, /* VAR_IPSET_NAME_V6 */ + VAR_TLS_SESSION_TICKET_KEYS = 551, /* VAR_TLS_SESSION_TICKET_KEYS */ + VAR_RPZ = 552, /* VAR_RPZ */ + VAR_TAGS = 553, /* VAR_TAGS */ + VAR_RPZ_ACTION_OVERRIDE = 554, /* VAR_RPZ_ACTION_OVERRIDE */ + VAR_RPZ_CNAME_OVERRIDE = 555, /* VAR_RPZ_CNAME_OVERRIDE */ + VAR_RPZ_LOG = 556, /* VAR_RPZ_LOG */ + VAR_RPZ_LOG_NAME = 557, /* VAR_RPZ_LOG_NAME */ + VAR_DYNLIB = 558, /* VAR_DYNLIB */ + VAR_DYNLIB_FILE = 559, /* VAR_DYNLIB_FILE */ + VAR_EDNS_CLIENT_STRING = 560, /* VAR_EDNS_CLIENT_STRING */ + VAR_EDNS_CLIENT_STRING_OPCODE = 561, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + VAR_NSID = 562 /* VAR_NSID */ + }; + typedef enum yytokentype yytoken_kind_t; +#endif +/* Token kinds. */ +#define YYEOF 0 +#define YYerror 256 +#define YYUNDEF 257 +#define SPACE 258 +#define LETTER 259 +#define NEWLINE 260 +#define COMMENT 261 +#define COLON 262 +#define ANY 263 +#define ZONESTR 264 +#define STRING_ARG 265 +#define VAR_FORCE_TOPLEVEL 266 +#define VAR_SERVER 267 +#define VAR_VERBOSITY 268 +#define VAR_NUM_THREADS 269 +#define VAR_PORT 270 +#define VAR_OUTGOING_RANGE 271 +#define VAR_INTERFACE 272 +#define VAR_PREFER_IP4 273 +#define VAR_DO_IP4 274 +#define VAR_DO_IP6 275 +#define VAR_PREFER_IP6 276 +#define VAR_DO_UDP 277 +#define VAR_DO_TCP 278 +#define VAR_TCP_MSS 279 +#define VAR_OUTGOING_TCP_MSS 280 +#define VAR_TCP_IDLE_TIMEOUT 281 +#define VAR_EDNS_TCP_KEEPALIVE 282 +#define VAR_EDNS_TCP_KEEPALIVE_TIMEOUT 283 +#define VAR_CHROOT 284 +#define VAR_USERNAME 285 +#define VAR_DIRECTORY 286 +#define VAR_LOGFILE 287 +#define VAR_PIDFILE 288 +#define VAR_MSG_CACHE_SIZE 289 +#define VAR_MSG_CACHE_SLABS 290 +#define VAR_NUM_QUERIES_PER_THREAD 291 +#define VAR_RRSET_CACHE_SIZE 292 +#define VAR_RRSET_CACHE_SLABS 293 +#define VAR_OUTGOING_NUM_TCP 294 +#define VAR_INFRA_HOST_TTL 295 +#define VAR_INFRA_LAME_TTL 296 +#define VAR_INFRA_CACHE_SLABS 297 +#define VAR_INFRA_CACHE_NUMHOSTS 298 +#define VAR_INFRA_CACHE_LAME_SIZE 299 +#define VAR_NAME 300 +#define VAR_STUB_ZONE 301 +#define VAR_STUB_HOST 302 +#define VAR_STUB_ADDR 303 +#define VAR_TARGET_FETCH_POLICY 304 +#define VAR_HARDEN_SHORT_BUFSIZE 305 +#define VAR_HARDEN_LARGE_QUERIES 306 +#define VAR_FORWARD_ZONE 307 +#define VAR_FORWARD_HOST 308 +#define VAR_FORWARD_ADDR 309 +#define VAR_DO_NOT_QUERY_ADDRESS 310 +#define VAR_HIDE_IDENTITY 311 +#define VAR_HIDE_VERSION 312 +#define VAR_IDENTITY 313 +#define VAR_VERSION 314 +#define VAR_HARDEN_GLUE 315 +#define VAR_MODULE_CONF 316 +#define VAR_TRUST_ANCHOR_FILE 317 +#define VAR_TRUST_ANCHOR 318 +#define VAR_VAL_OVERRIDE_DATE 319 +#define VAR_BOGUS_TTL 320 +#define VAR_VAL_CLEAN_ADDITIONAL 321 +#define VAR_VAL_PERMISSIVE_MODE 322 +#define VAR_INCOMING_NUM_TCP 323 +#define VAR_MSG_BUFFER_SIZE 324 +#define VAR_KEY_CACHE_SIZE 325 +#define VAR_KEY_CACHE_SLABS 326 +#define VAR_TRUSTED_KEYS_FILE 327 +#define VAR_VAL_NSEC3_KEYSIZE_ITERATIONS 328 +#define VAR_USE_SYSLOG 329 +#define VAR_OUTGOING_INTERFACE 330 +#define VAR_ROOT_HINTS 331 +#define VAR_DO_NOT_QUERY_LOCALHOST 332 +#define VAR_CACHE_MAX_TTL 333 +#define VAR_HARDEN_DNSSEC_STRIPPED 334 +#define VAR_ACCESS_CONTROL 335 +#define VAR_LOCAL_ZONE 336 +#define VAR_LOCAL_DATA 337 +#define VAR_INTERFACE_AUTOMATIC 338 +#define VAR_STATISTICS_INTERVAL 339 +#define VAR_DO_DAEMONIZE 340 +#define VAR_USE_CAPS_FOR_ID 341 +#define VAR_STATISTICS_CUMULATIVE 342 +#define VAR_OUTGOING_PORT_PERMIT 343 +#define VAR_OUTGOING_PORT_AVOID 344 +#define VAR_DLV_ANCHOR_FILE 345 +#define VAR_DLV_ANCHOR 346 +#define VAR_NEG_CACHE_SIZE 347 +#define VAR_HARDEN_REFERRAL_PATH 348 +#define VAR_PRIVATE_ADDRESS 349 +#define VAR_PRIVATE_DOMAIN 350 +#define VAR_REMOTE_CONTROL 351 +#define VAR_CONTROL_ENABLE 352 +#define VAR_CONTROL_INTERFACE 353 +#define VAR_CONTROL_PORT 354 +#define VAR_SERVER_KEY_FILE 355 +#define VAR_SERVER_CERT_FILE 356 +#define VAR_CONTROL_KEY_FILE 357 +#define VAR_CONTROL_CERT_FILE 358 +#define VAR_CONTROL_USE_CERT 359 +#define VAR_EXTENDED_STATISTICS 360 +#define VAR_LOCAL_DATA_PTR 361 +#define VAR_JOSTLE_TIMEOUT 362 +#define VAR_STUB_PRIME 363 +#define VAR_UNWANTED_REPLY_THRESHOLD 364 +#define VAR_LOG_TIME_ASCII 365 +#define VAR_DOMAIN_INSECURE 366 +#define VAR_PYTHON 367 +#define VAR_PYTHON_SCRIPT 368 +#define VAR_VAL_SIG_SKEW_MIN 369 +#define VAR_VAL_SIG_SKEW_MAX 370 +#define VAR_CACHE_MIN_TTL 371 +#define VAR_VAL_LOG_LEVEL 372 +#define VAR_AUTO_TRUST_ANCHOR_FILE 373 +#define VAR_KEEP_MISSING 374 +#define VAR_ADD_HOLDDOWN 375 +#define VAR_DEL_HOLDDOWN 376 +#define VAR_SO_RCVBUF 377 +#define VAR_EDNS_BUFFER_SIZE 378 +#define VAR_PREFETCH 379 +#define VAR_PREFETCH_KEY 380 +#define VAR_SO_SNDBUF 381 +#define VAR_SO_REUSEPORT 382 +#define VAR_HARDEN_BELOW_NXDOMAIN 383 +#define VAR_IGNORE_CD_FLAG 384 +#define VAR_LOG_QUERIES 385 +#define VAR_LOG_REPLIES 386 +#define VAR_LOG_LOCAL_ACTIONS 387 +#define VAR_TCP_UPSTREAM 388 +#define VAR_SSL_UPSTREAM 389 +#define VAR_SSL_SERVICE_KEY 390 +#define VAR_SSL_SERVICE_PEM 391 +#define VAR_SSL_PORT 392 +#define VAR_FORWARD_FIRST 393 +#define VAR_STUB_SSL_UPSTREAM 394 +#define VAR_FORWARD_SSL_UPSTREAM 395 +#define VAR_TLS_CERT_BUNDLE 396 +#define VAR_HTTPS_PORT 397 +#define VAR_HTTP_ENDPOINT 398 +#define VAR_HTTP_MAX_STREAMS 399 +#define VAR_HTTP_QUERY_BUFFER_SIZE 400 +#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401 +#define VAR_HTTP_NODELAY 402 +#define VAR_HTTP_NOTLS_DOWNSTREAM 403 +#define VAR_STUB_FIRST 404 +#define VAR_MINIMAL_RESPONSES 405 +#define VAR_RRSET_ROUNDROBIN 406 +#define VAR_MAX_UDP_SIZE 407 +#define VAR_DELAY_CLOSE 408 +#define VAR_UDP_CONNECT 409 +#define VAR_UNBLOCK_LAN_ZONES 410 +#define VAR_INSECURE_LAN_ZONES 411 +#define VAR_INFRA_CACHE_MIN_RTT 412 +#define VAR_INFRA_KEEP_PROBING 413 +#define VAR_DNS64_PREFIX 414 +#define VAR_DNS64_SYNTHALL 415 +#define VAR_DNS64_IGNORE_AAAA 416 +#define VAR_DNSTAP 417 +#define VAR_DNSTAP_ENABLE 418 +#define VAR_DNSTAP_SOCKET_PATH 419 +#define VAR_DNSTAP_IP 420 +#define VAR_DNSTAP_TLS 421 +#define VAR_DNSTAP_TLS_SERVER_NAME 422 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 423 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425 +#define VAR_DNSTAP_SEND_IDENTITY 426 +#define VAR_DNSTAP_SEND_VERSION 427 +#define VAR_DNSTAP_BIDIRECTIONAL 428 +#define VAR_DNSTAP_IDENTITY 429 +#define VAR_DNSTAP_VERSION 430 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436 +#define VAR_RESPONSE_IP_TAG 437 +#define VAR_RESPONSE_IP 438 +#define VAR_RESPONSE_IP_DATA 439 +#define VAR_HARDEN_ALGO_DOWNGRADE 440 +#define VAR_IP_TRANSPARENT 441 +#define VAR_IP_DSCP 442 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 443 +#define VAR_IP_RATELIMIT 444 +#define VAR_IP_RATELIMIT_SLABS 445 +#define VAR_IP_RATELIMIT_SIZE 446 +#define VAR_RATELIMIT 447 +#define VAR_RATELIMIT_SLABS 448 +#define VAR_RATELIMIT_SIZE 449 +#define VAR_RATELIMIT_FOR_DOMAIN 450 +#define VAR_RATELIMIT_BELOW_DOMAIN 451 +#define VAR_IP_RATELIMIT_FACTOR 452 +#define VAR_RATELIMIT_FACTOR 453 +#define VAR_SEND_CLIENT_SUBNET 454 +#define VAR_CLIENT_SUBNET_ZONE 455 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456 +#define VAR_CLIENT_SUBNET_OPCODE 457 +#define VAR_MAX_CLIENT_SUBNET_IPV4 458 +#define VAR_MAX_CLIENT_SUBNET_IPV6 459 +#define VAR_MIN_CLIENT_SUBNET_IPV4 460 +#define VAR_MIN_CLIENT_SUBNET_IPV6 461 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 462 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 463 +#define VAR_CAPS_WHITELIST 464 +#define VAR_CACHE_MAX_NEGATIVE_TTL 465 +#define VAR_PERMIT_SMALL_HOLDDOWN 466 +#define VAR_QNAME_MINIMISATION 467 +#define VAR_QNAME_MINIMISATION_STRICT 468 +#define VAR_IP_FREEBIND 469 +#define VAR_DEFINE_TAG 470 +#define VAR_LOCAL_ZONE_TAG 471 +#define VAR_ACCESS_CONTROL_TAG 472 +#define VAR_LOCAL_ZONE_OVERRIDE 473 +#define VAR_ACCESS_CONTROL_TAG_ACTION 474 +#define VAR_ACCESS_CONTROL_TAG_DATA 475 +#define VAR_VIEW 476 +#define VAR_ACCESS_CONTROL_VIEW 477 +#define VAR_VIEW_FIRST 478 +#define VAR_SERVE_EXPIRED 479 +#define VAR_SERVE_EXPIRED_TTL 480 +#define VAR_SERVE_EXPIRED_TTL_RESET 481 +#define VAR_SERVE_EXPIRED_REPLY_TTL 482 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 +#define VAR_FAKE_DSA 484 +#define VAR_FAKE_SHA1 485 +#define VAR_LOG_IDENTITY 486 +#define VAR_HIDE_TRUSTANCHOR 487 +#define VAR_TRUST_ANCHOR_SIGNALING 488 +#define VAR_AGGRESSIVE_NSEC 489 +#define VAR_USE_SYSTEMD 490 +#define VAR_SHM_ENABLE 491 +#define VAR_SHM_KEY 492 +#define VAR_ROOT_KEY_SENTINEL 493 +#define VAR_DNSCRYPT 494 +#define VAR_DNSCRYPT_ENABLE 495 +#define VAR_DNSCRYPT_PORT 496 +#define VAR_DNSCRYPT_PROVIDER 497 +#define VAR_DNSCRYPT_SECRET_KEY 498 +#define VAR_DNSCRYPT_PROVIDER_CERT 499 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504 +#define VAR_PAD_RESPONSES 505 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 506 +#define VAR_PAD_QUERIES 507 +#define VAR_PAD_QUERIES_BLOCK_SIZE 508 +#define VAR_IPSECMOD_ENABLED 509 +#define VAR_IPSECMOD_HOOK 510 +#define VAR_IPSECMOD_IGNORE_BOGUS 511 +#define VAR_IPSECMOD_MAX_TTL 512 +#define VAR_IPSECMOD_WHITELIST 513 +#define VAR_IPSECMOD_STRICT 514 +#define VAR_CACHEDB 515 +#define VAR_CACHEDB_BACKEND 516 +#define VAR_CACHEDB_SECRETSEED 517 +#define VAR_CACHEDB_REDISHOST 518 +#define VAR_CACHEDB_REDISPORT 519 +#define VAR_CACHEDB_REDISTIMEOUT 520 +#define VAR_CACHEDB_REDISEXPIRERECORDS 521 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 522 +#define VAR_FOR_UPSTREAM 523 +#define VAR_AUTH_ZONE 524 +#define VAR_ZONEFILE 525 +#define VAR_MASTER 526 +#define VAR_URL 527 +#define VAR_FOR_DOWNSTREAM 528 +#define VAR_FALLBACK_ENABLED 529 +#define VAR_TLS_ADDITIONAL_PORT 530 +#define VAR_LOW_RTT 531 +#define VAR_LOW_RTT_PERMIL 532 +#define VAR_FAST_SERVER_PERMIL 533 +#define VAR_FAST_SERVER_NUM 534 +#define VAR_ALLOW_NOTIFY 535 +#define VAR_TLS_WIN_CERT 536 +#define VAR_TCP_CONNECTION_LIMIT 537 +#define VAR_FORWARD_NO_CACHE 538 +#define VAR_STUB_NO_CACHE 539 +#define VAR_LOG_SERVFAIL 540 +#define VAR_DENY_ANY 541 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 542 +#define VAR_LOG_TAG_QUERYREPLY 543 +#define VAR_STREAM_WAIT_SIZE 544 +#define VAR_TLS_CIPHERS 545 +#define VAR_TLS_CIPHERSUITES 546 +#define VAR_TLS_USE_SNI 547 +#define VAR_IPSET 548 +#define VAR_IPSET_NAME_V4 549 +#define VAR_IPSET_NAME_V6 550 +#define VAR_TLS_SESSION_TICKET_KEYS 551 +#define VAR_RPZ 552 +#define VAR_TAGS 553 +#define VAR_RPZ_ACTION_OVERRIDE 554 +#define VAR_RPZ_CNAME_OVERRIDE 555 +#define VAR_RPZ_LOG 556 +#define VAR_RPZ_LOG_NAME 557 +#define VAR_DYNLIB 558 +#define VAR_DYNLIB_FILE 559 +#define VAR_EDNS_CLIENT_STRING 560 +#define VAR_EDNS_CLIENT_STRING_OPCODE 561 +#define VAR_NSID 562 + +/* Value type. */ +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +union YYSTYPE +{ +#line 66 "./util/configparser.y" + char* str; -} YYSTYPE; -#endif /* !YYSTYPE_IS_DECLARED */ + +#line 684 "util/configparser.h" + +}; +typedef union YYSTYPE YYSTYPE; +# define YYSTYPE_IS_TRIVIAL 1 +# define YYSTYPE_IS_DECLARED 1 +#endif + + extern YYSTYPE yylval; + +int yyparse (void); + +#endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */ diff --git a/util/configparser.y b/util/configparser.y index a36a64b8f..b4e254cdb 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -69,6 +69,7 @@ extern struct config_parser_state* cfg_parser; %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR %token STRING_ARG +%token VAR_FORCE_TOPLEVEL %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT %token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP @@ -111,15 +112,18 @@ extern struct config_parser_state* cfg_parser; %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE +%token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS +%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE +%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN -%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE +%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES -%token VAR_INFRA_CACHE_MIN_RTT +%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE %token VAR_DNSTAP_TLS_CLIENT_KEY_FILE VAR_DNSTAP_TLS_CLIENT_CERT_FILE -%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION +%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION VAR_DNSTAP_BIDIRECTIONAL %token VAR_DNSTAP_IDENTITY VAR_DNSTAP_VERSION %token VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES @@ -172,10 +176,12 @@ extern struct config_parser_state* cfg_parser; %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY -%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES +%token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES VAR_TLS_USE_SNI %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME +%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING +%token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -184,16 +190,21 @@ toplevelvar: serverstart contents_server | stubstart contents_stub | rcstart contents_rc | dtstart contents_dt | viewstart contents_view | dnscstart contents_dnsc | cachedbstart contents_cachedb | ipsetstart contents_ipset | authstart contents_auth | - rpzstart contents_rpz + rpzstart contents_rpz | dynlibstart contents_dl | + force_toplevel + ; +force_toplevel: VAR_FORCE_TOPLEVEL + { + OUTYY(("\nP(force-toplevel)\n")); + } ; - /* server: declaration */ serverstart: VAR_SERVER { - OUTYY(("\nP(server:)\n")); + OUTYY(("\nP(server:)\n")); } ; -contents_server: contents_server content_server +contents_server: contents_server content_server | ; content_server: server_num_threads | server_verbosity | server_port | server_outgoing_range | server_do_ip4 | @@ -239,13 +250,16 @@ content_server: server_num_threads | server_verbosity | server_port | server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream | server_log_local_actions | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | + server_https_port | server_http_endpoint | server_http_max_streams | + server_http_query_buffer_size | server_http_response_buffer_size | + server_http_nodelay | server_http_notls_downstream | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | - server_so_reuseport | server_delay_close | + server_so_reuseport | server_delay_close | server_udp_connect | server_unblock_lan_zones | server_insecure_lan_zones | server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa | server_infra_cache_min_rtt | server_harden_algo_downgrade | server_ip_transparent | server_ip_ratelimit | server_ratelimit | - server_ip_dscp | + server_ip_dscp | server_infra_keep_probing | server_ip_ratelimit_slabs | server_ratelimit_slabs | server_ip_ratelimit_size | server_ratelimit_size | server_ratelimit_for_domain | @@ -262,7 +276,10 @@ content_server: server_num_threads | server_verbosity | server_port | server_disable_dnssec_lame_check | server_access_control_tag | server_local_zone_override | server_access_control_tag_action | server_access_control_tag_data | server_access_control_view | - server_qname_minimisation_strict | server_serve_expired | + server_qname_minimisation_strict | + server_pad_responses | server_pad_responses_block_size | + server_pad_queries | server_pad_queries_block_size | + server_serve_expired | server_serve_expired_ttl | server_serve_expired_ttl_reset | server_serve_expired_reply_ttl | server_serve_expired_client_timeout | server_fake_dsa | server_log_identity | server_use_systemd | @@ -279,7 +296,9 @@ content_server: server_num_threads | server_verbosity | server_port | server_tcp_connection_limit | server_log_servfail | server_deny_any | server_unknown_server_time_limit | server_log_tag_queryreply | server_stream_wait_size | server_tls_ciphers | - server_tls_ciphersuites | server_tls_session_ticket_keys + server_tls_ciphersuites | server_tls_session_ticket_keys | + server_tls_use_sni | server_edns_client_string | + server_edns_client_string_opcode | server_nsid ; stubstart: VAR_STUB_ZONE { @@ -954,6 +973,79 @@ server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG yyerror("out of memory"); } ; +server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG + { + OUTYY(("P(server_tls_use_sni:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->tls_use_sni = (strcmp($2, "yes")==0); + free($2); + } + ; +server_https_port: VAR_HTTPS_PORT STRING_ARG + { + OUTYY(("P(server_https_port:%s)\n", $2)); + if(atoi($2) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->https_port = atoi($2); + free($2); + }; +server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG + { + OUTYY(("P(server_http_endpoint:%s)\n", $2)); + free(cfg_parser->cfg->http_endpoint); + if($2 && $2[0] != '/') { + cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2); + if(!cfg_parser->cfg->http_endpoint) + yyerror("out of memory"); + cfg_parser->cfg->http_endpoint[0] = '/'; + memmove(cfg_parser->cfg->http_endpoint+1, $2, + strlen($2)+1); + free($2); + } else { + cfg_parser->cfg->http_endpoint = $2; + } + }; +server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG + { + OUTYY(("P(server_http_max_streams:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->http_max_streams = atoi($2); + free($2); + }; +server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG + { + OUTYY(("P(server_http_query_buffer_size:%s)\n", $2)); + if(!cfg_parse_memsize($2, + &cfg_parser->cfg->http_query_buffer_size)) + yyerror("memory size expected"); + free($2); + }; +server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG + { + OUTYY(("P(server_http_response_buffer_size:%s)\n", $2)); + if(!cfg_parse_memsize($2, + &cfg_parser->cfg->http_response_buffer_size)) + yyerror("memory size expected"); + free($2); + }; +server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG + { + OUTYY(("P(server_http_nodelay:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0); + free($2); + } +server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG + { + OUTYY(("P(server_http_notls_downstream:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0); + free($2); + }; server_use_systemd: VAR_USE_SYSTEMD STRING_ARG { OUTYY(("P(server_use_systemd:%s)\n", $2)); @@ -1105,15 +1197,15 @@ server_root_hints: VAR_ROOT_HINTS STRING_ARG server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG { OUTYY(("P(server_dlv_anchor_file:%s)\n", $2)); - free(cfg_parser->cfg->dlv_anchor_file); - cfg_parser->cfg->dlv_anchor_file = $2; + log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); + free($2); } ; server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG { OUTYY(("P(server_dlv_anchor:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2)) - yyerror("out of memory"); + log_warn("option dlv-anchor ignored: DLV is decommissioned"); + free($2); } ; server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG @@ -1217,6 +1309,22 @@ server_version: VAR_VERSION STRING_ARG cfg_parser->cfg->version = $2; } ; +server_nsid: VAR_NSID STRING_ARG + { + OUTYY(("P(server_nsid:%s)\n", $2)); + free(cfg_parser->cfg->nsid_cfg_str); + cfg_parser->cfg->nsid_cfg_str = $2; + free(cfg_parser->cfg->nsid); + cfg_parser->cfg->nsid = NULL; + cfg_parser->cfg->nsid_len = 0; + if (*$2 == 0) + ; /* pass; empty string is not setting nsid */ + else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( + $2, &cfg_parser->cfg->nsid_len))) + yyerror("the NSID must be either a hex string or an " + "ascii character string prepended with ascii_."); + } + ; server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG { OUTYY(("P(server_so_rcvbuf:%s)\n", $2)); @@ -1357,6 +1465,15 @@ server_delay_close: VAR_DELAY_CLOSE STRING_ARG free($2); } ; +server_udp_connect: VAR_UDP_CONNECT STRING_ARG + { + OUTYY(("P(server_udp_connect:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0); + free($2); + } + ; server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG { OUTYY(("P(server_unblock_lan_zones:%s)\n", $2)); @@ -1454,6 +1571,16 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG free($2); } ; +server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG + { + OUTYY(("P(server_infra_keep_probing:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->infra_keep_probing = + (strcmp($2, "yes")==0); + free($2); + } + ; server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG { OUTYY(("P(server_target_fetch_policy:%s)\n", $2)); @@ -1924,6 +2051,9 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_transparent")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "always_nodata")!=0 + && strcmp($3, "always_deny")!=0 + && strcmp($3, "always_null")!=0 && strcmp($3, "noview")!=0 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0 && strcmp($3, "inform_redirect") != 0 @@ -1932,8 +2062,9 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "inform_redirect, always_transparent, " - "always_refuse, always_nxdomain, noview " - ", nodefault or ipset"); + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); free($2); free($3); } else if(strcmp($3, "nodefault")==0) { @@ -2424,6 +2555,27 @@ server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG OUTYY(("P(Compiled without IPsec module, ignoring)\n")); free($2); #endif + } + ; +server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG + { + OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3)); + if(!cfg_str2list_insert( + &cfg_parser->cfg->edns_client_strings, $2, $3)) + fatal_exit("out of memory adding " + "edns-client-string"); + } + ; +server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG + { + OUTYY(("P(edns_client_string_opcode:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("option code expected"); + else if(atoi($2) > 65535 || atoi($2) < 0) + yyerror("option code must be in interval [0, 65535]"); + else cfg_parser->cfg->edns_client_string_opcode = atoi($2); + free($2); + } ; stub_name: VAR_NAME STRING_ARG @@ -2787,7 +2939,7 @@ dtstart: VAR_DNSTAP ; contents_dt: contents_dt content_dt | ; -content_dt: dt_dnstap_enable | dt_dnstap_socket_path | +content_dt: dt_dnstap_enable | dt_dnstap_socket_path | dt_dnstap_bidirectional | dt_dnstap_ip | dt_dnstap_tls | dt_dnstap_tls_server_name | dt_dnstap_tls_cert_bundle | dt_dnstap_tls_client_key_file | dt_dnstap_tls_client_cert_file | @@ -2809,6 +2961,16 @@ dt_dnstap_enable: VAR_DNSTAP_ENABLE STRING_ARG free($2); } ; +dt_dnstap_bidirectional: VAR_DNSTAP_BIDIRECTIONAL STRING_ARG + { + OUTYY(("P(dt_dnstap_bidirectional:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->dnstap_bidirectional = + (strcmp($2, "yes")==0); + free($2); + } + ; dt_dnstap_socket_path: VAR_DNSTAP_SOCKET_PATH STRING_ARG { OUTYY(("P(dt_dnstap_socket_path:%s)\n", $2)); @@ -2967,6 +3129,21 @@ py_script: VAR_PYTHON_SCRIPT STRING_ARG if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, $2)) yyerror("out of memory"); } +dynlibstart: VAR_DYNLIB + { + OUTYY(("\nP(dynlib:)\n")); + } + ; +contents_dl: contents_dl content_dl + | ; +content_dl: dl_file + ; +dl_file: VAR_DYNLIB_FILE STRING_ARG + { + OUTYY(("P(dynlib-file:%s)\n", $2)); + if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, $2)) + yyerror("out of memory"); + } server_disable_dnssec_lame_check: VAR_DISABLE_DNSSEC_LAME_CHECK STRING_ARG { OUTYY(("P(disable_dnssec_lame_check:%s)\n", $2)); diff --git a/util/data/dname.c b/util/data/dname.c index c8f09ddbc..76b2ec7d6 100644 --- a/util/data/dname.c +++ b/util/data/dname.c @@ -233,17 +233,28 @@ int dname_pkt_compare(sldns_buffer* pkt, uint8_t* d1, uint8_t* d2) { uint8_t len1, len2; + int count1 = 0, count2 = 0; log_assert(pkt && d1 && d2); len1 = *d1++; len2 = *d2++; while( len1 != 0 || len2 != 0 ) { /* resolve ptrs */ if(LABEL_IS_PTR(len1)) { + if((size_t)PTR_OFFSET(len1, *d1) + >= sldns_buffer_limit(pkt)) + return -1; + if(count1++ > MAX_COMPRESS_PTRS) + return -1; d1 = sldns_buffer_at(pkt, PTR_OFFSET(len1, *d1)); len1 = *d1++; continue; } if(LABEL_IS_PTR(len2)) { + if((size_t)PTR_OFFSET(len2, *d2) + >= sldns_buffer_limit(pkt)) + return 1; + if(count2++ > MAX_COMPRESS_PTRS) + return 1; d2 = sldns_buffer_at(pkt, PTR_OFFSET(len2, *d2)); len2 = *d2++; continue; @@ -302,12 +313,18 @@ dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h) uint8_t labuf[LDNS_MAX_LABELLEN+1]; uint8_t lablen; int i; + int count = 0; /* preserve case of query, make hash label by label */ lablen = *dname++; while(lablen) { if(LABEL_IS_PTR(lablen)) { /* follow pointer */ + if((size_t)PTR_OFFSET(lablen, *dname) + >= sldns_buffer_limit(pkt)) + return h; + if(count++ > MAX_COMPRESS_PTRS) + return h; dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); lablen = *dname++; continue; @@ -341,6 +358,9 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) return; } /* follow pointer */ + if((size_t)PTR_OFFSET(lablen, *dname) + >= sldns_buffer_limit(pkt)) + return; dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); lablen = *dname++; continue; @@ -369,6 +389,7 @@ void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname) { uint8_t lablen; + int count = 0; if(!out) out = stdout; if(!dname) return; @@ -382,6 +403,15 @@ void dname_print(FILE* out, struct sldns_buffer* pkt, uint8_t* dname) fputs("??compressionptr??", out); return; } + if((size_t)PTR_OFFSET(lablen, *dname) + >= sldns_buffer_limit(pkt)) { + fputs("??compressionptr??", out); + return; + } + if(count++ > MAX_COMPRESS_PTRS) { + fputs("??compressionptr??", out); + return; + } dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); lablen = *dname++; continue; diff --git a/util/data/msgencode.c b/util/data/msgencode.c index 49e48954b..10bded941 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -624,6 +624,9 @@ positive_answer(struct reply_info* rep, uint16_t qtype) { for(i=0;ian_numrrsets; i++) { if(ntohs(rep->rrsets[i]->rk.type) == qtype) { + /* for priming queries, type NS, include addresses */ + if(qtype == LDNS_RR_TYPE_NS) + return 0; /* in case it is a wildcard with DNSSEC, there will * be NSEC/NSEC3 records in the authority section * that we cannot remove */ diff --git a/util/data/msgparse.c b/util/data/msgparse.c index d553472bf..6ee5559db 100644 --- a/util/data/msgparse.c +++ b/util/data/msgparse.c @@ -55,7 +55,11 @@ smart_compare(sldns_buffer* pkt, uint8_t* dnow, { if(LABEL_IS_PTR(*dnow)) { /* ptr points to a previous dname */ - uint8_t* p = sldns_buffer_at(pkt, PTR_OFFSET(dnow[0], dnow[1])); + uint8_t* p; + if((size_t)PTR_OFFSET(dnow[0], dnow[1]) + >= sldns_buffer_limit(pkt)) + return -1; + p = sldns_buffer_at(pkt, PTR_OFFSET(dnow[0], dnow[1])); if( p == dprfirst || p == dprlast ) return 0; /* prev dname is also a ptr, both ptrs are the same. */ diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 927bf09a2..35cd8b93e 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -1035,7 +1035,8 @@ static int inplace_cb_reply_call_generic( struct inplace_cb* callback_list, enum inplace_cb_list_type type, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { struct inplace_cb* cb; struct edns_option* opt_list_out = NULL; @@ -1048,7 +1049,7 @@ static int inplace_cb_reply_call_generic( fptr_ok(fptr_whitelist_inplace_cb_reply_generic( (inplace_cb_reply_func_type*)cb->cb, type)); (void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep, - rcode, edns, &opt_list_out, repinfo, region, cb->id, cb->cb_arg); + rcode, edns, &opt_list_out, repinfo, region, start_time, cb->id, cb->cb_arg); } edns->opt_list = opt_list_out; return 1; @@ -1056,37 +1057,41 @@ static int inplace_cb_reply_call_generic( int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct comm_reply* repinfo, struct regional* region) + struct edns_data* edns, struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply], inplace_cb_reply, qinfo, - qstate, rep, rcode, edns, repinfo, region); + qstate, rep, rcode, edns, repinfo, region, start_time); } int inplace_cb_reply_cache_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply_cache], inplace_cb_reply_cache, - qinfo, qstate, rep, rcode, edns, repinfo, region); + qinfo, qstate, rep, rcode, edns, repinfo, region, start_time); } int inplace_cb_reply_local_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply_local], inplace_cb_reply_local, - qinfo, qstate, rep, rcode, edns, repinfo, region); + qinfo, qstate, rep, rcode, edns, repinfo, region, start_time); } int inplace_cb_reply_servfail_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { /* We are going to servfail. Remove any potential edns options. */ if(qstate) @@ -1094,7 +1099,7 @@ int inplace_cb_reply_servfail_call(struct module_env* env, return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply_servfail], inplace_cb_reply_servfail, qinfo, qstate, rep, rcode, edns, repinfo, - region); + region, start_time); } int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, diff --git a/util/data/msgreply.h b/util/data/msgreply.h index 8d75f9b12..c6b220ed8 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -552,13 +552,16 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code); * @param rep: Reply info. Could be NULL. * @param rcode: return code. * @param edns: edns data of the reply. - * @param repinfo: comm_reply. NULL. + * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct comm_reply* repinfo, struct regional* region); + struct edns_data* edns, struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_reply_cache linked list. @@ -571,12 +574,15 @@ int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, * @param edns: edns data of the reply. Edns input can be found here. * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_cache_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_reply_local linked list. @@ -589,12 +595,15 @@ int inplace_cb_reply_cache_call(struct module_env* env, * @param edns: edns data of the reply. Edns input can be found here. * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_local_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_reply linked list. @@ -608,12 +617,15 @@ int inplace_cb_reply_local_call(struct module_env* env, * is NULL. * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_servfail_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_query linked list. diff --git a/util/edns.c b/util/edns.c index 8376fb1c5..5d2121636 100644 --- a/util/edns.c +++ b/util/edns.c @@ -43,10 +43,91 @@ #include "util/edns.h" #include "util/config_file.h" #include "util/netevent.h" +#include "util/net_help.h" #include "util/regional.h" #include "util/data/msgparse.h" #include "util/data/msgreply.h" +struct edns_strings* edns_strings_create(void) +{ + struct edns_strings* edns_strings = calloc(1, + sizeof(struct edns_strings)); + if(!edns_strings) + return NULL; + if(!(edns_strings->region = regional_create())) { + edns_strings_delete(edns_strings); + return NULL; + } + return edns_strings; +} + +void edns_strings_delete(struct edns_strings* edns_strings) +{ + if(!edns_strings) + return; + regional_destroy(edns_strings->region); + free(edns_strings); +} + +static int +edns_strings_client_insert(struct edns_strings* edns_strings, + struct sockaddr_storage* addr, socklen_t addrlen, int net, + const char* string) +{ + struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region, + sizeof(struct edns_string_addr)); + if(!esa) + return 0; + esa->string_len = strlen(string); + esa->string = regional_alloc_init(edns_strings->region, string, + esa->string_len); + if(!esa->string) + return 0; + if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr, + addrlen, net)) { + verbose(VERB_QUERY, "duplicate EDNS client string ignored."); + } + return 1; +} + +int edns_strings_apply_cfg(struct edns_strings* edns_strings, + struct config_file* config) +{ + struct config_str2list* c; + regional_free_all(edns_strings->region); + addr_tree_init(&edns_strings->client_strings); + + for(c=config->edns_client_strings; c; c=c->next) { + struct sockaddr_storage addr; + socklen_t addrlen; + int net; + log_assert(c->str && c->str2); + + if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen, + &net)) { + log_err("cannot parse EDNS client string IP netblock: " + "%s", c->str); + return 0; + } + if(!edns_strings_client_insert(edns_strings, &addr, addrlen, + net, c->str2)) { + log_err("out of memory while adding EDNS strings"); + return 0; + } + } + edns_strings->client_string_opcode = config->edns_client_string_opcode; + + addr_tree_init_parents(&edns_strings->client_strings); + return 1; +} + +struct edns_string_addr* +edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, + socklen_t addrlen) +{ + return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen); +} + static int edns_keepalive(struct edns_data* edns_out, struct edns_data* edns_in, struct comm_point* c, struct regional* region) { @@ -79,6 +160,11 @@ int apply_edns_options(struct edns_data* edns_out, struct edns_data* edns_in, !edns_keepalive(edns_out, edns_in, c, region)) return 0; + if (cfg->nsid && edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_NSID) + && !edns_opt_list_append(&edns_out->opt_list, + LDNS_EDNS_NSID, cfg->nsid_len, cfg->nsid, region)) + return 0; + if(!cfg->pad_responses || c->type != comm_tcp || !c->ssl || !edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_PADDING)) ; /* pass */ diff --git a/util/edns.h b/util/edns.h index a4ee7def6..11742eb5b 100644 --- a/util/edns.h +++ b/util/edns.h @@ -42,11 +42,70 @@ #ifndef UTIL_EDNS_H #define UTIL_EDNS_H +#include "util/storage/dnstree.h" + struct edns_data; struct config_file; struct comm_point; struct regional; +/** + * Structure containing all EDNS strings. + */ +struct edns_strings { + /** Tree of EDNS client strings to use in upstream queries, per address + * prefix. Contains nodes of type edns_string_addr. */ + rbtree_type client_strings; + /** EDNS opcode to use for client strings */ + uint16_t client_string_opcode; + /** region to allocate tree nodes in */ + struct regional* region; +}; + +/** + * EDNS string. Node of rbtree, containing string and prefix. + */ +struct edns_string_addr { + /** node in address tree, used for tree lookups. Need to be the first + * member of this struct. */ + struct addr_tree_node node; + /** string, ascii format */ + uint8_t* string; + /** length of string */ + size_t string_len; +}; + +/** + * Create structure to hold EDNS strings + * @return: newly created edns_strings, NULL on alloc failure. + */ +struct edns_strings* edns_strings_create(void); + +/** Delete EDNS strings structure + * @param edns_strings: struct to delete + */ +void edns_strings_delete(struct edns_strings* edns_strings); + +/** + * Add configured EDNS strings + * @param edns_strings: edns strings to apply config to + * @param config: struct containing EDNS strings configuration + * @return 0 on error + */ +int edns_strings_apply_cfg(struct edns_strings* edns_strings, + struct config_file* config); + +/** + * Find string for address. + * @param tree: tree containing EDNS strings per address prefix. + * @param addr: address to use for tree lookup + * @param addrlen: length of address + * @return: matching tree node, NULL otherwise + */ +struct edns_string_addr* +edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, + socklen_t addrlen); + /** * Apply common EDNS options. * diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index b124e7169..a9e9d3a03 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -81,6 +81,9 @@ #ifdef WITH_PYTHONMODULE #include "pythonmod/pythonmod.h" #endif +#ifdef WITH_DYNLIBMODULE +#include "dynlibmod/dynlibmod.h" +#endif #ifdef USE_CACHEDB #include "cachedb/cachedb.h" #endif @@ -135,6 +138,9 @@ fptr_whitelist_comm_timer(void (*fptr)(void*)) else if(fptr == &auth_xfer_probe_timer_callback) return 1; else if(fptr == &auth_xfer_transfer_timer_callback) return 1; else if(fptr == &mesh_serve_expired_callback) return 1; +#ifdef USE_DNSTAP + else if(fptr == &mq_wakeup_cb) return 1; +#endif return 0; } @@ -223,6 +229,8 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)) else if(fptr == &fwd_cmp) return 1; else if(fptr == &pending_cmp) return 1; else if(fptr == &serviced_cmp) return 1; + else if(fptr == &reuse_cmp) return 1; + else if(fptr == &reuse_id_cmp) return 1; else if(fptr == &name_tree_compare) return 1; else if(fptr == &order_lock_cmp) return 1; else if(fptr == &codeline_cmp) return 1; @@ -392,6 +400,9 @@ fptr_whitelist_mod_init(int (*fptr)(struct module_env* env, int id)) #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_init) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_init) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_init) return 1; #endif @@ -417,6 +428,9 @@ fptr_whitelist_mod_deinit(void (*fptr)(struct module_env* env, int id)) #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_deinit) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_deinit) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_deinit) return 1; #endif @@ -443,6 +457,9 @@ fptr_whitelist_mod_operate(void (*fptr)(struct module_qstate* qstate, #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_operate) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_operate) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_operate) return 1; #endif @@ -469,6 +486,9 @@ fptr_whitelist_mod_inform_super(void (*fptr)( #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_inform_super) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_inform_super) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_inform_super) return 1; #endif @@ -495,6 +515,9 @@ fptr_whitelist_mod_clear(void (*fptr)(struct module_qstate* qstate, #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_clear) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_clear) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_clear) return 1; #endif @@ -520,6 +543,9 @@ fptr_whitelist_mod_get_mem(size_t (*fptr)(struct module_env* env, int id)) #ifdef WITH_PYTHONMODULE else if(fptr == &pythonmod_get_mem) return 1; #endif +#ifdef WITH_DYNLIBMODULE + else if(fptr == &dynlibmod_get_mem) return 1; +#endif #ifdef USE_CACHEDB else if(fptr == &cachedb_get_mem) return 1; #endif @@ -577,18 +603,30 @@ int fptr_whitelist_inplace_cb_reply_generic(inplace_cb_reply_func_type* fptr, if(type == inplace_cb_reply) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; #endif } else if(type == inplace_cb_reply_cache) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; #endif } else if(type == inplace_cb_reply_local) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; #endif } else if(type == inplace_cb_reply_servfail) { #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_reply_generic) return 1; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_reply_generic) return 1; #endif } return 0; @@ -603,6 +641,10 @@ int fptr_whitelist_inplace_cb_query(inplace_cb_query_func_type* fptr) #ifdef WITH_PYTHONMODULE if(fptr == &python_inplace_cb_query_generic) return 1; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_query_generic) + return 1; #endif (void)fptr; return 0; @@ -616,6 +658,10 @@ int fptr_whitelist_inplace_cb_edns_back_parsed( return 1; #else (void)fptr; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_edns_back_parsed) + return 1; #endif return 0; } @@ -628,6 +674,10 @@ int fptr_whitelist_inplace_cb_query_response( return 1; #else (void)fptr; +#endif +#ifdef WITH_DYNLIBMODULE + if(fptr == &dynlib_inplace_cb_query_response) + return 1; #endif return 0; } diff --git a/util/iana_ports.inc b/util/iana_ports.inc index b26677efb..875851e6a 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -2014,6 +2014,7 @@ 2368, 2370, 2372, +2378, 2381, 2382, 2383, @@ -3574,7 +3575,6 @@ 3977, 3978, 3979, -3980, 3981, 3982, 3983, @@ -3771,6 +3771,7 @@ 4188, 4191, 4192, +4195, 4197, 4199, 4300, @@ -4515,6 +4516,7 @@ 6679, 6689, 6696, +6699, 6701, 6702, 6703, @@ -4743,6 +4745,7 @@ 8023, 8025, 8026, +8027, 8032, 8033, 8034, @@ -5230,6 +5233,7 @@ 18241, 18262, 18463, +18516, 18634, 18635, 18668, @@ -5286,6 +5290,7 @@ 22005, 22273, 22305, +22333, 22335, 22343, 22347, diff --git a/util/mini_event.h b/util/mini_event.h index 1734ca574..fa71ca3d1 100644 --- a/util/mini_event.h +++ b/util/mini_event.h @@ -54,6 +54,10 @@ #if defined(USE_MINI_EVENT) && !defined(USE_WINSOCK) +#ifdef HAVE_SYS_SELECT_H +/* for fd_set on OpenBSD */ +#include +#endif #include #ifndef HAVE_EVENT_BASE_FREE diff --git a/util/module.h b/util/module.h index fa89c647e..81a31a9cc 100644 --- a/util/module.h +++ b/util/module.h @@ -257,8 +257,8 @@ struct inplace_cb { typedef int inplace_cb_reply_func_type(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* callback); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback); /** * Inplace callback function called before sending the query to a nameserver. @@ -520,6 +520,8 @@ struct module_env { struct edns_known_option* edns_known_options; /* Number of known edns options */ size_t edns_known_options_num; + /** EDNS client string information */ + struct edns_strings* edns_strings; /* Make every mesh state unique, do not aggregate mesh states. */ int unique_mesh; diff --git a/util/net_help.c b/util/net_help.c index 135d33427..c5216bc2d 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -55,9 +55,15 @@ #ifdef HAVE_OPENSSL_ERR_H #include #endif +#ifdef HAVE_OPENSSL_CORE_NAMES_H +#include +#endif #ifdef USE_WINSOCK #include #endif +#ifdef HAVE_NGHTTP2_NGHTTP2_H +#include +#endif /** max length of an IP address (the address portion) that we allow */ #define MAX_ADDR_STRLEN 128 /* characters */ @@ -67,8 +73,8 @@ uint16_t EDNS_ADVERTISED_SIZE = 4096; /** minimal responses when positive answer: default is no */ int MINIMAL_RESPONSES = 0; -/** rrset order roundrobin: default is no */ -int RRSET_ROUNDROBIN = 0; +/** rrset order roundrobin: default is yes */ +int RRSET_ROUNDROBIN = 1; /** log tag queries with name instead of 'info' for filtering */ int LOG_TAG_QUERYREPLY = 0; @@ -79,6 +85,32 @@ static struct tls_session_ticket_key { unsigned char *hmac_key; } *ticket_keys; +#ifdef HAVE_SSL +/** + * callback TLS session ticket encrypt and decrypt + * For use with SSL_CTX_set_tlsext_ticket_key_cb or + * SSL_CTX_set_tlsext_ticket_key_evp_cb + * @param s: the SSL_CTX to use (from connect_sslctx_create()) + * @param key_name: secret name, 16 bytes + * @param iv: up to EVP_MAX_IV_LENGTH. + * @param evp_ctx: the evp cipher context, function sets this. + * @param hmac_ctx: the hmac context, function sets this. + * with ..key_cb it is of type HMAC_CTX* + * with ..key_evp_cb it is of type EVP_MAC_CTX* + * @param enc: 1 is encrypt, 0 is decrypt + * @return 0 on no ticket, 1 for okay, and 2 for okay but renew the ticket + * (the ticket is decrypt only). and <0 for failures. + */ +int tls_session_ticket_key_cb(SSL *s, unsigned char* key_name, + unsigned char* iv, EVP_CIPHER_CTX *evp_ctx, +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + EVP_MAC_CTX *hmac_ctx, +#else + HMAC_CTX* hmac_ctx, +#endif + int enc); +#endif /* HAVE_SSL */ + /* returns true is string addr is an ip6 specced address */ int str_is_ip6(const char* str) @@ -855,6 +887,21 @@ log_cert(unsigned level, const char* str, void* cert) } #endif /* HAVE_SSL */ +#if defined(HAVE_SSL) && defined(HAVE_NGHTTP2) +static int alpn_select_cb(SSL* ATTR_UNUSED(ssl), const unsigned char** out, + unsigned char* outlen, const unsigned char* in, unsigned int inlen, + void* ATTR_UNUSED(arg)) +{ + int rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, + inlen); + if(rv == -1) { + return SSL_TLSEXT_ERR_NOACK; + } + /* either http/1.1 or h2 selected */ + return SSL_TLSEXT_ERR_OK; +} +#endif + int listen_sslctx_setup(void* ctxt) { @@ -913,6 +960,9 @@ listen_sslctx_setup(void* ctxt) #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL SSL_CTX_set_security_level(ctx, 0); #endif +#if defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) && defined(HAVE_NGHTTP2) + SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb, NULL); +#endif #else (void)ctxt; #endif /* HAVE_SSL */ @@ -1231,13 +1281,16 @@ int check_auth_name_for_ssl(char* auth_name) } /** set the authname on an SSL structure, SSL* ssl */ -int set_auth_name_on_ssl(void* ssl, char* auth_name) +int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni) { if(!auth_name) return 1; #ifdef HAVE_SSL - (void)SSL_set_tlsext_host_name(ssl, auth_name); + if(use_sni) { + (void)SSL_set_tlsext_host_name(ssl, auth_name); + } #else (void)ssl; + (void)use_sni; #endif #ifdef HAVE_SSL_SET1_HOST SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); @@ -1385,10 +1438,17 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses } /* terminate array with NULL key name entry */ keys->key_name = NULL; +# ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + if(SSL_CTX_set_tlsext_ticket_key_evp_cb(sslctx, tls_session_ticket_key_cb) == 0) { + log_err("no support for TLS session ticket"); + return 0; + } +# else if(SSL_CTX_set_tlsext_ticket_key_cb(sslctx, tls_session_ticket_key_cb) == 0) { log_err("no support for TLS session ticket"); return 0; } +# endif return 1; #else (void)sslctx; @@ -1398,13 +1458,27 @@ int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_ses } -int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name, unsigned char* iv, void *evp_sctx, void *hmac_ctx, int enc) +#ifdef HAVE_SSL +int tls_session_ticket_key_cb(SSL *ATTR_UNUSED(sslctx), unsigned char* key_name, + unsigned char* iv, EVP_CIPHER_CTX *evp_sctx, +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + EVP_MAC_CTX *hmac_ctx, +#else + HMAC_CTX* hmac_ctx, +#endif + int enc) { #ifdef HAVE_SSL +# ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + OSSL_PARAM params[3]; +# else const EVP_MD *digest; +# endif const EVP_CIPHER *cipher; int evp_cipher_length; +# ifndef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB digest = EVP_sha256(); +# endif cipher = EVP_aes_256_cbc(); evp_cipher_length = EVP_CIPHER_iv_length(cipher); if( enc == 1 ) { @@ -1419,7 +1493,18 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name verbose(VERB_CLIENT, "EVP_EncryptInit_ex failed"); return -1; } -#ifndef HMAC_INIT_EX_RETURNS_VOID +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + ticket_keys->hmac_key, 32); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + "sha256", 0); + params[2] = OSSL_PARAM_construct_end(); +#ifdef HAVE_EVP_MAC_CTX_SET_PARAMS + EVP_MAC_CTX_set_params(hmac_ctx, params); +#else + EVP_MAC_set_ctx_params(hmac_ctx, params); +#endif +#elif !defined(HMAC_INIT_EX_RETURNS_VOID) if (HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; @@ -1443,7 +1528,18 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name return 0; } -#ifndef HMAC_INIT_EX_RETURNS_VOID +#ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB + params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + key->hmac_key, 32); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + "sha256", 0); + params[2] = OSSL_PARAM_construct_end(); +#ifdef HAVE_EVP_MAC_CTX_SET_PARAMS + EVP_MAC_CTX_set_params(hmac_ctx, params); +#else + EVP_MAC_set_ctx_params(hmac_ctx, params); +#endif +#elif !defined(HMAC_INIT_EX_RETURNS_VOID) if (HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; @@ -1468,6 +1564,7 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name return 0; #endif } +#endif /* HAVE_SSL */ void listen_sslctx_delete_ticket_keys(void) @@ -1486,3 +1583,31 @@ listen_sslctx_delete_ticket_keys(void) free(ticket_keys); ticket_keys = NULL; } + +# ifndef USE_WINSOCK +char* +sock_strerror(int errn) +{ + return strerror(errn); +} + +void +sock_close(int socket) +{ + close(socket); +} + +# else +char* +sock_strerror(int ATTR_UNUSED(errn)) +{ + return wsa_strerror(WSAGetLastError()); +} + +void +sock_close(int socket) +{ + closesocket(socket); +} + +# endif /* USE_WINSOCK */ diff --git a/util/net_help.h b/util/net_help.h index d9ee37ad0..45b607a43 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -453,9 +453,10 @@ int check_auth_name_for_ssl(char* auth_name); * set auth name on SSL for verification * @param ssl: SSL* to set * @param auth_name: if NULL nothing happens, otherwise the name to check. + * @param use_sni: if SNI will be used. * @return 1 on success or NULL auth_name, 0 on failure. */ -int set_auth_name_on_ssl(void* ssl, char* auth_name); +int set_auth_name_on_ssl(void* ssl, char* auth_name, int use_sni); /** * Initialize openssl locking for thread safety @@ -477,20 +478,6 @@ void ub_openssl_lock_delete(void); int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_session_ticket_keys); -/** - * callback TLS session ticket encrypt and decrypt - * For use with SSL_CTX_set_tlsext_ticket_key_cb - * @param s: the SSL_CTX to use (from connect_sslctx_create()) - * @param key_name: secret name, 16 bytes - * @param iv: up to EVP_MAX_IV_LENGTH. - * @param evp_ctx: the evp cipher context, function sets this. - * @param hmac_ctx: the hmax context, function sets this. - * @param enc: 1 is encrypt, 0 is decrypt - * @return 0 on no ticket, 1 for okay, and 2 for okay but renew the ticket - * (the ticket is decrypt only). and <0 for failures. - */ -int tls_session_ticket_key_cb(void *s, unsigned char* key_name,unsigned char* iv, void *evp_ctx, void *hmac_ctx, int enc); - /** Free memory used for TLS session ticket keys */ void listen_sslctx_delete_ticket_keys(void); @@ -509,4 +496,10 @@ void listen_sslctx_delete_ticket_keys(void); */ int netblockdnametoaddr(uint8_t* dname, size_t dnamelen, struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af); + +/** Return strerror or wsastrerror for socket error printout */ +char* sock_strerror(int errn); +/** close the socket with close, or wsa closesocket */ +void sock_close(int socket); + #endif /* NET_HELP_H */ diff --git a/util/netevent.c b/util/netevent.c index f7bb9b897..a2c0e6073 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -333,7 +333,7 @@ int tcp_connect_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) /* send a UDP reply */ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen) + struct sockaddr* addr, socklen_t addrlen, int is_connected) { ssize_t sent; log_assert(c->fd != -1); @@ -342,9 +342,14 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, log_err("error: send empty UDP packet"); #endif log_assert(addr && addrlen > 0); - sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), - sldns_buffer_remaining(packet), 0, - addr, addrlen); + if(!is_connected) { + sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0, + addr, addrlen); + } else { + sent = send(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0); + } if(sent == -1) { /* try again and block, waiting for IO to complete, * we want to send the answer, and we will wait for @@ -362,9 +367,14 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, #endif int e; fd_set_block(c->fd); - sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), - sldns_buffer_remaining(packet), 0, - addr, addrlen); + if (!is_connected) { + sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0, + addr, addrlen); + } else { + sent = send(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0); + } e = errno; fd_set_nonblock(c->fd); errno = e; @@ -373,14 +383,14 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, if(sent == -1) { if(!udp_send_errno_needs_log(addr, addrlen)) return 0; -#ifndef USE_WINSOCK - verbose(VERB_OPS, "sendto failed: %s", strerror(errno)); -#else - verbose(VERB_OPS, "sendto failed: %s", - wsa_strerror(WSAGetLastError())); -#endif - log_addr(VERB_OPS, "remote address is", - (struct sockaddr_storage*)addr, addrlen); + if (!is_connected) { + verbose(VERB_OPS, "sendto failed: %s", sock_strerror(errno)); + } else { + verbose(VERB_OPS, "send failed: %s", sock_strerror(errno)); + } + if(addr) + log_addr(VERB_OPS, "remote address is", + (struct sockaddr_storage*)addr, addrlen); return 0; } else if((size_t)sent != sldns_buffer_remaining(packet)) { log_err("sent %d in place of %d bytes", @@ -447,7 +457,10 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, ssize_t sent; struct msghdr msg; struct iovec iov[1]; - char control[256]; + union { + struct cmsghdr hdr; + char buf[256]; + } control; #ifndef S_SPLINT_S struct cmsghdr *cmsg; #endif /* S_SPLINT_S */ @@ -465,9 +478,9 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, iov[0].iov_len = sldns_buffer_remaining(packet); msg.msg_iov = iov; msg.msg_iovlen = 1; - msg.msg_control = control; + msg.msg_control = control.buf; #ifndef S_SPLINT_S - msg.msg_controllen = sizeof(control); + msg.msg_controllen = sizeof(control.buf); #endif /* S_SPLINT_S */ msg.msg_flags = 0; @@ -477,7 +490,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, #ifdef IP_PKTINFO void* cmsg_data; msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = IP_PKTINFO; memmove(CMSG_DATA(cmsg), &r->pktinfo.v4info, @@ -488,7 +501,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); #elif defined(IP_SENDSRCADDR) msg.msg_controllen = CMSG_SPACE(sizeof(struct in_addr)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IP; cmsg->cmsg_type = IP_SENDSRCADDR; memmove(CMSG_DATA(cmsg), &r->pktinfo.v4addr, @@ -501,7 +514,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, } else if(r->srctype == 6) { void* cmsg_data; msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IPV6; cmsg->cmsg_type = IPV6_PKTINFO; memmove(CMSG_DATA(cmsg), &r->pktinfo.v6info, @@ -513,7 +526,7 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, } else { /* try to pass all 0 to use default route */ msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); - log_assert(msg.msg_controllen <= sizeof(control)); + log_assert(msg.msg_controllen <= sizeof(control.buf)); cmsg->cmsg_level = IPPROTO_IPV6; cmsg->cmsg_type = IPV6_PKTINFO; memset(CMSG_DATA(cmsg), 0, sizeof(struct in6_pktinfo)); @@ -576,6 +589,41 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */ } +/** return true is UDP receive error needs to be logged */ +static int udp_recv_needs_log(int err) +{ + switch(err) { + case EACCES: /* some hosts send ICMP 'Permission Denied' */ +#ifndef USE_WINSOCK + case ECONNREFUSED: +# ifdef ENETUNREACH + case ENETUNREACH: +# endif +# ifdef EHOSTDOWN + case EHOSTDOWN: +# endif +# ifdef EHOSTUNREACH + case EHOSTUNREACH: +# endif +# ifdef ENETDOWN + case ENETDOWN: +# endif +#else /* USE_WINSOCK */ + case WSAECONNREFUSED: + case WSAENETUNREACH: + case WSAEHOSTDOWN: + case WSAEHOSTUNREACH: + case WSAENETDOWN: +#endif + if(verbosity >= VERB_ALGO) + return 1; + return 0; + default: + break; + } + return 1; +} + void comm_point_udp_ancil_callback(int fd, short event, void* arg) { @@ -584,7 +632,10 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) struct msghdr msg; struct iovec iov[1]; ssize_t rcv; - char ancil[256]; + union { + struct cmsghdr hdr; + char buf[256]; + } ancil; int i; #ifndef S_SPLINT_S struct cmsghdr* cmsg; @@ -608,14 +659,15 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) iov[0].iov_len = sldns_buffer_remaining(rep.c->buffer); msg.msg_iov = iov; msg.msg_iovlen = 1; - msg.msg_control = ancil; + msg.msg_control = ancil.buf; #ifndef S_SPLINT_S - msg.msg_controllen = sizeof(ancil); + msg.msg_controllen = sizeof(ancil.buf); #endif /* S_SPLINT_S */ msg.msg_flags = 0; rcv = recvmsg(fd, &msg, 0); if(rcv == -1) { - if(errno != EAGAIN && errno != EINTR) { + if(errno != EAGAIN && errno != EINTR + && udp_recv_needs_log(errno)) { log_err("recvmsg failed: %s", strerror(errno)); } return; @@ -696,13 +748,15 @@ comm_point_udp_callback(int fd, short event, void* arg) (struct sockaddr*)&rep.addr, &rep.addrlen); if(rcv == -1) { #ifndef USE_WINSOCK - if(errno != EAGAIN && errno != EINTR) + if(errno != EAGAIN && errno != EINTR + && udp_recv_needs_log(errno)) log_err("recvfrom %d failed: %s", fd, strerror(errno)); #else if(WSAGetLastError() != WSAEINPROGRESS && WSAGetLastError() != WSAECONNRESET && - WSAGetLastError()!= WSAEWOULDBLOCK) + WSAGetLastError()!= WSAEWOULDBLOCK && + udp_recv_needs_log(WSAGetLastError())) log_err("recvfrom failed: %s", wsa_strerror(WSAGetLastError())); #endif @@ -720,7 +774,7 @@ comm_point_udp_callback(int fd, short event, void* arg) buffer = rep.c->buffer; #endif (void)comm_point_send_udp_msg(rep.c, buffer, - (struct sockaddr*)&rep.addr, rep.addrlen); + (struct sockaddr*)&rep.addr, rep.addrlen, 0); } if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ @@ -728,12 +782,19 @@ comm_point_udp_callback(int fd, short event, void* arg) } } +int adjusted_tcp_timeout(struct comm_point* c) +{ + if(c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM) + return TCP_QUERY_TIMEOUT_MINIMUM; + return c->tcp_timeout_msec; +} + /** Use a new tcp handler for new query fd, set to read query */ static void setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) { int handler_usage; - log_assert(c->type == comm_tcp); + log_assert(c->type == comm_tcp || c->type == comm_http); log_assert(c->fd == -1); sldns_buffer_clear(c->buffer); #ifdef USE_DNSCRYPT @@ -761,10 +822,7 @@ setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) c->tcp_timeout_msec /= 500; else if (handler_usage > 80) c->tcp_timeout_msec = 0; - comm_point_start_listening(c, fd, - c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM - ? TCP_QUERY_TIMEOUT_MINIMUM - : c->tcp_timeout_msec); + comm_point_start_listening(c, fd, adjusted_tcp_timeout(c)); } void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), @@ -839,7 +897,6 @@ int comm_point_perform_accept(struct comm_point* c, return -1; } #endif - log_err_addr("accept failed", strerror(errno), addr, *addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAECONNRESET) @@ -848,9 +905,9 @@ int comm_point_perform_accept(struct comm_point* c, ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return -1; } - log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), - addr, *addrlen); #endif + log_err_addr("accept failed", sock_strerror(errno), addr, + *addrlen); return -1; } if(c->tcp_conn_limit && c->type == comm_tcp_accept) { @@ -908,6 +965,42 @@ comm_point_tcp_win_bio_cb(struct comm_point* c, void* thessl) } #endif +#ifdef HAVE_NGHTTP2 +/** Create http2 session server. Per connection, after TCP accepted.*/ +static int http2_session_server_create(struct http2_session* h2_session) +{ + log_assert(h2_session->callbacks); + h2_session->is_drop = 0; + if(nghttp2_session_server_new(&h2_session->session, + h2_session->callbacks, + h2_session) == NGHTTP2_ERR_NOMEM) { + log_err("failed to create nghttp2 session server"); + return 0; + } + + return 1; +} + +/** Submit http2 setting to session. Once per session. */ +static int http2_submit_settings(struct http2_session* h2_session) +{ + int ret; + nghttp2_settings_entry settings[1] = { + {NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, + h2_session->c->http2_max_streams}}; + + ret = nghttp2_submit_settings(h2_session->session, NGHTTP2_FLAG_NONE, + settings, 1); + if(ret) { + verbose(VERB_QUERY, "http2: submit_settings failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} +#endif /* HAVE_NGHTTP2 */ + + void comm_point_tcp_accept_callback(int fd, short event, void* arg) { @@ -929,7 +1022,36 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg) /* clear leftover flags from previous use, and then set the * correct event base for the event structure for libevent */ ub_event_free(c_hdl->ev->ev); - c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, comm_point_tcp_handle_callback, c_hdl); + if((c_hdl->type == comm_tcp && c_hdl->tcp_req_info) || + c_hdl->type == comm_local || c_hdl->type == comm_raw) + c_hdl->tcp_do_toggle_rw = 0; + else c_hdl->tcp_do_toggle_rw = 1; + + if(c_hdl->type == comm_http) { +#ifdef HAVE_NGHTTP2 + if(!c_hdl->h2_session || + !http2_session_server_create(c_hdl->h2_session)) { + log_warn("failed to create nghttp2"); + return; + } + if(!c_hdl->h2_session || + !http2_submit_settings(c_hdl->h2_session)) { + log_warn("failed to submit http2 settings"); + return; + } + if(!c->ssl) { + c_hdl->tcp_do_toggle_rw = 0; + c_hdl->use_h2 = 1; + } +#endif + c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, + UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, + comm_point_http_handle_callback, c_hdl); + } else { + c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, + UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, + comm_point_tcp_handle_callback, c_hdl); + } if(!c_hdl->ev->ev) { log_warn("could not ub_event_new, dropped tcp"); return; @@ -985,6 +1107,8 @@ reclaim_tcp_handler(struct comm_point* c) comm_point_start_listening(c->tcp_parent, -1, -1); } } + c->tcp_more_read_again = NULL; + c->tcp_more_write_again = NULL; } /** do the callback when writing is done */ @@ -992,16 +1116,28 @@ static void tcp_callback_writer(struct comm_point* c) { log_assert(c->type == comm_tcp); - sldns_buffer_clear(c->buffer); + if(!c->tcp_write_and_read) { + sldns_buffer_clear(c->buffer); + c->tcp_byte_count = 0; + } if(c->tcp_do_toggle_rw) c->tcp_is_reading = 1; - c->tcp_byte_count = 0; /* switch from listening(write) to listening(read) */ if(c->tcp_req_info) { tcp_req_info_handle_writedone(c->tcp_req_info); } else { comm_point_stop_listening(c); - comm_point_start_listening(c, -1, c->tcp_timeout_msec); + if(c->tcp_write_and_read) { + fptr_ok(fptr_whitelist_comm_point(c->callback)); + if( (*c->callback)(c, c->cb_arg, NETEVENT_PKT_WRITTEN, + &c->repinfo) ) { + comm_point_start_listening(c, -1, + adjusted_tcp_timeout(c)); + } + } else { + comm_point_start_listening(c, -1, + adjusted_tcp_timeout(c)); + } } } @@ -1021,7 +1157,8 @@ tcp_callback_reader(struct comm_point* c) comm_point_stop_listening(c); fptr_ok(fptr_whitelist_comm_point(c->callback)); if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { - comm_point_start_listening(c, -1, c->tcp_timeout_msec); + comm_point_start_listening(c, -1, + adjusted_tcp_timeout(c)); } } } @@ -1163,6 +1300,18 @@ ssl_handshake(struct comm_point* c) c->repinfo.addrlen); } + /* check if http2 use is negotiated */ + if(c->type == comm_http && c->h2_session) { + const unsigned char *alpn; + unsigned int alpnlen = 0; + SSL_get0_alpn_selected(c->ssl, &alpn, &alpnlen); + if(alpnlen == 2 && memcmp("h2", alpn, 2) == 0) { + /* connection upgraded to HTTP2 */ + c->tcp_do_toggle_rw = 0; + c->use_h2 = 1; + } + } + /* setup listen rw correctly */ if(c->tcp_is_reading) { if(c->ssl_shake_state != comm_ssl_shake_read) @@ -1292,10 +1441,28 @@ ssl_handle_write(struct comm_point* c) } /* ignore return, if fails we may simply block */ (void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE); - if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(c->buffer)); + if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) { + uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(c->buffer)); ERR_clear_error(); - if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) < + if(c->tcp_write_and_read) { + if(c->tcp_write_pkt_len + 2 < LDNS_RR_BUF_SIZE) { + /* combine the tcp length and the query for + * write, this emulates writev */ + uint8_t buf[LDNS_RR_BUF_SIZE]; + memmove(buf, &len, sizeof(uint16_t)); + memmove(buf+sizeof(uint16_t), + c->tcp_write_pkt, + c->tcp_write_pkt_len); + r = SSL_write(c->ssl, + (void*)(buf+c->tcp_write_byte_count), + c->tcp_write_pkt_len + 2 - + c->tcp_write_byte_count); + } else { + r = SSL_write(c->ssl, + (void*)(((uint8_t*)&len)+c->tcp_write_byte_count), + (int)(sizeof(uint16_t)-c->tcp_write_byte_count)); + } + } else if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) < LDNS_RR_BUF_SIZE) { /* combine the tcp length and the query for write, * this emulates writev */ @@ -1337,20 +1504,32 @@ ssl_handle_write(struct comm_point* c) log_crypto_err("could not SSL_write"); return 0; } - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(c->buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(c->buffer) == 0) { + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + if(c->tcp_write_byte_count < sizeof(uint16_t)) + return 1; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(c->buffer, c->tcp_byte_count - + sizeof(uint16_t)); + } + if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); return 1; } } - log_assert(sldns_buffer_remaining(c->buffer) > 0); + log_assert(c->tcp_write_and_read || sldns_buffer_remaining(c->buffer) > 0); + log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2); ERR_clear_error(); - r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), - (int)sldns_buffer_remaining(c->buffer)); + if(c->tcp_write_and_read) { + r = SSL_write(c->ssl, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2), + (int)(c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count)); + } else { + r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), + (int)sldns_buffer_remaining(c->buffer)); + } if(r <= 0) { int want = SSL_get_error(c->ssl, r); if(want == SSL_ERROR_ZERO_RETURN) { @@ -1375,9 +1554,13 @@ ssl_handle_write(struct comm_point* c) log_crypto_err("could not SSL_write"); return 0; } - sldns_buffer_skip(c->buffer, (ssize_t)r); + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + } else { + sldns_buffer_skip(c->buffer, (ssize_t)r); + } - if(sldns_buffer_remaining(c->buffer) == 0) { + if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); } return 1; @@ -1389,9 +1572,17 @@ ssl_handle_write(struct comm_point* c) /** handle ssl tcp connection with dns contents */ static int -ssl_handle_it(struct comm_point* c) +ssl_handle_it(struct comm_point* c, int is_write) { - if(c->tcp_is_reading) + /* handle case where renegotiation wants read during write call + * or write during read calls */ + if(is_write && c->ssl_shake_state == comm_ssl_shake_hs_write) + return ssl_handle_read(c); + else if(!is_write && c->ssl_shake_state == comm_ssl_shake_hs_read) + return ssl_handle_write(c); + /* handle read events for read operation and write events for a + * write operation */ + else if(!is_write) return ssl_handle_read(c); return ssl_handle_write(c); } @@ -1408,8 +1599,8 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) ssize_t r; log_assert(c->type == comm_tcp || c->type == comm_local); if(c->ssl) - return ssl_handle_it(c); - if(!c->tcp_is_reading) + return ssl_handle_it(c, 0); + if(!c->tcp_is_reading && !c->tcp_write_and_read) return 0; log_assert(fd != -1); @@ -1429,8 +1620,33 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif - log_err_addr("read (in tcp s)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); +#ifdef ENETUNREACH + if(errno == ENETUNREACH && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef EHOSTDOWN + if(errno == EHOSTDOWN && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef EHOSTUNREACH + if(errno == EHOSTUNREACH && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef ENETDOWN + if(errno == ENETDOWN && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef EACCES + if(errno == EACCES && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef ENOTCONN + if(errno == ENOTCONN) { + log_err_addr("read (in tcp s) failed and this could be because TCP Fast Open is enabled [--disable-tfo-client --disable-tfo-server] but does not work", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); + return 0; + } +#endif #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAECONNRESET) return 0; @@ -1441,10 +1657,9 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) UB_EV_READ); return 1; } - log_err_addr("read (in tcp s)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("read (in tcp s)", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } c->tcp_byte_count += r; @@ -1477,8 +1692,6 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err_addr("read (in tcp r)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAECONNRESET) return 0; @@ -1488,10 +1701,9 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return 1; } - log_err_addr("read (in tcp r)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("read (in tcp r)", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } sldns_buffer_skip(c->buffer, r); @@ -1518,10 +1730,10 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) #else buffer = c->buffer; #endif - if(c->tcp_is_reading && !c->ssl) + if(c->tcp_is_reading && !c->ssl && !c->tcp_write_and_read) return 0; log_assert(fd != -1); - if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) { + if(((!c->tcp_write_and_read && c->tcp_byte_count == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == 0)) && c->tcp_check_nb_connect) { /* check for pending error from nonblocking connect */ /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ int error = 0; @@ -1562,7 +1774,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } } if(c->ssl) - return ssl_handle_it(c); + return ssl_handle_it(c, 1); #ifdef USE_MSG_FASTOPEN /* Only try this on first use of a connection that uses tfo, @@ -1571,15 +1783,22 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(c->tcp_do_fastopen == 1) { /* this form of sendmsg() does both a connect() and send() so need to look for various flavours of error*/ - uint16_t len = htons(sldns_buffer_limit(buffer)); + uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer)); struct msghdr msg; struct iovec iov[2]; c->tcp_do_fastopen = 0; memset(&msg, 0, sizeof(msg)); - iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; - iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(buffer); - iov[1].iov_len = sldns_buffer_limit(buffer); + if(c->tcp_write_and_read) { + iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count; + iov[1].iov_base = c->tcp_write_pkt; + iov[1].iov_len = c->tcp_write_pkt_len; + } else { + iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; + iov[1].iov_base = sldns_buffer_begin(buffer); + iov[1].iov_len = sldns_buffer_limit(buffer); + } log_assert(iov[0].iov_len > 0); msg.msg_name = &c->repinfo.addr; msg.msg_namelen = c->repinfo.addrlen; @@ -1625,12 +1844,18 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } } else { - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(buffer) == 0) { + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + if(c->tcp_write_byte_count < sizeof(uint16_t)) + return 1; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(buffer, c->tcp_byte_count - + sizeof(uint16_t)); + } + if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); return 1; } @@ -1638,19 +1863,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } #endif /* USE_MSG_FASTOPEN */ - if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(buffer)); + if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) { + uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer)); #ifdef HAVE_WRITEV struct iovec iov[2]; - iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; - iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(buffer); - iov[1].iov_len = sldns_buffer_limit(buffer); + if(c->tcp_write_and_read) { + iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count; + iov[1].iov_base = c->tcp_write_pkt; + iov[1].iov_len = c->tcp_write_pkt_len; + } else { + iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; + iov[1].iov_base = sldns_buffer_begin(buffer); + iov[1].iov_len = sldns_buffer_limit(buffer); + } log_assert(iov[0].iov_len > 0); r = writev(fd, iov, 2); #else /* HAVE_WRITEV */ - r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count), - sizeof(uint16_t)-c->tcp_byte_count, 0); + if(c->tcp_write_and_read) { + r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_write_byte_count), + sizeof(uint16_t)-c->tcp_write_byte_count, 0); + } else { + r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count), + sizeof(uint16_t)-c->tcp_byte_count, 0); + } #endif /* HAVE_WRITEV */ if(r == -1) { #ifndef USE_WINSOCK @@ -1689,19 +1926,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) #endif return 0; } - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(buffer) == 0) { + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + if(c->tcp_write_byte_count < sizeof(uint16_t)) + return 1; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(buffer, c->tcp_byte_count - + sizeof(uint16_t)); + } + if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); return 1; } } - log_assert(sldns_buffer_remaining(buffer) > 0); - r = send(fd, (void*)sldns_buffer_current(buffer), - sldns_buffer_remaining(buffer), 0); + log_assert(c->tcp_write_and_read || sldns_buffer_remaining(buffer) > 0); + log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2); + if(c->tcp_write_and_read) { + r = send(fd, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2), + c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count, 0); + } else { + r = send(fd, (void*)sldns_buffer_current(buffer), + sldns_buffer_remaining(buffer), 0); + } if(r == -1) { #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) @@ -1710,8 +1959,6 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif - log_err_addr("tcp send r", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else if(WSAGetLastError() == WSAEINPROGRESS) return 1; @@ -1721,14 +1968,18 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ - log_err_addr("tcp send r", wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("tcp send r", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } - sldns_buffer_skip(buffer, r); + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + } else { + sldns_buffer_skip(buffer, r); + } - if(sldns_buffer_remaining(buffer) == 0) { + if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); } @@ -1758,6 +2009,54 @@ tcp_req_info_read_again(int fd, struct comm_point* c) } } +/** read again to drain buffers when there could be more to read */ +static void +tcp_more_read_again(int fd, struct comm_point* c) +{ + /* if the packet is done, but another one could be waiting on + * the connection, the callback signals this, and we try again */ + /* this continues until the read routines get EAGAIN or so, + * and thus does not call the callback, and the bool is 0 */ + int* moreread = c->tcp_more_read_again; + while(moreread && *moreread) { + *moreread = 0; + if(!comm_point_tcp_handle_read(fd, c, 0)) { + reclaim_tcp_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point( + c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_CLOSED, NULL); + } + return; + } + } +} + +/** write again to fill up when there could be more to write */ +static void +tcp_more_write_again(int fd, struct comm_point* c) +{ + /* if the packet is done, but another is waiting to be written, + * the callback signals it and we try again. */ + /* this continues until the write routines get EAGAIN or so, + * and thus does not call the callback, and the bool is 0 */ + int* morewrite = c->tcp_more_write_again; + while(morewrite && *morewrite) { + *morewrite = 0; + if(!comm_point_tcp_handle_write(fd, c)) { + reclaim_tcp_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point( + c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_CLOSED, NULL); + } + return; + } + } +} + void comm_point_tcp_handle_callback(int fd, short event, void* arg) { @@ -1778,7 +2077,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } return; @@ -1796,34 +2095,46 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) } return; } - if(event&UB_EV_READ) { + if(event&UB_EV_READ +#ifdef USE_MSG_FASTOPEN + && !(c->tcp_do_fastopen && (event&UB_EV_WRITE)) +#endif + ) { int has_tcpq = (c->tcp_req_info != NULL); + int* moreread = c->tcp_more_read_again; if(!comm_point_tcp_handle_read(fd, c, 0)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } + return; } if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) tcp_req_info_read_again(fd, c); + if(moreread && *moreread) + tcp_more_read_again(fd, c); return; } if(event&UB_EV_WRITE) { int has_tcpq = (c->tcp_req_info != NULL); + int* morewrite = c->tcp_more_write_again; if(!comm_point_tcp_handle_write(fd, c)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } + return; } if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) tcp_req_info_read_again(fd, c); + if(morewrite && *morewrite) + tcp_more_write_again(fd, c); return; } log_err("Ignored event %d for tcphdl.", event); @@ -1908,8 +2219,6 @@ http_read_more(int fd, struct comm_point* c) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err_addr("read (in http r)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAECONNRESET) return 0; @@ -1919,10 +2228,9 @@ http_read_more(int fd, struct comm_point* c) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return 1; } - log_err_addr("read (in http r)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("read (in http r)", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } sldns_buffer_skip(c->buffer, r); @@ -2105,7 +2413,7 @@ http_nonchunk_segment(struct comm_point* c) return 1; } -/** handle nonchunked data segment, return 0=fail, 1=wait, 2=process more */ +/** handle chunked data segment, return 0=fail, 1=wait, 2=process more */ static int http_chunked_segment(struct comm_point* c) { @@ -2115,6 +2423,7 @@ http_chunked_segment(struct comm_point* c) */ size_t remainbufferlen; size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; + verbose(VERB_ALGO, "http_chunked_segment: got now %d, tcpbytcount %d, http_stored %d, buffer pos %d, buffer limit %d", (int)got_now, (int)c->tcp_byte_count, (int)c->http_stored, (int)sldns_buffer_position(c->buffer), (int)sldns_buffer_limit(c->buffer)); if(c->tcp_byte_count <= got_now) { /* the chunk has completed (with perhaps some extra data * from next chunk header and next chunk) */ @@ -2180,11 +2489,239 @@ http_chunked_segment(struct comm_point* c) return 1; } +#ifdef HAVE_NGHTTP2 +/** Create new http2 session. Called when creating handling comm point. */ +static struct http2_session* http2_session_create(struct comm_point* c) +{ + struct http2_session* session = calloc(1, sizeof(*session)); + if(!session) { + log_err("malloc failure while creating http2 session"); + return NULL; + } + session->c = c; + + return session; +} +#endif + +/** Delete http2 session. After closing connection or on error */ +static void http2_session_delete(struct http2_session* h2_session) +{ +#ifdef HAVE_NGHTTP2 + if(h2_session->callbacks) + nghttp2_session_callbacks_del(h2_session->callbacks); + free(h2_session); +#else + (void)h2_session; +#endif +} + +#ifdef HAVE_NGHTTP2 +struct http2_stream* http2_stream_create(int32_t stream_id) +{ + struct http2_stream* h2_stream = calloc(1, sizeof(*h2_stream)); + if(!h2_stream) { + log_err("malloc failure while creating http2 stream"); + return NULL; + } + h2_stream->stream_id = stream_id; + return h2_stream; +} + +/** Delete http2 stream. After session delete or stream close callback */ +static void http2_stream_delete(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + if(h2_stream->mesh_state) { + mesh_state_remove_reply(h2_stream->mesh, h2_stream->mesh_state, + h2_session->c); + h2_stream->mesh_state = NULL; + } + http2_req_stream_clear(h2_stream); + free(h2_stream); +} +#endif + +void http2_stream_add_meshstate(struct http2_stream* h2_stream, + struct mesh_area* mesh, struct mesh_state* m) +{ + h2_stream->mesh = mesh; + h2_stream->mesh_state = m; +} + +/** delete http2 session server. After closing connection. */ +static void http2_session_server_delete(struct http2_session* h2_session) +{ +#ifdef HAVE_NGHTTP2 + struct http2_stream* h2_stream, *next; + nghttp2_session_del(h2_session->session); /* NULL input is fine */ + h2_session->session = NULL; + for(h2_stream = h2_session->first_stream; h2_stream;) { + next = h2_stream->next; + http2_stream_delete(h2_session, h2_stream); + h2_stream = next; + } + h2_session->first_stream = NULL; + h2_session->is_drop = 0; + h2_session->postpone_drop = 0; + h2_session->c->h2_stream = NULL; +#endif + (void)h2_session; +} + +#ifdef HAVE_NGHTTP2 +void http2_session_add_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + if(h2_session->first_stream) + h2_session->first_stream->prev = h2_stream; + h2_stream->next = h2_session->first_stream; + h2_session->first_stream = h2_stream; +} + +/** remove stream from session linked list. After stream close callback or + * closing connection */ +static void http2_session_remove_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + if(h2_stream->prev) + h2_stream->prev->next = h2_stream->next; + else + h2_session->first_stream = h2_stream->next; + if(h2_stream->next) + h2_stream->next->prev = h2_stream->prev; + +} + +int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session), + int32_t stream_id, uint32_t ATTR_UNUSED(error_code), void* cb_arg) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + http2_session_remove_stream(h2_session, h2_stream); + http2_stream_delete(h2_session, h2_stream); + return 0; +} + +ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf, + size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + ssize_t ret; + + log_assert(h2_session->c->type == comm_http); + log_assert(h2_session->c->h2_session); + +#ifdef HAVE_SSL + if(h2_session->c->ssl) { + int r; + ERR_clear_error(); + r = SSL_read(h2_session->c->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->c->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_EOF; + } else if(want == SSL_ERROR_WANT_READ) { + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_WANT_WRITE) { + h2_session->c->ssl_shake_state = comm_ssl_shake_hs_write; + comm_point_listen_for_rw(h2_session->c, 0, 1); + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + if(errno != 0) + log_err("SSL_read syscall: %s", + strerror(errno)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + log_crypto_err("could not SSL_read"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return r; + } +#endif /* HAVE_SSL */ + + ret = recv(h2_session->c->fd, buf, len, 0); + if(ret == 0) { + return NGHTTP2_ERR_EOF; + } else if(ret < 0) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return NGHTTP2_ERR_WOULDBLOCK; +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + log_err_addr("could not http2 recv: %s", strerror(errno), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAECONNRESET) + return NGHTTP2_ERR_CALLBACK_FAILURE; + if(WSAGetLastError() == WSAEINPROGRESS) + return NGHTTP2_ERR_WOULDBLOCK; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(h2_session->c->ev->ev, + UB_EV_READ); + return NGHTTP2_ERR_WOULDBLOCK; + } + log_err_addr("could not http2 recv: %s", + wsa_strerror(WSAGetLastError()), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#endif + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return ret; +} +#endif /* HAVE_NGHTTP2 */ + +/** Handle http2 read */ +static int +comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c) +{ +#ifdef HAVE_NGHTTP2 + int ret; + log_assert(c->h2_session); + + /* reading until recv cb returns NGHTTP2_ERR_WOULDBLOCK */ + ret = nghttp2_session_recv(c->h2_session->session); + if(ret) { + if(ret != NGHTTP2_ERR_EOF && + ret != NGHTTP2_ERR_CALLBACK_FAILURE) { + char a[256]; + addr_to_str(&c->repinfo.addr, c->repinfo.addrlen, + a, sizeof(a)); + verbose(VERB_QUERY, "http2: session_recv from %s failed, " + "error: %s", a, nghttp2_strerror(ret)); + } + return 0; + } + if(nghttp2_session_want_write(c->h2_session->session)) { + c->tcp_is_reading = 0; + comm_point_stop_listening(c); + comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); + } else if(!nghttp2_session_want_read(c->h2_session->session)) + return 0; /* connection can be closed */ + return 1; +#else + (void)c; + return 0; +#endif +} + /** - * Handle http reading callback. + * Handle http reading callback. * @param fd: file descriptor of socket. * @param c: comm point to read from into buffer. - * @return: 0 on error + * @return: 0 on error */ static int comm_point_http_handle_read(int fd, struct comm_point* c) @@ -2204,6 +2741,18 @@ comm_point_http_handle_read(int fd, struct comm_point* c) if(!c->tcp_is_reading) return 1; + + if(c->use_h2) { + return comm_point_http2_handle_read(fd, c); + } + + /* http version is <= http/1.1 */ + + if(c->http_min_version >= http_version_2) { + /* HTTP/2 failed, not allowed to use lower version. */ + return 0; + } + /* read more data */ if(c->ssl) { if(!ssl_http_read_more(c)) @@ -2214,7 +2763,14 @@ comm_point_http_handle_read(int fd, struct comm_point* c) } sldns_buffer_flip(c->buffer); + /* if we are partway in a segment of data, position us at the point + * where we left off previously */ + if(c->http_stored < sldns_buffer_limit(c->buffer)) + sldns_buffer_set_position(c->buffer, c->http_stored); + else sldns_buffer_set_position(c->buffer, sldns_buffer_limit(c->buffer)); + while(sldns_buffer_remaining(c->buffer) > 0) { + /* Handle HTTP/1.x data */ /* if we are reading headers, read more headers */ if(c->http_in_headers || c->http_in_chunk_headers) { /* if header is done, process the header */ @@ -2358,8 +2914,6 @@ http_write_more(int fd, struct comm_point* c) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err_addr("http send r", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else if(WSAGetLastError() == WSAEINPROGRESS) return 1; @@ -2367,15 +2921,125 @@ http_write_more(int fd, struct comm_point* c) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); return 1; } - log_err_addr("http send r", wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("http send r", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } sldns_buffer_skip(c->buffer, r); return 1; } +#ifdef HAVE_NGHTTP2 +ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), const uint8_t* buf, + size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + ssize_t ret; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + log_assert(h2_session->c->type == comm_http); + log_assert(h2_session->c->h2_session); + +#ifdef HAVE_SSL + if(h2_session->c->ssl) { + int r; + ERR_clear_error(); + r = SSL_write(h2_session->c->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->c->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } else if(want == SSL_ERROR_WANT_READ) { + h2_session->c->ssl_shake_state = comm_ssl_shake_hs_read; + comm_point_listen_for_rw(h2_session->c, 1, 0); + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_WANT_WRITE) { + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + if(errno != 0) + log_err("SSL_write syscall: %s", + strerror(errno)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + log_crypto_err("could not SSL_write"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return r; + } +#endif /* HAVE_SSL */ + + ret = send(h2_session->c->fd, buf, len, 0); + if(ret == 0) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } else if(ret < 0) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return NGHTTP2_ERR_WOULDBLOCK; +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + log_err_addr("could not http2 write: %s", strerror(errno), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAENOTCONN) + return NGHTTP2_ERR_WOULDBLOCK; + if(WSAGetLastError() == WSAEINPROGRESS) + return NGHTTP2_ERR_WOULDBLOCK; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(h2_session->c->ev->ev, + UB_EV_WRITE); + return NGHTTP2_ERR_WOULDBLOCK; + } + if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; + log_err_addr("could not http2 write: %s", + wsa_strerror(WSAGetLastError()), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#endif + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return ret; +} +#endif /* HAVE_NGHTTP2 */ + +/** Handle http2 writing */ +static int +comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c) +{ +#ifdef HAVE_NGHTTP2 + int ret; + log_assert(c->h2_session); + + ret = nghttp2_session_send(c->h2_session->session); + if(ret) { + verbose(VERB_QUERY, "http2: session_send failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + + if(nghttp2_session_want_read(c->h2_session->session)) { + c->tcp_is_reading = 1; + comm_point_stop_listening(c); + comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); + } else if(!nghttp2_session_want_write(c->h2_session->session)) + return 0; /* connection can be closed */ + return 1; +#else + (void)c; + return 0; +#endif +} + /** * Handle http writing callback. * @param fd: file descriptor of socket. @@ -2407,6 +3071,18 @@ comm_point_http_handle_write(int fd, struct comm_point* c) #endif /* HAVE_SSL */ if(c->tcp_is_reading) return 1; + + if(c->use_h2) { + return comm_point_http2_handle_write(fd, c); + } + + /* http version is <= http/1.1 */ + + if(c->http_min_version >= http_version_2) { + /* HTTP/2 failed, not allowed to use lower version. */ + return 0; + } + /* if we are writing, write more */ if(c->ssl) { if(!ssl_http_write_more(c)) @@ -2454,7 +3130,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } } @@ -2466,7 +3142,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } } @@ -2561,6 +3237,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, comm_point_delete(c); return NULL; } + c->event_added = 1; return c; } @@ -2620,6 +3297,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, comm_point_delete(c); return NULL; } + c->event_added = 1; return c; } @@ -2718,11 +3396,129 @@ comm_point_create_tcp_handler(struct comm_base *base, return c; } +static struct comm_point* +comm_point_create_http_handler(struct comm_base *base, + struct comm_point* parent, size_t bufsize, int harden_large_queries, + uint32_t http_max_streams, char* http_endpoint, + comm_point_callback_type* callback, void* callback_arg) +{ + struct comm_point* c = (struct comm_point*)calloc(1, + sizeof(struct comm_point)); + short evbits; + if(!c) + return NULL; + c->ev = (struct internal_event*)calloc(1, + sizeof(struct internal_event)); + if(!c->ev) { + free(c); + return NULL; + } + c->ev->base = base; + c->fd = -1; + c->buffer = sldns_buffer_new(bufsize); + if(!c->buffer) { + free(c->ev); + free(c); + return NULL; + } + c->timeout = (struct timeval*)malloc(sizeof(struct timeval)); + if(!c->timeout) { + sldns_buffer_free(c->buffer); + free(c->ev); + free(c); + return NULL; + } + c->tcp_is_reading = 0; + c->tcp_byte_count = 0; + c->tcp_parent = parent; + c->tcp_timeout_msec = parent->tcp_timeout_msec; + c->tcp_conn_limit = parent->tcp_conn_limit; + c->tcl_addr = NULL; + c->tcp_keepalive = 0; + c->max_tcp_count = 0; + c->cur_tcp_count = 0; + c->tcp_handlers = NULL; + c->tcp_free = NULL; + c->type = comm_http; + c->tcp_do_close = 1; + c->do_not_close = 0; + c->tcp_do_toggle_rw = 1; /* will be set to 0 after http2 upgrade */ + c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = NULL; +#endif + c->repinfo.c = c; + c->callback = callback; + c->cb_arg = callback_arg; + + c->http_min_version = http_version_2; + c->http2_stream_max_qbuffer_size = bufsize; + if(harden_large_queries && bufsize > 512) + c->http2_stream_max_qbuffer_size = 512; + c->http2_max_streams = http_max_streams; + if(!(c->http_endpoint = strdup(http_endpoint))) { + log_err("could not strdup http_endpoint"); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } + c->use_h2 = 0; +#ifdef HAVE_NGHTTP2 + if(!(c->h2_session = http2_session_create(c))) { + log_err("could not create http2 session"); + free(c->http_endpoint); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } + if(!(c->h2_session->callbacks = http2_req_callbacks_create())) { + log_err("could not create http2 callbacks"); + http2_session_delete(c->h2_session); + free(c->http_endpoint); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } +#endif + + /* add to parent free list */ + c->tcp_free = parent->tcp_free; + parent->tcp_free = c; + /* ub_event stuff */ + evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_http_handle_callback, c); + if(c->ev->ev == NULL) + { + log_err("could not set http handler event"); + parent->tcp_free = c->tcp_free; + http2_session_delete(c->h2_session); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } + return c; +} + struct comm_point* comm_point_create_tcp(struct comm_base *base, int fd, int num, - int idle_timeout, struct tcl_list* tcp_conn_limit, size_t bufsize, - struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, - void* callback_arg) + int idle_timeout, int harden_large_queries, + uint32_t http_max_streams, char* http_endpoint, + struct tcl_list* tcp_conn_limit, size_t bufsize, + struct sldns_buffer* spoolbuf, enum listen_type port_type, + comm_point_callback_type* callback, void* callback_arg) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -2786,10 +3582,25 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, comm_point_delete(c); return NULL; } - /* now prealloc the tcp handlers */ + c->event_added = 1; + /* now prealloc the handlers */ for(i=0; itcp_handlers[i] = comm_point_create_tcp_handler(base, - c, bufsize, spoolbuf, callback, callback_arg); + if(port_type == listen_type_tcp || + port_type == listen_type_ssl || + port_type == listen_type_tcp_dnscrypt) { + c->tcp_handlers[i] = comm_point_create_tcp_handler(base, + c, bufsize, spoolbuf, callback, callback_arg); + } else if(port_type == listen_type_http) { + c->tcp_handlers[i] = comm_point_create_http_handler( + base, c, bufsize, harden_large_queries, + http_max_streams, http_endpoint, + callback, callback_arg); + } + else { + log_err("could not create tcp handler, unknown listen " + "type"); + return NULL; + } if(!c->tcp_handlers[i]) { comm_point_delete(c); return NULL; @@ -2995,6 +3806,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, free(c); return NULL; } + c->event_added = 1; return c; } @@ -3057,6 +3869,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing, free(c); return NULL; } + c->event_added = 1; return c; } @@ -3066,13 +3879,20 @@ comm_point_close(struct comm_point* c) if(!c) return; if(c->fd != -1) { - if(ub_event_del(c->ev->ev) != 0) { - log_err("could not event_del on close"); + verbose(5, "comm_point_close of %d: event_del", c->fd); + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("could not event_del on close"); + } + c->event_added = 0; } } tcl_close_connection(c->tcl_addr); if(c->tcp_req_info) tcp_req_info_clear(c->tcp_req_info); + if(c->h2_session) + http2_session_server_delete(c->h2_session); + /* close fd after removing from event lists, or epoll.. is messed up */ if(c->fd != -1 && !c->do_not_close) { if(c->type == comm_tcp || c->type == comm_http) { @@ -3081,11 +3901,7 @@ comm_point_close(struct comm_point* c) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); } verbose(VERB_ALGO, "close fd %d", c->fd); -#ifndef USE_WINSOCK - close(c->fd); -#else - closesocket(c->fd); -#endif + sock_close(c->fd); } c->fd = -1; } @@ -3101,6 +3917,10 @@ comm_point_delete(struct comm_point* c) SSL_free(c->ssl); #endif } + if(c->type == comm_http && c->http_endpoint) { + free(c->http_endpoint); + c->http_endpoint = NULL; + } comm_point_close(c); if(c->tcp_handlers) { int i; @@ -3119,6 +3939,9 @@ comm_point_delete(struct comm_point* c) if(c->tcp_req_info) { tcp_req_info_delete(c->tcp_req_info); } + if(c->h2_session) { + http2_session_delete(c->h2_session); + } } ub_event_free(c->ev->ev); free(c->ev); @@ -3145,7 +3968,7 @@ comm_point_send_reply(struct comm_reply *repinfo) repinfo->addrlen, repinfo); else comm_point_send_udp_msg(repinfo->c, buffer, - (struct sockaddr*)&repinfo->addr, repinfo->addrlen); + (struct sockaddr*)&repinfo->addr, repinfo->addrlen, 0); #ifdef USE_DNSTAP if(repinfo->c->dtenv != NULL && repinfo->c->dtenv->log_client_response_messages) @@ -3164,9 +3987,20 @@ comm_point_send_reply(struct comm_reply *repinfo) #endif if(repinfo->c->tcp_req_info) { tcp_req_info_send_reply(repinfo->c->tcp_req_info); + } else if(repinfo->c->use_h2) { + if(!http2_submit_dns_response(repinfo->c->h2_session)) { + comm_point_drop_reply(repinfo); + return; + } + repinfo->c->h2_stream = NULL; + repinfo->c->tcp_is_reading = 0; + comm_point_stop_listening(repinfo->c); + comm_point_start_listening(repinfo->c, -1, + adjusted_tcp_timeout(repinfo->c)); + return; } else { comm_point_start_listening(repinfo->c, -1, - repinfo->c->tcp_timeout_msec); + adjusted_tcp_timeout(repinfo->c)); } } } @@ -3182,6 +4016,16 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; if(repinfo->c->tcp_req_info) repinfo->c->tcp_req_info->is_drop = 1; + if(repinfo->c->type == comm_http) { + if(repinfo->c->h2_session) { + repinfo->c->h2_session->is_drop = 1; + if(!repinfo->c->h2_session->postpone_drop) + reclaim_http_handler(repinfo->c); + return; + } + reclaim_http_handler(repinfo->c); + return; + } reclaim_tcp_handler(repinfo->c); } @@ -3189,8 +4033,11 @@ void comm_point_stop_listening(struct comm_point* c) { verbose(VERB_ALGO, "comm point stop listening %d", c->fd); - if(ub_event_del(c->ev->ev) != 0) { - log_err("event_del error to stoplisten"); + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("event_del error to stoplisten"); + } + c->event_added = 0; } } @@ -3203,6 +4050,12 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) /* no use to start listening no free slots. */ return; } + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("event_del error to startlisten"); + } + c->event_added = 0; + } if(msec != -1 && msec != 0) { if(!c->timeout) { c->timeout = (struct timeval*)malloc(sizeof( @@ -3220,17 +4073,21 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) } if(c->type == comm_tcp || c->type == comm_http) { ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); - if(c->tcp_is_reading) + if(c->tcp_write_and_read) { + verbose(5, "startlistening %d mode rw", (newfd==-1?c->fd:newfd)); + ub_event_add_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); + } else if(c->tcp_is_reading) { + verbose(5, "startlistening %d mode r", (newfd==-1?c->fd:newfd)); ub_event_add_bits(c->ev->ev, UB_EV_READ); - else ub_event_add_bits(c->ev->ev, UB_EV_WRITE); + } else { + verbose(5, "startlistening %d mode w", (newfd==-1?c->fd:newfd)); + ub_event_add_bits(c->ev->ev, UB_EV_WRITE); + } } if(newfd != -1) { - if(c->fd != -1) { -#ifndef USE_WINSOCK - close(c->fd); -#else - closesocket(c->fd); -#endif + if(c->fd != -1 && c->fd != newfd) { + verbose(5, "cpsl close of fd %d for %d", c->fd, newfd); + sock_close(c->fd); } c->fd = newfd; ub_event_set_fd(c->ev->ev, c->fd); @@ -3238,13 +4095,17 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) { log_err("event_add failed. in cpsl."); } + c->event_added = 1; } void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) { verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr); - if(ub_event_del(c->ev->ev) != 0) { - log_err("event_del error to cplf"); + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("event_del error to cplf"); + } + c->event_added = 0; } ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ); @@ -3252,6 +4113,7 @@ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) if(ub_event_add(c->ev->ev, c->timeout) != 0) { log_err("event_add failed. in cplf."); } + c->event_added = 1; } size_t comm_point_get_mem(struct comm_point* c) diff --git a/util/netevent.h b/util/netevent.h index bb2cd1e53..4a2aa1677 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -61,6 +61,9 @@ #define NET_EVENT_H #include "dnscrypt/dnscrypt.h" +#ifdef HAVE_NGHTTP2_NGHTTP2_H +#include +#endif struct sldns_buffer; struct comm_point; @@ -68,11 +71,16 @@ struct comm_reply; struct tcl_list; struct ub_event_base; +struct mesh_state; +struct mesh_area; + /* internal event notification data storage structure. */ struct internal_event; struct internal_base; struct internal_timer; /* A sub struct of the comm_timer super struct */ +enum listen_type; + /** callback from communication point function type */ typedef int comm_point_callback_type(struct comm_point*, void*, int, struct comm_reply*); @@ -87,6 +95,9 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int, #define NETEVENT_CAPSFAIL -3 /** to pass done transfer to callback function; http file is complete */ #define NETEVENT_DONE -4 +/** to pass write of the write packet is done to callback function + * used when tcp_write_and_read is enabled */ +#define NETEVENT_PKT_WRITTEN -5 /** timeout to slow accept calls when not possible, in msec. */ #define NETEVENT_SLOW_ACCEPT_TIME 2000 @@ -155,6 +166,8 @@ struct comm_reply { struct comm_point { /** behind the scenes structure, with say libevent info. alloced. */ struct internal_event* ev; + /** if the event is added or not */ + int event_added; /** file descriptor for communication point */ int fd; @@ -205,6 +218,15 @@ struct comm_point { } ssl_shake_state; /* -------- HTTP ------- */ + /** Do not allow connection to use HTTP version lower than this. 0=no + * minimum. */ + enum { + http_version_none = 0, + http_version_2 = 2 + } http_min_version; + /** http endpoint */ + char* http_endpoint; + /* -------- HTTP/1.1 ------- */ /** Currently reading in http headers */ int http_in_headers; /** Currently reading in chunk headers, 0=not, 1=firstline, 2=unused @@ -216,6 +238,18 @@ struct comm_point { struct sldns_buffer* http_temp; /** http stored content in buffer */ size_t http_stored; + /* -------- HTTP/2 ------- */ + /** http2 session */ + struct http2_session* h2_session; + /** set to 1 if h2 is negotiated to be used (using alpn) */ + int use_h2; + /** stream currently being handled */ + struct http2_stream* h2_stream; + /** maximum allowed query buffer size, per stream */ + size_t http2_stream_max_qbuffer_size; + /** maximum number of HTTP/2 streams per connection. Send in HTTP/2 + * SETTINGS frame. */ + uint32_t http2_max_streams; /* -------- dnstap ------- */ /** the dnstap environment */ @@ -247,6 +281,44 @@ struct comm_point { and after read/write completes. No callback is done. */ int tcp_do_close; + /** flag that indicates the stream is both written and read from. */ + int tcp_write_and_read; + + /** byte count for written length over write channel, for when + * tcp_write_and_read is enabled. When tcp_write_and_read is enabled, + * this is the counter for writing, the one for reading is in the + * commpoint.buffer sldns buffer. The counter counts from 0 to + * 2+tcp_write_pkt_len, and includes the tcp length bytes. */ + size_t tcp_write_byte_count; + + /** packet to write currently over the write channel. for when + * tcp_write_and_read is enabled. When tcp_write_and_read is enabled, + * this is the buffer for the written packet, the commpoint.buffer + * sldns buffer is the buffer for the received packet. */ + uint8_t* tcp_write_pkt; + /** length of tcp_write_pkt in bytes */ + size_t tcp_write_pkt_len; + + /** if set try to read another packet again (over connection with + * multiple packets), once set, tries once, then zero again, + * so set it in the packet complete section. + * The pointer itself has to be set before the callback is invoked, + * when you set things up, and continue to exist also after the + * commpoint is closed and deleted in your callback. So that after + * the callback cleans up netevent can see what it has to do. + * Or leave NULL if it is not used at all. */ + int* tcp_more_read_again; + + /** if set try to write another packet (over connection with + * multiple packets), once set, tries once, then zero again, + * so set it in the packet complete section. + * The pointer itself has to be set before the callback is invoked, + * when you set things up, and continue to exist also after the + * commpoint is closed and deleted in your callback. So that after + * the callback cleans up netevent can see what it has to do. + * Or leave NULL if it is not used at all. */ + int* tcp_more_write_again; + /** if set, read/write completes: read/write state of tcp is toggled. buffer reset/bytecount reset. @@ -456,10 +528,15 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, * @param num: becomes max_tcp_count, the routine allocates that * many tcp handler commpoints. * @param idle_timeout: TCP idle timeout in ms. + * @param harden_large_queries: whether query size should be limited. + * @param http_max_streams: maximum number of HTTP/2 streams per connection. + * @param http_endpoint: HTTP endpoint to service queries on * @param tcp_conn_limit: TCP connection limit info. * @param bufsize: size of buffer to create for handlers. * @param spoolbuf: shared spool buffer for tcp_req_info structures. * or NULL to not create those structures in the tcp handlers. + * @param port_type: the type of port we are creating a TCP listener for. Used + * to select handler type to use. * @param callback: callback function pointer for TCP handlers. * @param callback_arg: will be passed to your callback function. * @return: returns the TCP listener commpoint. You can find the @@ -468,8 +545,11 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, * Inits timeout to NULL. All handlers are on the free list. */ struct comm_point* comm_point_create_tcp(struct comm_base* base, - int fd, int num, int idle_timeout, struct tcl_list* tcp_conn_limit, + int fd, int num, int idle_timeout, int harden_large_queries, + uint32_t http_max_streams, char* http_endpoint, + struct tcl_list* tcp_conn_limit, size_t bufsize, struct sldns_buffer* spoolbuf, + enum listen_type port_type, comm_point_callback_type* callback, void* callback_arg); /** @@ -552,12 +632,14 @@ void comm_point_drop_reply(struct comm_reply* repinfo); * Send an udp message over a commpoint. * @param c: commpoint to send it from. * @param packet: what to send. - * @param addr: where to send it to. + * @param addr: where to send it to. If NULL, send is performed, + * for connected sockets, to the connected address. * @param addrlen: length of addr. + * @param is_connected: if the UDP socket is connect()ed. * @return: false on a failure. */ int comm_point_send_udp_msg(struct comm_point* c, struct sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen); + struct sockaddr* addr, socklen_t addrlen,int is_connected); /** * Stop listening for input on the commpoint. No callbacks will happen. @@ -582,6 +664,16 @@ void comm_point_start_listening(struct comm_point* c, int newfd, int msec); */ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr); +/** + * For TCP handlers that use c->tcp_timeout_msec, this routine adjusts + * it with the minimum. Otherwise, a 0 value advertised without the + * minimum applied moves to a 0 in comm_point_start_listening and that + * routine treats it as no timeout, listen forever, which is not wanted. + * @param c: comm point to use the tcp_timeout_msec of. + * @return adjusted tcp_timeout_msec value with the minimum if smaller. + */ +int adjusted_tcp_timeout(struct comm_point* c); + /** * Get size of memory used by comm point. * For TCP handlers this includes subhandlers. @@ -723,6 +815,110 @@ void comm_point_tcp_handle_callback(int fd, short event, void* arg); */ void comm_point_http_handle_callback(int fd, short event, void* arg); +/** + * HTTP2 session. HTTP2 related info per comm point. + */ +struct http2_session { + /** first item in list of streams */ + struct http2_stream* first_stream; +#ifdef HAVE_NGHTTP2 + /** nghttp2 session */ + nghttp2_session *session; + /** store nghttp2 callbacks for easy reuse */ + nghttp2_session_callbacks* callbacks; +#endif + /** comm point containing buffer used to build answer in worker or + * module */ + struct comm_point* c; + /** session is instructed to get dropped (comm port will be closed) */ + int is_drop; + /** postpone dropping the session, can be used to prevent dropping + * while being in a callback */ + int postpone_drop; +}; + +/** enum of HTTP status */ +enum http_status { + HTTP_STATUS_OK = 200, + HTTP_STATUS_BAD_REQUEST = 400, + HTTP_STATUS_NOT_FOUND = 404, + HTTP_STATUS_PAYLOAD_TOO_LARGE = 413, + HTTP_STATUS_URI_TOO_LONG = 414, + HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE = 415, + HTTP_STATUS_NOT_IMPLEMENTED = 501 +}; + +/** + * HTTP stream. Part of list of HTTP2 streams per session. + */ +struct http2_stream { + /** next stream in list per session */ + struct http2_stream* next; + /** previous stream in list per session */ + struct http2_stream* prev; + /** HTTP2 stream ID is an unsigned 31-bit integer */ + int32_t stream_id; + /** HTTP method used for this stream */ + enum { + HTTP_METHOD_POST = 1, + HTTP_METHOD_GET, + HTTP_METHOD_UNSUPPORTED + } http_method; + /** message contains invalid content type */ + int invalid_content_type; + /** message body content type */ + size_t content_length; + /** HTTP response status */ + enum http_status status; + /** request for non existing endpoint */ + int invalid_endpoint; + /** query in request is too large */ + int query_too_large; + /** buffer to store query into. Can't use session shared buffer as query + * can arrive in parts, intertwined with frames for other queries. */ + struct sldns_buffer* qbuffer; + /** buffer to store response into. Can't use shared buffer as a next + * query read callback can overwrite it before it is send out. */ + struct sldns_buffer* rbuffer; + /** mesh area containing mesh state */ + struct mesh_area* mesh; + /** mesh state for query. Used to remove mesh reply before closing + * stream. */ + struct mesh_state* mesh_state; +}; + +#ifdef HAVE_NGHTTP2 +/** nghttp2 receive cb. Read from SSL connection into nghttp2 buffer */ +ssize_t http2_recv_cb(nghttp2_session* session, uint8_t* buf, + size_t len, int flags, void* cb_arg); +/** nghttp2 send callback. Send from nghttp2 buffer to ssl socket */ +ssize_t http2_send_cb(nghttp2_session* session, const uint8_t* buf, + size_t len, int flags, void* cb_arg); +/** nghttp2 callback on closing stream */ +int http2_stream_close_cb(nghttp2_session* session, int32_t stream_id, + uint32_t error_code, void* cb_arg); +#endif + +/** + * Create new http2 stream + * @param stream_id: ID for stream to create. + * @return malloc'ed stream, NULL on error + */ +struct http2_stream* http2_stream_create(int32_t stream_id); + +/** + * Add new stream to session linked list + * @param h2_session: http2 session to add stream to + * @param h2_stream: stream to add to session list + */ +void http2_session_add_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream); + +/** Add mesh state to stream. To be able to remove mesh reply on stream closure + */ +void http2_stream_add_meshstate(struct http2_stream* h2_stream, + struct mesh_area* mesh, struct mesh_state* m); + /** * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. diff --git a/util/regional.c b/util/regional.c index ff36d0e21..bd67ecf50 100644 --- a/util/regional.c +++ b/util/regional.c @@ -80,18 +80,39 @@ regional_init(struct regional* r) r->total_large = 0; } -struct regional* -regional_create_custom(size_t size) +/** + * Create a new region, with custom first block and large-object sizes. + * @param size: length of first block. + * @param large_object_size: outside of chunk allocation threshold. + * @return: newly allocated regional. + */ +static struct regional* +regional_create_custom_large_object(size_t size, size_t large_object_size) { - struct regional* r = (struct regional*)malloc(size); + struct regional* r; size = ALIGN_UP(size, ALIGNMENT); + r = (struct regional*)malloc(size); log_assert(sizeof(struct regional) <= size); if(!r) return NULL; r->first_size = size; + r->large_object_size = large_object_size; regional_init(r); return r; } +struct regional* +regional_create_custom(size_t size) +{ + return regional_create_custom_large_object(size, + REGIONAL_LARGE_OBJECT_SIZE); +} + +struct regional* +regional_create_nochunk(size_t size) +{ + return regional_create_custom_large_object(size, 0); +} + void regional_free_all(struct regional *r) { @@ -134,7 +155,7 @@ regional_alloc(struct regional *r, size_t size) malloc and ALIGN_UP */ a = ALIGN_UP(size, ALIGNMENT); /* large objects */ - if(a > REGIONAL_LARGE_OBJECT_SIZE) { + if(a > r->large_object_size) { s = malloc(ALIGNMENT + size); if(!s) return NULL; r->total_large += ALIGNMENT+size; @@ -219,7 +240,7 @@ regional_log_stats(struct regional *r) /* some basic assertions put here (non time critical code) */ log_assert(ALIGNMENT >= sizeof(char*)); log_assert(REGIONAL_CHUNK_SIZE > ALIGNMENT); - log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > REGIONAL_LARGE_OBJECT_SIZE); + log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > r->large_object_size); log_assert(REGIONAL_CHUNK_SIZE >= sizeof(struct regional)); /* debug print */ log_info("regional %u chunks, %u large", diff --git a/util/regional.h b/util/regional.h index e8b2cb8d0..b439897d5 100644 --- a/util/regional.h +++ b/util/regional.h @@ -74,6 +74,11 @@ struct regional size_t available; /** current chunk data position. */ char* data; + /** threshold for outside of chunk allocations */ + size_t large_object_size; + /** padding for sizeof8 alignment of sizeof(struct regional) + * for 32bit systems */ + size_t padding; }; /** @@ -88,6 +93,14 @@ struct regional* regional_create(void); * @return: newly allocated regional. */ struct regional* regional_create_custom(size_t size); + +/** + * Create a new region, with custom settings, that will allocate everything + * outside the region chunk. + * @param size: length of first block. + * @return: newly allocated regional. + */ +struct regional* regional_create_nochunk(size_t size); /** * Free all memory associated with regional. Only keeps the first block with diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index 46a71510f..af8c5bcf3 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -284,6 +284,10 @@ void shm_main_run(struct worker *worker) #ifdef USE_IPSECMOD shm_stat->mem.ipsecmod = (long long)mod_get_mem(&worker->env, "ipsecmod"); +#endif +#ifdef WITH_DYNLIBMODULE + shm_stat->mem.dynlib = (long long)mod_get_mem(&worker->env, + "dynlib"); #endif } diff --git a/util/storage/lruhash.c b/util/storage/lruhash.c index 0003ff491..3500a4ef0 100644 --- a/util/storage/lruhash.c +++ b/util/storage/lruhash.c @@ -398,13 +398,13 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) return; } table->num--; - table->space_used -= (*table->sizefunc)(entry->key, entry->data); - lock_quick_unlock(&table->lock); + table->space_used -= (*table->sizefunc)(entry->key, entry->data); lock_rw_wrlock(&entry->lock); if(table->markdelfunc) (*table->markdelfunc)(entry->key); lock_rw_unlock(&entry->lock); lock_quick_unlock(&bin->lock); + lock_quick_unlock(&table->lock); /* finish removal */ d = entry->data; (*table->delkeyfunc)(entry->key, table->cb_arg); diff --git a/util/ub_event.c b/util/ub_event.c index 9af476ad4..68f633bb0 100644 --- a/util/ub_event.c +++ b/util/ub_event.c @@ -148,7 +148,7 @@ const char* ub_event_get_version(void) return event_get_version(); } -#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EVBACKEND_SELECT) +#if (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP)) && defined(EV_FEATURE_BACKENDS) static const char* ub_ev_backend2str(int b) { switch(b) { @@ -184,7 +184,7 @@ ub_get_event_sys(struct ub_event_base* base, const char** n, const char** s, *n = "libev"; if (!b) b = (struct event_base*)ev_default_loop(EVFLAG_AUTO); -# ifdef EVBACKEND_SELECT +# ifdef EV_FEATURE_BACKENDS *m = ub_ev_backend2str(ev_backend((struct ev_loop*)b)); # else *m = "not obtainable"; diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 7224f00a2..9b6574c5d 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -1030,8 +1030,6 @@ anchors_assemble_rrsets(struct val_anchors* anchors) ")", b); (void)rbtree_delete(anchors->tree, &ta->node); lock_basic_unlock(&ta->lock); - if(anchors->dlv_anchor == ta) - anchors->dlv_anchor = NULL; anchors_delfunc(&ta->node, NULL); ta = next; continue; @@ -1103,37 +1101,6 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) return 0; } } - if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) { - struct trust_anchor* dlva; - nm = cfg->dlv_anchor_file; - if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, - cfg->chrootdir, strlen(cfg->chrootdir)) == 0) - nm += strlen(cfg->chrootdir); - if(!(dlva = anchor_read_file(anchors, parsebuf, - nm, 1))) { - log_err("error reading dlv-anchor-file: %s", - cfg->dlv_anchor_file); - sldns_buffer_free(parsebuf); - return 0; - } - lock_basic_lock(&anchors->lock); - anchors->dlv_anchor = dlva; - lock_basic_unlock(&anchors->lock); - } - for(f = cfg->dlv_anchor_list; f; f = f->next) { - struct trust_anchor* dlva; - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - if(!(dlva = anchor_store_str( - anchors, parsebuf, f->str))) { - log_err("error in dlv-anchor: \"%s\"", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - lock_basic_lock(&anchors->lock); - anchors->dlv_anchor = dlva; - lock_basic_unlock(&anchors->lock); - } /* do autr last, so that it sees what anchors are filled by other * means can can print errors about double config for the name */ for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) { diff --git a/validator/val_anchor.h b/validator/val_anchor.h index a2a795d09..1597a7d62 100644 --- a/validator/val_anchor.h +++ b/validator/val_anchor.h @@ -67,8 +67,6 @@ struct val_anchors { * contents of type trust_anchor. */ rbtree_type* tree; - /** The DLV trust anchor (if one is configured, else NULL) */ - struct trust_anchor* dlv_anchor; /** Autotrust global data, anchors sorted by next probe time */ struct autr_global_data* autr; }; diff --git a/validator/val_neg.c b/validator/val_neg.c index 4c08e6bbc..67699b1f7 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -965,108 +965,6 @@ static int neg_closest_data(struct val_neg_zone* zone, } } -int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, time_t now) -{ - /* lookup closest zone */ - struct val_neg_zone* zone; - struct val_neg_data* data; - int labs; - struct ub_packed_rrset_key* nsec; - struct packed_rrset_data* d; - uint32_t flags; - uint8_t* wc; - struct query_info qinfo; - if(!neg) return 0; - - log_nametypeclass(VERB_ALGO, "negcache dlvlookup", qname, - LDNS_RR_TYPE_DLV, qclass); - - labs = dname_count_labels(qname); - lock_basic_lock(&neg->lock); - zone = neg_closest_zone_parent(neg, qname, len, labs, qclass); - while(zone && !zone->in_use) - zone = zone->parent; - if(!zone) { - lock_basic_unlock(&neg->lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "negcache zone", zone->name, 0, - zone->dclass); - - /* DLV is defined to use NSEC only */ - if(zone->nsec3_hash) { - lock_basic_unlock(&neg->lock); - return 0; - } - - /* lookup closest data record */ - (void)neg_closest_data(zone, qname, len, labs, &data); - while(data && !data->in_use) - data = data->parent; - if(!data) { - lock_basic_unlock(&neg->lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "negcache rr", data->name, - LDNS_RR_TYPE_NSEC, zone->dclass); - - /* lookup rrset in rrset cache */ - flags = 0; - if(query_dname_compare(data->name, zone->name) == 0) - flags = PACKED_RRSET_NSEC_AT_APEX; - nsec = rrset_cache_lookup(rrset_cache, data->name, data->len, - LDNS_RR_TYPE_NSEC, zone->dclass, flags, now, 0); - - /* check if secure and TTL ok */ - if(!nsec) { - lock_basic_unlock(&neg->lock); - return 0; - } - d = (struct packed_rrset_data*)nsec->entry.data; - if(!d || now > d->ttl) { - lock_rw_unlock(&nsec->entry.lock); - /* delete data record if expired */ - neg_delete_data(neg, data); - lock_basic_unlock(&neg->lock); - return 0; - } - if(d->security != sec_status_secure) { - lock_rw_unlock(&nsec->entry.lock); - neg_delete_data(neg, data); - lock_basic_unlock(&neg->lock); - return 0; - } - verbose(VERB_ALGO, "negcache got secure rrset"); - - /* check NSEC security */ - /* check if NSEC proves no DLV type exists */ - /* check if NSEC proves NXDOMAIN for qname */ - qinfo.qname = qname; - qinfo.qtype = LDNS_RR_TYPE_DLV; - qinfo.qclass = qclass; - qinfo.local_alias = NULL; - if(!nsec_proves_nodata(nsec, &qinfo, &wc) && - !val_nsec_proves_name_error(nsec, qname)) { - /* the NSEC is not a denial for the DLV */ - lock_rw_unlock(&nsec->entry.lock); - lock_basic_unlock(&neg->lock); - verbose(VERB_ALGO, "negcache not proven"); - return 0; - } - /* so the NSEC was a NODATA proof, or NXDOMAIN proof. */ - - /* no need to check for wildcard NSEC; no wildcards in DLV repos */ - /* no need to lookup SOA record for client; no response message */ - - lock_rw_unlock(&nsec->entry.lock); - /* if OK touch the LRU for neg_data element */ - neg_lru_touch(neg, data); - lock_basic_unlock(&neg->lock); - verbose(VERB_ALGO, "negcache DLV denial proven"); - return 1; -} - void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, uint8_t* zone_name) { diff --git a/validator/val_neg.h b/validator/val_neg.h index 877f5c944..5643ca331 100644 --- a/validator/val_neg.h +++ b/validator/val_neg.h @@ -218,26 +218,6 @@ void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep); void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, uint8_t* zone); -/** - * Perform a DLV style lookup - * During the lookup, we could find out that data has expired. In that - * case the neg_cache entries are removed, and lookup fails. - * - * @param neg: negative cache. - * @param qname: name to look for - * @param len: length of qname. - * @param qclass: class to look in. - * @param rrset_cache: the rrset cache, for NSEC lookups. - * @param now: current time for ttl checks. - * @return - * 0 on error - * 0 if no proof of negative - * 1 if indeed negative was proven - * thus, qname DLV qclass does not exist. - */ -int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, time_t now); - /** * For the given query, try to get a reply out of the negative cache. * The reply still needs to be validated. diff --git a/validator/val_nsec.c b/validator/val_nsec.c index a795e7733..032d2ae03 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -541,86 +541,3 @@ val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, } return 0; } - -/** - * Find shared topdomain that exists - */ -static void -dlv_topdomain(struct ub_packed_rrset_key* nsec, uint8_t* qname, - uint8_t** nm, size_t* nm_len) -{ - /* make sure reply is part of nm */ - /* take shared topdomain with left of NSEC. */ - - /* because, if empty nonterminal, then right is subdomain of qname. - * and any shared topdomain would be empty nonterminals. - * - * If nxdomain, then the right is bigger, and could have an - * interesting shared topdomain, but if it does have one, it is - * an empty nonterminal. An empty nonterminal shared with the left - * one. */ - int n; - uint8_t* common = dname_get_shared_topdomain(qname, nsec->rk.dname); - n = dname_count_labels(*nm) - dname_count_labels(common); - dname_remove_labels(nm, nm_len, n); -} - -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len) -{ - uint8_t* next; - size_t i, nlen; - int c; - /* we should now have a NOERROR/NODATA or NXDOMAIN message */ - if(rep->an_numrrsets != 0) { - return 0; - } - /* is this NOERROR ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { - /* it can be a plain NSEC match - go up one more level. */ - /* or its an empty nonterminal - go up to nonempty level */ - for(i=0; ins_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type)!=LDNS_RR_TYPE_NSEC || - !nsec_get_next(rep->rrsets[i], &next, &nlen)) - continue; - c = dname_canonical_compare( - rep->rrsets[i]->rk.dname, qinfo->qname); - if(c == 0) { - /* plain match */ - if(nsec_has_type(rep->rrsets[i], - LDNS_RR_TYPE_DLV)) - return 0; - dname_remove_label(nm, nm_len); - return 1; - } else if(c < 0 && - dname_strict_subdomain_c(next, qinfo->qname)) { - /* ENT */ - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - - /* is this NXDOMAIN ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN) { - /* find the qname denial NSEC record. It can tell us - * a closest encloser name; or that we not need bother */ - for(i=0; ins_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC) - continue; - if(val_nsec_proves_name_error(rep->rrsets[i], - qinfo->qname)) { - log_nametypeclass(VERB_ALGO, "topdomain on", - rep->rrsets[i]->rk.dname, - ntohs(rep->rrsets[i]->rk.type), 0); - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - return 0; -} diff --git a/validator/val_nsec.h b/validator/val_nsec.h index 4e71257bc..7117809d6 100644 --- a/validator/val_nsec.h +++ b/validator/val_nsec.h @@ -158,19 +158,6 @@ uint8_t* nsec_closest_encloser(uint8_t* qname, int val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, size_t qnamelen); -/** - * Determine the DLV result, what to do with NSEC DLV reply. - * @param qinfo: what was queried for. - * @param rep: the nonpositive reply. - * @param nm: dlv lookup name, to adjust for new lookup name (if needed). - * @param nm_len: length of lookup name. - * @return 0 on error, 1 if a higher point is found. - * If the higher point is above the dlv repo anchor, the qname does - * not exist. - */ -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len); - /** * Determine if an nsec proves an insecure delegation towards the qname. * @param nsec: nsec rrset. diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 3dbbe9ac9..15cccf017 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -77,6 +77,10 @@ int fake_sha1 = 0; #include #endif +#if defined(HAVE_OPENSSL_DSA_H) && defined(USE_DSA) +#include +#endif + /** * Output a libcrypto openssl error to the logfile. * @param str: string to add to it. @@ -986,6 +990,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo) return pk; } +#if defined(USE_DSA) && defined(USE_SHA1) static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) { SECKEYPublicKey* pk; @@ -1046,6 +1051,7 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) } return pk; } +#endif /* USE_DSA && USE_SHA1 */ static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len) { diff --git a/validator/validator.c b/validator/validator.c index c3ca0a27d..e12180b4b 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -390,10 +390,8 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name, ask.local_alias = NULL; log_query_info(VERB_ALGO, "generate request", &ask); /* enable valrec flag to avoid recursion to the same validation - * routine, this lookup is simply a lookup. DLVs need validation */ - if(qtype == LDNS_RR_TYPE_DLV) - valrec = 0; - else valrec = 1; + * routine, this lookup is simply a lookup. */ + valrec = 1; fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle)); if((*qstate->env->detect_cycle)(qstate, &ask, @@ -1585,7 +1583,7 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len, vq->qchase.qclass, qstate->region, *qstate->env->now); - /* there is no key(from DLV) and no trust anchor */ + /* there is no key and no trust anchor */ if(vq->key_entry == NULL && anchor == NULL) { /*response isn't under a trust anchor, so we cannot validate.*/ vq->chase_reply->security = sec_status_indeterminate; @@ -1603,7 +1601,6 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, val_mark_insecure(vq->chase_reply, anchor->name, qstate->env->rrset_cache, qstate->env); lock_basic_unlock(&anchor->lock); - vq->dlv_checked=1; /* skip DLV check */ /* go to finished state to cache this result */ vq->state = VAL_FINISHED_STATE; return 1; @@ -1679,9 +1676,8 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) /* We know that state.key_entry is not 0 or bad key -- if it were, * then previous processing should have directed this event to * a different state. - * It could be an isnull key, which signals that a DLV was just - * done and the DNSKEY after the DLV failed with dnssec-retry state - * and the DNSKEY has to be performed again. */ + * It could be an isnull key, which signals the DNSKEY failed + * with retry and has to be looked up again. */ log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry)); if(key_entry_isnull(vq->key_entry)) { if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, @@ -1985,148 +1981,6 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, return 1; } -/** - * Init DLV check. - * DLV is going to be decommissioned, but the code is still here for some time. - * - * Called when a query is determined by other trust anchors to be insecure - * (or indeterminate). Then we look if there is a key in the DLV. - * Performs aggressive negative cache check to see if there is no key. - * Otherwise, spawns a DLV query, and changes to the DLV wait state. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if there is no DLV. - * false: processing is finished for the validator operate(). - * This function may exit in three ways: - * o no DLV (aggressive cache), so insecure. (true) - * o error - stop processing (false) - * o DLV lookup was started, stop processing (false) - */ -static int -val_dlv_init(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - uint8_t* nm; - size_t nm_len; - struct module_qstate* newq = NULL; - /* there must be a DLV configured */ - log_assert(qstate->env->anchors->dlv_anchor); - /* this bool is true to avoid looping in the DLV checks */ - log_assert(vq->dlv_checked); - - /* init the DLV lookup variables */ - vq->dlv_lookup_name = NULL; - vq->dlv_lookup_name_len = 0; - vq->dlv_insecure_at = NULL; - vq->dlv_insecure_at_len = 0; - - /* Determine the name for which we want to lookup DLV. - * This name is for the current message, or - * for the current RRset for CNAME, referral subtypes. - * If there is a signer, use that, otherwise the domain name */ - if(vq->signer_name) { - nm = vq->signer_name; - nm_len = vq->signer_len; - } else { - /* use qchase */ - nm = vq->qchase.qname; - nm_len = vq->qchase.qname_len; - if(vq->qchase.qtype == LDNS_RR_TYPE_DS) - dname_remove_label(&nm, &nm_len); - } - log_nametypeclass(VERB_ALGO, "DLV init look", nm, LDNS_RR_TYPE_DS, - vq->qchase.qclass); - log_assert(nm && nm_len); - /* sanity check: no DLV lookups below the DLV anchor itself. - * Like, an securely insecure delegation there makes no sense. */ - if(dname_subdomain_c(nm, qstate->env->anchors->dlv_anchor->name)) { - verbose(VERB_ALGO, "DLV lookup within DLV repository denied"); - return 1; - } - /* concat name (minus root label) + dlv name */ - vq->dlv_lookup_name_len = nm_len - 1 + - qstate->env->anchors->dlv_anchor->namelen; - vq->dlv_lookup_name = regional_alloc(qstate->region, - vq->dlv_lookup_name_len); - if(!vq->dlv_lookup_name) { - log_err("Out of memory preparing DLV lookup"); - return val_error(qstate, id); - } - memmove(vq->dlv_lookup_name, nm, nm_len-1); - memmove(vq->dlv_lookup_name+nm_len-1, - qstate->env->anchors->dlv_anchor->name, - qstate->env->anchors->dlv_anchor->namelen); - log_nametypeclass(VERB_ALGO, "DLV name", vq->dlv_lookup_name, - LDNS_RR_TYPE_DLV, vq->qchase.qclass); - - /* determine where the insecure point was determined, the DLV must - * be equal or below that to continue building the trust chain - * down. May be NULL if no trust chain was built yet */ - nm = NULL; - if(vq->key_entry && key_entry_isnull(vq->key_entry)) { - nm = vq->key_entry->name; - nm_len = vq->key_entry->namelen; - } - if(nm) { - vq->dlv_insecure_at_len = nm_len - 1 + - qstate->env->anchors->dlv_anchor->namelen; - vq->dlv_insecure_at = regional_alloc(qstate->region, - vq->dlv_insecure_at_len); - if(!vq->dlv_insecure_at) { - log_err("Out of memory preparing DLV lookup"); - return val_error(qstate, id); - } - memmove(vq->dlv_insecure_at, nm, nm_len-1); - memmove(vq->dlv_insecure_at+nm_len-1, - qstate->env->anchors->dlv_anchor->name, - qstate->env->anchors->dlv_anchor->namelen); - log_nametypeclass(VERB_ALGO, "insecure_at", - vq->dlv_insecure_at, 0, vq->qchase.qclass); - } - - /* If we can find the name in the aggressive negative cache, - * give up; insecure is the answer */ - while(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, vq->qchase.qclass, - qstate->env->rrset_cache, *qstate->env->now)) { - /* go up */ - dname_remove_label(&vq->dlv_lookup_name, - &vq->dlv_lookup_name_len); - /* too high? */ - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - verbose(VERB_ALGO, "ask above dlv repo"); - return 1; /* Above the repo is insecure */ - } - /* above chain of trust? */ - if(vq->dlv_insecure_at && !dname_subdomain_c( - vq->dlv_lookup_name, vq->dlv_insecure_at)) { - verbose(VERB_ALGO, "ask above insecure endpoint"); - return 1; - } - } - - /* perform a lookup for the DLV; with validation */ - vq->state = VAL_DLVLOOKUP_STATE; - if(!generate_request(qstate, id, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, - vq->qchase.qclass, 0, &newq, 0)) { - return val_error(qstate, id); - } - - /* Find the closest encloser DLV from the repository. - * then that is used to build another chain of trust - * This may first require a query 'too low' that has NSECs in - * the answer, from which we determine the closest encloser DLV. - * When determine the closest encloser, skip empty nonterminals, - * since we want a nonempty node in the DLV repository. */ - - return 0; -} - /** * The Finished state. The validation status (good or bad) has been determined. * @@ -2145,16 +1999,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, qstate->query_flags, &qstate->qinfo, &vq->qchase, vq->orig_msg->rep, vq->rrset_skip); - /* if the result is insecure or indeterminate and we have not - * checked the DLV yet, check the DLV */ - if((vq->chase_reply->security == sec_status_insecure || - vq->chase_reply->security == sec_status_indeterminate) && - qstate->env->anchors->dlv_anchor && !vq->dlv_checked) { - vq->dlv_checked = 1; - if(!val_dlv_init(qstate, vq, ve, id)) - return 0; - } - /* store overall validation result in orig_msg */ if(vq->rrset_skip == 0) vq->orig_msg->rep->security = vq->chase_reply->security; @@ -2177,7 +2021,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, /* and restart for this rrset */ verbose(VERB_ALGO, "validator: go to next rrset"); vq->chase_reply->security = sec_status_unchecked; - vq->dlv_checked = 0; /* can do DLV for this RR */ vq->state = VAL_INIT_STATE; return 1; } @@ -2195,7 +2038,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, log_query_info(VERB_ALGO, "validator: chased to", &vq->qchase); vq->chase_reply->security = sec_status_unchecked; - vq->dlv_checked = 0; /* can do DLV for this RR */ vq->state = VAL_INIT_STATE; return 1; } @@ -2321,119 +2163,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, return 0; } -/** - * The DLVLookup state. Process DLV lookups. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - struct module_qstate* newq = NULL; - /* see if this we are ready to continue normal resolution */ - /* we may need more DLV lookups */ - if(vq->dlv_status==dlv_error) - verbose(VERB_ALGO, "DLV woke up with status dlv_error"); - else if(vq->dlv_status==dlv_success) - verbose(VERB_ALGO, "DLV woke up with status dlv_success"); - else if(vq->dlv_status==dlv_ask_higher) - verbose(VERB_ALGO, "DLV woke up with status dlv_ask_higher"); - else if(vq->dlv_status==dlv_there_is_no_dlv) - verbose(VERB_ALGO, "DLV woke up with status dlv_there_is_no_dlv"); - else verbose(VERB_ALGO, "DLV woke up with status unknown"); - - if(vq->dlv_status == dlv_error) { - verbose(VERB_QUERY, "failed DLV lookup"); - errinf(qstate, "failed DLV lookup"); - return val_error(qstate, id); - } else if(vq->dlv_status == dlv_success) { - uint8_t* nm; - size_t nmlen; - /* chain continues with DNSKEY, continue in FINDKEY */ - vq->state = VAL_FINDKEY_STATE; - - /* strip off the DLV suffix from the name; could result in . */ - log_assert(dname_subdomain_c(vq->ds_rrset->rk.dname, - qstate->env->anchors->dlv_anchor->name)); - nmlen = vq->ds_rrset->rk.dname_len - - qstate->env->anchors->dlv_anchor->namelen + 1; - nm = regional_alloc_init(qstate->region, - vq->ds_rrset->rk.dname, nmlen); - if(!nm) { - log_err("Out of memory in DLVLook"); - return val_error(qstate, id); - } - nm[nmlen-1] = 0; - - vq->ds_rrset->rk.dname = nm; - vq->ds_rrset->rk.dname_len = nmlen; - - /* create a nullentry for the key so the dnskey lookup - * can be retried after a validation failure for it */ - vq->key_entry = key_entry_create_null(qstate->region, - nm, nmlen, vq->qchase.qclass, 0, 0); - if(!vq->key_entry) { - log_err("Out of memory in DLVLook"); - return val_error(qstate, id); - } - - if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, - vq->qchase.qclass, BIT_CD, &newq, 0)) { - verbose(VERB_ALGO, "error generating DNSKEY request"); - return val_error(qstate, id); - } - return 0; - } else if(vq->dlv_status == dlv_there_is_no_dlv) { - /* continue with the insecure result we got */ - vq->state = VAL_FINISHED_STATE; - return 1; - } - log_assert(vq->dlv_status == dlv_ask_higher); - - /* ask higher, make sure we stay in DLV repo, below dlv_at */ - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - /* just like, there is no DLV */ - verbose(VERB_ALGO, "ask above dlv repo"); - vq->state = VAL_FINISHED_STATE; - return 1; - } - if(vq->dlv_insecure_at && !dname_subdomain_c(vq->dlv_lookup_name, - vq->dlv_insecure_at)) { - /* already checked a chain lower than dlv_lookup_name */ - verbose(VERB_ALGO, "ask above insecure endpoint"); - log_nametypeclass(VERB_ALGO, "enpt", vq->dlv_insecure_at, 0, 0); - vq->state = VAL_FINISHED_STATE; - return 1; - } - - /* check negative cache before making new request */ - if(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, vq->qchase.qclass, - qstate->env->rrset_cache, *qstate->env->now)) { - /* does not exist, go up one (go higher). */ - dname_remove_label(&vq->dlv_lookup_name, - &vq->dlv_lookup_name_len); - /* limit number of labels, limited number of recursion */ - return processDLVLookup(qstate, vq, ve, id); - } - - if(!generate_request(qstate, id, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, - vq->qchase.qclass, 0, &newq, 0)) { - return val_error(qstate, id); - } - - return 0; -} - /** * Handle validator state. * If a method returns true, the next state is started. If false, then @@ -2464,9 +2193,6 @@ val_handle(struct module_qstate* qstate, struct val_qstate* vq, case VAL_FINISHED_STATE: cont = processFinished(qstate, vq, ve, id); break; - case VAL_DLVLOOKUP_STATE: - cont = processDLVLookup(qstate, vq, ve, id); - break; default: log_warn("validator: invalid state %d", vq->state); @@ -3105,99 +2831,6 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, /* the qstate will be reactivated after inform_super is done */ } -/** - * Process DLV response. Called from inform_supers. - * Because it is in inform_supers, the mesh itself is busy doing callbacks - * for a state that is to be deleted soon; don't touch the mesh; instead - * set a state in the super, as the super will be reactivated soon. - * Perform processing to determine what state to set in the super. - * - * @param qstate: query state that is validating and asked for a DLV. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param qinfo: from the sub query state, query info. - */ -static void -process_dlv_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct query_info* qinfo) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - - verbose(VERB_ALGO, "process dlv response to super"); - if(rcode != LDNS_RCODE_NOERROR) { - /* lookup failed, set in vq to give up */ - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is error"); - return; - } - if(msg->rep->security != sec_status_secure) { - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is not secure, %s", - sec_status_to_string(msg->rep->security)); - return; - } - /* was the lookup a success? validated DLV? */ - if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NOERROR && - msg->rep->an_numrrsets == 1 && - msg->rep->security == sec_status_secure && - ntohs(msg->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DLV && - ntohs(msg->rep->rrsets[0]->rk.rrset_class) == qinfo->qclass && - query_dname_compare(msg->rep->rrsets[0]->rk.dname, - vq->dlv_lookup_name) == 0) { - /* yay! it is just like a DS */ - vq->ds_rrset = (struct ub_packed_rrset_key*) - regional_alloc_init(qstate->region, - msg->rep->rrsets[0], sizeof(*vq->ds_rrset)); - if(!vq->ds_rrset) { - log_err("out of memory in process_dlv"); - return; - } - vq->ds_rrset->entry.key = vq->ds_rrset; - vq->ds_rrset->rk.dname = (uint8_t*)regional_alloc_init( - qstate->region, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len); - if(!vq->ds_rrset->rk.dname) { - log_err("out of memory in process_dlv"); - vq->dlv_status = dlv_error; - return; - } - vq->ds_rrset->entry.data = regional_alloc_init(qstate->region, - vq->ds_rrset->entry.data, - packed_rrset_sizeof(vq->ds_rrset->entry.data)); - if(!vq->ds_rrset->entry.data) { - log_err("out of memory in process_dlv"); - vq->dlv_status = dlv_error; - return; - } - packed_rrset_ptr_fixup(vq->ds_rrset->entry.data); - /* make vq do a DNSKEY query next up */ - vq->dlv_status = dlv_success; - return; - } - /* store NSECs into negative cache */ - val_neg_addreply(ve->neg_cache, msg->rep); - - /* was the lookup a failure? - * if we have to go up into the DLV for a higher DLV anchor - * then set this in the vq, so it can make queries when activated. - * See if the NSECs indicate that we should look for higher DLV - * or, that there is no DLV securely */ - if(!val_nsec_check_dlv(qinfo, msg->rep, &vq->dlv_lookup_name, - &vq->dlv_lookup_name_len)) { - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "nsec error"); - return; - } - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - vq->dlv_status = dlv_there_is_no_dlv; - return; - } - vq->dlv_status = dlv_ask_higher; -} - /* * inform validator super. * @@ -3233,10 +2866,6 @@ val_inform_super(struct module_qstate* qstate, int id, qstate->return_msg, &qstate->qinfo, qstate->reply_origin); return; - } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DLV) { - process_dlv_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, &qstate->qinfo); - return; } log_err("internal error in validator: no inform_supers possible"); } @@ -3284,7 +2913,6 @@ val_state_to_string(enum val_state state) case VAL_FINDKEY_STATE: return "VAL_FINDKEY_STATE"; case VAL_VALIDATE_STATE: return "VAL_VALIDATE_STATE"; case VAL_FINISHED_STATE: return "VAL_FINISHED_STATE"; - case VAL_DLVLOOKUP_STATE: return "VAL_DLVLOOKUP_STATE"; } return "UNKNOWN VALIDATOR STATE"; } diff --git a/validator/validator.h b/validator/validator.h index 9e4c8a941..35da1920a 100644 --- a/validator/validator.h +++ b/validator/validator.h @@ -137,8 +137,6 @@ enum val_state { VAL_VALIDATE_STATE, /** finish up */ VAL_FINISHED_STATE, - /** DLV lookup state, processing DLV queries */ - VAL_DLVLOOKUP_STATE }; /** @@ -217,27 +215,6 @@ struct val_qstate { /** true if this state is waiting to prime a trust anchor */ int wait_prime_ta; - - /** have we already checked the DLV? */ - int dlv_checked; - /** The name for which the DLV is looked up. For the current message - * or for the current RRset (for CNAME, REFERRAL types). - * If there is signer name, that may be it, else a domain name */ - uint8_t* dlv_lookup_name; - /** length of dlv lookup name */ - size_t dlv_lookup_name_len; - /** Name at which chain of trust stopped with insecure, starting DLV - * DLV must result in chain going further down */ - uint8_t* dlv_insecure_at; - /** length of dlv insecure point name */ - size_t dlv_insecure_at_len; - /** status of DLV lookup. Indication to VAL_DLV_STATE what to do */ - enum dlv_status { - dlv_error, /* server failure */ - dlv_success, /* got a DLV */ - dlv_ask_higher, /* ask again */ - dlv_there_is_no_dlv /* got no DLV, sure of it */ - } dlv_status; }; /**