diff --git a/Makefile.in b/Makefile.in index 99943a650..b640af006 100644 --- a/Makefile.in +++ b/Makefile.in @@ -173,10 +173,10 @@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ testcode/unitverify.c testcode/readhex.c testcode/testpkts.c testcode/unitldns.c \ -testcode/unitecs.c testcode/unitauth.c +testcode/unitecs.c testcode/unitauth.c testcode/unitzonemd.c UNITTEST_OBJ=unitanchor.lo unitdname.lo unitlruhash.lo unitmain.lo \ unitmsgparse.lo unitneg.lo unitregional.lo unitslabhash.lo unitverify.lo \ -readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo +readhex.lo testpkts.lo unitldns.lo unitecs.lo unitauth.lo unitzonemd.lo UNITTEST_OBJ_LINK=$(UNITTEST_OBJ) worker_cb.lo $(COMMON_OBJ) $(SLDNS_OBJ) \ $(COMPAT_OBJ) DAEMON_SRC=daemon/acl_list.c daemon/cachedump.c daemon/daemon.c \ @@ -248,6 +248,7 @@ DNSTAP_SOCKET_SRC=dnstap/unbound-dnstap-socket.c DNSTAP_SOCKET_OBJ=unbound-dnstap-socket.lo DNSTAP_SOCKET_OBJ_LINK=$(DNSTAP_SOCKET_OBJ) $(COMMON_OBJ) \ $(COMPAT_OBJ) $(SLDNS_OBJ) +DNSTAP_SOCKET_TESTBIN=@DNSTAP_SOCKET_TESTBIN@ LIBUNBOUND_SRC=libunbound/context.c libunbound/libunbound.c \ libunbound/libworker.c LIBUNBOUND_OBJ=context.lo libunbound.lo libworker.lo ub_event_pluggable.lo @@ -323,7 +324,7 @@ rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ - unbound-dnstap-socket$(EXEEXT) dohclient$(EXEEXT) \ + $(DNSTAP_SOCKET_TESTBIN) dohclient$(EXEEXT) \ testbound$(EXEEXT) unittest$(EXEEXT) tests: all $(TEST_BIN) @@ -1263,6 +1264,7 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ $(srcdir)/sldns/parseutil.h +unitzonemd.lo unitzonemd.o: $(srcdir)/testcode/unitzonemd.c config.h $(srcdir)/services/authzone.h unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index eed4d5fd9..e948a6b0d 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -465,6 +465,7 @@ packed_rrset_ttl_subtract(struct packed_rrset_data* data, time_t subtract) data->rr_ttl[i] -= subtract; else data->rr_ttl[i] = 0; } + data->ttl_add = (subtract < data->ttl_add) ? (data->ttl_add - subtract) : 0; } /* Adjust the TTL of a DNS message and its RRs by 'adjust'. If 'adjust' is diff --git a/configure b/configure index 87959deae..b067e48fe 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.13.1. +# Generated by GNU Autoconf 2.69 for unbound 1.13.2. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.13.1' -PACKAGE_STRING='unbound 1.13.1' +PACKAGE_VERSION='1.13.2' +PACKAGE_STRING='unbound 1.13.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -649,6 +649,7 @@ ENABLE_DNSCRYPT ENABLE_DNSCRYPT_XCHACHA20 DNSTAP_OBJ DNSTAP_SRC +DNSTAP_SOCKET_TESTBIN DNSTAP_SOCKET_PATH opt_dnstap_socket_path ENABLE_DNSTAP @@ -1459,7 +1460,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.13.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.13.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1524,7 +1525,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.13.1:";; + short | recursive ) echo "Configuration of unbound 1.13.2:";; esac cat <<\_ACEOF @@ -1752,7 +1753,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.13.1 +unbound configure 1.13.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2461,7 +2462,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.13.1, which was +It was created by unbound $as_me 1.13.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2813,11 +2814,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=13 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=12 +LIBUNBOUND_REVISION=13 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2897,6 +2898,7 @@ LIBUNBOUND_AGE=1 # 1.12.0 had 9:10:1 # 1.13.0 had 9:11:1 # 1.13.1 had 9:12:1 +# 1.13.2 had 9:13:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -17235,9 +17237,68 @@ $as_echo "#define WITH_DYNLIBMODULE 1" >>confdefs.h DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h' if test $on_mingw = "no"; then - DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" + # link with -ldl if not already there, for all executables because + # dlopen call is in the dynlib module. For unbound executable, also + # export symbols. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +$as_echo_n "checking for library containing dlopen... " >&6; } +if ${ac_cv_search_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl; do + if test -z "$ac_lib"; then + ac_res="none required" else - DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a" + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dlopen+:} false; then : + break +fi +done +if ${ac_cv_search_dlopen+:} false; then : + +else + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +$as_echo "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + DYNLIBMOD_EXTRALIBS="-export-dynamic" + else + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a" fi fi @@ -19765,6 +19826,7 @@ if test x_$enable_static_exe = x_yes; then LIBS="$LIBS -lgdi32" fi LIBS="$LIBS -lz" + LIBS="$LIBS -l:libssp.a" fi fi @@ -19784,6 +19846,7 @@ if test x_$enable_fully_static = x_yes; then LIBS="$LIBS -lgdi32" fi LIBS="$LIBS -lz" + LIBS="$LIBS -l:libssp.a" fi fi @@ -21191,6 +21254,7 @@ _ACEOF DNSTAP_SOCKET_PATH="$hdr_dnstap_socket_path" + DNSTAP_SOCKET_TESTBIN='unbound-dnstap-socket$(EXEEXT)' DNSTAP_SRC="dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c" @@ -21697,7 +21761,7 @@ _ACEOF -version=1.13.1 +version=1.13.2 date=`date +'%b %e, %Y'` @@ -22216,7 +22280,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.13.1, which was +This file was extended by unbound $as_me 1.13.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22282,7 +22346,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.13.1 +unbound config.status 1.13.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 02b9eb47b..cba6ca018 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[13]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=12 +LIBUNBOUND_REVISION=13 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -98,6 +98,7 @@ LIBUNBOUND_AGE=1 # 1.12.0 had 9:10:1 # 1.13.0 had 9:11:1 # 1.13.1 had 9:12:1 +# 1.13.2 had 9:13:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -642,9 +643,13 @@ if test x_$withval != x_no; then DYNLIBMOD_HEADER='$(srcdir)/dynlibmod/dynlibmod.h' AC_SUBST(DYNLIBMOD_HEADER) if test $on_mingw = "no"; then - DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" + # link with -ldl if not already there, for all executables because + # dlopen call is in the dynlib module. For unbound executable, also + # export symbols. + AC_SEARCH_LIBS([dlopen], [dl]) + DYNLIBMOD_EXTRALIBS="-export-dynamic" else - DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a" + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a" fi AC_SUBST(DYNLIBMOD_EXTRALIBS) fi @@ -1438,6 +1443,7 @@ if test x_$enable_static_exe = x_yes; then LIBS="$LIBS -lgdi32" fi LIBS="$LIBS -lz" + LIBS="$LIBS -l:libssp.a" fi fi @@ -1454,6 +1460,7 @@ if test x_$enable_fully_static = x_yes; then LIBS="$LIBS -lgdi32" fi LIBS="$LIBS -lz" + LIBS="$LIBS -l:libssp.a" fi fi @@ -1743,7 +1750,7 @@ dt_DNSTAP([$UNBOUND_RUN_DIR/dnstap.sock], AC_DEFINE_UNQUOTED(DNSTAP_SOCKET_PATH, ["$hdr_dnstap_socket_path"], [default dnstap socket path]) AC_SUBST(DNSTAP_SOCKET_PATH,["$hdr_dnstap_socket_path"]) - + AC_SUBST(DNSTAP_SOCKET_TESTBIN,['unbound-dnstap-socket$(EXEEXT)']) AC_SUBST([DNSTAP_SRC], ["dnstap/dnstap.c dnstap/dnstap.pb-c.c dnstap/dnstap_fstrm.c dnstap/dtstream.c"]) AC_SUBST([DNSTAP_OBJ], ["dnstap.lo dnstap.pb-c.lo dnstap_fstrm.lo dtstream.lo"]) ], diff --git a/daemon/daemon.c b/daemon/daemon.c index a11d50a9b..6d6667883 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -320,7 +320,8 @@ daemon_open_shared_ports(struct daemon* daemon) free(daemon->ports); daemon->ports = NULL; } - if(!resolve_interface_names(daemon->cfg, &resif, &num_resif)) + if(!resolve_interface_names(daemon->cfg->ifs, + daemon->cfg->num_ifs, NULL, &resif, &num_resif)) return 0; /* see if we want to reuseport */ #ifdef SO_REUSEPORT @@ -632,19 +633,19 @@ daemon_fork(struct daemon* daemon) fatal_exit("Could not set up per-view response IP sets"); daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || have_view_respip_cfg; - + + /* setup modules */ + daemon_setup_modules(daemon); + /* read auth zonefiles */ if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1, - &daemon->use_rpz)) + &daemon->use_rpz, daemon->env, &daemon->mods)) fatal_exit("auth_zones could not be setup"); /* Set-up EDNS strings */ if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) fatal_exit("Could not set up EDNS strings"); - /* setup modules */ - daemon_setup_modules(daemon); - /* response-ip-xxx options don't work as expected without the respip * module. To avoid run-time operational surprise we reject such * configuration. */ diff --git a/daemon/remote.c b/daemon/remote.c index 64057a57b..7e432fe52 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -364,13 +364,20 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg) struct listen_port* l = NULL; log_assert(cfg->remote_control_enable && cfg->control_port); if(cfg->control_ifs.first) { - struct config_strlist* p; - for(p = cfg->control_ifs.first; p; p = p->next) { - if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) { + char** rcif = NULL; + int i, num_rcif = 0; + if(!resolve_interface_names(NULL, 0, cfg->control_ifs.first, + &rcif, &num_rcif)) { + return NULL; + } + for(i=0; icontrol_port, &l, 1, cfg)) { listening_ports_free(l); + config_del_strarray(rcif, num_rcif); return NULL; } } + config_del_strarray(rcif, num_rcif); } else { /* defaults */ if(cfg->do_ip6 && @@ -2510,6 +2517,8 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg) uint8_t* nm = NULL; struct auth_zones* az = worker->env.auth_zones; struct auth_zone* z = NULL; + struct auth_xfer* xfr = NULL; + char* reason = NULL; if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) return; if(az) { @@ -2518,19 +2527,63 @@ do_auth_zone_reload(RES* ssl, struct worker* worker, char* arg) if(z) { lock_rw_wrlock(&z->lock); } + xfr = auth_xfer_find(az, nm, nmlen, LDNS_RR_CLASS_IN); + if(xfr) { + lock_basic_lock(&xfr->lock); + } lock_rw_unlock(&az->lock); } free(nm); if(!z) { + if(xfr) { + lock_basic_unlock(&xfr->lock); + } (void)ssl_printf(ssl, "error no auth-zone %s\n", arg); return; } if(!auth_zone_read_zonefile(z, worker->env.cfg)) { lock_rw_unlock(&z->lock); + if(xfr) { + lock_basic_unlock(&xfr->lock); + } (void)ssl_printf(ssl, "error failed to read %s\n", arg); return; } + + z->zone_expired = 0; + if(xfr) { + xfr->zone_expired = 0; + if(!xfr_find_soa(z, xfr)) { + if(z->data.count == 0) { + lock_rw_unlock(&z->lock); + lock_basic_unlock(&xfr->lock); + (void)ssl_printf(ssl, "zone %s has no contents\n", arg); + return; + } + lock_rw_unlock(&z->lock); + lock_basic_unlock(&xfr->lock); + (void)ssl_printf(ssl, "error: no SOA in zone after read %s\n", arg); + return; + } + if(xfr->have_zone) + xfr->lease_time = *worker->env.now; + lock_basic_unlock(&xfr->lock); + } + + auth_zone_verify_zonemd(z, &worker->env, &worker->env.mesh->mods, + &reason, 0, 0); + if(reason && z->zone_expired) { + lock_rw_unlock(&z->lock); + (void)ssl_printf(ssl, "error zonemd for %s failed: %s\n", + arg, reason); + free(reason); + return; + } else if(reason && strcmp(reason, "ZONEMD verification successful") + ==0) { + (void)ssl_printf(ssl, "%s: %s\n", arg, reason); + } lock_rw_unlock(&z->lock); + free(reason); send_ok(ssl); } diff --git a/daemon/unbound.c b/daemon/unbound.c index bc6d2bc9e..b2bb526c0 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -197,6 +197,33 @@ checkrlimits(struct config_file* cfg) size_t total = numthread * perthread + misc; size_t avail; struct rlimit rlim; + size_t memsize_expect = cfg->msg_cache_size + cfg->rrset_cache_size + + (cfg->do_tcp?cfg->stream_wait_size:0) + + (cfg->ip_ratelimit?cfg->ip_ratelimit_size:0) + + (cfg->ratelimit?cfg->ratelimit_size:0) + + (cfg->dnscrypt?cfg->dnscrypt_shared_secret_cache_size + cfg->dnscrypt_nonce_cache_size:0) + + cfg->infra_cache_numhosts * (sizeof(struct infra_key)+sizeof(struct infra_data)); + if(strstr(cfg->module_conf, "validator") && (cfg->trust_anchor_file_list || cfg->trust_anchor_list || cfg->auto_trust_anchor_file_list || cfg->trusted_keys_file_list)) { + memsize_expect += cfg->key_cache_size + cfg->neg_cache_size; + } +#ifdef HAVE_NGHTTP2_NGHTTP2_H + if(cfg_has_https(cfg)) { + memsize_expect += cfg->http_query_buffer_size + cfg->http_response_buffer_size; + } +#endif + + if(getrlimit(RLIMIT_AS, &rlim) == 0) { + if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY && + rlim.rlim_cur < (rlim_t)memsize_expect) { + log_warn("the ulimit(max memory size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect); + } + } + if(getrlimit(RLIMIT_DATA, &rlim) == 0) { + if(rlim.rlim_cur != (rlim_t)RLIM_INFINITY && + rlim.rlim_cur < memsize_expect) { + log_warn("the ulimit(data seg size) is smaller than the expected memory usage (added size of caches). %u < %u bytes", (unsigned)rlim.rlim_cur, (unsigned)memsize_expect); + } + } if(total > 1024 && strncmp(ub_event_get_version(), "mini-event", 10) == 0) { diff --git a/daemon/worker.c b/daemon/worker.c index 88b4f68c9..f8e1bbb08 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -70,6 +70,7 @@ #include "util/edns.h" #include "iterator/iter_fwd.h" #include "iterator/iter_hints.h" +#include "iterator/iter_utils.h" #include "validator/autotrust.h" #include "validator/val_anchor.h" #include "respip/respip.h" @@ -1166,9 +1167,14 @@ worker_handle_request(struct comm_point* c, void* arg, int error, } #endif #ifdef USE_DNSTAP - if(worker->dtenv.log_client_query_messages) - dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, c->type, - c->buffer); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from incoming request handler + */ + if(worker->dtenv.log_client_query_messages) { + log_addr(VERB_ALGO, "request from client", &repinfo->addr, repinfo->addrlen); + log_addr(VERB_ALGO, "to local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + dt_msg_send_client_query(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + } #endif acladdr = acl_addr_lookup(worker->daemon->acl, &repinfo->addr, repinfo->addrlen); @@ -1289,6 +1295,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, edns.udp_size = EDNS_ADVERTISED_SIZE; edns.bits &= EDNS_DO; edns.opt_list = NULL; + edns.padding_block_size = 0; verbose(VERB_ALGO, "query with bad edns version."); log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen); error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo, @@ -1591,9 +1598,14 @@ send_reply_rc: if(is_secure_answer) worker->stats.ans_secure++; } #ifdef USE_DNSTAP - if(worker->dtenv.log_client_response_messages) - dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, - c->type, c->buffer); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from send_reply code label (when we serviced local zone for ex.) + */ + if(worker->dtenv.log_client_response_messages) { + log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); + dt_msg_send_client_response(&worker->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, c->type, c->buffer); + } #endif if(worker->env.cfg->log_replies) { @@ -1820,6 +1832,8 @@ worker_init(struct worker* worker, struct config_file *cfg, worker_delete(worker); return 0; } + iterator_set_ip46_support(&worker->daemon->mods, worker->daemon->env, + worker->back); /* start listening to commands */ if(!tube_setup_bg_listen(worker->cmd, worker->base, &worker_handle_control_cmd, worker)) { @@ -1913,6 +1927,8 @@ worker_init(struct worker* worker, struct config_file *cfg, #endif ) { auth_xfer_pickup_initial(worker->env.auth_zones, &worker->env); + auth_zones_pickup_zonemd_verify(worker->env.auth_zones, + &worker->env); } #ifdef USE_DNSTAP if(worker->daemon->cfg->dnstap diff --git a/dns64/dns64.c b/dns64/dns64.c index 5c70119a5..c79bc9c65 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -198,14 +198,17 @@ uitoa(unsigned n, char* s) static uint32_t extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) { - uint32_t ipv4; + uint32_t ipv4 = 0; + int i, pos; log_assert(ipv6_len == 16); (void)ipv6_len; - ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); - if (offset/8+4 < 16) - ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); + log_assert(offset == 32 || offset == 40 || offset == 48 || offset == 56 || + offset == 64 || offset == 96); + for(i = 0, pos = offset / 8; i < 4; i++, pos++) { + if (pos == 8) + pos++; + ipv4 = ipv4 << 8; + ipv4 |= ipv6[pos]; + } return ipv4; } @@ -296,18 +299,18 @@ synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[], size_t aaaa_len) { + size_t i; + int pos; log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16); + log_assert(prefix_net == 32 || prefix_net == 40 || prefix_net == 48 || + prefix_net == 56 || prefix_net == 64 || prefix_net == 96); (void)prefix_addr_len; (void)a_len; (void)aaaa_len; memcpy(aaaa, prefix_addr, 16); - aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); - aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); - aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8); - aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8); - aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8); - aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8); - aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8); - if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */ - aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8); + for(i = 0, pos = prefix_net / 8; i < a_len; i++, pos++) { + if(pos == 8) + aaaa[pos++] = 0; + aaaa[pos] = a[i]; + } } @@ -374,8 +377,10 @@ dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg) log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix); return 0; } - if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) { - log_err("dns64-prefix length it not between 0 and 96: %s", + if (dns64_env->prefix_net != 32 && dns64_env->prefix_net != 40 && + dns64_env->prefix_net != 48 && dns64_env->prefix_net != 56 && + dns64_env->prefix_net != 64 && dns64_env->prefix_net != 96 ) { + log_err("dns64-prefix length it not 32, 40, 48, 56, 64 or 96: %s", cfg->dns64_prefix); return 0; } @@ -722,7 +727,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, *dd_out = NULL; return; /* integer overflow protection in alloc */ } - if (!(dd = *dd_out = regional_alloc(region, + if (!(dd = *dd_out = regional_alloc_zero(region, sizeof(struct packed_rrset_data) + fd->count * (sizeof(size_t) + sizeof(time_t) + sizeof(uint8_t*) + 2 + 16)))) { diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index b8a321670..6577a019a 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -302,44 +302,75 @@ dt_fill_buffer(sldns_buffer *b, ProtobufCBinaryData *p, protobuf_c_boolean *has) static void dt_msg_fill_net(struct dt_msg *dm, - struct sockaddr_storage *ss, + struct sockaddr_storage *qs, + struct sockaddr_storage *rs, enum comm_point_type cptype, - ProtobufCBinaryData *addr, protobuf_c_boolean *has_addr, - uint32_t *port, protobuf_c_boolean *has_port) + ProtobufCBinaryData *qaddr, protobuf_c_boolean *has_qaddr, + uint32_t *qport, protobuf_c_boolean *has_qport, + ProtobufCBinaryData *raddr, protobuf_c_boolean *has_raddr, + uint32_t *rport, protobuf_c_boolean *has_rport) { - log_assert(ss->ss_family == AF_INET6 || ss->ss_family == AF_INET); - if (ss->ss_family == AF_INET6) { - struct sockaddr_in6 *s = (struct sockaddr_in6 *) ss; + log_assert(qs->ss_family == AF_INET6 || qs->ss_family == AF_INET); + if (qs->ss_family == AF_INET6) { + struct sockaddr_in6 *q = (struct sockaddr_in6 *) qs; /* socket_family */ dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET6; dm->m.has_socket_family = 1; /* addr: query_address or response_address */ - addr->data = s->sin6_addr.s6_addr; - addr->len = 16; /* IPv6 */ - *has_addr = 1; + qaddr->data = q->sin6_addr.s6_addr; + qaddr->len = 16; /* IPv6 */ + *has_qaddr = 1; /* port: query_port or response_port */ - *port = ntohs(s->sin6_port); - *has_port = 1; - } else if (ss->ss_family == AF_INET) { - struct sockaddr_in *s = (struct sockaddr_in *) ss; + *qport = ntohs(q->sin6_port); + *has_qport = 1; + } else if (qs->ss_family == AF_INET) { + struct sockaddr_in *q = (struct sockaddr_in *) qs; /* socket_family */ dm->m.socket_family = DNSTAP__SOCKET_FAMILY__INET; dm->m.has_socket_family = 1; /* addr: query_address or response_address */ - addr->data = (uint8_t *) &s->sin_addr.s_addr; - addr->len = 4; /* IPv4 */ - *has_addr = 1; + qaddr->data = (uint8_t *) &q->sin_addr.s_addr; + qaddr->len = 4; /* IPv4 */ + *has_qaddr = 1; /* port: query_port or response_port */ - *port = ntohs(s->sin_port); - *has_port = 1; + *qport = ntohs(q->sin_port); + *has_qport = 1; } + /* + * This block is to fill second set of fields in DNSTAP-message defined as request_/response_ names. + * Additional responsive structure is: struct sockaddr_storage *rs + */ + if (rs && rs->ss_family == AF_INET6) { + struct sockaddr_in6 *r = (struct sockaddr_in6 *) rs; + + /* addr: query_address or response_address */ + raddr->data = r->sin6_addr.s6_addr; + raddr->len = 16; /* IPv6 */ + *has_raddr = 1; + + /* port: query_port or response_port */ + *rport = ntohs(r->sin6_port); + *has_rport = 1; + } else if (rs && rs->ss_family == AF_INET) { + struct sockaddr_in *r = (struct sockaddr_in *) rs; + + /* addr: query_address or response_address */ + raddr->data = (uint8_t *) &r->sin_addr.s_addr; + raddr->len = 4; /* IPv4 */ + *has_raddr = 1; + + /* port: query_port or response_port */ + *rport = ntohs(r->sin_port); + *has_rport = 1; + } + log_assert(cptype == comm_udp || cptype == comm_tcp); if (cptype == comm_udp) { /* socket_protocol */ @@ -355,6 +386,7 @@ dt_msg_fill_net(struct dt_msg *dm, void dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, sldns_buffer *qmsg) { @@ -374,11 +406,14 @@ dt_msg_send_client_query(struct dt_env *env, /* query_message */ dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); - /* socket_family, socket_protocol, query_address, query_port */ + /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, qsock, cptype, + dt_msg_fill_net(&dm, qsock, rsock, cptype, &dm.m.query_address, &dm.m.has_query_address, - &dm.m.query_port, &dm.m.has_query_port); + &dm.m.query_port, &dm.m.has_query_port, + &dm.m.response_address, &dm.m.has_response_address, + &dm.m.response_port, &dm.m.has_response_port); + if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); @@ -387,6 +422,7 @@ dt_msg_send_client_query(struct dt_env *env, void dt_msg_send_client_response(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, sldns_buffer *rmsg) { @@ -406,11 +442,13 @@ dt_msg_send_client_response(struct dt_env *env, /* response_message */ dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); - /* socket_family, socket_protocol, query_address, query_port */ + /* socket_family, socket_protocol, query_address, query_port, response_address, response_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, qsock, cptype, + dt_msg_fill_net(&dm, qsock, rsock, cptype, &dm.m.query_address, &dm.m.has_query_address, - &dm.m.query_port, &dm.m.has_query_port); + &dm.m.query_port, &dm.m.has_query_port, + &dm.m.response_address, &dm.m.has_response_address, + &dm.m.response_port, &dm.m.has_response_port); if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); @@ -419,6 +457,7 @@ dt_msg_send_client_response(struct dt_env *env, void dt_msg_send_outside_query(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, sldns_buffer *qmsg) @@ -454,11 +493,13 @@ dt_msg_send_outside_query(struct dt_env *env, /* query_message */ dt_fill_buffer(qmsg, &dm.m.query_message, &dm.m.has_query_message); - /* socket_family, socket_protocol, response_address, response_port */ + /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, rsock, cptype, + dt_msg_fill_net(&dm, rsock, qsock, cptype, &dm.m.response_address, &dm.m.has_response_address, - &dm.m.response_port, &dm.m.has_response_port); + &dm.m.response_port, &dm.m.has_response_port, + &dm.m.query_address, &dm.m.has_query_address, + &dm.m.query_port, &dm.m.has_query_port); if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); @@ -467,6 +508,7 @@ dt_msg_send_outside_query(struct dt_env *env, void dt_msg_send_outside_response(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, uint8_t *qbuf, size_t qbuf_len, @@ -510,11 +552,13 @@ dt_msg_send_outside_response(struct dt_env *env, /* response_message */ dt_fill_buffer(rmsg, &dm.m.response_message, &dm.m.has_response_message); - /* socket_family, socket_protocol, response_address, response_port */ + /* socket_family, socket_protocol, response_address, response_port, query_address, query_port */ log_assert(cptype == comm_udp || cptype == comm_tcp); - dt_msg_fill_net(&dm, rsock, cptype, + dt_msg_fill_net(&dm, rsock, qsock, cptype, &dm.m.response_address, &dm.m.has_response_address, - &dm.m.response_port, &dm.m.has_response_port); + &dm.m.response_port, &dm.m.has_response_port, + &dm.m.query_address, &dm.m.has_query_address, + &dm.m.query_port, &dm.m.has_query_port); if (dt_pack(&dm.d, &dm.buf, &dm.len_buf)) dt_send(env, dm.buf, dm.len_buf); diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index 783b8c514..449fae727 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -123,12 +123,14 @@ dt_delete(struct dt_env *env); * Create and send a new dnstap "Message" event of type CLIENT_QUERY. * @param env: dnstap environment object. * @param qsock: address/port of client. + * @param rsock: local (service) address/port. * @param cptype: comm_udp or comm_tcp. * @param qmsg: query message. */ void dt_msg_send_client_query(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, struct sldns_buffer *qmsg); @@ -136,12 +138,14 @@ dt_msg_send_client_query(struct dt_env *env, * Create and send a new dnstap "Message" event of type CLIENT_RESPONSE. * @param env: dnstap environment object. * @param qsock: address/port of client. + * @param rsock: local (service) address/port. * @param cptype: comm_udp or comm_tcp. * @param rmsg: response message. */ void dt_msg_send_client_response(struct dt_env *env, struct sockaddr_storage *qsock, + struct sockaddr_storage *rsock, enum comm_point_type cptype, struct sldns_buffer *rmsg); @@ -150,7 +154,8 @@ dt_msg_send_client_response(struct dt_env *env, * FORWARDER_QUERY. The type used is dependent on the value of the RD bit * in the query header. * @param env: dnstap environment object. - * @param rsock: address/port of server the query is being sent to. + * @param rsock: address/port of server (upstream) the query is being sent to. + * @param qsock: address/port of server (local) the query is being sent from. * @param cptype: comm_udp or comm_tcp. * @param zone: query zone. * @param zone_len: length of zone. @@ -159,6 +164,7 @@ dt_msg_send_client_response(struct dt_env *env, void dt_msg_send_outside_query(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, struct sldns_buffer *qmsg); @@ -168,7 +174,8 @@ dt_msg_send_outside_query(struct dt_env *env, * FORWARDER_RESPONSE. The type used is dependent on the value of the RD bit * in the query header. * @param env: dnstap environment object. - * @param rsock: address/port of server the response was received from. + * @param rsock: address/port of server (upstream) the response was received from. + * @param qsock: address/port of server (local) the response was received to. * @param cptype: comm_udp or comm_tcp. * @param zone: query zone. * @param zone_len: length of zone. @@ -181,6 +188,7 @@ dt_msg_send_outside_query(struct dt_env *env, void dt_msg_send_outside_response(struct dt_env *env, struct sockaddr_storage *rsock, + struct sockaddr_storage *qsock, enum comm_point_type cptype, uint8_t *zone, size_t zone_len, uint8_t *qbuf, size_t qbuf_len, diff --git a/doc/Changelog b/doc/Changelog index c3223b05a..b6bbfa210 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,140 @@ +11 March 2021: Wouter + - Fix parse of LOC RR type for decimetres. + +5 March 2021: Wouter + - Workaround for #439: prevent loops in the reuse rbtree. + - Debug output for #411 and #439: printout internal error and details. + +4 March 2021: Wouter + - iana portlist update. + - Fix spurious errors about "Could not generate request: out of + memory". The mesh detect cycle routine no longer wrongly stops + the check when the calling mesh state is unique. + +26 February 2021: George + - Fix for #367: rc_ports don't have ub_sock; skip cleaning up. + +26 February 2021: Wouter + - Fix: Resolve interface names on control-interface too. + +25 February 2021: Wouter + - Merge PR #367 : DNSTAP log local address. With code from PR #365 + and fixes #368 : dnstap does not log the DNS message ID for + FORWARDER_QUERY. + - Fix to allow rpz with wildcard that applies to all TLDs at once. + +24 February 2021: George + - Fix #384: (1) A minor request to improve the log (2) A minor bug in one + log message. + - ipsecmod: Better logging for detecting a cycle when attaching the + A/AAAA subquery. + +24 February 2021: Wouter + - On startup of unbound it checks if rlimits on memory size look + sufficient for the configured cache size, and logs warning if not. + - Fix function documentation. + - Fix unit test for added ulimit checks. + - spelling fix in header. + +23 February 2021: Wouter + - Fix for zonemd, that domain-insecure zones work without dnssec. + - Fix for zonemd, do not reject insecure result from trust anchor + validation step in dnssec chain of trust. + +22 February 2021: Wouter + - Fix #431: Squelch permission denied errors for tcp connect + and udp connect from the logs, unless at high verbosity. + - Fix for zonemd, that nxdomain for the chain of trust is allowed + for island zones, it is treated as an insecure zone for verification. + +18 February 2021: Wouter + - Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support. + ZONEMD records are checked for zones loaded as auth-zone, + with DNSSEC if available. There is an added option + zonemd-permissive-mode that makes it log but not fail wrong zones. + With zonemd-reject-absence for an auth-zone the presence of a + zonemd can be mandated for specific zones. + - Fix doxygen and pydoc warnings. + - Fix #429: rpz: url: with https: broken (regression in 1.13.1). + - rpz skip nsec3param records, and nicer log for unsupported actions. + +15 February 2021: Wouter + - Fix #422: IPv6 fallback issues when IPv6 is not properly + enabled/configured. + - Fix to make tests work with support indicators set for iterator. + - Fix build on Python 3.10. + +10 February 2021: Wouter + - Merge PR #420 from dyunwei: DOH not responsing with + "http2_query_read_done failure" logged. + +9 February 2021: Wouter + - Fix for Python 3.9, no longer use deprecated functions of + PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now + none), PyParser_SimpleParseFile (now Py_CompileString). + +4 February 2021: Wouter + - release 1.13.1rc2 tag on branch-1.13.1 with added changes of 2 feb. + This became 1.13.1 release tag on 9 feb. The main branch is set + to version 1.13.2. + +2 February 2021: Wouter + - branch-1.13.1 is created, with release-1.13.1rc1 tag. + - Fix dynlibmod link on rhel8 for -ldl inclusion. + - Fix windows dependency on libssp.dll because of default stack + protector in mingw. + - Fix indentation of root anchor for use by windows install script. + +1 February 2021: George + - Attempt to fix NULL keys in the reuse_tcp tree; relates to #411. + +29 January 2021: Wouter + - Fix for doxygen 1.8.20 compatibility. + +28 January 2021: Wouter + - Annotate that we ignore the return value of if_indextoname. + - Fix to use correct type for label count in rpz routine. + - Fix empty clause warning in config_file nsid parse. + - Fix to use correct type for label count in ipdnametoaddr rpz routine. + - Fix empty clause warning in edns pass for padding. + - Fix fwd ancil test post script when not supported. + +26 January 2021: George + - Merge PR #408 from fobser: Prevent a few more yacc clashes. + - Merge PR #275 from Roland van Rijswijk-Deij: Add feature to return the + original instead of a decrementing TTL ('serve-original-ttl') + - Merge PR #355 from noloader: Make ICANN Update CA and DS Trust Anchor + static data. + - Ignore cache blacklisting when trying to reply with expired data from + cache (#394). + +26 January 2021: Wouter + - Fix compile of unbound-dnstap-socket without dnstap installed. + +22 January 2021: Willem + - Padding of queries and responses with DNS over TLS as specified in + RFC7830 and RFC8467. + +22 January 2021: George + - Fix TTL of SOA record for negative answers (localzone and + authzone data) to be the minimum of the SOA TTL and the SOA.MINIMUM. + +19 January 2021: Willem + - Support for RFC5001: DNS Name Server Identifier (NSID) Option + with the nsid: option in unbound.conf + +18 January 2021: Wouter + - Fix #404: DNS query with small edns bufsize fail. + - Fix declaration before statement and signed comparison warning in + dns64. + +15 January 2021: Wouter + - Merge #402 from fobser: Implement IPv4-Embedded addresses according + to RFC6052. + +14 January 2021: Wouter + - Fix for #93: dynlibmodule import library is named libunbound.dll.a. + 13 January 2021: Wouter - Merge #399 from xiangbao227: The lock of lruhash table should unlocked after markdel entry. diff --git a/doc/FEATURES b/doc/FEATURES index 076988ea9..8d69aba9b 100644 --- a/doc/FEATURES +++ b/doc/FEATURES @@ -39,6 +39,7 @@ RFC 4343: case insensitive handling of domain names. RFC 4509: SHA256 DS hash. RFC 4592: wildcards. RFC 4697: No DNS Resolution Misbehavior. +RFC 5001: DNS Name Server Identifier (NSID) Option RFC 5011: update of trust anchors with timers. RFC 5155: NSEC3, NSEC3PARAM types RFC 5358: reflectors-are-evil: access control list for recursive diff --git a/doc/TODO b/doc/TODO index a2690451a..839656154 100644 --- a/doc/TODO +++ b/doc/TODO @@ -14,7 +14,6 @@ o (option) store primed key data in a overlaid keyhints file (sort of like draft o windows version, auto update feature, a query to check for the version. o command the server with TSIG inband. get-config, clearcache, get stats, get memstats, get ..., reload, clear one zone from cache -o NSID rfc 5001 support. o timers rfc 5011 support. o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. o make timeout backoffs randomized (a couple percent random) to spread traffic. diff --git a/doc/example.conf.in b/doc/example.conf.in index b4870a344..4875db5c2 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -377,6 +377,9 @@ server: # the version to report. Leave "" or default to return package version. # version: "" + # NSID identity (hex string, or "ascii_somestring"). default disabled. + # nsid: "aabbccdd" + # the target fetch policy. # series of integers describing the policy per dependency depth. # The number of values in the list determines the maximum dependency @@ -388,7 +391,7 @@ server: # target-fetch-policy: "3 2 1 0 0" # Harden against very small EDNS buffer sizes. - # harden-short-bufsize: no + # harden-short-bufsize: yes # Harden against unseemly large queries. # harden-large-queries: no @@ -595,6 +598,13 @@ server: # A recommended value is 1800. # serve-expired-client-timeout: 0 + # Return the original TTL as received from the upstream name server rather + # than the decrementing TTL as stored in the cache. Enabling this feature + # does not impact cache expiry, it only changes the TTL unbound embeds in + # responses to queries. Note that enabling this feature implicitly disables + # enforcement of the configured minimum and maximum TTL. + # serve-original-ttl: no + # Have the validator log failed validations for your diagnosis. # 0: off. 1: A line per failed user query. 2: With reason and bad IP. # val-log-level: 0 @@ -605,6 +615,9 @@ server: # List in ascending order the keysize and count values. # val-nsec3-keysize-iterations: "1024 150 2048 500 4096 2500" + # if enabled, ZONEMD verification failures do not block the zone. + # zonemd-permissive-mode: no + # instruct the auto-trust-anchor-file probing to add anchors after ttl. # add-holddown: 2592000 # 30 days @@ -755,6 +768,12 @@ server: # cipher setting for TLSv1.3 # tls-ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" + # Pad responses to padded queries received over TLS + # pad-responses: yes + + # Padded responses will be padded to the closest multiple of this size. + # pad-responses-block-size: 468 + # Use the SNI extension for TLS connections. Default is yes. # Changing the value requires a reload. # tls-use-sni: yes @@ -777,6 +796,12 @@ server: # Add system certs to the cert bundle, from the Windows Cert Store # tls-win-cert: no + # Pad queries over TLS upstreams + # pad-queries: yes + + # Padded queries will be padded to the closest multiple of this size. + # pad-queries-block-size: 128 + # Also serve tls on these port numbers (eg. 443, ...), by listing # tls-additional-port: portno for each of the port numbers. @@ -1000,6 +1025,7 @@ remote-control: # name: "example.org" # for-downstream: yes # for-upstream: yes +# zonemd-reject-absence: no # zonefile: "example.org.zone" # Views diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 06e9e9ad3..a8c323e2f 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -564,6 +564,26 @@ and that is the default. Set the list of ciphersuites to allow when serving TLS. This is for newer TLS 1.3 connections. Use "" for defaults, and that is the default. .TP +.B pad\-responses: \fI +If enabled, TLS serviced queries that contained an EDNS Padding option will +cause responses padded to the closest multiple of the size specified in +\fBpad\-responses\-block\-size\fR. +Default is yes. +.TP +.B pad\-responses\-block\-size: \fI +The block size with which to pad responses serviced over TLS. Only responses +to padded queries will be padded. +Default is 468. +.TP +.B pad\-queries: \fI +If enabled, all queries sent over TLS upstreams will be padded to the closest +multiple of the size specified in \fBpad\-queries\-block\-size\fR. +Default is yes. +.TP +.B pad\-queries\-block\-size: \fI +The block size with which to pad queries sent over TLS upstreams. +Default is 128. +.TP .B tls\-use\-sni: \fI Enable or disable sending the SNI extension on TLS connections. Default is yes. @@ -819,6 +839,11 @@ If enabled version.server and version.bind queries are refused. Set the version to report. If set to "", the default, then the package version is returned. .TP +.B nsid:\fR +Add the specified nsid to the EDNS section of the answer when queried +with an NSID EDNS enabled packet. As a sequence of hex characters or +with ascii_ prefix and then an ascii string. +.TP .B hide\-trustanchor: \fI If enabled trustanchor.unbound queries are refused. .TP @@ -839,9 +864,8 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour rumoured to be closer to that of BIND 8. .TP .B harden\-short\-bufsize: \fI -Very small EDNS buffer sizes from queries are ignored. Default is off, since -it is legal protocol wise to send these, and unbound tries to give very -small answers to these queries, where possible. +Very small EDNS buffer sizes from queries are ignored. Default is on, as +described in the standard. .TP .B harden\-large\-queries: \fI Very large queries are ignored. Default is off, since it is legal protocol @@ -1163,6 +1187,19 @@ responding with expired data. A recommended value per RFC 8767 is 1800. Setting this to 0 will disable this behavior. Default is 0. .TP +.B serve\-original\-ttl: \fI +If enabled, unbound will always return the original TTL as received from +the upstream name server rather than the decrementing TTL as +stored in the cache. This feature may be useful if unbound serves as a +front-end to a hidden authoritative name server. Enabling this feature does +not impact cache expiry, it only changes the TTL unbound embeds in responses to +queries. Note that enabling this feature implicitly disables enforcement of +the configured minimum and maximum TTL, as it is assumed users who enable this +feature do not want unbound to change the TTL obtained from an upstream server. +Thus, the values set using \fBcache\-min\-ttl\fR and \fBcache\-max\-ttl\fR are +ignored. +Default is "no". +.TP .B val\-nsec3\-keysize\-iterations: \fI<"list of values"> List of keysize and iteration count values, separated by spaces, surrounded by quotes. Default is "1024 150 2048 500 4096 2500". This determines the @@ -1172,6 +1209,12 @@ be in ascending order and have at least one entry. If you set it to "1024 65535" there is no restriction to NSEC3 iteration values. This table must be kept short; a very long list could cause slower operation. .TP +.B zonemd\-permissive\-mode: \fI +If enabled the ZONEMD verification failures are only logged and do not cause +the zone to be blocked and only return servfail. Useful for testing out +if it works, or if the operator only wants to be notified of a problem without +disrupting service. Default is no. +.TP .B add\-holddown: \fI Instruct the \fBauto\-trust\-anchor\-file\fR probe mechanism for RFC5011 autotrust updates to add new trust anchors only after they have been @@ -1839,6 +1882,19 @@ to the authority servers for this zone, it'll fetch the data directly from the zone data. Turn it on when you want unbound to provide recursion for downstream clients, and use the zone data as a local copy to speed up lookups. .TP +.B zonemd\-reject\-absence: \fI +Enable this option to reject the absence of the ZONEMD record. Without it, +when zonemd is not there it is not checked. It is useful to enable for a +nonDNSSEC signed zone where the operator wants to require the verification +of a ZONEMD, hence a missing ZONEMD is a failure. The action upon +failure is controlled by the \fBzonemd\-permissive\-mode\fR option, for +log only or also block the zone. The default is no. +.IP +Without the option absence of a ZONEMD is only a failure when the zone is +DNSSEC signed, and we have a trust anchor, and the DNSSEC verification of +the absence of the ZONEMD fails. With the option enabled, the absence of +a ZONEMD is always a failure, also for nonDNSSEC signed zones. +.TP .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, unbound will attempt to fetch zone diff --git a/doc/unbound.doxygen b/doc/unbound.doxygen index 45f49b367..4c32d8943 100644 --- a/doc/unbound.doxygen +++ b/doc/unbound.doxygen @@ -1143,7 +1143,7 @@ COMPACT_LATEX = NO # by the printer. Possible values are: a4, a4wide, letter, legal and # executive. If left blank a4wide will be used. -PAPER_TYPE = a4wide +#PAPER_TYPE = a4wide # The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX # packages that should be included in the LaTeX output. @@ -1451,7 +1451,7 @@ EXTERNAL_GROUPS = YES # The PERL_PATH should be the absolute path and name of the perl script # interpreter (i.e. the result of `which perl'). -PERL_PATH = /usr/bin/perl +#PERL_PATH = /usr/bin/perl #--------------------------------------------------------------------------- # Configuration options related to the dot tool @@ -1473,7 +1473,7 @@ CLASS_DIAGRAMS = YES # the mscgen tool resides. If left empty the tool is assumed to be found in the # default search path. -MSCGEN_PATH = +#MSCGEN_PATH = # If set to YES, the inheritance and collaboration graphs will hide # inheritance and usage relations if the target is undocumented diff --git a/dynlibmod/examples/helloworld.c b/dynlibmod/examples/helloworld.c index 7da32d9bb..be2116843 100644 --- a/dynlibmod/examples/helloworld.c +++ b/dynlibmod/examples/helloworld.c @@ -7,8 +7,10 @@ * And to build for windows, first make unbound with the --with-dynlibmod * switch, then use this command: * x86_64-w64-mingw32-gcc -m64 -I../.. -shared -Wall -Werror -fpic - * -o helloworld.dll helloworld.c -L../.. -l:libunbound.a - * to cross-compile a 64-bit Windows DLL. + * -o helloworld.dll helloworld.c -L../.. -l:libunbound.dll.a + * to cross-compile a 64-bit Windows DLL. The libunbound.dll.a is produced + * by the compile step that makes unbound.exe and allows the dynlib dll to + * access definitions in unbound.exe. */ #include "../../config.h" diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index f1b401b90..6c8589aba 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -205,7 +205,7 @@ subnetmod_init(struct module_env *env, int id) subnet_data_delete, NULL); slabhash_setmarkdel(sn_env->subnet_msg_cache, &subnet_markdel); if(!sn_env->subnet_msg_cache) { - log_err("subnet: could not create cache"); + log_err("subnetcache: could not create cache"); free(sn_env); env->modinfo[id] = NULL; return 0; @@ -214,21 +214,21 @@ subnetmod_init(struct module_env *env, int id) sn_env->whitelist = ecs_whitelist_create(); if(!sn_env->whitelist || !ecs_whitelist_apply_cfg(sn_env->whitelist, env->cfg)) { - log_err("subnet: could not create ECS whitelist"); + log_err("subnetcache: could not create ECS whitelist"); slabhash_delete(sn_env->subnet_msg_cache); free(sn_env); env->modinfo[id] = NULL; return 0; } - verbose(VERB_QUERY, "subnet: option registered (%d)", + verbose(VERB_QUERY, "subnetcache: option registered (%d)", env->cfg->client_subnet_opcode); /* Create new mesh state for all queries. */ env->unique_mesh = 1; if(!edns_register_option(env->cfg->client_subnet_opcode, env->cfg->client_subnet_always_forward /* bypass cache */, 0 /* no aggregation */, env)) { - log_err("subnet: could not register opcode"); + log_err("subnetcache: could not register opcode"); ecs_whitelist_delete(sn_env->whitelist); slabhash_delete(sn_env->subnet_msg_cache); free(sn_env); @@ -365,7 +365,7 @@ update_cache(struct module_qstate *qstate, int id) /* Step 2, find the correct tree */ if (!(tree = get_tree(lru_entry->data, edns, sne, qstate->env->cfg))) { lock_rw_unlock(&lru_entry->lock); - log_err("Subnet cache insertion failed"); + log_err("subnetcache: cache insertion failed"); return; } lock_quick_lock(&sne->alloc.lock); @@ -373,7 +373,7 @@ update_cache(struct module_qstate *qstate, int id) lock_quick_unlock(&sne->alloc.lock); if (!rep) { lock_rw_unlock(&lru_entry->lock); - log_err("Subnet cache insertion failed"); + log_err("subnetcache: cache insertion failed"); return; } @@ -487,7 +487,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) /* We have not asked for subnet data */ if (!sq->subnet_sent) { if (s_in->subnet_validdata) - verbose(VERB_QUERY, "subnet: received spurious data"); + verbose(VERB_QUERY, "subnetcache: received spurious data"); if (sq->subnet_downstream) /* Copy back to client */ cp_edns_bad_response(c_out, c_in); return module_finished; @@ -499,7 +499,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) * consequence the answer ended up in the regular cache. It * is still usefull to put it in the edns subnet cache for * when a client explicitly asks for subnet specific answer. */ - verbose(VERB_QUERY, "subnet: Authority indicates no support"); + verbose(VERB_QUERY, "subnetcache: Authority indicates no support"); if(!sq->started_no_cache_store) { lock_rw_wrlock(&sne->biglock); update_cache(qstate, id); @@ -521,7 +521,7 @@ eval_response(struct module_qstate *qstate, int id, struct subnet_qstate *sq) s_out->subnet_source_mask)) { /* we can not accept, restart query without option */ - verbose(VERB_QUERY, "subnet: forged data"); + verbose(VERB_QUERY, "subnetcache: forged data"); s_out->subnet_validdata = 0; (void)edns_opt_list_remove(&qstate->edns_opts_back_out, qstate->env->cfg->client_subnet_opcode); @@ -700,10 +700,10 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, struct subnet_env *sne = qstate->env->modinfo[id]; struct subnet_qstate *sq = (struct subnet_qstate*)qstate->minfo[id]; - verbose(VERB_QUERY, "subnet[module %d] operate: extstate:%s " + verbose(VERB_QUERY, "subnetcache[module %d] operate: extstate:%s " "event:%s", id, strextstate(qstate->ext_state[id]), strmodulevent(event)); - log_query_info(VERB_QUERY, "subnet operate: query", &qstate->qinfo); + log_query_info(VERB_QUERY, "subnetcache operate: query", &qstate->qinfo); if((event == module_event_new || event == module_event_pass) && sq == NULL) { @@ -738,7 +738,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, /* No clients are interested in result or we could not * parse it, we don't do client subnet */ sq->ecs_server_out.subnet_validdata = 0; - verbose(VERB_ALGO, "subnet: pass to next module"); + verbose(VERB_ALGO, "subnetcache: pass to next module"); qstate->ext_state[id] = module_wait_module; return; } @@ -758,7 +758,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, if (lookup_and_reply(qstate, id, sq)) { sne->num_msg_cache++; lock_rw_unlock(&sne->biglock); - verbose(VERB_QUERY, "subnet: answered from cache"); + verbose(VERB_QUERY, "subnetcache: answered from cache"); qstate->ext_state[id] = module_finished; ecs_opt_list_append(&sq->ecs_client_out, @@ -798,7 +798,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, /* pass request to next module */ verbose(VERB_ALGO, - "subnet: not found in cache. pass to next module"); + "subnetcache: not found in cache. pass to next module"); qstate->ext_state[id] = module_wait_module; return; } @@ -819,7 +819,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, /* We are being revisited */ if(event == module_event_pass || event == module_event_new) { /* Just pass it on, we already did the work */ - verbose(VERB_ALGO, "subnet: pass to next module"); + verbose(VERB_ALGO, "subnetcache: pass to next module"); qstate->ext_state[id] = module_wait_module; return; } @@ -828,7 +828,7 @@ subnetmod_operate(struct module_qstate *qstate, enum module_ev event, qstate->ext_state[id] = module_finished; return; } - log_err("subnet: bad event %s", strmodulevent(event)); + log_err("subnetcache: bad event %s", strmodulevent(event)); qstate->ext_state[id] = module_error; return; } @@ -861,7 +861,7 @@ subnetmod_get_mem(struct module_env *env, int id) * The module function block */ static struct module_func_block subnetmod_block = { - "subnet", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, + "subnetcache", &subnetmod_init, &subnetmod_deinit, &subnetmod_operate, &subnetmod_inform_super, &subnetmod_clear, &subnetmod_get_mem }; diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c index a1f40a512..e443e882b 100644 --- a/ipsecmod/ipsecmod.c +++ b/ipsecmod/ipsecmod.c @@ -151,6 +151,17 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name, ask.qclass = qclass; ask.local_alias = NULL; log_query_info(VERB_ALGO, "ipsecmod: generate request", &ask); + + /* Explicitly check for cycle before trying to attach. Will result in + * cleaner error message. The attach_sub code also checks for cycle but the + * message will be out of memory in both cases then. */ + fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle)); + if((*qstate->env->detect_cycle)(qstate, &ask, + (uint16_t)(BIT_RD|flags), 0, 0)) { + verbose(VERB_ALGO, "Could not generate request: cycle detected"); + return 0; + } + fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); if(!(*qstate->env->attach_sub)(qstate, &ask, (uint16_t)(BIT_RD|flags), 0, 0, &newq)){ diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 7bc67da69..94fa18f63 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -50,6 +50,7 @@ #include "services/cache/infra.h" #include "services/cache/dns.h" #include "services/cache/rrset.h" +#include "services/outside_network.h" #include "util/net_help.h" #include "util/module.h" #include "util/log.h" @@ -1435,3 +1436,19 @@ iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf) } return 0; } + +void iterator_set_ip46_support(struct module_stack* mods, + struct module_env* env, struct outside_network* outnet) +{ + int m = modstack_find(mods, "iterator"); + struct iter_env* ie = NULL; + if(m == -1) + return; + ie = (struct iter_env*)env->modinfo[m]; + if(outnet->pending == NULL) + return; /* we are in testbound, no rbtree for UDP */ + if(outnet->num_ip4 == 0) + ie->supports_ipv4 = 0; + if(outnet->num_ip6 == 0) + ie->supports_ipv6 = 0; +} diff --git a/iterator/iter_utils.h b/iterator/iter_utils.h index f771930bb..7be79cf4a 100644 --- a/iterator/iter_utils.h +++ b/iterator/iter_utils.h @@ -59,6 +59,8 @@ struct reply_info; struct module_qstate; struct sock_list; struct ub_packed_rrset_key; +struct module_stack; +struct outside_network; /** * Process config options and set iterator module state. @@ -130,7 +132,7 @@ struct dns_msg* dns_copy_msg(struct dns_msg* from, struct regional* regional); * can be prefetch-updates. * @param region: to copy modified (cache is better) rrs back to. * @param flags: with BIT_CD for dns64 AAAA translated queries. - * @return void, because we are not interested in alloc errors, + * return void, because we are not interested in alloc errors, * the iterator and validator can operate on the results in their * scratch space (the qstate.region) and are not dependent on the cache. * It is useful to log the alloc failure (for the server operator), @@ -385,4 +387,16 @@ int iter_dp_cangodown(struct query_info* qinfo, struct delegpt* dp); int iter_stub_fwd_no_cache(struct module_qstate *qstate, struct query_info *qinf); +/** + * Set support for IP4 and IP6 depending on outgoing interfaces + * in the outside network. If none, no support, so no use to lookup + * the AAAA and then attempt to use it if there is no outgoing-interface + * for it. + * @param mods: modstack to find iterator module in. + * @param env: module env, find iterator module (if one) in there. + * @param outnet: outside network structure. + */ +void iterator_set_ip46_support(struct module_stack* mods, + struct module_env* env, struct outside_network* outnet); + #endif /* ITERATOR_ITER_UTILS_H */ diff --git a/libunbound/context.c b/libunbound/context.c index cff2831a7..267366ae5 100644 --- a/libunbound/context.c +++ b/libunbound/context.c @@ -78,7 +78,8 @@ context_finalize(struct ub_ctx* ctx) return UB_NOMEM; if(!local_zones_apply_cfg(ctx->local_zones, cfg)) return UB_INITFAIL; - if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz)) + if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz, + ctx->env, &ctx->mods)) return UB_INITFAIL; if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg)) return UB_INITFAIL; diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 03bbaf768..7f46df386 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -577,6 +577,7 @@ setup_qinfo_edns(struct libworker* w, struct ctx_query* q, edns->edns_version = 0; edns->bits = EDNS_DO; edns->opt_list = NULL; + edns->padding_block_size = 0; if(sldns_buffer_capacity(w->back->udp_buff) < 65535) edns->udp_size = (uint16_t)sldns_buffer_capacity( w->back->udp_buff); diff --git a/libunbound/python/libunbound.i b/libunbound/python/libunbound.i index a23c45b9c..ab244a6fb 100644 --- a/libunbound/python/libunbound.i +++ b/libunbound/python/libunbound.i @@ -916,7 +916,13 @@ int _ub_resolve_async(struct ub_ctx* ctx, char* name, int rrtype, int rrclass, v struct cb_data* id; id = (struct cb_data*) iddata; arglist = Py_BuildValue("(OiO)",id->data,status, SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_ub_result, 0 | 0 )); // Build argument list +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) + /* for python before 3.9 */ fresult = PyEval_CallObject(id->func,arglist); // Call Python +#else + /* for python 3.9 and newer */ + fresult = PyObject_Call(id->func,arglist,NULL); +#endif Py_DECREF(id->func); Py_DECREF(id->data); free(id); diff --git a/makedist.sh b/makedist.sh index c3bfcaad3..25cabe136 100755 --- a/makedist.sh +++ b/makedist.sh @@ -412,6 +412,11 @@ if [ "$DOWIN" = "yes" ]; then cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt ../contrib/create_unbound_ad_servers.cmd ../contrib/warmup.cmd ../contrib/unbound_cache.cmd . mkdir libunbound cp ../../unbound_shared/unbound.h ../../unbound_shared/.libs/libunbound*.dll ../../unbound_shared/.libs/libunbound.dll.a ../../unbound_shared/.libs/libunbound.a ../../unbound_shared/.libs/libunbound*.def ../../sslsharedinstall/lib/libcrypto.dll.a ../../sslsharedinstall/lib/libssl.dll.a ../../sslsharedinstall/bin/libcrypto*.dll ../../sslsharedinstall/bin/libssl*.dll ../../wxpinstall/bin/libexpat*.dll ../../wxpinstall/lib/libexpat.dll.a libunbound/. + if test "$W64" = "no"; then + cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll libunbound/. + else + cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libssp-0.dll libunbound/. + fi # zipfile zip -r ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf root.key unbound-website.url create_unbound_ad_servers.cmd warmup.cmd unbound_cache.cmd Changelog libunbound info "Testing $file" diff --git a/pythonmod/doc/modules/functions.rst b/pythonmod/doc/modules/functions.rst index 333f696b8..951a17f94 100644 --- a/pythonmod/doc/modules/functions.rst +++ b/pythonmod/doc/modules/functions.rst @@ -92,7 +92,7 @@ Inplace callbacks .. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs) Function prototype for callback functions used in - `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_, + `register_inplace_cb_reply`, `register_inplace_cb_reply_cache`, `register_inplace_cb_reply_local` and `register_inplace_cb_reply_servfail`. :param qinfo: :class:`query_info` @@ -109,7 +109,7 @@ Inplace callbacks .. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region) Function prototype for callback functions used in - `register_inplace_cb_query`_. + `register_inplace_cb_query`. :param qinfo: :class:`query_info` :param flags: query flags (integer) @@ -122,7 +122,7 @@ Inplace callbacks Register py_cb as an inplace reply callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -132,7 +132,7 @@ Inplace callbacks Register py_cb as an inplace reply_cache callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -142,7 +142,7 @@ Inplace callbacks Register py_cb as an inplace reply_local callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -152,7 +152,7 @@ Inplace callbacks Register py_cb as an inplace reply_servfail callback function. - :param py_cb: Python function that follows `inplace_cb_reply`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_reply`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise @@ -162,7 +162,7 @@ Inplace callbacks Register py_cb as an inplace query callback function. - :param py_cb: Python function that follows `inplace_cb_query`_'s prototype. **Must** be callable. + :param py_cb: Python function that follows `inplace_cb_query`'s prototype. **Must** be callable. :param env: :class:`module_env` :param id: Module ID. :return: True on success, False otherwise diff --git a/pythonmod/pythonmod.c b/pythonmod/pythonmod.c index 9006429ef..6e60d02fe 100644 --- a/pythonmod/pythonmod.c +++ b/pythonmod/pythonmod.c @@ -299,7 +299,10 @@ int pythonmod_init(struct module_env* env, int id) PyImport_AppendInittab(SWIG_name, (void*)SWIG_init); #endif Py_Initialize(); +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION <= 6) + /* initthreads only for python 3.6 and older */ PyEval_InitThreads(); +#endif SWIG_init(); mainthr = PyEval_SaveThread(); } @@ -335,7 +338,7 @@ int pythonmod_init(struct module_env* env, int id) PyFileObject = PyFile_FromString((char*)pe->fname, "r"); script_py = PyFile_AsFile(PyFileObject); #else - script_py = _Py_fopen(pe->fname, "r"); + script_py = fopen(pe->fname, "r"); #endif if (script_py == NULL) { @@ -354,6 +357,8 @@ int pythonmod_init(struct module_env* env, int id) /* TODO: deallocation of pe->... if an error occurs */ if (PyRun_SimpleFile(script_py, pe->fname) < 0) { +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) + /* for python before 3.9 */ log_err("pythonmod: can't parse Python script %s", pe->fname); /* print the error to logs too, run it again */ fseek(script_py, 0, SEEK_SET); @@ -369,9 +374,45 @@ int pythonmod_init(struct module_env* env, int id) /* ignore the NULL return of _node, it is NULL due to the parse failure * that we are expecting */ (void)PyParser_SimpleParseFile(script_py, pe->fname, Py_file_input); +#else + /* for python 3.9 and newer */ + char* fstr = NULL; + size_t flen = 0; + log_err("pythonmod: can't parse Python script %s", pe->fname); + /* print the error to logs too, run it again */ + fseek(script_py, 0, SEEK_END); + flen = (size_t)ftell(script_py); + fstr = malloc(flen+1); + if(!fstr) { + log_err("malloc failure to print parse error"); + PyGILState_Release(gil); + fclose(script_py); + return 0; + } + fseek(script_py, 0, SEEK_SET); + if(fread(fstr, flen, 1, script_py) < 1) { + log_err("file read failed to print parse error: %s: %s", + pe->fname, strerror(errno)); + PyGILState_Release(gil); + fclose(script_py); + free(fstr); + return 0; + } + fstr[flen] = 0; + /* we compile the string, but do not run it, to stop side-effects */ + /* ignore the NULL return of _node, it is NULL due to the parse failure + * that we are expecting */ + (void)Py_CompileString(fstr, pe->fname, Py_file_input); +#endif log_py_err(); PyGILState_Release(gil); fclose(script_py); +#if PY_MAJOR_VERSION <= 2 || (PY_MAJOR_VERSION == 3 && PY_MINOR_VERSION < 9) + /* no cleanup needed for python before 3.9 */ +#else + /* cleanup for python 3.9 and newer */ + free(fstr); +#endif return 0; } #if PY_MAJOR_VERSION < 3 diff --git a/respip/respip.c b/respip/respip.c index 78f7f3dc5..633cde6e0 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -523,7 +523,7 @@ respip_copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region return NULL; /* guard against integer overflow */ dsize += data->rr_len[i]; } - d = regional_alloc(region, dsize); + d = regional_alloc_zero(region, dsize); if(!d) return NULL; *d = *data; diff --git a/services/authzone.c b/services/authzone.c index 3ad38865e..196fe6693 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -67,7 +67,11 @@ #include "sldns/parseutil.h" #include "sldns/keyraw.h" #include "validator/val_nsec3.h" +#include "validator/val_nsec.h" #include "validator/val_secalgo.h" +#include "validator/val_sigcrypt.h" +#include "validator/val_anchor.h" +#include "validator/val_utils.h" #include /** bytes to use for NSEC3 hash buffer. 20 for sha1 */ @@ -1741,9 +1745,43 @@ int auth_zone_write_file(struct auth_zone* z, const char* fname) return 1; } +/** offline verify for zonemd, while reading a zone file to immediately + * spot bad hashes in zonefile as they are read. + * Creates temp buffers, but uses anchors and validation environment + * from the module_env. */ +static void +zonemd_offline_verify(struct auth_zone* z, struct module_env* env_for_val, + struct module_stack* mods) +{ + struct module_env env; + time_t now = 0; + env = *env_for_val; + env.scratch_buffer = sldns_buffer_new(env.cfg->msg_buffer_size); + if(!env.scratch_buffer) { + log_err("out of memory"); + goto clean_exit; + } + env.scratch = regional_create(); + if(!env.now) { + env.now = &now; + now = time(NULL); + } + if(!env.scratch) { + log_err("out of memory"); + goto clean_exit; + } + auth_zone_verify_zonemd(z, &env, mods, NULL, 1, 0); + +clean_exit: + /* clean up and exit */ + sldns_buffer_free(env.scratch_buffer); + regional_destroy(env.scratch); +} + /** read all auth zones from file (if they have) */ static int -auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg) +auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg, + struct module_env* env, struct module_stack* mods) { struct auth_zone* z; lock_rw_wrlock(&az->lock); @@ -1754,12 +1792,162 @@ auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg) lock_rw_unlock(&az->lock); return 0; } + if(z->zonefile && z->zonefile[0]!=0 && env) + zonemd_offline_verify(z, env, mods); lock_rw_unlock(&z->lock); } lock_rw_unlock(&az->lock); return 1; } +/** fetch the content of a ZONEMD RR from the rdata */ +static int zonemd_fetch_parameters(struct auth_rrset* zonemd_rrset, size_t i, + uint32_t* serial, int* scheme, int* hashalgo, uint8_t** hash, + size_t* hashlen) +{ + size_t rr_len; + uint8_t* rdata; + if(i >= zonemd_rrset->data->count) + return 0; + rr_len = zonemd_rrset->data->rr_len[i]; + if(rr_len < 2+4+1+1) + return 0; /* too short, for rdlen+serial+scheme+algo */ + rdata = zonemd_rrset->data->rr_data[i]; + *serial = sldns_read_uint32(rdata+2); + *scheme = rdata[6]; + *hashalgo = rdata[7]; + *hashlen = rr_len - 8; + if(*hashlen == 0) + *hash = NULL; + else *hash = rdata+8; + return 1; +} + +/** + * See if the ZONEMD scheme, hash occurs more than once. + * @param zonemd_rrset: the zonemd rrset to check with the RRs in it. + * @param index: index of the original, this is allowed to have that + * scheme and hashalgo, but other RRs should not have it. + * @param scheme: the scheme to check for. + * @param hashalgo: the hash algorithm to check for. + * @return true if it occurs more than once. + */ +static int zonemd_is_duplicate_scheme_hash(struct auth_rrset* zonemd_rrset, + size_t index, int scheme, int hashalgo) +{ + size_t j; + for(j=0; jdata->count; j++) { + uint32_t serial2 = 0; + int scheme2 = 0, hashalgo2 = 0; + uint8_t* hash2 = NULL; + size_t hashlen2 = 0; + if(index == j) { + /* this is the original */ + continue; + } + if(!zonemd_fetch_parameters(zonemd_rrset, j, &serial2, + &scheme2, &hashalgo2, &hash2, &hashlen2)) { + /* malformed, skip it */ + continue; + } + if(scheme == scheme2 && hashalgo == hashalgo2) { + /* duplicate scheme, hash */ + verbose(VERB_ALGO, "zonemd duplicate for scheme %d " + "and hash %d", scheme, hashalgo); + return 1; + } + } + return 0; +} + +/** + * Check ZONEMDs if present for the auth zone. Depending on config + * it can warn or fail on that. Checks the hash of the ZONEMD. + * @param z: auth zone to check for. + * caller must hold lock on zone. + * @param env: module env for temp buffers. + * @param reason: returned on failure. + * @return false on failure, true if hash checks out. + */ +static int auth_zone_zonemd_check_hash(struct auth_zone* z, + struct module_env* env, char** reason) +{ + /* loop over ZONEMDs and see which one is valid. if not print + * failure (depending on config) */ + struct auth_data* apex; + struct auth_rrset* zonemd_rrset; + size_t i; + struct regional* region = NULL; + struct sldns_buffer* buf = NULL; + uint32_t soa_serial = 0; + region = env->scratch; + regional_free_all(region); + buf = env->scratch_buffer; + if(!auth_zone_get_serial(z, &soa_serial)) { + *reason = "zone has no SOA serial"; + return 0; + } + + apex = az_find_name(z, z->name, z->namelen); + if(!apex) { + *reason = "zone has no apex"; + return 0; + } + zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD); + if(!zonemd_rrset || zonemd_rrset->data->count==0) { + *reason = "zone has no ZONEMD"; + return 0; /* no RRset or no RRs in rrset */ + } + + /* we have a ZONEMD, check if it is correct */ + for(i=0; idata->count; i++) { + uint32_t serial = 0; + int scheme = 0, hashalgo = 0; + uint8_t* hash = NULL; + size_t hashlen = 0; + if(!zonemd_fetch_parameters(zonemd_rrset, i, &serial, &scheme, + &hashalgo, &hash, &hashlen)) { + /* malformed RR */ + *reason = "ZONEMD rdata malformed"; + continue; + } + /* check for duplicates */ + if(zonemd_is_duplicate_scheme_hash(zonemd_rrset, i, scheme, + hashalgo)) { + /* duplicate hash of the same scheme,hash + * is not allowed. */ + *reason = "ZONEMD RRSet contains more than one RR " + "with the same scheme and hash algorithm"; + continue; + } + regional_free_all(region); + if(serial != soa_serial) { + *reason = "ZONEMD serial is wrong"; + continue; + } + if(auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hash, hashlen, region, buf, reason)) { + /* success */ + if(verbosity >= VERB_ALGO) { + char zstr[255+1]; + dname_str(z->name, zstr); + verbose(VERB_ALGO, "auth-zone %s ZONEMD hash is correct", zstr); + } + return 1; + } + /* try next one */ + } + /* fail, we may have reason */ + if(!*reason) + *reason = "no ZONEMD records found"; + if(verbosity >= VERB_ALGO) { + char zstr[255+1]; + dname_str(z->name, zstr); + verbose(VERB_ALGO, "auth-zone %s ZONEMD failed: %s", zstr, *reason); + } + return 0; +} + /** find serial number of zone or false if none */ int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) @@ -1779,7 +1967,7 @@ auth_zone_get_serial(struct auth_zone* z, uint32_t* serial) } /** Find auth_zone SOA and populate the values in xfr(soa values). */ -static int +int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr) { struct auth_data* apex; @@ -1908,6 +2096,7 @@ auth_zones_cfg(struct auth_zones* az, struct config_auth* c) z->for_downstream = c->for_downstream; z->for_upstream = c->for_upstream; z->fallback_enabled = c->fallback_enabled; + z->zonemd_reject_absence = c->zonemd_reject_absence; if(c->isrpz && !z->rpz){ if(!(z->rpz = rpz_create(c))){ fatal_exit("Could not setup RPZ zones"); @@ -2000,7 +2189,8 @@ az_delete_deleted_zones(struct auth_zones* az) } int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, - int setup, int* is_rpz) + int setup, int* is_rpz, struct module_env* env, + struct module_stack* mods) { struct config_auth* p; az_setall_deleted(az); @@ -2016,7 +2206,7 @@ int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, } } az_delete_deleted_zones(az); - if(!auth_zones_read_zones(az, cfg)) + if(!auth_zones_read_zones(az, cfg, env, mods)) return 0; if(setup) { if(!auth_zones_setup_zones(az)) @@ -2331,7 +2521,8 @@ static int az_add_negative_soa(struct auth_zone* z, struct regional* region, struct dns_msg* msg) { - uint32_t minimum; + time_t minimum; + size_t i; struct packed_rrset_data* d; struct auth_rrset* soa; struct auth_data* apex = az_find_name(z, z->name, z->namelen); @@ -2348,9 +2539,11 @@ az_add_negative_soa(struct auth_zone* z, struct regional* region, /* last 4 bytes are minimum ttl in network format */ if(d->count == 0) return 0; if(d->rr_len[0] < 2+4) return 0; - minimum = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4)); - d->ttl = (time_t)minimum; - d->rr_ttl[0] = (time_t)minimum; + minimum = (time_t)sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4)); + minimum = d->ttlttl:minimum; + d->ttl = minimum; + for(i=0; i < d->count + d->rrsig_count; i++) + d->rr_ttl[i] = minimum; msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]); msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; @@ -4966,6 +5159,28 @@ xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env) lock_rw_unlock(&z->lock); } +/** reacquire locks and structures. Starts with no locks, ends + * with xfr and z locks, if fail, no z lock */ +static int xfr_process_reacquire_locks(struct auth_xfer* xfr, + struct module_env* env, struct auth_zone** z) +{ + /* release xfr lock, then, while holding az->lock grab both + * z->lock and xfr->lock */ + lock_rw_rdlock(&env->auth_zones->lock); + *z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, + xfr->dclass); + if(!*z) { + lock_rw_unlock(&env->auth_zones->lock); + lock_basic_lock(&xfr->lock); + *z = NULL; + return 0; + } + lock_rw_wrlock(&(*z)->lock); + lock_basic_lock(&xfr->lock); + lock_rw_unlock(&env->auth_zones->lock); + return 1; +} + /** process chunk list and update zone in memory, * return false if it did not work */ static int @@ -4975,21 +5190,12 @@ xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env, struct auth_zone* z; /* obtain locks and structures */ - /* release xfr lock, then, while holding az->lock grab both - * z->lock and xfr->lock */ lock_basic_unlock(&xfr->lock); - lock_rw_rdlock(&env->auth_zones->lock); - z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, - xfr->dclass); - if(!z) { - lock_rw_unlock(&env->auth_zones->lock); + if(!xfr_process_reacquire_locks(xfr, env, &z)) { /* the zone is gone, ignore xfr results */ - lock_basic_lock(&xfr->lock); return 0; } - lock_rw_wrlock(&z->lock); - lock_basic_lock(&xfr->lock); - lock_rw_unlock(&env->auth_zones->lock); + /* holding xfr and z locks */ /* apply data */ if(xfr->task_transfer->master->http) { @@ -5024,6 +5230,35 @@ xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env, " (or malformed RR)", xfr->task_transfer->master->host); return 0; } + + /* release xfr lock while verifying zonemd because it may have + * to spawn lookups in the state machines */ + lock_basic_unlock(&xfr->lock); + /* holding z lock */ + auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0); + if(z->zone_expired) { + char zname[256]; + /* ZONEMD must have failed */ + /* reacquire locks, so we hold xfr lock on exit of routine, + * and both xfr and z again after releasing xfr for potential + * state machine mesh callbacks */ + lock_rw_unlock(&z->lock); + if(!xfr_process_reacquire_locks(xfr, env, &z)) + return 0; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "xfr from %s: ZONEMD failed for %s, transfer is failed", xfr->task_transfer->master->host, zname); + xfr->zone_expired = 1; + lock_rw_unlock(&z->lock); + return 0; + } + /* reacquire locks, so we hold xfr lock on exit of routine, + * and both xfr and z again after releasing xfr for potential + * state machine mesh callbacks */ + lock_rw_unlock(&z->lock); + if(!xfr_process_reacquire_locks(xfr, env, &z)) + return 0; + /* holding xfr and z locks */ + if(xfr->have_zone) xfr->lease_time = *env->now; @@ -5107,6 +5342,7 @@ xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env) edns.edns_version = 0; edns.bits = EDNS_DO; edns.opt_list = NULL; + edns.padding_block_size = 0; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; @@ -6295,6 +6531,7 @@ xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env) edns.edns_version = 0; edns.bits = EDNS_DO; edns.opt_list = NULL; + edns.padding_block_size = 0; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; @@ -6967,3 +7204,1125 @@ compare_serial(uint32_t a, uint32_t b) return 1; } } + +int zonemd_hashalgo_supported(int hashalgo) +{ + if(hashalgo == ZONEMD_ALGO_SHA384) return 1; + if(hashalgo == ZONEMD_ALGO_SHA512) return 1; + return 0; +} + +int zonemd_scheme_supported(int scheme) +{ + if(scheme == ZONEMD_SCHEME_SIMPLE) return 1; + return 0; +} + +/** initialize hash for hashing with zonemd hash algo */ +static struct secalgo_hash* zonemd_digest_init(int hashalgo, char** reason) +{ + struct secalgo_hash *h; + if(hashalgo == ZONEMD_ALGO_SHA384) { + /* sha384 */ + h = secalgo_hash_create_sha384(); + if(!h) + *reason = "digest sha384 could not be created"; + return h; + } else if(hashalgo == ZONEMD_ALGO_SHA512) { + /* sha512 */ + h = secalgo_hash_create_sha512(); + if(!h) + *reason = "digest sha512 could not be created"; + return h; + } + /* unknown hash algo */ + *reason = "unsupported algorithm"; + return NULL; +} + +/** update the hash for zonemd */ +static int zonemd_digest_update(int hashalgo, struct secalgo_hash* h, + uint8_t* data, size_t len, char** reason) +{ + if(hashalgo == ZONEMD_ALGO_SHA384) { + if(!secalgo_hash_update(h, data, len)) { + *reason = "digest sha384 failed"; + return 0; + } + return 1; + } else if(hashalgo == ZONEMD_ALGO_SHA512) { + if(!secalgo_hash_update(h, data, len)) { + *reason = "digest sha512 failed"; + return 0; + } + return 1; + } + /* unknown hash algo */ + *reason = "unsupported algorithm"; + return 0; +} + +/** finish the hash for zonemd */ +static int zonemd_digest_finish(int hashalgo, struct secalgo_hash* h, + uint8_t* result, size_t hashlen, size_t* resultlen, char** reason) +{ + if(hashalgo == ZONEMD_ALGO_SHA384) { + if(hashlen < 384/8) { + *reason = "digest buffer too small for sha384"; + return 0; + } + if(!secalgo_hash_final(h, result, hashlen, resultlen)) { + *reason = "digest sha384 finish failed"; + return 0; + } + return 1; + } else if(hashalgo == ZONEMD_ALGO_SHA512) { + if(hashlen < 512/8) { + *reason = "digest buffer too small for sha512"; + return 0; + } + if(!secalgo_hash_final(h, result, hashlen, resultlen)) { + *reason = "digest sha512 finish failed"; + return 0; + } + return 1; + } + /* unknown algo */ + *reason = "unsupported algorithm"; + return 0; +} + +/** add rrsets from node to the list */ +static size_t authdata_rrsets_to_list(struct auth_rrset** array, + size_t arraysize, struct auth_rrset* first) +{ + struct auth_rrset* rrset = first; + size_t num = 0; + while(rrset) { + if(num >= arraysize) + return num; + array[num] = rrset; + num++; + rrset = rrset->next; + } + return num; +} + +/** compare rr list entries */ +static int rrlist_compare(const void* arg1, const void* arg2) +{ + struct auth_rrset* r1 = *(struct auth_rrset**)arg1; + struct auth_rrset* r2 = *(struct auth_rrset**)arg2; + uint16_t t1, t2; + if(r1 == NULL) t1 = LDNS_RR_TYPE_RRSIG; + else t1 = r1->type; + if(r2 == NULL) t2 = LDNS_RR_TYPE_RRSIG; + else t2 = r2->type; + if(t1 < t2) + return -1; + if(t1 > t2) + return 1; + return 0; +} + +/** add type RRSIG to rr list if not one there already, + * this is to perform RRSIG collate processing at that point. */ +static void addrrsigtype_if_needed(struct auth_rrset** array, + size_t arraysize, size_t* rrnum, struct auth_data* node) +{ + if(az_domain_rrset(node, LDNS_RR_TYPE_RRSIG)) + return; /* already one there */ + if((*rrnum) >= arraysize) + return; /* array too small? */ + array[*rrnum] = NULL; /* nothing there, but need entry in list */ + (*rrnum)++; +} + +/** collate the RRs in an RRset using the simple scheme */ +static int zonemd_simple_rrset(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct auth_data* node, + struct auth_rrset* rrset, struct regional* region, + struct sldns_buffer* buf, char** reason) +{ + /* canonicalize */ + struct ub_packed_rrset_key key; + memset(&key, 0, sizeof(key)); + key.entry.key = &key; + key.entry.data = rrset->data; + key.rk.dname = node->name; + key.rk.dname_len = node->namelen; + key.rk.type = htons(rrset->type); + key.rk.rrset_class = htons(z->dclass); + if(!rrset_canonicalize_to_buffer(region, buf, &key)) { + *reason = "out of memory"; + return 0; + } + regional_free_all(region); + + /* hash */ + if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf), + sldns_buffer_limit(buf), reason)) { + return 0; + } + return 1; +} + +/** count number of RRSIGs in a domain name rrset list */ +static size_t zonemd_simple_count_rrsig(struct auth_rrset* rrset, + struct auth_rrset** rrlist, size_t rrnum, + struct auth_zone* z, struct auth_data* node) +{ + size_t i, count = 0; + if(rrset) { + size_t j; + for(j = 0; jdata->count; j++) { + if(rrsig_rdata_get_type_covered(rrset->data-> + rr_data[j], rrset->data->rr_len[j]) == + LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + count++; + } + } + for(i=0; itype == LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + count += (rrlist[i]?rrlist[i]->data->rrsig_count:0); + } + return count; +} + +/** allocate sparse rrset data for the number of entries in tepm region */ +static int zonemd_simple_rrsig_allocs(struct regional* region, + struct packed_rrset_data* data, size_t count) +{ + data->rr_len = regional_alloc(region, sizeof(*data->rr_len) * count); + if(!data->rr_len) { + return 0; + } + data->rr_ttl = regional_alloc(region, sizeof(*data->rr_ttl) * count); + if(!data->rr_ttl) { + return 0; + } + data->rr_data = regional_alloc(region, sizeof(*data->rr_data) * count); + if(!data->rr_data) { + return 0; + } + return 1; +} + +/** add the RRSIGs from the rrs in the domain into the data */ +static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data, + size_t* done, struct auth_rrset** rrlist, size_t rrnum, + struct auth_zone* z, struct auth_data* node) +{ + size_t i; + for(i=0; itype == LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + for(j = 0; jdata->rrsig_count; j++) { + data->rr_len[*done] = rrlist[i]->data->rr_len[rrlist[i]->data->count + j]; + data->rr_ttl[*done] = rrlist[i]->data->rr_ttl[rrlist[i]->data->count + j]; + /* reference the rdata in the rrset, no need to + * copy it, it is no longer needed at the end of + * the routine */ + data->rr_data[*done] = rrlist[i]->data->rr_data[rrlist[i]->data->count + j]; + (*done)++; + } + } +} + +static void add_rrset_into_data(struct packed_rrset_data* data, + size_t* done, struct auth_rrset* rrset, + struct auth_zone* z, struct auth_data* node) +{ + if(rrset) { + size_t j; + for(j = 0; jdata->count; j++) { + if(rrsig_rdata_get_type_covered(rrset->data-> + rr_data[j], rrset->data->rr_len[j]) == + LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name)==0) { + /* omit RRSIGs over type ZONEMD at apex */ + continue; + } + data->rr_len[*done] = rrset->data->rr_len[j]; + data->rr_ttl[*done] = rrset->data->rr_ttl[j]; + /* reference the rdata in the rrset, no need to + * copy it, it is no longer need at the end of + * the routine */ + data->rr_data[*done] = rrset->data->rr_data[j]; + (*done)++; + } + } +} + +/** collate the RRSIGs using the simple scheme */ +static int zonemd_simple_rrsig(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct auth_data* node, + struct auth_rrset* rrset, struct auth_rrset** rrlist, size_t rrnum, + struct regional* region, struct sldns_buffer* buf, char** reason) +{ + /* the rrset pointer can be NULL, this means it is type RRSIG and + * there is no ordinary type RRSIG there. The RRSIGs are stored + * with the RRsets in their data. + * + * The RRset pointer can be nonNULL. This happens if there is + * no RR that is covered by the RRSIG for the domain. Then this + * RRSIG RR is stored in an rrset of type RRSIG. The other RRSIGs + * are stored in the rrset entries for the RRs in the rr list for + * the domain node. We need to collate the rrset's data, if any, and + * the rrlist's rrsigs */ + /* if this is the apex, omit RRSIGs that cover type ZONEMD */ + /* build rrsig rrset */ + size_t done = 0; + struct ub_packed_rrset_key key; + struct packed_rrset_data data; + memset(&key, 0, sizeof(key)); + memset(&data, 0, sizeof(data)); + key.entry.key = &key; + key.entry.data = &data; + key.rk.dname = node->name; + key.rk.dname_len = node->namelen; + key.rk.type = htons(LDNS_RR_TYPE_RRSIG); + key.rk.rrset_class = htons(z->dclass); + data.count = zonemd_simple_count_rrsig(rrset, rrlist, rrnum, z, node); + if(!zonemd_simple_rrsig_allocs(region, &data, data.count)) { + *reason = "out of memory"; + regional_free_all(region); + return 0; + } + /* all the RRSIGs stored in the other rrsets for this domain node */ + add_rrlist_rrsigs_into_data(&data, &done, rrlist, rrnum, z, node); + /* plus the RRSIGs stored in an rrset of type RRSIG for this node */ + add_rrset_into_data(&data, &done, rrset, z, node); + + /* canonicalize */ + if(!rrset_canonicalize_to_buffer(region, buf, &key)) { + *reason = "out of memory"; + regional_free_all(region); + return 0; + } + regional_free_all(region); + + /* hash */ + if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf), + sldns_buffer_limit(buf), reason)) { + return 0; + } + return 1; +} + +/** collate a domain's rrsets using the simple scheme */ +static int zonemd_simple_domain(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct auth_data* node, + struct regional* region, struct sldns_buffer* buf, char** reason) +{ + const size_t rrlistsize = 65536; + struct auth_rrset* rrlist[rrlistsize]; + size_t i, rrnum = 0; + /* see if the domain is out of scope, the zone origin, + * that would be omitted */ + if(!dname_subdomain_c(node->name, z->name)) + return 1; /* continue */ + /* loop over the rrsets in ascending order. */ + rrnum = authdata_rrsets_to_list(rrlist, rrlistsize, node->rrsets); + addrrsigtype_if_needed(rrlist, rrlistsize, &rrnum, node); + qsort(rrlist, rrnum, sizeof(*rrlist), rrlist_compare); + for(i=0; itype == LDNS_RR_TYPE_ZONEMD && + query_dname_compare(z->name, node->name) == 0) { + /* omit type ZONEMD at apex */ + continue; + } + if(rrlist[i] == NULL || rrlist[i]->type == + LDNS_RR_TYPE_RRSIG) { + if(!zonemd_simple_rrsig(z, hashalgo, h, node, + rrlist[i], rrlist, rrnum, region, buf, reason)) + return 0; + } else if(!zonemd_simple_rrset(z, hashalgo, h, node, + rrlist[i], region, buf, reason)) { + return 0; + } + } + return 1; +} + +/** collate the zone using the simple scheme */ +static int zonemd_simple_collate(struct auth_zone* z, int hashalgo, + struct secalgo_hash* h, struct regional* region, + struct sldns_buffer* buf, char** reason) +{ + /* our tree is sorted in canonical order, so we can just loop over + * the tree */ + struct auth_data* n; + RBTREE_FOR(n, struct auth_data*, &z->data) { + if(!zonemd_simple_domain(z, hashalgo, h, n, region, buf, + reason)) + return 0; + } + return 1; +} + +int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t hashlen, size_t* resultlen, + struct regional* region, struct sldns_buffer* buf, char** reason) +{ + struct secalgo_hash* h = zonemd_digest_init(hashalgo, reason); + if(!h) { + if(!*reason) + *reason = "digest init fail"; + return 0; + } + if(scheme == ZONEMD_SCHEME_SIMPLE) { + if(!zonemd_simple_collate(z, hashalgo, h, region, buf, reason)) { + if(!*reason) *reason = "scheme simple collate fail"; + secalgo_hash_delete(h); + return 0; + } + } + if(!zonemd_digest_finish(hashalgo, h, hash, hashlen, resultlen, + reason)) { + secalgo_hash_delete(h); + *reason = "digest finish fail"; + return 0; + } + secalgo_hash_delete(h); + return 1; +} + +int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region, + struct sldns_buffer* buf, char** reason) +{ + uint8_t gen[512]; + size_t genlen = 0; + if(!zonemd_hashalgo_supported(hashalgo)) { + *reason = "unsupported algorithm"; + return 0; + } + if(!zonemd_scheme_supported(scheme)) { + *reason = "unsupported scheme"; + return 0; + } + if(hashlen < 12) { + /* the ZONEMD draft requires digests to fail if too small */ + *reason = "digest length too small, less than 12"; + return 0; + } + /* generate digest */ + if(!auth_zone_generate_zonemd_hash(z, scheme, hashalgo, gen, + sizeof(gen), &genlen, region, buf, reason)) { + /* reason filled in by zonemd hash routine */ + return 0; + } + /* check digest length */ + if(hashlen != genlen) { + *reason = "incorrect digest length"; + if(verbosity >= VERB_ALGO) { + verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d", + scheme, hashalgo); + log_hex("ZONEMD should be ", gen, genlen); + log_hex("ZONEMD to check is", hash, hashlen); + } + return 0; + } + /* check digest */ + if(memcmp(hash, gen, genlen) != 0) { + *reason = "incorrect digest"; + if(verbosity >= VERB_ALGO) { + verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d", + scheme, hashalgo); + log_hex("ZONEMD should be ", gen, genlen); + log_hex("ZONEMD to check is", hash, hashlen); + } + return 0; + } + return 1; +} + +/** log auth zone message with zone name in front. */ +static void auth_zone_log(uint8_t* name, enum verbosity_value level, + const char* format, ...) ATTR_FORMAT(printf, 3, 4); +static void auth_zone_log(uint8_t* name, enum verbosity_value level, + const char* format, ...) +{ + va_list args; + va_start(args, format); + if(verbosity >= level) { + char str[255+1]; + char msg[MAXSYSLOGMSGLEN]; + dname_str(name, str); + vsnprintf(msg, sizeof(msg), format, args); + verbose(level, "auth zone %s %s", str, msg); + } + va_end(args); +} + +/** ZONEMD, dnssec verify the rrset with the dnskey */ +static int zonemd_dnssec_verify_rrset(struct auth_zone* z, + struct module_env* env, struct module_stack* mods, + struct ub_packed_rrset_key* dnskey, struct auth_data* node, + struct auth_rrset* rrset, char** why_bogus) +{ + struct ub_packed_rrset_key pk; + enum sec_status sec; + struct val_env* ve; + int m; + m = modstack_find(mods, "validator"); + if(m == -1) { + auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have " + "DNSKEY chain of trust, but no validator module"); + return 0; + } + ve = (struct val_env*)env->modinfo[m]; + + memset(&pk, 0, sizeof(pk)); + pk.entry.key = &pk; + pk.entry.data = rrset->data; + pk.rk.dname = node->name; + pk.rk.dname_len = node->namelen; + pk.rk.type = htons(rrset->type); + pk.rk.rrset_class = htons(z->dclass); + if(verbosity >= VERB_ALGO) { + char typestr[32]; + typestr[0]=0; + sldns_wire2str_type_buf(rrset->type, typestr, sizeof(typestr)); + auth_zone_log(z->name, VERB_ALGO, + "zonemd: verify %s RRset with DNSKEY", typestr); + } + sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, NULL, why_bogus, + LDNS_SECTION_ANSWER, NULL); + if(sec == sec_status_secure) { + return 1; + } + if(why_bogus) + auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus); + return 0; +} + +/** check for nsec3, the RR with params equal, if bitmap has the type */ +static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo, + size_t iter, uint8_t* salt, size_t saltlen, uint16_t rrtype) +{ + int i, count = (int)nsec3->data->count; + struct ub_packed_rrset_key pk; + memset(&pk, 0, sizeof(pk)); + pk.entry.data = nsec3->data; + for(i=0; idata; + if(nsec_has_type(&pk, LDNS_RR_TYPE_ZONEMD)) { + *reason = "DNSSEC NSEC bitmap says type ZONEMD exists"; + return 0; + } + auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure"); + } else { + /* NSEC3 perhaps ? */ + int algo; + size_t iter, saltlen; + uint8_t* salt; + struct auth_rrset* nsec3param = az_domain_rrset(apex, + LDNS_RR_TYPE_NSEC3PARAM); + struct auth_data* match; + struct auth_rrset* nsec3; + if(!nsec3param) { + *reason = "zone has no NSEC information but ZONEMD missing"; + return 0; + } + if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) { + *reason = "zone has no NSEC information but ZONEMD missing"; + return 0; + } + /* find the NSEC3 record */ + match = az_nsec3_find_exact(z, z->name, z->namelen, algo, + iter, salt, saltlen); + if(!match) { + *reason = "zone has no NSEC3 domain for the apex but ZONEMD missing"; + return 0; + } + nsec3 = az_domain_rrset(match, LDNS_RR_TYPE_NSEC3); + if(!nsec3) { + *reason = "zone has no NSEC3 RRset for the apex but ZONEMD missing"; + return 0; + } + /* dnssec verify the NSEC3 */ + if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match, + nsec3, why_bogus)) { + *reason = "DNSSEC verify failed for NSEC3 RRset"; + return 0; + } + /* check type bitmap */ + if(nsec3_of_param_has_type(nsec3, algo, iter, salt, saltlen, + LDNS_RR_TYPE_ZONEMD)) { + *reason = "DNSSEC NSEC3 bitmap says type ZONEMD exists"; + return 0; + } + auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure"); + } + + return 1; +} + +/** Verify the SOA and ZONEMD DNSSEC signatures. + * return false on failure, reason contains description of failure. */ +static int zonemd_check_dnssec_soazonemd(struct auth_zone* z, + struct module_env* env, struct module_stack* mods, + struct ub_packed_rrset_key* dnskey, struct auth_data* apex, + struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus) +{ + struct auth_rrset* soa; + if(!apex) { + *reason = "zone has no apex domain"; + return 0; + } + soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); + if(!soa) { + *reason = "zone has no SOA RRset"; + return 0; + } + if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa, + why_bogus)) { + *reason = "DNSSEC verify failed for SOA RRset"; + return 0; + } + if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, + zonemd_rrset, why_bogus)) { + *reason = "DNSSEC verify failed for ZONEMD RRset"; + return 0; + } + auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure"); + return 1; +} + +/** + * Fail the ZONEMD verification. + * @param z: auth zone that fails. + * @param env: environment with config, to ignore failure or not. + * @param reason: failure string description. + * @param why_bogus: failure string for DNSSEC verification failure. + * @param result: strdup result in here if not NULL. + */ +static void auth_zone_zonemd_fail(struct auth_zone* z, struct module_env* env, + char* reason, char* why_bogus, char** result) +{ + char zstr[255+1]; + /* if fail: log reason, and depending on config also take action + * and drop the zone, eg. it is gone from memory, set zone_expired */ + dname_str(z->name, zstr); + if(!reason) reason = "verification failed"; + if(result) { + if(why_bogus) { + char res[1024]; + snprintf(res, sizeof(res), "%s: %s", reason, + why_bogus); + *result = strdup(res); + } else { + *result = strdup(reason); + } + if(!*result) log_err("out of memory"); + } else { + log_warn("auth zone %s: ZONEMD verification failed: %s", zstr, reason); + } + + if(env->cfg->zonemd_permissive_mode) { + verbose(VERB_ALGO, "zonemd-permissive-mode enabled, " + "not blocking zone %s", zstr); + return; + } + + /* expired means the zone gives servfail and is not used by + * lookup if fallback_enabled*/ + z->zone_expired = 1; +} + +/** + * Verify the zonemd with DNSSEC and hash check, with given key. + * @param z: auth zone. + * @param env: environment with config and temp buffers. + * @param mods: module stack with validator env for verification. + * @param dnskey: dnskey that we can use, or NULL. If nonnull, the key + * has been verified and is the start of the chain of trust. + * @param is_insecure: if true, the dnskey is not used, the zone is insecure. + * And dnssec is not used. It is DNSSEC secure insecure or not under + * a trust anchor. + * @param result: if not NULL result reason copied here. + */ +static void +auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, struct ub_packed_rrset_key* dnskey, + int is_insecure, char** result) +{ + char* reason = NULL, *why_bogus = NULL; + struct auth_data* apex = NULL; + struct auth_rrset* zonemd_rrset = NULL; + int zonemd_absent = 0, zonemd_absence_dnssecok = 0; + + /* see if ZONEMD is present or absent. */ + apex = az_find_name(z, z->name, z->namelen); + if(!apex) { + zonemd_absent = 1; + } else { + zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD); + if(!zonemd_rrset || zonemd_rrset->data->count==0) { + zonemd_absent = 1; + zonemd_rrset = NULL; + } + } + + /* if no DNSSEC, done. */ + /* if no ZONEMD, and DNSSEC, use DNSKEY to verify NSEC or NSEC3 for + * zone apex. Check ZONEMD bit is turned off or else fail */ + /* if ZONEMD, and DNSSEC, check DNSSEC signature on SOA and ZONEMD, + * or else fail */ + if(!dnskey && !is_insecure) { + auth_zone_zonemd_fail(z, env, "DNSKEY missing", NULL, result); + return; + } else if(!zonemd_rrset && dnskey && !is_insecure) { + /* fetch, DNSSEC verify, and check NSEC/NSEC3 */ + if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex, + &reason, &why_bogus)) { + auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + return; + } + zonemd_absence_dnssecok = 1; + } else if(zonemd_rrset && dnskey && !is_insecure) { + /* check DNSSEC verify of SOA and ZONEMD */ + if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex, + zonemd_rrset, &reason, &why_bogus)) { + auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + return; + } + } + + if(zonemd_absent && z->zonemd_reject_absence) { + auth_zone_zonemd_fail(z, env, "ZONEMD absent and that is not allowed by config", NULL, result); + return; + } + if(zonemd_absent && zonemd_absence_dnssecok) { + auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD"); + if(result) { + *result = strdup("DNSSEC verified nonexistence of ZONEMD"); + if(!*result) log_err("out of memory"); + } + return; + } + if(zonemd_absent) { + auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present"); + if(result) { + *result = strdup("no ZONEMD present"); + if(!*result) log_err("out of memory"); + } + return; + } + + /* check ZONEMD checksum and report or else fail. */ + if(!auth_zone_zonemd_check_hash(z, env, &reason)) { + auth_zone_zonemd_fail(z, env, reason, NULL, result); + return; + } + + /* success! log the success */ + auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful"); + if(result) { + *result = strdup("ZONEMD verification successful"); + if(!*result) log_err("out of memory"); + } +} + +/** + * verify the zone DNSKEY rrset from the trust anchor + * This is possible because the anchor is for the zone itself, and can + * thus apply straight to the zone DNSKEY set. + * @param z: the auth zone. + * @param env: environment with time and temp buffers. + * @param mods: module stack for validator environment for dnssec validation. + * @param anchor: trust anchor to use + * @param is_insecure: returned, true if the zone is securely insecure. + * @param why_bogus: if the routine fails, returns the failure reason. + * @param keystorage: where to store the ub_packed_rrset_key that is created + * on success. A pointer to it is returned on success. + * @return the dnskey RRset, reference to zone data and keystorage, or + * NULL on failure. + */ +static struct ub_packed_rrset_key* +zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, struct trust_anchor* anchor, + int* is_insecure, char** why_bogus, + struct ub_packed_rrset_key* keystorage) +{ + struct auth_data* apex; + struct auth_rrset* dnskey_rrset; + enum sec_status sec; + struct val_env* ve; + int m; + + apex = az_find_name(z, z->name, z->namelen); + if(!apex) { + *why_bogus = "have trust anchor, but zone has no apex domain for DNSKEY"; + return 0; + } + dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY); + if(!dnskey_rrset || dnskey_rrset->data->count==0) { + *why_bogus = "have trust anchor, but zone has no DNSKEY"; + return 0; + } + + m = modstack_find(mods, "validator"); + if(m == -1) { + *why_bogus = "have trust anchor, but no validator module"; + return 0; + } + ve = (struct val_env*)env->modinfo[m]; + + memset(keystorage, 0, sizeof(*keystorage)); + keystorage->entry.key = keystorage; + keystorage->entry.data = dnskey_rrset->data; + keystorage->rk.dname = apex->name; + keystorage->rk.dname_len = apex->namelen; + keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY); + keystorage->rk.rrset_class = htons(z->dclass); + auth_zone_log(z->name, VERB_QUERY, + "zonemd: verify DNSKEY RRset with trust anchor"); + sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset, + anchor->dnskey_rrset, NULL, why_bogus, NULL); + regional_free_all(env->scratch); + if(sec == sec_status_secure) { + /* success */ + *is_insecure = 0; + return keystorage; + } else if(sec == sec_status_insecure) { + /* insecure */ + *is_insecure = 1; + } else { + /* bogus */ + *is_insecure = 0; + auth_zone_log(z->name, VERB_ALGO, + "zonemd: verify DNSKEY RRset with trust anchor failed: %s", *why_bogus); + } + return NULL; +} + +/** callback for ZONEMD lookup of DNSKEY */ +void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf, + enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited)) +{ + struct auth_zone* z = (struct auth_zone*)arg; + struct module_env* env; + char* reason = NULL; + struct ub_packed_rrset_key* dnskey = NULL; + int is_insecure = 0; + + lock_rw_wrlock(&z->lock); + env = z->zonemd_callback_env; + /* release the env variable so another worker can pick up the + * ZONEMD verification task if it wants to */ + z->zonemd_callback_env = NULL; + if(!env || env->outnet->want_to_quit || z->zone_deleted) { + lock_rw_unlock(&z->lock); + return; /* stop on quit */ + } + + /* process result */ + if(sec == sec_status_bogus) { + reason = why_bogus; + if(!reason) + reason = "lookup of DNSKEY was bogus"; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was bogus: %s", reason); + } else if(rcode == LDNS_RCODE_NOERROR) { + uint16_t wanted_qtype = LDNS_RR_TYPE_DNSKEY; + struct regional* temp = env->scratch; + struct query_info rq; + struct reply_info* rep; + memset(&rq, 0, sizeof(rq)); + rep = parse_reply_in_temp_region(buf, temp, &rq); + if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { + /* parsed successfully */ + struct ub_packed_rrset_key* answer = + reply_find_answer_rrset(&rq, rep); + if(answer && sec == sec_status_secure) { + dnskey = answer; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was secure"); + } else if(sec == sec_status_secure && !answer) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY has no content, but is secure, treat as insecure"); + } else if(sec == sec_status_insecure) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was insecure"); + } else if(sec == sec_status_indeterminate) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was indeterminate, treat as insecure"); + } else { + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY has nodata"); + reason = "lookup of DNSKEY has nodata"; + } + } else if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && + sec == sec_status_secure) { + /* secure nxdomain, so the zone is like some RPZ zone + * that does not exist in the wider internet, with + * a secure nxdomain answer outside of it. So we + * treat the zonemd zone without a dnssec chain of + * trust, as insecure. */ + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was secure NXDOMAIN, treat as insecure"); + } else if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && + sec == sec_status_insecure) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was insecure NXDOMAIN, treat as insecure"); + } else if(rep && rq.qtype == wanted_qtype && + query_dname_compare(z->name, rq.qname) == 0 && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN && + sec == sec_status_indeterminate) { + is_insecure = 1; + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY was indeterminate NXDOMAIN, treat as insecure"); + } else { + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY has no answer"); + reason = "lookup of DNSKEY has no answer"; + } + } else { + auth_zone_log(z->name, VERB_ALGO, + "zonemd lookup of DNSKEY failed"); + reason = "lookup of DNSKEY failed"; + } + + if(reason) { + auth_zone_zonemd_fail(z, env, reason, NULL, NULL); + lock_rw_unlock(&z->lock); + return; + } + + auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey, + is_insecure, NULL); + regional_free_all(env->scratch); + lock_rw_unlock(&z->lock); +} + +/** lookup DNSKEY for ZONEMD verification */ +static int +zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env) +{ + struct query_info qinfo; + uint16_t qflags = BIT_RD; + struct edns_data edns; + sldns_buffer* buf = env->scratch_buffer; + + if(z->zonemd_callback_env) { + /* another worker is already working on the callback + * for the DNSKEY lookup for ZONEMD verification. + * We do not also have to do ZONEMD verification, let that + * worker do it */ + auth_zone_log(z->name, VERB_ALGO, + "zonemd needs lookup of DNSKEY and that already worked on by another worker"); + return 1; + } + + /* use mesh_new_callback to lookup the DNSKEY, + * and then wait for them to be looked up (in cache, or query) */ + qinfo.qname_len = z->namelen; + qinfo.qname = z->name; + qinfo.qclass = z->dclass; + qinfo.qtype = LDNS_RR_TYPE_DNSKEY; + qinfo.local_alias = NULL; + if(verbosity >= VERB_ALGO) { + char buf1[512]; + char buf2[LDNS_MAX_DOMAINLEN+1]; + dname_str(z->name, buf2); + snprintf(buf1, sizeof(buf1), "auth zone %s: lookup DNSKEY " + "for zonemd verification", buf2); + log_query_info(VERB_ALGO, buf1, &qinfo); + } + edns.edns_present = 1; + edns.ext_rcode = 0; + edns.edns_version = 0; + edns.bits = EDNS_DO; + edns.opt_list = NULL; + if(sldns_buffer_capacity(buf) < 65535) + edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); + else edns.udp_size = 65535; + + /* store the worker-specific module env for the callback. + * We can then reference this when the callback executes */ + z->zonemd_callback_env = env; + /* the callback can be called straight away */ + lock_rw_unlock(&z->lock); + if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, + &auth_zonemd_dnskey_lookup_callback, z)) { + lock_rw_wrlock(&z->lock); + log_err("out of memory lookup up dnskey for zonemd"); + return 0; + } + lock_rw_wrlock(&z->lock); + return 1; +} + +void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, char** result, int offline, int only_online) +{ + char* reason = NULL, *why_bogus = NULL; + struct trust_anchor* anchor = NULL; + struct ub_packed_rrset_key* dnskey = NULL; + struct ub_packed_rrset_key keystorage; + int is_insecure = 0; + /* verify the ZONEMD if present. + * If not present check if absence is allowed by DNSSEC */ + + /* if zone is under a trustanchor */ + /* is it equal to trustanchor - get dnskey's verified */ + /* else, find chain of trust by fetching DNSKEYs lookup for zone */ + /* result if that, if insecure, means no DNSSEC for the ZONEMD, + * otherwise we have the zone DNSKEY for the DNSSEC verification. */ + if(env->anchors) + anchor = anchors_lookup(env->anchors, z->name, z->namelen, + z->dclass); + if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) { + /* domain-insecure trust anchor for unsigned zones */ + lock_basic_unlock(&anchor->lock); + if(only_online) + return; + dnskey = NULL; + is_insecure = 1; + } else if(anchor && query_dname_compare(z->name, anchor->name) == 0) { + if(only_online) { + lock_basic_unlock(&anchor->lock); + return; + } + /* equal to trustanchor, no need for online lookups */ + dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor, + &is_insecure, &why_bogus, &keystorage); + lock_basic_unlock(&anchor->lock); + if(!dnskey && !reason && !is_insecure) { + reason = "verify DNSKEY RRset with trust anchor failed"; + } + } else if(anchor) { + lock_basic_unlock(&anchor->lock); + /* perform online lookups */ + if(offline) + return; + /* setup online lookups, and wait for them */ + if(zonemd_lookup_dnskey(z, env)) { + /* wait for the lookup */ + return; + } + reason = "could not lookup DNSKEY for chain of trust"; + } else { + /* the zone is not under a trust anchor */ + if(only_online) + return; + dnskey = NULL; + is_insecure = 1; + } + + if(reason) { + auth_zone_zonemd_fail(z, env, reason, why_bogus, result); + return; + } + + auth_zone_verify_zonemd_with_key(z, env, mods, dnskey, is_insecure, + result); + regional_free_all(env->scratch); +} + +void auth_zones_pickup_zonemd_verify(struct auth_zones* az, + struct module_env* env) +{ + struct auth_zone key; + uint8_t savezname[255+1]; + size_t savezname_len; + struct auth_zone* z; + key.node.key = &key; + lock_rw_rdlock(&az->lock); + RBTREE_FOR(z, struct auth_zone*, &az->ztree) { + lock_rw_wrlock(&z->lock); + key.dclass = z->dclass; + key.namelabs = z->namelabs; + if(z->namelen > sizeof(savezname)) { + lock_rw_unlock(&z->lock); + log_err("auth_zones_pickup_zonemd_verify: zone name too long"); + continue; + } + savezname_len = z->namelen; + memmove(savezname, z->name, z->namelen); + lock_rw_unlock(&az->lock); + auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1); + lock_rw_unlock(&z->lock); + lock_rw_rdlock(&az->lock); + /* find the zone we had before, it is not deleted, + * because we have a flag for that that is processed at + * apply_cfg time */ + key.namelen = savezname_len; + key.name = savezname; + z = (struct auth_zone*)rbtree_search(&az->ztree, &key); + if(!z) + break; + } + lock_rw_unlock(&az->lock); +} diff --git a/services/authzone.h b/services/authzone.h index 3d94f30d6..4810017a3 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -132,8 +132,15 @@ struct auth_zone { /** for upstream: this zone answers queries that unbound intends to * send upstream. */ int for_upstream; + /** reject absence of ZONEMD records */ + int zonemd_reject_absence; /** RPZ zones */ struct rpz* rpz; + /** store the env (worker thread specific) for the zonemd callbacks + * from the mesh with the results of the lookup, if nonNULL, some + * worker has already picked up the zonemd verification task and + * this worker does not have to do it as well. */ + struct module_env* zonemd_callback_env; /** zone has been deleted */ int zone_deleted; /** deletelist pointer, unused normally except during delete */ @@ -474,10 +481,13 @@ struct auth_zones* auth_zones_create(void); * @param cfg: config to apply. * @param setup: if true, also sets up values in the auth zones structure * @param is_rpz: set to 1 if at least one RPZ zone is configured. + * @param env: environment for offline verification. + * @param mods: modules in environment. * @return false on failure. */ int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, - int setup, int* is_rpz); + int setup, int* is_rpz, struct module_env* env, + struct module_stack* mods); /** initial pick up of worker timeouts, ties events to worker event loop * @param az: auth zones structure @@ -625,6 +635,9 @@ int auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg); /** find serial number of zone or false if none (no SOA record) */ int auth_zone_get_serial(struct auth_zone* z, uint32_t* serial); +/** Find auth_zone SOA and populate the values in xfr(soa values). */ +int xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr); + /** compare auth_zones for sorted rbtree */ int auth_zone_cmp(const void* z1, const void* z2); @@ -685,4 +698,83 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, */ int compare_serial(uint32_t a, uint32_t b); +/** + * Generate ZONEMD digest for the auth zone. + * @param z: the auth zone to digest. + * omits zonemd at apex and its RRSIG from the digest. + * @param scheme: the collation scheme to use. Numbers as defined for ZONEMD. + * @param hashalgo: the hash algo, from the registry defined for ZONEMD type. + * @param hash: the result buffer. + * @param buflen: size of the result buffer, must be large enough. or the + * routine fails. + * @param resultlen: size of the hash in the result buffer of the result. + * @param region: temp region for allocs during canonicalisation. + * @param buf: temp buffer during canonicalisation. + * @param reason: failure reason, returns a string, NULL on success. + * @return false on failure. + */ +int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t buflen, size_t* resultlen, + struct regional* region, struct sldns_buffer* buf, char** reason); + +/** ZONEMD scheme definitions */ +#define ZONEMD_SCHEME_SIMPLE 1 + +/** ZONEMD hash algorithm definition for SHA384 */ +#define ZONEMD_ALGO_SHA384 1 +/** ZONEMD hash algorithm definition for SHA512 */ +#define ZONEMD_ALGO_SHA512 2 + +/** returns true if a zonemd hash algo is supported */ +int zonemd_hashalgo_supported(int hashalgo); +/** returns true if a zonemd scheme is supported */ +int zonemd_scheme_supported(int scheme); + +/** + * Check ZONEMD digest for the auth zone. + * @param z: auth zone to digest. + * @param scheme: zonemd scheme. + * @param hashalgo: zonemd hash algorithm. + * @param hash: the hash to check. + * @param hashlen: length of hash buffer. + * @param region: temp region for allocs during canonicalisation. + * @param buf: temp buffer during canonicalisation. + * @param reason: string returned with failure reason. + * @return false on failure. + */ +int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme, + int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region, + struct sldns_buffer* buf, char** reason); + +/** + * Perform ZONEMD checks and verification for the auth zone. + * This includes DNSSEC verification if applicable. + * @param z: auth zone to check. Caller holds lock. wrlock. + * @param env: with temp region, buffer and config. + * @param mods: module stack for validator env. + * @param result: if not NULL, result string strdupped in here. + * @param offline: if true, there is no spawned lookup when online is needed. + * Those zones are skipped for ZONEMD checking. + * @param only_online: if true, only for ZONEMD that need online lookup + * of DNSKEY chain of trust are processed. + */ +void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env, + struct module_stack* mods, char** result, int offline, + int only_online); + +/** mesh callback for zonemd on lookup of dnskey */ +void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, + struct sldns_buffer* buf, enum sec_status sec, char* why_bogus, + int was_ratelimited); + +/** + * Check the ZONEMD records that need online DNSSEC chain lookups, + * for them spawn the lookup process to get it checked out. + * Attaches the lookup process to the worker event base and mesh state. + * @param az: auth zones, every zones is checked. + * @param env: env of the worker where the task is attached. + */ +void auth_zones_pickup_zonemd_verify(struct auth_zones* az, + struct module_env* env); + #endif /* SERVICES_AUTHZONE_H */ diff --git a/services/cache/rrset.c b/services/cache/rrset.c index 8c0251bcb..4e3d08bda 100644 --- a/services/cache/rrset.c +++ b/services/cache/rrset.c @@ -45,6 +45,7 @@ #include "util/config_file.h" #include "util/data/packed_rrset.h" #include "util/data/msgreply.h" +#include "util/data/msgparse.h" #include "util/regional.h" #include "util/alloc.h" #include "util/net_help.h" @@ -396,6 +397,7 @@ rrset_update_sec_status(struct rrset_cache* r, cachedata->ttl = updata->ttl + now; for(i=0; icount+cachedata->rrsig_count; i++) cachedata->rr_ttl[i] = updata->rr_ttl[i]+now; + cachedata->ttl_add = now; } } lock_rw_unlock(&e->lock); diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 629d4de72..b8c04a3ec 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -133,6 +133,16 @@ verbose_print_addr(struct addrinfo *addr) } } +void +verbose_print_unbound_socket(struct unbound_socket* ub_sock) +{ + if(verbosity >= VERB_ALGO) { + log_info("listing of unbound_socket structure:"); + verbose_print_addr(ub_sock->addr); + log_info("s is: %d, fam is: %s", ub_sock->s, ub_sock->fam == AF_INET?"AF_INET":"AF_INET6"); + } +} + #ifdef HAVE_SYSTEMD static int systemd_get_activated(int family, int socktype, int listen, @@ -916,7 +926,7 @@ static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, - int use_systemd, int dscp) + int use_systemd, int dscp, struct unbound_socket* ub_sock) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -958,7 +968,11 @@ make_sock(int stype, const char* ifname, const char* port, *noip6 = 1; } } - freeaddrinfo(res); + + ub_sock->addr = res; + ub_sock->s = s; + ub_sock->fam = hints->ai_family; + return s; } @@ -967,7 +981,7 @@ static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, - int use_systemd, int dscp) + int use_systemd, int dscp, struct unbound_socket* ub_sock) { char* s = strchr(ifname, '@'); if(s) { @@ -990,11 +1004,11 @@ make_sock_port(int stype, const char* ifname, const char* port, p[strlen(s+1)]=0; return make_sock(stype, newif, p, hints, v6only, noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, - use_systemd, dscp); + use_systemd, dscp, ub_sock); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, - dscp); + dscp, ub_sock); } /** @@ -1002,10 +1016,11 @@ make_sock_port(int stype, const char* ifname, const char* port, * @param list: list head. changed. * @param s: fd. * @param ftype: if fd is UDP. + * @param ub_sock: socket with address. * @return false on failure. list in unchanged then. */ static int -port_insert(struct listen_port** list, int s, enum listen_type ftype) +port_insert(struct listen_port** list, int s, enum listen_type ftype, struct unbound_socket* ub_sock) { struct listen_port* item = (struct listen_port*)malloc( sizeof(struct listen_port)); @@ -1014,6 +1029,7 @@ port_insert(struct listen_port** list, int s, enum listen_type ftype) item->next = *list; item->fd = s; item->ftype = ftype; + item->socket = ub_sock; *list = item; return 1; } @@ -1043,7 +1059,7 @@ set_recvpktinfo(int s, int family) return 0; } # else - log_err("no IPV6_RECVPKTINFO and no IPV6_PKTINFO option, please " + log_err("no IPV6_RECVPKTINFO and IPV6_PKTINFO options, please " "disable interface-automatic or do-ip6 in config"); return 0; # endif /* defined IPV6_RECVPKTINFO */ @@ -1093,18 +1109,6 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, return 0; } -/** see if interface is https, its port number == the https port number */ -static int -if_is_https(const char* ifname, const char* port, int https_port) -{ - char* p = strchr(ifname, '@'); - if(!p && atoi(port) == https_port) - return 1; - if(p && atoi(p+1) == https_port) - return 1; - return 0; -} - /** * Helper for ports_open. Creates one interface (or NULL for default). * @param ifname: The interface ip address. @@ -1142,6 +1146,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, int s, noip6=0; int is_https = if_is_https(ifname, port, https_port); int nodelay = is_https && http2_nodelay; + struct unbound_socket* ub_sock; #ifdef USE_DNSCRYPT int is_dnscrypt = ((strchr(ifname, '@') && atoi(strchr(ifname, '@')+1) == dnscrypt_port) || @@ -1153,10 +1158,15 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(!do_udp && !do_tcp) return 0; + if(do_auto) { + ub_sock = calloc(1, sizeof(struct unbound_socket)); + if(!ub_sock) + return 0; if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { + free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1166,18 +1176,24 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { sock_close(s); + free(ub_sock); return 0; } if(!port_insert(list, s, - is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { + is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil, ub_sock)) { sock_close(s); + free(ub_sock); return 0; } } else if(do_udp) { + ub_sock = calloc(1, sizeof(struct unbound_socket)); + if(!ub_sock) + return 0; /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp, ub_sock)) == -1) { + free(ub_sock); if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1185,8 +1201,9 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, return 0; } if(!port_insert(list, s, - is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { + is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp, ub_sock)) { sock_close(s); + free(ub_sock); return 0; } } @@ -1194,6 +1211,9 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, int is_ssl = if_is_ssl(ifname, port, ssl_port, tls_additional_port); enum listen_type port_type; + ub_sock = calloc(1, sizeof(struct unbound_socket)); + if(!ub_sock) + return 0; if(is_ssl) port_type = listen_type_ssl; else if(is_https) @@ -1204,7 +1224,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, port_type = listen_type_tcp; if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, - freebind, use_systemd, dscp)) == -1) { + freebind, use_systemd, dscp, ub_sock)) == -1) { + free(ub_sock); if(noip6) { /*log_warn("IPv6 protocol not available");*/ return 1; @@ -1213,8 +1234,9 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } if(is_ssl) verbose(VERB_ALGO, "setup TCP for SSL service"); - if(!port_insert(list, s, port_type)) { + if(!port_insert(list, s, port_type, ub_sock)) { sock_close(s); + free(ub_sock); return 0; } } @@ -1280,14 +1302,14 @@ listen_create(struct comm_base* base, struct listen_port* ports, if(ports->ftype == listen_type_udp || ports->ftype == listen_type_udp_dnscrypt) cp = comm_point_create_udp(base, ports->fd, - front->udp_buff, cb, cb_arg); + front->udp_buff, cb, cb_arg, ports->socket); else if(ports->ftype == listen_type_tcp || ports->ftype == listen_type_tcp_dnscrypt) cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, - ports->ftype, cb, cb_arg); + ports->ftype, cb, cb_arg, ports->socket); else if(ports->ftype == listen_type_ssl || ports->ftype == listen_type_http) { cp = comm_point_create_tcp(base, ports->fd, @@ -1295,7 +1317,7 @@ listen_create(struct comm_base* base, struct listen_port* ports, harden_large_queries, http_max_streams, http_endpoint, tcp_conn_limit, bufsize, front->udp_buff, - ports->ftype, cb, cb_arg); + ports->ftype, cb, cb_arg, ports->socket); if(http_notls && ports->ftype == listen_type_http) cp->ssl = NULL; else @@ -1322,7 +1344,7 @@ listen_create(struct comm_base* base, struct listen_port* ports, } else if(ports->ftype == listen_type_udpancil || ports->ftype == listen_type_udpancil_dnscrypt) cp = comm_point_create_udp_ancil(base, ports->fd, - front->udp_buff, cb, cb_arg); + front->udp_buff, cb, cb_arg, ports->socket); if(!cp) { log_err("can't create commpoint"); listen_delete(front); @@ -1456,7 +1478,7 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres log_err("inet_ntop failed"); return 0; } - if_indextoname(in6->sin6_scope_id, + (void)if_indextoname(in6->sin6_scope_id, (char *)if_index_name); if (strlen(if_index_name) != 0) { snprintf(addr_buf, sizeof(addr_buf), @@ -1506,13 +1528,12 @@ resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addres } #endif /* HAVE_GETIFADDRS */ -int resolve_interface_names(struct config_file* cfg, char*** resif, - int* num_resif) +int resolve_interface_names(char** ifs, int num_ifs, + struct config_strlist* list, char*** resif, int* num_resif) { #ifdef HAVE_GETIFADDRS - int i; struct ifaddrs *addrs = NULL; - if(cfg->num_ifs == 0) { + if(num_ifs == 0 && list == NULL) { *resif = NULL; *num_resif = 0; return 1; @@ -1523,38 +1544,71 @@ int resolve_interface_names(struct config_file* cfg, char*** resif, freeifaddrs(addrs); return 0; } - for(i=0; inum_ifs; i++) { - if(!resolve_ifa_name(addrs, cfg->ifs[i], resif, num_resif)) { - freeifaddrs(addrs); - config_del_strarray(*resif, *num_resif); - *resif = NULL; - *num_resif = 0; - return 0; + if(ifs) { + int i; + for(i=0; inext) { + if(!resolve_ifa_name(addrs, p->str, resif, num_resif)) { + freeifaddrs(addrs); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } +} + } freeifaddrs(addrs); return 1; #else - int i; - if(cfg->num_ifs == 0) { + struct config_strlist* p; + if(num_ifs == 0 && list == NULL) { *resif = NULL; *num_resif = 0; return 1; } - *num_resif = cfg->num_ifs; + *num_resif = num_ifs; + for(p = list; p; p = p->next) { + *num_resif ++; + } *resif = calloc(*num_resif, sizeof(**resif)); if(!*resif) { log_err("out of memory"); return 0; } - for(i=0; i<*num_resif; i++) { - (*resif)[i] = strdup(cfg->ifs[i]); - if(!((*resif)[i])) { - log_err("out of memory"); - config_del_strarray(*resif, *num_resif); - *resif = NULL; - *num_resif = 0; - return 0; + if(ifs) { + int i; + for(i=0; inext) { + (*resif)[i] = strdup(p->str); + if(!((*resif)[i])) { + log_err("out of memory"); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } } } return 1; @@ -1656,6 +1710,7 @@ listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, } } } + return list; } @@ -1667,6 +1722,11 @@ void listening_ports_free(struct listen_port* list) if(list->fd != -1) { sock_close(list->fd); } + /* rc_ports don't have ub_socket */ + if(list->socket) { + freeaddrinfo(list->socket->addr); + free(list->socket); + } free(list); list = nx; } diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index f438ff458..1e51be9bf 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -102,6 +102,18 @@ enum listen_type { listen_type_http }; +/* + * socket properties (just like NSD nsd_socket structure definition) + */ +struct unbound_socket { + /** socket-address structure */ + struct addrinfo * addr; + /** socket descriptor returned by socket() syscall */ + int s; + /** address family (AF_INET/IF_INET6) */ + int fam; +}; + /** * Single linked list to store shared ports that have been * opened for use by all threads. @@ -113,6 +125,8 @@ struct listen_port { int fd; /** type of file descriptor, udp or tcp */ enum listen_type ftype; + /** fill in unbpound_socket structure for every opened socket at Unbound startup */ + struct unbound_socket* socket; }; /** @@ -136,16 +150,19 @@ struct listen_port* listening_ports_open(struct config_file* cfg, */ void listening_ports_free(struct listen_port* list); +struct config_strlist; /** * Resolve interface names in config and store result IP addresses - * @param cfg: config + * @param ifs: array of interfaces. The list of interface names, if not NULL. + * @param num_ifs: length of ifs array. + * @param list: if not NULL, this is used as the list of interface names. * @param resif: string array (malloced array of malloced strings) with * result. NULL if cfg has none. * @param num_resif: length of resif. Zero if cfg has zero num_ifs. * @return 0 on failure. */ -int resolve_interface_names(struct config_file* cfg, char*** resif, - int* num_resif); +int resolve_interface_names(char** ifs, int num_ifs, + struct config_strlist* list, char*** resif, int* num_resif); /** * Create commpoints with for this thread for the shared ports. @@ -424,4 +441,9 @@ int http2_submit_dns_response(void* v); char* set_ip_dscp(int socket, int addrfamily, int ds); +/** for debug and profiling purposes only + * @param ub_sock: the structure containing created socket info we want to print or log for + */ +void verbose_print_unbound_socket(struct unbound_socket* ub_sock); + #endif /* LISTEN_DNSPORT_H */ diff --git a/services/localzone.c b/services/localzone.c index 2458842aa..fa586ef38 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -463,6 +463,48 @@ lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen, return 1; } +/* Mark the SOA record for the zone. This only marks the SOA rrset; the data + * for the RR is entered later on local_zone_enter_rr() as with the other + * records. An artifical soa_negative record with a modified TTL (minimum of + * the TTL and the SOA.MINIMUM) is also created and marked for usage with + * negative answers and to avoid allocations during those answers. */ +static int +lz_mark_soa_for_zone(struct local_zone* z, struct ub_packed_rrset_key* soa_rrset, + uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) +{ + struct packed_rrset_data* pd = (struct packed_rrset_data*) + regional_alloc_zero(z->region, sizeof(*pd)); + struct ub_packed_rrset_key* rrset_negative = (struct ub_packed_rrset_key*) + regional_alloc_zero(z->region, sizeof(*rrset_negative)); + time_t minimum; + if(!rrset_negative||!pd) { + log_err("out of memory"); + return 0; + } + /* Mark the original SOA record and then continue with the negative one. */ + z->soa = soa_rrset; + rrset_negative->entry.key = rrset_negative; + pd->trust = rrset_trust_prim_noglue; + pd->security = sec_status_insecure; + rrset_negative->entry.data = pd; + rrset_negative->rk.dname = soa_rrset->rk.dname; + rrset_negative->rk.dname_len = soa_rrset->rk.dname_len; + rrset_negative->rk.type = soa_rrset->rk.type; + rrset_negative->rk.rrset_class = soa_rrset->rk.rrset_class; + if(!rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr)) + return 0; + /* last 4 bytes are minimum ttl in network format */ + if(pd->count == 0 || pd->rr_len[0] < 2+4) + return 0; + minimum = (time_t)sldns_read_uint32(pd->rr_data[0]+(pd->rr_len[0]-4)); + minimum = ttlttl = minimum; + pd->rr_ttl[0] = minimum; + + z->soa_negative = rrset_negative; + return 1; +} + int local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs, uint16_t rrtype, uint16_t rrclass, time_t ttl, @@ -502,8 +544,10 @@ local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, if(query_dname_compare(node->name, z->name) == 0) { if(rrtype == LDNS_RR_TYPE_NSEC) rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX; - if(rrtype == LDNS_RR_TYPE_SOA) - z->soa = rrset->rrset; + if(rrtype == LDNS_RR_TYPE_SOA && + !lz_mark_soa_for_zone(z, rrset->rrset, rdata, rdata_len, ttl, + rrstr)) + return 0; } } pd = (struct packed_rrset_data*)rrset->rrset->entry.data; @@ -1561,9 +1605,9 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, lz_type == local_zone_truncate)? LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; rcode = lz_type == local_zone_truncate ? (rcode|BIT_TC) : rcode; - if(z != NULL && z->soa) + if(z != NULL && z->soa && z->soa_negative) return local_encode(qinfo, env, edns, repinfo, buf, temp, - z->soa, 0, rcode); + z->soa_negative, 0, rcode); local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode, (rcode|BIT_AA)); return 1; @@ -1618,9 +1662,9 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, * does not, then we should make this noerror/nodata */ if(ld && ld->rrsets) { int rcode = LDNS_RCODE_NOERROR; - if(z != NULL && z->soa) + if(z != NULL && z->soa && z->soa_negative) return local_encode(qinfo, env, edns, repinfo, buf, temp, - z->soa, 0, rcode); + z->soa_negative, 0, rcode); local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode, (rcode|BIT_AA)); return 1; @@ -2059,8 +2103,10 @@ void local_zones_del_data(struct local_zones* zones, /* no memory recycling for zone deletions ... */ d->rrsets = NULL; /* did we delete the soa record ? */ - if(query_dname_compare(d->name, z->name) == 0) + if(query_dname_compare(d->name, z->name) == 0) { z->soa = NULL; + z->soa_negative = NULL; + } /* cleanup the empty nonterminals for this name */ del_empty_term(z, d, name, len, labs); diff --git a/services/localzone.h b/services/localzone.h index de2a7d9a3..fe632568d 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -160,6 +160,10 @@ struct local_zone { rbtree_type data; /** if data contains zone apex SOA data, this is a ptr to it. */ struct ub_packed_rrset_key* soa; + /** if data contains zone apex SOA data, this is a prt to an + * artificial negative SOA rrset (TTL is the minimum of the TTL and the + * SOA.MINIMUM). */ + struct ub_packed_rrset_key* soa_negative; }; /** diff --git a/services/mesh.c b/services/mesh.c index 604cc5d2e..3e05d7a8d 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1834,8 +1834,7 @@ mesh_detect_cycle(struct module_qstate* qstate, struct query_info* qinfo, { struct mesh_area* mesh = qstate->env->mesh; struct mesh_state* dep_m = NULL; - if(!mesh_state_is_unique(qstate->mesh_info)) - dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); + dep_m = mesh_area_find(mesh, NULL, qinfo, flags, prime, valrec); return mesh_detect_cycle_found(qstate, dep_m); } @@ -1950,7 +1949,9 @@ mesh_serve_expired_callback(void* arg) verbose(VERB_ALGO, "Serve expired: Trying to reply with expired data"); comm_timer_delete(qstate->serve_expired_data->timer); qstate->serve_expired_data->timer = NULL; - if(qstate->blacklist || qstate->no_cache_lookup || qstate->is_drop) { + /* If is_drop or no_cache_lookup (modules that handle their own cache e.g., + * subnetmod) ignore stale data from the main cache. */ + if(qstate->no_cache_lookup || qstate->is_drop) { verbose(VERB_ALGO, "Serve expired: Not allowed to look into cache for stale"); return; diff --git a/services/modstack.c b/services/modstack.c index a600549b1..da8e623c1 100644 --- a/services/modstack.c +++ b/services/modstack.c @@ -88,57 +88,56 @@ count_modules(const char* s) return num; } -void +void modstack_init(struct module_stack* stack) { stack->num = 0; stack->mod = NULL; } -int +int modstack_config(struct module_stack* stack, const char* module_conf) { - int i; - verbose(VERB_QUERY, "module config: \"%s\"", module_conf); - stack->num = count_modules(module_conf); - if(stack->num == 0) { - log_err("error: no modules specified"); - return 0; - } - if(stack->num > MAX_MODULE) { - log_err("error: too many modules (%d max %d)", - stack->num, MAX_MODULE); - return 0; - } - stack->mod = (struct module_func_block**)calloc((size_t) - stack->num, sizeof(struct module_func_block*)); - if(!stack->mod) { - log_err("out of memory"); - return 0; - } - for(i=0; inum; i++) { - stack->mod[i] = module_factory(&module_conf); - if(!stack->mod[i]) { + int i; + verbose(VERB_QUERY, "module config: \"%s\"", module_conf); + stack->num = count_modules(module_conf); + if(stack->num == 0) { + log_err("error: no modules specified"); + return 0; + } + if(stack->num > MAX_MODULE) { + log_err("error: too many modules (%d max %d)", + stack->num, MAX_MODULE); + return 0; + } + stack->mod = (struct module_func_block**)calloc((size_t) + stack->num, sizeof(struct module_func_block*)); + if(!stack->mod) { + log_err("out of memory"); + return 0; + } + for(i=0; inum; i++) { + stack->mod[i] = module_factory(&module_conf); + if(!stack->mod[i]) { char md[256]; snprintf(md, sizeof(md), "%s", module_conf); if(strchr(md, ' ')) *(strchr(md, ' ')) = 0; if(strchr(md, '\t')) *(strchr(md, '\t')) = 0; - log_err("Unknown value in module-config, module: '%s'." + log_err("Unknown value in module-config, module: '%s'." " This module is not present (not compiled in)," - " See the list of linked modules with unbound -h", - md); - return 0; - } - } - return 1; + " See the list of linked modules with unbound -V", md); + return 0; + } + } + return 1; } /** The list of module names */ const char** module_list_avail(void) { - /* these are the modules available */ - static const char* names[] = { + /* these are the modules available */ + static const char* names[] = { "dns64", #ifdef WITH_PYTHONMODULE "python", @@ -156,7 +155,7 @@ module_list_avail(void) "subnetcache", #endif #ifdef USE_IPSET - "ipset", + "ipset", #endif "respip", "validator", diff --git a/services/outside_network.c b/services/outside_network.c index d8f9874e6..9769b7602 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -90,6 +90,10 @@ static int randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, static void waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w); +/** remove reused element from tree and lru list */ +static void reuse_tcp_remove_tree_list(struct outside_network* outnet, + struct reuse_tcp* reuse); + int pending_cmp(const void* key1, const void* key2) { @@ -194,15 +198,17 @@ waiting_tcp_delete(struct waiting_tcp* w) * Pick random outgoing-interface of that family, and bind it. * port set to 0 so OS picks a port number for us. * if it is the ANY address, do not bind. + * @param pend: pending tcp structure, for storing the local address choice. * @param w: tcp structure with destination address. * @param s: socket fd. * @return false on error, socket closed. */ static int -pick_outgoing_tcp(struct waiting_tcp* w, int s) +pick_outgoing_tcp(struct pending_tcp* pend, struct waiting_tcp* w, int s) { struct port_if* pi = NULL; int num; + pend->pi = NULL; #ifdef INET6 if(addr_is_ip6(&w->addr, w->addrlen)) num = w->outnet->num_ip6; @@ -222,6 +228,7 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) #endif pi = &w->outnet->ip4_ifs[ub_random_max(w->outnet->rnd, num)]; log_assert(pi); + pend->pi = pi; if(addr_is_any(&pi->addr, pi->addrlen)) { /* binding to the ANY interface is for listening sockets */ return 1; @@ -424,8 +431,11 @@ static int reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp) { log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse); - if(pend_tcp->reuse.item_on_lru_list) + if(pend_tcp->reuse.item_on_lru_list) { + if(!pend_tcp->reuse.node.key) + log_err("internal error: reuse_tcp_insert: on lru list without key"); return 1; + } pend_tcp->reuse.node.key = &pend_tcp->reuse; pend_tcp->reuse.pending = pend_tcp; if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) { @@ -477,7 +487,7 @@ reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr, if(outnet->tcp_reuse.root == NULL || outnet->tcp_reuse.root == RBTREE_NULL) return NULL; - if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse.node, + if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse, &result)) { /* exact match */ /* but the key is on stack, and ptr is compared, impossible */ @@ -560,7 +570,7 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) if(s == -1) return 0; - if(!pick_outgoing_tcp(w, s)) + if(!pick_outgoing_tcp(pend, w, s)) return 0; fd_set_nonblock(s); @@ -661,6 +671,14 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) pend->reuse.cp_more_write_again = 0; memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen); pend->reuse.pending = pend; + + /* Remove from tree in case the is_ssl will be different and causes the + * identity of the reuse_tcp to change; could result in nodes not being + * deleted from the tree (because the new identity does not match the + * previous node) but their ->key would be changed to NULL. */ + if(pend->reuse.node.key) + reuse_tcp_remove_tree_list(w->outnet, &pend->reuse); + if(pend->c->ssl) pend->reuse.is_ssl = 1; else pend->reuse.is_ssl = 0; @@ -677,8 +695,10 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) static void reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse) { - if(!reuse->item_on_lru_list) + if(!reuse->item_on_lru_list) { + log_err("internal error: we need to touch the lru_list but item not in list"); return; /* not on the list, no lru to modify */ + } if(!reuse->lru_prev) return; /* already first in the list */ /* remove at current position */ @@ -714,6 +734,9 @@ use_free_buffer(struct outside_network* outnet) struct waiting_tcp* w; while(outnet->tcp_free && outnet->tcp_wait_first && !outnet->want_to_quit) { +#ifdef USE_DNSTAP + struct pending_tcp* pend_tcp = NULL; +#endif struct reuse_tcp* reuse = NULL; w = outnet->tcp_wait_first; outnet->tcp_wait_first = w->next_waiting; @@ -725,6 +748,9 @@ use_free_buffer(struct outside_network* outnet) if(reuse) { log_reuse_tcp(VERB_CLIENT, "use free buffer for waiting tcp: " "found reuse", reuse); +#ifdef USE_DNSTAP + pend_tcp = reuse->pending; +#endif reuse_tcp_lru_touch(outnet, reuse); comm_timer_disable(w->timer); w->next_waiting = (void*)reuse->pending; @@ -751,8 +777,25 @@ use_free_buffer(struct outside_network* outnet) waiting_tcp_callback(w, NULL, NETEVENT_CLOSED, NULL); waiting_tcp_delete(w); +#ifdef USE_DNSTAP + w = NULL; +#endif } +#ifdef USE_DNSTAP + pend_tcp = pend; +#endif } +#ifdef USE_DNSTAP + if(outnet->dtenv && pend_tcp && w && w->sq && + (outnet->dtenv->log_resolver_query_messages || + outnet->dtenv->log_forwarder_query_messages)) { + sldns_buffer tmp; + sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len); + dt_msg_send_outside_query(outnet->dtenv, &w->sq->addr, + &pend_tcp->pi->addr, comm_tcp, w->sq->zone, + w->sq->zonelen, &tmp); + } +#endif } } @@ -847,8 +890,17 @@ reuse_tcp_remove_tree_list(struct outside_network* outnet, verbose(VERB_CLIENT, "reuse_tcp_remove_tree_list"); if(reuse->node.key) { /* delete it from reuse tree */ - (void)rbtree_delete(&outnet->tcp_reuse, &reuse->node); + if(!rbtree_delete(&outnet->tcp_reuse, reuse)) { + /* should not be possible, it should be there */ + char buf[256]; + addr_to_str(&reuse->addr, reuse->addrlen, buf, + sizeof(buf)); + log_err("reuse tcp delete: node not present, internal error, %s ssl %d lru %d", buf, reuse->is_ssl, reuse->item_on_lru_list); + } reuse->node.key = NULL; + /* defend against loops on broken tree by zeroing the + * rbnode structure */ + memset(&reuse->node, 0, sizeof(reuse->node)); } /* delete from reuse list */ if(reuse->item_on_lru_list) { @@ -1440,7 +1492,7 @@ outside_network_create(struct comm_base *base, size_t bufsize, return NULL; } pc->cp = comm_point_create_udp(outnet->base, -1, - outnet->udp_buff, outnet_udp_cb, outnet); + outnet->udp_buff, outnet_udp_cb, outnet, NULL); if(!pc->cp) { log_err("malloc failed"); free(pc); @@ -1762,6 +1814,7 @@ static int udp_connect_needs_log(int err) # ifdef ENETDOWN case ENETDOWN: # endif + case EPERM: if(verbosity >= VERB_ALGO) return 1; return 0; @@ -1914,11 +1967,21 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) comm_timer_set(pend->timer, &tv); #ifdef USE_DNSTAP + /* + * sending src (local service)/dst (upstream) addresses over DNSTAP + * There are no chances to get the src (local service) addr if unbound + * is not configured with specific outgoing IP-addresses. So we will + * pass 0.0.0.0 (::) to argument for + * dt_msg_send_outside_query()/dt_msg_send_outside_response() calls. + */ if(outnet->dtenv && (outnet->dtenv->log_resolver_query_messages || - outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(outnet->dtenv, &pend->addr, comm_udp, - pend->sq->zone, pend->sq->zonelen, packet); + outnet->dtenv->log_forwarder_query_messages)) { + log_addr(VERB_ALGO, "from local addr", &pend->pc->pif->addr, pend->pc->pif->addrlen); + log_addr(VERB_ALGO, "request to upstream", &pend->addr, pend->addrlen); + dt_msg_send_outside_query(outnet->dtenv, &pend->addr, &pend->pc->pif->addr, comm_udp, + pend->sq->zone, pend->sq->zonelen, packet); + } #endif return 1; } @@ -2150,6 +2213,9 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, w->write_wait_next = NULL; w->write_wait_queued = 0; w->error_count = 0; +#ifdef USE_DNSTAP + w->sq = NULL; +#endif if(pend) { /* we have a buffer available right now */ if(reuse) { @@ -2184,20 +2250,28 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, return NULL; } } +#ifdef USE_DNSTAP + if(sq->outnet->dtenv && + (sq->outnet->dtenv->log_resolver_query_messages || + sq->outnet->dtenv->log_forwarder_query_messages)) { + /* use w->pkt, because it has the ID value */ + sldns_buffer tmp; + sldns_buffer_init_frm_data(&tmp, w->pkt, w->pkt_len); + dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, + &pend->pi->addr, comm_tcp, sq->zone, + sq->zonelen, &tmp); + } +#endif } else { /* queue up */ /* waiting for a buffer on the outside network buffer wait * list */ verbose(VERB_CLIENT, "pending_tcp_query: queue to wait"); +#ifdef USE_DNSTAP + w->sq = sq; +#endif outnet_add_tcp_waiting(sq->outnet, w); } -#ifdef USE_DNSTAP - if(sq->outnet->dtenv && - (sq->outnet->dtenv->log_resolver_query_messages || - sq->outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - comm_tcp, sq->zone, sq->zonelen, packet); -#endif return w; } @@ -2242,7 +2316,8 @@ static struct serviced_query* serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec, int want_dnssec, int nocaps, int tcp_upstream, int ssl_upstream, char* tls_auth_name, struct sockaddr_storage* addr, socklen_t addrlen, - uint8_t* zone, size_t zonelen, int qtype, struct edns_option* opt_list) + uint8_t* zone, size_t zonelen, int qtype, struct edns_option* opt_list, + size_t pad_queries_block_size) { struct serviced_query* sq = (struct serviced_query*)malloc(sizeof(*sq)); #ifdef UNBOUND_DEBUG @@ -2300,6 +2375,7 @@ serviced_create(struct outside_network* outnet, sldns_buffer* buff, int dnssec, sq->status = serviced_initial; sq->retry = 0; sq->to_be_deleted = 0; + sq->padding_block_size = pad_queries_block_size; #ifdef UNBOUND_DEBUG ins = #else @@ -2481,6 +2557,7 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns) if(with_edns) { /* add edns section */ struct edns_data edns; + struct edns_option padding_option; edns.edns_present = 1; edns.ext_rcode = 0; edns.edns_version = EDNS_ADVERTISED_VERSION; @@ -2503,6 +2580,14 @@ serviced_encode(struct serviced_query* sq, sldns_buffer* buff, int with_edns) edns.bits = EDNS_DO; if(sq->dnssec & BIT_CD) LDNS_CD_SET(sldns_buffer_begin(buff)); + if (sq->ssl_upstream && sq->padding_block_size) { + padding_option.opt_code = LDNS_EDNS_PADDING; + padding_option.opt_len = 0; + padding_option.opt_data = NULL; + padding_option.next = edns.opt_list; + edns.opt_list = &padding_option; + edns.padding_block_size = sq->padding_block_size; + } attach_edns_record(buff, &edns); } } @@ -2692,6 +2777,11 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, { struct serviced_query* sq = (struct serviced_query*)arg; struct comm_reply r2; +#ifdef USE_DNSTAP + struct waiting_tcp* w = (struct waiting_tcp*)sq->pending; + struct pending_tcp* pend_tcp = (struct pending_tcp*)w->next_waiting; + struct port_if* pi = pend_tcp->pi; +#endif sq->pending = NULL; /* removed after this callback */ if(error != NETEVENT_NOERROR) log_addr(VERB_QUERY, "tcp error for address", @@ -2700,12 +2790,19 @@ serviced_tcp_callback(struct comm_point* c, void* arg, int error, infra_update_tcp_works(sq->outnet->infra, &sq->addr, sq->addrlen, sq->zone, sq->zonelen); #ifdef USE_DNSTAP + /* + * sending src (local service)/dst (upstream) addresses over DNSTAP + */ if(error==NETEVENT_NOERROR && sq->outnet->dtenv && (sq->outnet->dtenv->log_resolver_response_messages || - sq->outnet->dtenv->log_forwarder_response_messages)) + sq->outnet->dtenv->log_forwarder_response_messages)) { + log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen); + log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen); dt_msg_send_outside_response(sq->outnet->dtenv, &sq->addr, - c->type, sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, - &sq->last_sent_time, sq->outnet->now_tv, c->buffer); + &pi->addr, c->type, sq->zone, sq->zonelen, sq->qbuf, + sq->qbuflen, &sq->last_sent_time, sq->outnet->now_tv, + c->buffer); + } #endif if(error==NETEVENT_NOERROR && sq->status == serviced_query_TCP_EDNS && (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer)) == @@ -2859,6 +2956,10 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, struct serviced_query* sq = (struct serviced_query*)arg; struct outside_network* outnet = sq->outnet; struct timeval now = *sq->outnet->now_tv; +#ifdef USE_DNSTAP + struct pending* p = (struct pending*)sq->pending; + struct port_if* pi = p->pc->pif; +#endif sq->pending = NULL; /* removed after callback */ if(error == NETEVENT_TIMEOUT) { @@ -2896,12 +2997,18 @@ serviced_udp_callback(struct comm_point* c, void* arg, int error, return 0; } #ifdef USE_DNSTAP + /* + * sending src (local service)/dst (upstream) addresses over DNSTAP + */ if(error == NETEVENT_NOERROR && outnet->dtenv && (outnet->dtenv->log_resolver_response_messages || - outnet->dtenv->log_forwarder_response_messages)) - dt_msg_send_outside_response(outnet->dtenv, &sq->addr, c->type, - sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, - &sq->last_sent_time, sq->outnet->now_tv, c->buffer); + outnet->dtenv->log_forwarder_response_messages)) { + log_addr(VERB_ALGO, "response from upstream", &sq->addr, sq->addrlen); + log_addr(VERB_ALGO, "to local addr", &pi->addr, pi->addrlen); + dt_msg_send_outside_response(outnet->dtenv, &sq->addr, &pi->addr, c->type, + sq->zone, sq->zonelen, sq->qbuf, sq->qbuflen, + &sq->last_sent_time, sq->outnet->now_tv, c->buffer); + } #endif if( (sq->status == serviced_query_UDP_EDNS ||sq->status == serviced_query_UDP_EDNS_FRAG) @@ -3026,7 +3133,9 @@ outnet_serviced_query(struct outside_network* outnet, sq = serviced_create(outnet, buff, dnssec, want_dnssec, nocaps, tcp_upstream, ssl_upstream, tls_auth_name, addr, addrlen, zone, zonelen, (int)qinfo->qtype, - qstate->edns_opts_back_out); + qstate->edns_opts_back_out, + ( ssl_upstream && env->cfg->pad_queries + ? env->cfg->pad_queries_block_size : 0 )); if(!sq) { free(cb); return NULL; @@ -3173,7 +3282,7 @@ outnet_comm_point_for_udp(struct outside_network* outnet, return NULL; } cp = comm_point_create_udp(outnet->base, fd, outnet->udp_buff, - cb, cb_arg); + cb, cb_arg, NULL); if(!cp) { log_err("malloc failure"); close(fd); diff --git a/services/outside_network.h b/services/outside_network.h index 2fe97fa6c..233588d40 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -344,6 +344,8 @@ struct pending { struct pending_tcp { /** next in list of free tcp comm points, or NULL. */ struct pending_tcp* next_free; + /** port for of the outgoing interface that is used */ + struct port_if* pi; /** tcp comm point it was sent on (and reply must come back on). */ struct comm_point* c; /** the query being serviced, NULL if the pending_tcp is unused. */ @@ -408,6 +410,10 @@ struct waiting_tcp { char* tls_auth_name; /** the packet was involved in an error, to stop looping errors */ int error_count; +#ifdef USE_DNSTAP + /** serviced query pointer for dnstap to get logging info, if nonNULL*/ + struct serviced_query* sq; +#endif }; /** @@ -502,6 +508,8 @@ struct serviced_query { struct service_callback* cblist; /** the UDP or TCP query that is pending, see status which */ void* pending; + /** block size with which to pad encrypted queries (default: 128) */ + size_t padding_block_size; }; /** diff --git a/services/rpz.c b/services/rpz.c index 00f3b5a3d..cf2c10191 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -166,6 +166,7 @@ rpz_rr_to_action(uint16_t rr_type, uint8_t* rdatawl, size_t rdatalen) case LDNS_RR_TYPE_RRSIG: case LDNS_RR_TYPE_NSEC: case LDNS_RR_TYPE_NSEC3: + case LDNS_RR_TYPE_NSEC3PARAM: return RPZ_INVALID_ACTION; case LDNS_RR_TYPE_CNAME: break; @@ -566,9 +567,26 @@ rpz_insert_local_zones_trigger(struct local_zones* lz, uint8_t* dname, struct local_zone* z; enum localzone_type tp = local_zone_always_transparent; int dnamelabs = dname_count_labels(dname); - int newzone = 0; + if(a == RPZ_TCP_ONLY_ACTION || a == RPZ_INVALID_ACTION) { + char str[255+1]; + if(rrtype == LDNS_RR_TYPE_SOA || rrtype == LDNS_RR_TYPE_NS || + rrtype == LDNS_RR_TYPE_DNAME || + rrtype == LDNS_RR_TYPE_DNSKEY || + rrtype == LDNS_RR_TYPE_RRSIG || + rrtype == LDNS_RR_TYPE_NSEC || + rrtype == LDNS_RR_TYPE_NSEC3PARAM || + rrtype == LDNS_RR_TYPE_NSEC3 || + rrtype == LDNS_RR_TYPE_DS) + return; /* no need to log these types as unsupported */ + dname_str(dname, str); + verbose(VERB_ALGO, "RPZ: qname trigger, %s skipping unsupported action: %s", + str, rpz_action_to_string(a)); + free(dname); + return; + } + lock_rw_wrlock(&lz->lock); /* exact match */ z = local_zones_find(lz, dname, dnamelen, dnamelabs, LDNS_RR_CLASS_IN); @@ -686,6 +704,14 @@ rpz_insert_ipaddr_based_trigger(struct respip_set* set, struct sockaddr_storage* enum respip_action respa = rpz_action_to_respip_action(a); lock_rw_wrlock(&set->lock); + if(a == RPZ_TCP_ONLY_ACTION || a == RPZ_INVALID_ACTION || + respa == respip_invalid) { + char str[255+1]; + dname_str(dname, str); + verbose(VERB_ALGO, "RPZ: respip trigger, %s skipping unsupported action: %s", + str, rpz_action_to_string(a)); + return 0; + } rrstr = sldns_wire2str_rr(rr, rr_len); if(rrstr == NULL) { @@ -1022,7 +1048,8 @@ rpz_find_zone(struct local_zones* zones, uint8_t* qname, size_t qname_len, uint1 int only_exact, int wr, int zones_keep_lock) { uint8_t* ce; - size_t ce_len, ce_labs; + size_t ce_len; + int ce_labs; uint8_t wc[LDNS_MAX_DOMAINLEN+1]; int exact; struct local_zone* z = NULL; @@ -1056,7 +1083,7 @@ rpz_find_zone(struct local_zones* zones, uint8_t* qname, size_t qname_len, uint1 * zone match, append '*' to that and do another lookup. */ ce = dname_get_shared_topdomain(z->name, qname); - if(!ce /* should not happen */ || !*ce /* root */) { + if(!ce /* should not happen */) { lock_rw_unlock(&z->lock); if(zones_keep_lock) { lock_rw_unlock(&zones->lock); diff --git a/sldns/parse.h b/sldns/parse.h index 44236bfd4..fa8f51a92 100644 --- a/sldns/parse.h +++ b/sldns/parse.h @@ -153,7 +153,6 @@ int sldns_bgetc(struct sldns_buffer *buffer); * the position to the first character that is not in *s. * \param[in] *buffer buffer to use * \param[in] *s characters to skip - * \return void */ void sldns_bskipcs(struct sldns_buffer *buffer, const char *s); @@ -162,7 +161,6 @@ void sldns_bskipcs(struct sldns_buffer *buffer, const char *s); * the position to the first character that is not in *s. * \param[in] *fp file to use * \param[in] *s characters to skip - * \return void */ void sldns_fskipcs(FILE *fp, const char *s); @@ -173,7 +171,6 @@ void sldns_fskipcs(FILE *fp, const char *s); * \param[in] *fp file to use * \param[in] *s characters to skip * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return void */ void sldns_fskipcs_l(FILE *fp, const char *s, int *line_nr); diff --git a/sldns/rrdef.c b/sldns/rrdef.c index 0af015f4b..54051313a 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -150,6 +150,9 @@ static const sldns_rdf_type type_openpgpkey_wireformat[] = { static const sldns_rdf_type type_csync_wireformat[] = { LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC }; +static const sldns_rdf_type type_zonemd_wireformat[] = { + LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX +}; /* nsec3 is some vars, followed by same type of data of nsec */ static const sldns_rdf_type type_nsec3_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ @@ -372,7 +375,8 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 62 */ {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{(enum sldns_enum_rr_type)0, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 63 */ + {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, diff --git a/sldns/rrdef.h b/sldns/rrdef.h index e084f354a..ece632c3c 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -195,6 +195,7 @@ enum sldns_enum_rr_type LDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */ LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest-12 */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ diff --git a/sldns/sbuffer.h b/sldns/sbuffer.h index 5dbe988cd..1b7fe370c 100644 --- a/sldns/sbuffer.h +++ b/sldns/sbuffer.h @@ -202,7 +202,6 @@ INLINE void sldns_buffer_clear(sldns_buffer *buffer) * the position is set to 0. * * \param[in] buffer the buffer to flip - * \return void */ INLINE void sldns_buffer_flip(sldns_buffer *buffer) { @@ -732,7 +731,6 @@ int sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) /** * frees the buffer. * \param[in] *buffer the buffer to be freed - * \return void */ void sldns_buffer_free(sldns_buffer *buffer); diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 977cda28a..70eec6dab 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -1491,13 +1491,17 @@ static int loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e) { uint32_t meters = 0, cm = 0, val; + char* cm_endstr; while (isblank((unsigned char)*my_str)) { my_str++; } meters = (uint32_t)strtol(my_str, &my_str, 10); if (*my_str == '.') { my_str++; - cm = (uint32_t)strtol(my_str, &my_str, 10); + cm = (uint32_t)strtol(my_str, &cm_endstr, 10); + if(cm_endstr == my_str + 1) + cm *= 10; + my_str = cm_endstr; } if (meters >= 1) { *e = 2; diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index a30523c76..3e6fc6e6f 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -155,6 +155,36 @@ char* wsa_strerror(int err); #endif +static const char ICANN_UPDATE_CA[] = + /* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" + "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" + "BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" + "DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" + "IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" + "MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" + "cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" + "G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" + "ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" + "paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" + "MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" + "iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" + "Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" + "DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" + "6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" + "2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" + "15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" + "0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" + "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" + "-----END CERTIFICATE-----\n"; + +static const char DS_TRUST_ANCHOR[] = + /* The anchors must start on a new line with ". IN DS and end with \n"[;] + * because the makedist script greps on the source here */ + /* anchor 20326 is from 2017 */ +". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; + /** verbosity for this application */ static int verb = 0; @@ -213,48 +243,21 @@ usage(void) static const char* get_builtin_cert(void) { - return -/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */ -"-----BEGIN CERTIFICATE-----\n" -"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n" -"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n" -"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n" -"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n" -"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n" -"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n" -"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n" -"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n" -"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n" -"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n" -"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n" -"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n" -"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n" -"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n" -"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n" -"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n" -"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n" -"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n" -"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n" -"-----END CERTIFICATE-----\n" - ; + return ICANN_UPDATE_CA; } /** return the built in root DS trust anchor */ static const char* get_builtin_ds(void) { - return -/* The anchors must start on a new line with ". IN DS and end with \n"[;] - * because the makedist script greps on the source here */ -/* anchor 20326 is from 2017 */ -". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D\n"; + return DS_TRUST_ANCHOR; } /** print hex data */ static void -print_data(const char* msg, const char* data, int len) +print_data(const char* msg, const char* data, size_t len) { - int i; + size_t i; printf("%s: ", msg); for(i=0; i= 4) print_data("read data", data, (int)len); + if(verb >= 4) print_data("read data", data, len); m = BIO_new(BIO_s_mem()); if(!m) { if(verb) printf("out of memory\n"); diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index b1b7ae7ef..34a1f5bb4 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -851,7 +851,7 @@ check_auth(struct config_file* cfg) { int is_rpz = 0; struct auth_zones* az = auth_zones_create(); - if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz)) { + if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) { fatal_exit("Could not setup authority zones"); } auth_zones_delete(az); diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index d58f1b2f9..5a6f0c560 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -63,6 +63,7 @@ #include "sldns/wire2str.h" #include "sldns/pkthdr.h" #include "services/rpz.h" +#include "services/listen_dnsport.h" #ifdef HAVE_SYS_IPC_H #include "sys/ipc.h" @@ -583,10 +584,27 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) socklen_t addrlen; int addrfamily = 0, proto = IPPROTO_TCP; int fd, useport = 1; + char** rcif = NULL; + int num_rcif = 0; /* use svr or the first config entry */ if(!svr) { if(cfg->control_ifs.first) { - svr = cfg->control_ifs.first->str; + struct sockaddr_storage addr2; + socklen_t addrlen2; + if(extstrtoaddr(cfg->control_ifs.first->str, &addr2, + &addrlen2)) { + svr = cfg->control_ifs.first->str; + } else { + if(!resolve_interface_names(NULL, 0, + cfg->control_ifs.first, &rcif, + &num_rcif)) { + fatal_exit("could not resolve interface names"); + } + if(rcif == NULL || num_rcif == 0) { + fatal_exit("no control interfaces"); + } + svr = rcif[0]; + } } else if(cfg->do_ip4) { svr = "127.0.0.1"; } else { @@ -697,6 +715,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) break; } fd_set_block(fd); + config_del_strarray(rcif, num_rcif); return fd; } diff --git a/testcode/fake_event.c b/testcode/fake_event.c index 5164332c0..3ff933928 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -1229,6 +1229,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, edns.bits = 0; if(dnssec) edns.bits = EDNS_DO; + edns.padding_block_size = 0; if((client_string_addr = edns_string_addr_lookup( &env->edns_strings->client_strings, addr, addrlen))) { @@ -1305,8 +1306,9 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) log_info("double delete of pending serviced query"); } -int resolve_interface_names(struct config_file* ATTR_UNUSED(cfg), - char*** ATTR_UNUSED(resif), int* ATTR_UNUSED(num_resif)) +int resolve_interface_names(char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs), + struct config_strlist* ATTR_UNUSED(list), char*** ATTR_UNUSED(resif), + int* ATTR_UNUSED(num_resif)) { return 1; } @@ -1628,7 +1630,8 @@ int create_udp_sock(int ATTR_UNUSED(family), int ATTR_UNUSED(socktype), struct comm_point* comm_point_create_udp(struct comm_base *ATTR_UNUSED(base), int ATTR_UNUSED(fd), sldns_buffer* ATTR_UNUSED(buffer), comm_point_callback_type* ATTR_UNUSED(callback), - void* ATTR_UNUSED(callback_arg)) + void* ATTR_UNUSED(callback_arg), + struct unbound_socket* ATTR_UNUSED(socket)) { log_assert(0); return NULL; diff --git a/testcode/unitauth.c b/testcode/unitauth.c index 4b3410c9e..184573ab6 100644 --- a/testcode/unitauth.c +++ b/testcode/unitauth.c @@ -517,8 +517,8 @@ del_tmp_file(char* fname) } /** Add zone from file for testing */ -static struct auth_zone* -addzone(struct auth_zones* az, const char* name, char* fname) +struct auth_zone* +authtest_addzone(struct auth_zones* az, const char* name, char* fname) { struct auth_zone* z; size_t nmlen; @@ -593,7 +593,7 @@ check_read_exact(const char* name, const char* zone) az = auth_zones_create(); unit_assert(az); - z = addzone(az, name, fname); + z = authtest_addzone(az, name, fname); unit_assert(z); outf = create_tmp_file(NULL); if(!auth_zone_write_file(z, outf)) { @@ -844,7 +844,7 @@ check_queries(const char* name, const char* zone, struct q_ans* queries) fname = create_tmp_file(zone); az = auth_zones_create(); if(!az) fatal_exit("out of memory"); - z = addzone(az, name, fname); + z = authtest_addzone(az, name, fname); if(!z) fatal_exit("could not read zone for queries test"); del_tmp_file(fname); diff --git a/testcode/unitldns.c b/testcode/unitldns.c index 22c9ed945..6397f29db 100644 --- a/testcode/unitldns.c +++ b/testcode/unitldns.c @@ -47,7 +47,7 @@ #include "sldns/parseutil.h" /** verbose this unit test */ -static int vbmp = 0; +static int vbmp = 0; /** print buffer to hex into string */ static void diff --git a/testcode/unitmain.c b/testcode/unitmain.c index c61026f26..30562af11 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -952,6 +952,7 @@ main(int argc, char* argv[]) slabhash_test(); infra_test(); ldns_test(); + zonemd_test(); msgparse_test(); tcpid_test(); #ifdef CLIENT_SUBNET diff --git a/testcode/unitmain.h b/testcode/unitmain.h index e5c6109a2..66d1322f2 100644 --- a/testcode/unitmain.h +++ b/testcode/unitmain.h @@ -80,5 +80,7 @@ void ecs_test(void); void ldns_test(void); /** unit test for auth zone functions */ void authzone_test(void); +/** unit test for zonemd functions */ +void zonemd_test(void); #endif /* TESTCODE_UNITMAIN_H */ diff --git a/testcode/unitzonemd.c b/testcode/unitzonemd.c new file mode 100644 index 000000000..a8949a8c4 --- /dev/null +++ b/testcode/unitzonemd.c @@ -0,0 +1,501 @@ +/* + * testcode/unitzonemd.c - unit test for zonemd. + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/** + * \file + * Unit tests for ZONEMD functionality. + */ + +#include "config.h" +#include +#include "util/log.h" +#include "testcode/unitmain.h" +#include "sldns/str2wire.h" +#include "services/authzone.h" +#include "util/data/dname.h" +#include "util/regional.h" +#include "validator/val_anchor.h" + +/** Add zone from file for testing */ +struct auth_zone* authtest_addzone(struct auth_zones* az, const char* name, + char* fname); + +/** zonemd unit test, generate a zonemd digest and check if correct */ +static void zonemd_generate_test(const char* zname, char* zfile, + int scheme, int hashalgo, const char* digest) +{ + uint8_t zonemd_hash[512]; + size_t hashlen = 0; + char output[1024+1]; + size_t i; + struct auth_zones* az; + struct auth_zone* z; + int result; + struct regional* region = NULL; + struct sldns_buffer* buf = NULL; + char* reason = NULL; + char* digestdup; + + if(!zonemd_hashalgo_supported(hashalgo)) + return; /* cannot test unsupported algo */ + + /* setup environment */ + az = auth_zones_create(); + unit_assert(az); + region = regional_create(); + unit_assert(region); + buf = sldns_buffer_new(65535); + unit_assert(buf); + + /* read file */ + z = authtest_addzone(az, zname, zfile); + unit_assert(z); + + /* create zonemd digest */ + result = auth_zone_generate_zonemd_hash(z, scheme, hashalgo, + zonemd_hash, sizeof(zonemd_hash), &hashlen, region, buf, + &reason); + if(reason) printf("zonemd failure reason: %s\n", reason); + unit_assert(result); + + /* check digest */ + unit_assert(hashlen*2+1 <= sizeof(output)); + for(i=0; i>4]; + output[i*2+1] = hexl[zonemd_hash[i]&0xf]; + } + output[hashlen*2] = 0; + digestdup = strdup(digest); + unit_assert(digestdup); + for(i=0; i= VERB_ALGO) { + char zname[255+1]; + dname_str(z->name, zname); + printf("zonemd generated for %s in %s with " + "scheme=%d hashalgo=%d\n", zname, z->zonefile, + scheme, hashalgo); + printf("digest %s\n", output); + printf("wanted %s\n", digestdup); + } + unit_assert(strcmp(output, digestdup) == 0); + + /* delete environment */ + free(digestdup); + auth_zones_delete(az); + regional_destroy(region); + sldns_buffer_free(buf); + + if(verbosity >= VERB_ALGO) { + printf("\n"); + } +} + +/** loop over files and test generated zonemd digest */ +static void zonemd_generate_tests(void) +{ + unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_hash"); + zonemd_generate_test("example.org", "testdata/zonemd.example1.zone", + 1, 2, "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.1 */ + zonemd_generate_test("example", "testdata/zonemd.example_a1.zone", + 1, 1, "c68090d90a7aed716bc459f9340e3d7c1370d4d24b7e2fc3a1ddc0b9a87153b9a9713b3c9ae5cc27777f98b8e730044c"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.2 */ + zonemd_generate_test("example", "testdata/zonemd.example_a2.zone", + 1, 1, "31cefb03814f5062ad12fa951ba0ef5f8da6ae354a415767246f7dc932ceb1e742a2108f529db6a33a11c01493de358d"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.3 SHA384 digest */ + zonemd_generate_test("example", "testdata/zonemd.example_a3.zone", + 1, 1, "62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.3 SHA512 digest*/ + zonemd_generate_test("example", "testdata/zonemd.example_a3.zone", + 1, 2, "08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.4 */ + zonemd_generate_test("uri.arpa", "testdata/zonemd.example_a4.zone", + 1, 1, "1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fadc556439889a10eaf6f11d615900a4f996bd46279514e473"); + + /* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12 + * from section A.5 */ + zonemd_generate_test("root-servers.net", "testdata/zonemd.example_a5.zone", + 1, 1, "f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a978a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79"); +} + +/** test the zonemd check routine */ +static void zonemd_check_test(void) +{ + const char* zname = "example.org"; + char* zfile = "testdata/zonemd.example1.zone"; + int scheme = 1; + int hashalgo = 2; + const char* digest = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D481B7"; + const char* digestwrong = "20564D10F50A0CEBEC856C64032B7DFB53D3C449A421A5BC7A21F7627B4ACEA4DF29F2C6FE82ED9C23ADF6F4D420D5DD63EF6E6349D60FDAB910B65DF8D48100"; + uint8_t hash[512], hashwrong[512]; + size_t hashlen = 0, hashwronglen = 0; + struct auth_zones* az; + struct auth_zone* z; + int result; + struct regional* region = NULL; + struct sldns_buffer* buf = NULL; + char* reason = NULL; + + if(!zonemd_hashalgo_supported(hashalgo)) + return; /* cannot test unsupported algo */ + unit_show_func("services/authzone.c", "auth_zone_generate_zonemd_check"); + + /* setup environment */ + az = auth_zones_create(); + unit_assert(az); + region = regional_create(); + unit_assert(region); + buf = sldns_buffer_new(65535); + unit_assert(buf); + + /* read file */ + z = authtest_addzone(az, zname, zfile); + unit_assert(z); + hashlen = sizeof(hash); + if(sldns_str2wire_hex_buf(digest, hash, &hashlen) != 0) { + unit_assert(0); /* parse failure */ + } + hashwronglen = sizeof(hashwrong); + if(sldns_str2wire_hex_buf(digestwrong, hashwrong, &hashwronglen) != 0) { + unit_assert(0); /* parse failure */ + } + + /* check return values of the check routine */ + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hash, hashlen, region, buf, &reason); + unit_assert(result && reason == NULL); + result = auth_zone_generate_zonemd_check(z, 241, hashalgo, + hash, hashlen, region, buf, &reason); + unit_assert(!result && strcmp(reason, "unsupported scheme")==0); + result = auth_zone_generate_zonemd_check(z, scheme, 242, + hash, hashlen, region, buf, &reason); + unit_assert(!result && strcmp(reason, "unsupported algorithm")==0); + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hash, 2, region, buf, &reason); + unit_assert(!result && strcmp(reason, "digest length too small, less than 12")==0); + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hashwrong, hashwronglen, region, buf, &reason); + unit_assert(!result && strcmp(reason, "incorrect digest")==0); + result = auth_zone_generate_zonemd_check(z, scheme, hashalgo, + hashwrong, hashwronglen-3, region, buf, &reason); + unit_assert(!result && strcmp(reason, "incorrect digest length")==0); + + /* delete environment */ + auth_zones_delete(az); + regional_destroy(region); + sldns_buffer_free(buf); + + if(verbosity >= VERB_ALGO) { + printf("\n"); + } +} + +/** zonemd test verify */ +static void zonemd_verify_test(char* zname, char* zfile, char* tastr, + char* date_override, char* result_wanted) +{ + time_t now = 0; + struct module_stack mods; + struct module_env env; + char* result = NULL; + struct auth_zone* z; + + /* setup test harness */ + memset(&mods, 0, sizeof(mods)); + memset(&env, 0, sizeof(env)); + env.scratch = regional_create(); + if(!env.scratch) + fatal_exit("out of memory"); + env.scratch_buffer = sldns_buffer_new(65553); + if(!env.scratch_buffer) + fatal_exit("out of memory"); + env.cfg = config_create(); + if(!env.cfg) + fatal_exit("out of memory"); + env.now = &now; + env.cfg->val_date_override = cfg_convert_timeval(date_override); + if(!env.cfg->val_date_override) + fatal_exit("could not parse datetime %s", date_override); + if(env.cfg->module_conf) + free(env.cfg->module_conf); + env.cfg->module_conf = strdup("validator iterator"); + if(!env.cfg->module_conf) + fatal_exit("out of memory"); + if(tastr) { + if(!cfg_strlist_insert(&env.cfg->trust_anchor_list, + strdup(tastr))) + fatal_exit("out of memory"); + } + env.anchors = anchors_create(); + if(!env.anchors) + fatal_exit("out of memory"); + env.auth_zones = auth_zones_create(); + if(!env.auth_zones) + fatal_exit("out of memory"); + modstack_init(&mods); + if(!modstack_setup(&mods, env.cfg->module_conf, &env)) + fatal_exit("could not modstack_setup"); + env.mesh = mesh_create(&mods, &env); + if(!env.mesh) + fatal_exit("out of memory"); + + /* load data */ + z = authtest_addzone(env.auth_zones, zname, zfile); + if(!z) + fatal_exit("could not addzone %s %s", zname, zfile); + + /* test */ + lock_rw_wrlock(&z->lock); + auth_zone_verify_zonemd(z, &env, &mods, &result, 1, 0); + lock_rw_unlock(&z->lock); + if(verbosity >= VERB_ALGO) { + printf("auth zone %s: ZONEMD verification %s: %s\n", zname, + (strcmp(result, "ZONEMD verification successful")==0?"successful":"failed"), + result); + } + if(!result) + fatal_exit("out of memory"); + unit_assert(strcmp(result, result_wanted) == 0); + if(strcmp(result, "ZONEMD verification successful") == 0 || + strcmp(result, "DNSSEC verified nonexistence of ZONEMD") == 0 || + strcmp(result, "no ZONEMD present") == 0) { + lock_rw_rdlock(&z->lock); + unit_assert(!z->zone_expired); + lock_rw_unlock(&z->lock); + } else { + lock_rw_rdlock(&z->lock); + unit_assert(z->zone_expired); + lock_rw_unlock(&z->lock); + } + free(result); + + /* desetup test harness */ + mesh_delete(env.mesh); + modstack_desetup(&mods, &env); + auth_zones_delete(env.auth_zones); + anchors_delete(env.anchors); + config_delete(env.cfg); + regional_destroy(env.scratch); + sldns_buffer_free(env.scratch_buffer); + + if(verbosity >= VERB_ALGO) { + printf("\n"); + } +} + +/** zonemd test verify suite */ +static void zonemd_verify_tests(void) +{ + unit_show_func("services/authzone.c", "auth_zone_verify_zonemd"); + /* give trustanchor for unsigned zone, should fail */ + zonemd_verify_test("example.org", + "testdata/zonemd.example1.zone", + "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20180302005009", + "verify DNSKEY RRset with trust anchor failed: have trust anchor, but zone has no DNSKEY"); + /* unsigned zone without ZONEMD in it */ + zonemd_verify_test("example.org", + "testdata/zonemd.example1.zone", + NULL, + "20180302005009", + "no ZONEMD present"); + /* no trust anchor, so it succeeds for zone with a correct ZONEMD */ + zonemd_verify_test("example.com", + "testdata/zonemd.example2.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); + /* trust anchor for another zone, so it is indeterminate */ + zonemd_verify_test("example.com", + "testdata/zonemd.example2.zone", + "example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20180302005009", + "ZONEMD verification successful"); + + /* load a DNSSEC signed zone, but no trust anchor */ + /* this zonefile has an incorrect ZONEMD digest, with correct + * DNSSEC signature. */ + zonemd_verify_test("example.com", + "testdata/zonemd.example3.zone", + NULL, + "20180302005009", + "incorrect digest"); + /* load a DNSSEC zone with NSEC3, but no trust anchor */ + /* this zonefile has an incorrect ZONEMD digest, with correct + * DNSSEC signature. */ + zonemd_verify_test("example.com", + "testdata/zonemd.example4.zone", + NULL, + "20180302005009", + "incorrect digest"); + /* valid zonemd, in dnssec signed zone, no trust anchor*/ + /* this zonefile has a correct ZONEMD digest and + * correct DNSSEC signature */ + zonemd_verify_test("example.com", + "testdata/zonemd.example5.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); + /* valid zonemd, in dnssec NSEC3 zone, no trust anchor*/ + zonemd_verify_test("example.com", + "testdata/zonemd.example6.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); + + /* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */ + zonemd_verify_test("example.com", + "testdata/zonemd.example5.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "ZONEMD verification successful"); + /* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */ + zonemd_verify_test("example.com", + "testdata/zonemd.example6.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "ZONEMD verification successful"); + + /* load a DNSSEC NSEC zone without ZONEMD */ + zonemd_verify_test("example.com", + "testdata/zonemd.example7.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verified nonexistence of ZONEMD"); + /* load a DNSSEC NSEC3 zone without ZONEMD */ + zonemd_verify_test("example.com", + "testdata/zonemd.example8.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verified nonexistence of ZONEMD"); + + /* load DNSSEC zone but RRSIG on ZONEMD is wrong */ + zonemd_verify_test("example.com", + "testdata/zonemd.example9.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verify failed for ZONEMD RRset: signature crypto failed"); + /* load DNSSEC zone but RRSIG on SOA is wrong */ + zonemd_verify_test("example.com", + "testdata/zonemd.example10.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verify failed for SOA RRset: signature crypto failed"); + + /* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */ + zonemd_verify_test("example.com", + "testdata/zonemd.example11.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC NSEC bitmap says type ZONEMD exists"); + /* load DNSSEC zone without ZONEMD, but NSEC3 bitmap says it exists */ + zonemd_verify_test("example.com", + "testdata/zonemd.example12.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC NSEC3 bitmap says type ZONEMD exists"); + + /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC not okay */ + zonemd_verify_test("example.com", + "testdata/zonemd.example13.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verify failed for NSEC RRset: signature crypto failed"); + /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */ + zonemd_verify_test("example.com", + "testdata/zonemd.example14.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "DNSSEC verify failed for NSEC3 RRset: signature crypto failed"); + + /* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */ + zonemd_verify_test("example.com", + "testdata/zonemd.example15.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "verify DNSKEY RRset with trust anchor failed: signature crypto failed"); + /* load DNSSEC zone, but trust anchor mismatches DNSKEY */ + zonemd_verify_test("example.com", + "testdata/zonemd.example5.zone", + /* okay anchor is + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", */ + "example.com. IN DS 55566 8 2 0000000000111111222223333444444dfcf92595148022f2c2fd98e5deee90af", + "20201020135527", + "verify DNSKEY RRset with trust anchor failed: DS hash mismatches key"); + /* load DNSSEC zone, but trust anchor fails because the zone + * has expired signatures. We set the date for it */ + zonemd_verify_test("example.com", + "testdata/zonemd.example5.zone", + "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", + /* okay date: "20201020135527", */ + "20221020135527", + "verify DNSKEY RRset with trust anchor failed: signature expired"); + + /* duplicate zonemd with same scheme and algorithm */ + zonemd_verify_test("example.com", + "testdata/zonemd.example16.zone", + NULL, + "20180302005009", + "ZONEMD RRSet contains more than one RR with the same scheme and hash algorithm"); + /* different capitalisation of ns name and owner names, should + * be canonicalized. */ + zonemd_verify_test("example.com", + "testdata/zonemd.example17.zone", + NULL, + "20180302005009", + "ZONEMD verification successful"); +} + +/** zonemd unit tests */ +void zonemd_test(void) +{ + unit_show_feature("zonemd"); + zonemd_generate_tests(); + zonemd_check_test(); + zonemd_verify_tests(); +} diff --git a/testdata/auth_zonefile_dnssec.rpl b/testdata/auth_zonefile_dnssec.rpl index eb264ee8b..f58c52300 100644 --- a/testdata/auth_zonefile_dnssec.rpl +++ b/testdata/auth_zonefile_dnssec.rpl @@ -5,6 +5,7 @@ server: target-fetch-policy: "0 0 0 0 0" fake-sha1: yes trust-anchor-signaling: no + zonemd-permissive-mode: yes auth-zone: name: "example.com." diff --git a/testdata/auth_zonefile_down.rpl b/testdata/auth_zonefile_down.rpl index 09e7fd061..870ba9401 100644 --- a/testdata/auth_zonefile_down.rpl +++ b/testdata/auth_zonefile_down.rpl @@ -1,6 +1,13 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + ; Options for signed zone. The zone is partially copied from val_negcache_nxdomain.rpl + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + qname-minimisation: "no" + trust-anchor-signaling: no + aggressive-nsec: yes + zonemd-permissive-mode: yes auth-zone: name: "example.com." @@ -41,6 +48,50 @@ ns1 3600 IN A 1.2.3.4 ns2 3600 IN AAAA ::2 TEMPFILE_END +auth-zone: + name: "soa.high.com." + for-downstream: yes + for-upstream: no + zonefile: +TEMPFILE_NAME soa.high.com +TEMPFILE_CONTENTS soa.high.com +$ORIGIN high.com. +soa 500 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 200 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +TEMPFILE_END + +auth-zone: + name: "soa.low.com." + for-downstream: yes + for-upstream: no + zonefile: +TEMPFILE_NAME soa.low.com +TEMPFILE_CONTENTS soa.low.com +$ORIGIN low.com. +soa 200 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 500 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +TEMPFILE_END + +auth-zone: + name: "testzone.nlnetlabs.nl." + for-downstream: yes + for-upstream: no + zonefile: +TEMPFILE_NAME testzone.nlnetlabs.nl +TEMPFILE_CONTENTS testzone.nlnetlabs.nl +$ORIGIN testzone.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +TEMPFILE_END + stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. @@ -50,7 +101,7 @@ SCENARIO_BEGIN Test authority zone with zonefile for downstream responses ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 + ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -182,4 +233,109 @@ SECTION ANSWER www.example.com. IN A 1.2.3.4 ENTRY_END +; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nonexistent.soa.high.com. IN A +ENTRY_END +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +nonexistent.soa.high.com IN A +SECTION AUTHORITY +soa.high.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 +ENTRY_END +; check that the original SOA is also returned +STEP 32 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +soa.high.com. IN SOA +ENTRY_END +STEP 33 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NOERROR +SECTION QUESTION +soa.high.com. IN SOA +SECTION ANSWER +soa.high.com. 500 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 +ENTRY_END + +; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nonexistent.soa.low.com. IN A +ENTRY_END +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +nonexistent.soa.low.com. IN A +SECTION AUTHORITY +soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 +ENTRY_END +; check that the original SOA is also returned +STEP 42 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +soa.low.com. IN SOA +ENTRY_END +STEP 43 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NOERROR +SECTION QUESTION +soa.low.com. IN SOA +SECTION ANSWER +soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 +ENTRY_END + +; check SOA TTL to be minimum of the SOA.minimum and the SOA TTL for DNSSEC +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN A +ENTRY_END +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD DO RA AA NXDOMAIN +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN A +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +ENTRY_END +; check that the original SOA is also returned +STEP 52 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +testzone.nlnetlabs.nl. IN SOA +ENTRY_END +STEP 53 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD DO RA AA NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN SOA +SECTION ANSWER +testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + SCENARIO_END diff --git a/testdata/auth_zonemd_anchor.rpl b/testdata/auth_zonemd_anchor.rpl new file mode 100644 index 000000000..7e4257513 --- /dev/null +++ b/testdata/auth_zonemd_anchor.rpl @@ -0,0 +1,233 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_anchor_fail.rpl b/testdata/auth_zonemd_anchor_fail.rpl new file mode 100644 index 000000000..69492d5f8 --- /dev/null +++ b/testdata/auth_zonemd_anchor_fail.rpl @@ -0,0 +1,235 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + ; correct anchor + ; trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + ; wrong anchor + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deeaaaaa" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_chain.rpl b/testdata/auth_zonemd_chain.rpl new file mode 100644 index 000000000..b693f6c35 --- /dev/null +++ b/testdata/auth_zonemd_chain.rpl @@ -0,0 +1,233 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_chain_fail.rpl b/testdata/auth_zonemd_chain_fail.rpl new file mode 100644 index 000000000..d38367b9d --- /dev/null +++ b/testdata/auth_zonemd_chain_fail.rpl @@ -0,0 +1,235 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +; dnskey is wrong: +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+AAAAA ;{id = 55566 (zsk), size = 1024b} +; dnskey that was correct: +;example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile with failed chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_file.rpl b/testdata/auth_zonemd_file.rpl new file mode 100644 index 000000000..ffccd6779 --- /dev/null +++ b/testdata/auth_zonemd_file.rpl @@ -0,0 +1,182 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD from zonefile + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_file_fail.rpl b/testdata/auth_zonemd_file_fail.rpl new file mode 100644 index 000000000..4bfa81b80 --- /dev/null +++ b/testdata/auth_zonemd_file_fail.rpl @@ -0,0 +1,184 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; good zonemd +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong zonemd +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD failure from zonefile + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure.rpl b/testdata/auth_zonemd_insecure.rpl new file mode 100644 index 000000000..b48992b4d --- /dev/null +++ b/testdata/auth_zonemd_insecure.rpl @@ -0,0 +1,214 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure_absent.rpl b/testdata/auth_zonemd_insecure_absent.rpl new file mode 100644 index 000000000..4706ccb0a --- /dev/null +++ b/testdata/auth_zonemd_insecure_absent.rpl @@ -0,0 +1,216 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the missing ZONEMD record +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with absent ZONEMD that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. +; the ZONEMD is not there. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure_absent_reject.rpl b/testdata/auth_zonemd_insecure_absent_reject.rpl new file mode 100644 index 000000000..79225c936 --- /dev/null +++ b/testdata/auth_zonemd_insecure_absent_reject.rpl @@ -0,0 +1,217 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + zonemd-reject-absence: yes + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the missing ZONEMD record +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with reject-absence ZONEMD that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. +; the ZONEMD is not there. This is not allowed by the zonemd-reject-absence +; option in config, so it fails the zone. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_insecure_fail.rpl b/testdata/auth_zonemd_insecure_fail.rpl new file mode 100644 index 000000000..03bbdd64c --- /dev/null +++ b/testdata/auth_zonemd_insecure_fail.rpl @@ -0,0 +1,217 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; correct ZONEMD +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong ZONEMD +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD fail that is securely insecure +; the trust anchor finds an online delegation with an insecure DS referral. +; the ZONEMD is wrong, eg. the hash does not match the zone data. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION AUTHORITY +com. SOA a.gtld-servers.net. nstld.verisign-grs.com. 1603979208 1800 900 604800 86400 +com. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 com. LTUZ8PlkMLX+dBZLGcJcahrzOgf1PgYbi/s5VKyR9iyYKeP6qdxO5VehUVHdXfmUiXrsszvhAHzo4AZnfRbDkK6uTfMKCSIB1aXOU4A74LpjhJBsXjyo3CN3IK/dMS/FpJfAb6JnuQV1E3ytDd34yNsoBazEjYeoN1kymGAttbM= +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NSEC foo.com. NS RRSIG +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 com. KK6ci3DUnGJ9gaBBqS+71TiFBGcl51YLZAYGADDWuSgFOLLbh1nV//la08zE1i8ITQjjsqyRw7/MA8LWpPR3TnUjJLk6mBd/kB3dJ8BHWRqcyreFo6Pu383oCcXTpwkFcL4ulhp54LUxbA3arWVjWbx8815vvNKsEtWUyrz4LN8= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_nokey.rpl b/testdata/auth_zonemd_nokey.rpl new file mode 100644 index 000000000..57609337e --- /dev/null +++ b/testdata/auth_zonemd_nokey.rpl @@ -0,0 +1,211 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with ZONEMD that lacks a DNSKEY +; the zone has no DNSSEC, but the trust anchor requires it. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END + +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_permissive_mode.rpl b/testdata/auth_zonemd_permissive_mode.rpl new file mode 100644 index 000000000..0df0a2951 --- /dev/null +++ b/testdata/auth_zonemd_permissive_mode.rpl @@ -0,0 +1,186 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + zonemd-permissive-mode: yes + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; good zonemd +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong zonemd +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test zonemd permissive mode + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr.rpl b/testdata/auth_zonemd_xfr.rpl new file mode 100644 index 000000000..0a4d45f92 --- /dev/null +++ b/testdata/auth_zonemd_xfr.rpl @@ -0,0 +1,237 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +bar.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN A 127.0.0.1 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_anchor.rpl b/testdata/auth_zonemd_xfr_anchor.rpl new file mode 100644 index 000000000..682d51b47 --- /dev/null +++ b/testdata/auth_zonemd_xfr_anchor.rpl @@ -0,0 +1,284 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_anchor_fail.rpl b/testdata/auth_zonemd_xfr_anchor_fail.rpl new file mode 100644 index 000000000..2b2849546 --- /dev/null +++ b/testdata/auth_zonemd_xfr_anchor_fail.rpl @@ -0,0 +1,265 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "example.com. DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD fail with trust anchor + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. +bar.example.com. 3600 IN A 1.2.3.55 +; orig RR +;bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_chain.rpl b/testdata/auth_zonemd_xfr_chain.rpl new file mode 100644 index 000000000..9d1fdcf68 --- /dev/null +++ b/testdata/auth_zonemd_xfr_chain.rpl @@ -0,0 +1,309 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD with chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 127.0.0.1 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_chain_fail.rpl b/testdata/auth_zonemd_xfr_chain_fail.rpl new file mode 100644 index 000000000..8b3ad74f0 --- /dev/null +++ b/testdata/auth_zonemd_xfr_chain_fail.rpl @@ -0,0 +1,320 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + trust-anchor: "com. DS 1444 8 2 0d72034e3e18a9ef383c164b68302433bbde957616e10cf44575fea2abae469c" + trust-anchor-signaling: no + val-override-date: 20201020135527 + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with ZONEMD failure with chain of trust + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname qtype +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN DS +SECTION ANSWER +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af +example.com. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 com. BpV1M171SSkbdlGawwweJwQ0W+aNaCrgkt2QTsxCvbo1acR5i3AKm4REOUzo4I36lRx26mYkF9Topkeu0aFmov7P2uUhCxk4faFK7k87k97FAqZaDGp/K9b3YCfiwJBc5pJSUW0ndU/Ve5zAh/wL493RMSC7LwJr5JjV0NxydFk= +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +com. IN DNSKEY +SECTION ANSWER +com. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} +com. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 com. BEOMfWvi6RgnHaHsst+Ed265hBuCkgMR7gDpu89J7ZrVL6DzMKnNVFdgjl/9xwLj/pkukc7qeLSHjAfLlN0E4THW7PVshscQnjvXCkktG2Ejx9fTyllAqeGDh9z9QDGlQZIGTMgb9413qZhNqe2Tda9PTJRpiZ8b4bdQp6V1kVo= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +; this is the bad RR that causes the wrong zonemd. RRSIG is wrong too. +bar.example.com. 3600 IN A 1.2.3.55 +; orig RR +;bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY ZONEMD +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN ZONEMD 200154054 1 2 58F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +example.com. 3600 IN RRSIG ZONEMD 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +bar.example.com. 3600 IN A 1.2.3.55 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonemd_xfr_fail.rpl b/testdata/auth_zonemd_xfr_fail.rpl new file mode 100644 index 000000000..9fdf70889 --- /dev/null +++ b/testdata/auth_zonemd_xfr_fail.rpl @@ -0,0 +1,240 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR with failed ZONEMD + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; old zonemd +;example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; wrong zonemd +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D7AAAAA +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +FILE_END + +SCENARIO_END diff --git a/testdata/fwd_ancil.tdir/fwd_ancil.post b/testdata/fwd_ancil.tdir/fwd_ancil.post index a74ba856e..6578151af 100644 --- a/testdata/fwd_ancil.tdir/fwd_ancil.post +++ b/testdata/fwd_ancil.tdir/fwd_ancil.post @@ -14,5 +14,9 @@ fi kill_pid $FWD_PID if fgrep "service stopped" unbound.log; then exit 0 -fi +fi +if fgrep "disable interface-automatic" unbound.log; then + echo "skip test" + exit 0 +fi kill_pid $UNBOUND_PID diff --git a/testdata/localdata.rpl b/testdata/localdata.rpl index eb25ef573..047fbeeba 100644 --- a/testdata/localdata.rpl +++ b/testdata/localdata.rpl @@ -88,12 +88,12 @@ local. IN A ENTRY_END STEP 6 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION local. IN A SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; positive SOA @@ -104,7 +104,7 @@ local. IN SOA ENTRY_END STEP 8 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION local. IN SOA @@ -136,12 +136,12 @@ serv.local. IN MX ENTRY_END STEP 12 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION serv.local. IN MX SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; no such type, empty nonterminal @@ -152,12 +152,12 @@ bla.local. IN MX ENTRY_END STEP 14 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION bla.local. IN MX SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; nxdomain with SOA @@ -168,12 +168,12 @@ doing.local. IN MX ENTRY_END STEP 16 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA NXDOMAIN SECTION QUESTION doing.local. IN MX SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; nxdomain without SOA diff --git a/testdata/nsid_ascii.rpl b/testdata/nsid_ascii.rpl new file mode 100644 index 000000000..f357db5ae --- /dev/null +++ b/testdata/nsid_ascii.rpl @@ -0,0 +1,54 @@ +; config options +server: + nsid: "ascii_hopsa kidee" + +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 0b ; Length 11 + 68 6F 70 73 61 20 ; "hopsa " + 6B 69 64 65 65 ; "kidee" + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/nsid_hex.rpl b/testdata/nsid_hex.rpl new file mode 100644 index 000000000..0d5e8f40d --- /dev/null +++ b/testdata/nsid_hex.rpl @@ -0,0 +1,54 @@ +; config options +server: + nsid: "0123456789abcdef" + +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 08 ; Length 8 + 01 23 45 67 ; + 89 ab cd ef ; + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/nsid_not_set.rpl b/testdata/nsid_not_set.rpl new file mode 100644 index 000000000..06abe5985 --- /dev/null +++ b/testdata/nsid_not_set.rpl @@ -0,0 +1,47 @@ +; config options +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/padding.tdir/padding.conf b/testdata/padding.tdir/padding.conf new file mode 100644 index 000000000..c310d355d --- /dev/null +++ b/testdata/padding.tdir/padding.conf @@ -0,0 +1,27 @@ +server: + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + + tls-cert-bundle: "unbound_server.pem" + tls-upstream: yes + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@#unbound" + + diff --git a/testdata/padding.tdir/padding.conf2 b/testdata/padding.tdir/padding.conf2 new file mode 100644 index 000000000..98be8fec7 --- /dev/null +++ b/testdata/padding.tdir/padding.conf2 @@ -0,0 +1,47 @@ +# this is the upstream server that has pipelining and responds to queries. +server: + verbosity: 1 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound2.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tls-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + tcp-idle-timeout: 10000 + log-queries: yes + log-replies: yes + log-identity: "upstream" + +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT2@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" + +dnstap: + dnstap-enable: yes + dnstap-socket-path: "dnstap.socket" + dnstap-send-identity: yes + dnstap-send-version: yes + #dnstap-identity + #dnstap-version + dnstap-log-resolver-query-messages: no + dnstap-log-resolver-response-messages: no + dnstap-log-client-query-messages: yes + dnstap-log-client-response-messages: yes + dnstap-log-forwarder-query-messages: no + dnstap-log-forwarder-response-messages: no diff --git a/testdata/padding.tdir/padding.dsc b/testdata/padding.tdir/padding.dsc new file mode 100644 index 000000000..37aceb353 --- /dev/null +++ b/testdata/padding.tdir/padding.dsc @@ -0,0 +1,16 @@ +BaseName: padding +Version: 1.0 +Description: Test EDNS0 padding option (RFC7830 and RFC8467). +CreationDate: Sun Jan 24 16:41:42 CET 2021 +Maintainer: Willem Toorop +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: padding.pre +Post: padding.post +Test: padding.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/padding.tdir/padding.msgsizes b/testdata/padding.tdir/padding.msgsizes new file mode 100644 index 000000000..f0d4a496d --- /dev/null +++ b/testdata/padding.tdir/padding.msgsizes @@ -0,0 +1,20 @@ +;; MSG SIZE rcvd: 128 +;; MSG SIZE rcvd: 468 +;; MSG SIZE rcvd: 128 +;; MSG SIZE rcvd: 936 +;; MSG SIZE rcvd: 128 +;; MSG SIZE rcvd: 60 +;; MSG SIZE rcvd: 128 +;; MSG SIZE rcvd: 502 +;; MSG SIZE rcvd: 44 +;; MSG SIZE rcvd: 60 +;; MSG SIZE rcvd: 44 +;; MSG SIZE rcvd: 502 +;; MSG SIZE rcvd: 48 +;; MSG SIZE rcvd: 64 +;; MSG SIZE rcvd: 48 +;; MSG SIZE rcvd: 512 +;; MSG SIZE rcvd: 48 +;; MSG SIZE rcvd: 512 +;; MSG SIZE rcvd: 48 +;; MSG SIZE rcvd: 512 diff --git a/testdata/padding.tdir/padding.post b/testdata/padding.tdir/padding.post new file mode 100644 index 000000000..826798a8f --- /dev/null +++ b/testdata/padding.tdir/padding.post @@ -0,0 +1,23 @@ +# #-- padding.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +PRE="../.." +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $DNSTAP_SOCKET_PID +kill_pid $FWD_PID +kill_pid `cat unbound2.pid` +if test -f unbound2.log; then + echo ">>> upstream log" + cat unbound2.log +fi +#kill_pid $UNBOUND_PID +kill_pid `cat unbound.pid` +if test -f unbound.log; then + echo ">>> unbound log" + cat unbound.log +fi diff --git a/testdata/padding.tdir/padding.pre b/testdata/padding.tdir/padding.pre new file mode 100644 index 000000000..4a13d0229 --- /dev/null +++ b/testdata/padding.tdir/padding.pre @@ -0,0 +1,69 @@ +# #-- padding.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 5 +UNBOUND_PORT=$RND_PORT +UPSTREAM_PORT=$(($RND_PORT + 1)) +FWD_PORT=$(($RND_PORT + 2)) +CONTROL_PORT=$(($RND_PORT + 3)) +CONTROL_PORT2=$(($RND_PORT + 4)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test +echo "CONTROL_PORT2=$CONTROL_PORT2" >> .tpkg.var.test + +# start ldns-testnd +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT padding.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start the dnstap log server +# the -vvvv flag prints protocol and connection information from the +# unbound-dnstap-socket server. +# the -l flag prints the DNS info in the DNSTAP packet in multiline output. +# stderr is the '-vvvv' server logs and errors. +# stdout is the one-line packet logs (or with -l, multiline). +$PRE/unbound-dnstap-socket -u dnstap.socket -l -vvvv 2>tap.errlog >tap.log & +if test $? -ne 0; then + echo "could not start unbound-dnstap-socket server" + exit 1 +fi +DNSTAP_SOCKET_PID=$! +echo "DNSTAP_SOCKET_PID=$DNSTAP_SOCKET_PID" >> .tpkg.var.test +# wait for the server to go up and make the dnstap.socket file +wait_server_up "tap.errlog" "creating unix socket" +if test ! -S dnstap.socket; then + echo "the dnstap.socket file does not exist!" +fi + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < padding.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +#$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +# make upstream config file +sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT2\@/'$CONTROL_PORT2'/' < padding.conf2 > ub2.conf +# start upstream unbound in the background +$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 & +#$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log & +UPSTREAM_PID=$! +echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test + +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log +wait_unbound_up unbound2.log + +cat .tpkg.var.test + diff --git a/testdata/padding.tdir/padding.test b/testdata/padding.tdir/padding.test new file mode 100644 index 000000000..5111d8139 --- /dev/null +++ b/testdata/padding.tdir/padding.test @@ -0,0 +1,170 @@ +echo There we go... + +# #-- padding.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define USE_DNSTAP 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +echo "> query www.example.com. A" +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> wait for log to happen on timer" +sleep 3 +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "www.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "www.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> query txt.example.com. TXT" +dig @127.0.0.1 -p $UNBOUND_PORT txt.example.com. TXT | tee outfile +echo "> check answer" +if grep "Lorem ipsum" outfile; then + echo "OK" +else + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 1; fi +if grep "txt.example.com" tap.log >/dev/null; then :; else sleep 10; fi +if grep "txt.example.com" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "> flush cache entries." +$PRE/unbound-control -c ub.conf flush_type www.example.com A +$PRE/unbound-control -c ub.conf flush_type txt.example.com TXT +echo "> disable padding of responses." +$PRE/unbound-control -c ub2.conf set_option pad-responses: no +echo "> query www.example.com. A" +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile +echo "> query txt.example.com. TXT" +dig @127.0.0.1 -p $UNBOUND_PORT txt.example.com. TXT | tee outfile +echo "> flush cache entries." +$PRE/unbound-control -c ub.conf flush_type www.example.com A +$PRE/unbound-control -c ub.conf flush_type txt.example.com TXT +echo "> enable padding of responses." +$PRE/unbound-control -c ub2.conf set_option pad-responses: yes +echo "> set pad responses block size to 64" +$PRE/unbound-control -c ub2.conf set_option pad-responses-block-size: 64 +echo "> disable padding of queries." +$PRE/unbound-control -c ub.conf set_option pad-queries: no +echo "> query www.example.com. A" +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile +echo "> query txt.example.com. TXT" +dig @127.0.0.1 -p $UNBOUND_PORT txt.example.com. TXT | tee outfile +echo "> flush cache entries." +$PRE/unbound-control -c ub.conf flush_type www.example.com A +$PRE/unbound-control -c ub.conf flush_type txt.example.com TXT +echo "> enable padding of queries." +$PRE/unbound-control -c ub.conf set_option pad-queries: yes +echo "> set pad queries block size to 48" +$PRE/unbound-control -c ub.conf set_option pad-queries-block-size: 48 +echo "> query www.example.com. A" +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile +echo "> query txt.example.com. TXT" +dig @127.0.0.1 -p $UNBOUND_PORT txt.example.com. TXT | tee outfile +echo "> flush cache entries." +$PRE/unbound-control -c ub.conf flush_type www.example.com A +$PRE/unbound-control -c ub.conf flush_type txt.example.com TXT +echo "> set pad responses block size to 512" +$PRE/unbound-control -c ub2.conf set_option pad-responses-block-size: 512 +echo "> query www.example.com. A" +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile +echo "> query fin.example.com. TXT" +dig @127.0.0.1 -p $UNBOUND_PORT fin.example.com. TXT | tee outfile +echo "> check tap.log for dnstap info" +# see if it logged the information in tap.log +# wait for a moment for filesystem to catch up. +if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi +if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi +if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi +if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi +if grep "fini" tap.log >/dev/null; then :; else sleep 1; fi +if grep "fini" tap.log >/dev/null; then :; else sleep 10; fi +if grep "fini" tap.log; then echo "yes it is in tap.log"; +else + echo "information not in tap.log" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +grep '^;; MSG SIZE rcvd: ' tap.log > message.sizes + +if diff message.sizes padding.msgsizes +then + echo "OK - Message sizes matched expected sizes" + exit 0 +else + echo "unexpected message sizes" + echo "failed" + echo "> cat logfiles" + cat tap.log + cat tap.errlog + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi diff --git a/testdata/padding.tdir/padding.testns b/testdata/padding.tdir/padding.testns new file mode 100644 index 000000000..bd3718ff6 --- /dev/null +++ b/testdata/padding.tdir/padding.testns @@ -0,0 +1,34 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +txt IN TXT +SECTION ANSWER +txt IN TXT "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua." "Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat." "Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur." "Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum." +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +fin IN TXT +SECTION ANSWER +fin IN TXT "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua." "Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat." "Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur." "Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum." "fini" +ENTRY_END + diff --git a/testdata/padding.tdir/unbound_control.key b/testdata/padding.tdir/unbound_control.key new file mode 100644 index 000000000..753a4ef61 --- /dev/null +++ b/testdata/padding.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/padding.tdir/unbound_control.pem b/testdata/padding.tdir/unbound_control.pem new file mode 100644 index 000000000..a1edf7017 --- /dev/null +++ b/testdata/padding.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/padding.tdir/unbound_server.key b/testdata/padding.tdir/unbound_server.key new file mode 100644 index 000000000..370a7bbb2 --- /dev/null +++ b/testdata/padding.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/padding.tdir/unbound_server.pem b/testdata/padding.tdir/unbound_server.pem new file mode 100644 index 000000000..986807310 --- /dev/null +++ b/testdata/padding.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/rpz_rootwc.rpl b/testdata/rpz_rootwc.rpl new file mode 100644 index 000000000..1fb94a143 --- /dev/null +++ b/testdata/rpz_rootwc.rpl @@ -0,0 +1,162 @@ +; config options +server: + module-config: "respip validator iterator" + target-fetch-policy: "0 0 0 0 0" + qname-minimisation: no + +rpz: + name: "rpz.example.com." + zonefile: +TEMPFILE_NAME rpz.example.com +TEMPFILE_CONTENTS rpz.example.com +$ORIGIN example.com. +rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz.example.com. +a CNAME . +a CNAME *. ; duplicate CNAME here on purpose +*.a TXT "wildcard local data" +* CNAME . +b.a CNAME *. +c.a CNAME rpz-passthru. +TEMPFILE_END + +rpz: + name: "rpz2.example.com." + zonefile: +TEMPFILE_NAME rpz2.example.com +TEMPFILE_CONTENTS rpz2.example.com +$ORIGIN example.com. +rpz2 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.rpz.example.com. + 3600 IN NS ns2.rpz.example.com. +$ORIGIN rpz2.example.com. +a TXT "local data 2nd zone" +d TXT "local data 2nd zone" +e CNAME *.a.example. +*.e CNAME *.b.example. +drop CNAME rpz-drop. +TEMPFILE_END + +stub-zone: + name: "a." + stub-addr: 10.20.30.40 +stub-zone: + name: "example." + stub-addr: 10.20.30.50 +CONFIG_END + +SCENARIO_BEGIN Test RPZ QNAME trigger for root wildcard. + +; a. +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.40 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +a. IN NS +SECTION ANSWER +a. IN NS ns.a. +SECTION ADDITIONAL +ns.a IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +c.a. IN TXT +SECTION ANSWER +c.a. IN TXT "answer from upstream ns" +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +x.b.a. IN TXT +SECTION ANSWER +x.b.a. IN TXT "answer from upstream ns" +ENTRY_END + +RANGE_END + +; example. +RANGE_BEGIN 0 100 + ADDRESS 10.20.30.50 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN NS +SECTION ANSWER +example. IN NS ns.example. +SECTION ADDITIONAL +ns.example IN A 10.20.30.50 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +e.a.example. IN TXT +SECTION ANSWER +e.a.example. IN TXT "e.a.example. answer from upstream ns" +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +something.e.b.example. IN TXT +SECTION ANSWER +something.e.b.example. IN TXT "*.b.example. answer from upstream ns" +ENTRY_END + +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +x. IN TXT +ENTRY_END + +; wildcard deny all +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +x. IN TXT +SECTION ANSWER +ENTRY_END + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +y.tld. IN TXT +ENTRY_END + +; wildcard deny all +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +y.tld. IN TXT +SECTION ANSWER +ENTRY_END + +SCENARIO_END diff --git a/testdata/serve_original_ttl.rpl b/testdata/serve_original_ttl.rpl new file mode 100644 index 000000000..630fb39a4 --- /dev/null +++ b/testdata/serve_original_ttl.rpl @@ -0,0 +1,136 @@ +; config options +server: + access-control: 127.0.0.1 allow_snoop + module-config: "validator iterator" + qname-minimisation: "no" + minimal-responses: no + serve-original-ttl: yes + cache-max-ttl: 1000 + cache-min-ttl: 20 + serve-expired: yes + serve-expired-reply-ttl: 123 + +stub-zone: + name: "example.com" + stub-addr: 1.2.3.4 +CONFIG_END + +SCENARIO_BEGIN Test serve-original-ttl +; Scenario overview: +; - query for example.com. IN A +; - check that we get an answer for example.com. IN A with the correct TTL +; - query again after a couple seconds and check that we get the original TTL +; (next steps are combination with serve-expired) +; - query again after the TTL expired +; - check that we get the expired cached answer with the original TTL + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN NS + SECTION ANSWER + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END + + ENTRY_BEGIN + MATCH opcode qtype qname + ADJUST copy_id + REPLY QR NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 + ENTRY_END +RANGE_END + +; Query with RD flag +STEP 1 QUERY +ENTRY_BEGIN + REPLY RD + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the correct answer (should be cached) +STEP 10 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RD RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 IN A 5.6.7.8 + SECTION AUTHORITY + example.com. IN NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. IN A 1.2.3.4 +ENTRY_END + +; Wait a couple of seconds (< 10) +STEP 11 TIME_PASSES ELAPSE 5 + +; Query again +STEP 20 QUERY +ENTRY_BEGIN + REPLY + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got the cached answer with the original TTL +; (Passively checks that minimum and maximum TTLs are ignored) +STEP 30 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 A 5.6.7.8 + SECTION AUTHORITY + example.com. 3600 NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. 3600 A 1.2.3.4 +ENTRY_END + +; Wait for the TTL to expire +STEP 31 TIME_PASSES ELAPSE 3601 + +; Query again +STEP 40 QUERY +ENTRY_BEGIN + REPLY + SECTION QUESTION + example.com. IN A +ENTRY_END + +; Check that we got a stale answer with the original TTL +STEP 50 CHECK_ANSWER +ENTRY_BEGIN + MATCH all ttl + REPLY QR RA NOERROR + SECTION QUESTION + example.com. IN A + SECTION ANSWER + example.com. 10 A 5.6.7.8 + SECTION AUTHORITY + example.com. NS ns.example.com. + SECTION ADDITIONAL + ns.example.com. A 1.2.3.4 +ENTRY_END + +; Give time for the pending query to get answered +STEP 51 TRAFFIC + +SCENARIO_END diff --git a/testdata/test_ldnsrr.5 b/testdata/test_ldnsrr.5 index d5f4650a7..c6e7ea2ba 100644 --- a/testdata/test_ldnsrr.5 +++ b/testdata/test_ldnsrr.5 @@ -151,3 +151,24 @@ blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585012 300 16 k9mSMs2t5vq5FV2D blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4uRCjyQ== 25791 0 0 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0 + +; Test for ZONEMD +example.org. 86400 IN ZONEMD 5 1 2 c1b8eddf4ef128db88125ede9008d6ff0b33a047b8a8a4d77b00271f7d8e7ae5ccd6c86d8398f64f0de0615bf3121ffba6946a3cd5f32acbc4e8d0649b4a78e6 +; from draft-ietf-dnsop-dns-zone-digest-12#section-2.4 +example.com. 86400 IN ZONEMD 2018031500 1 1 ( FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE 7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.1 +example. 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.2 +example. 86400 IN ZONEMD 2018031900 1 1 ( 31cefb03814f5062 ad12fa951ba0ef5f 8da6ae354a415767 246f7dc932ceb1e7 42a2108f529db6a3 3a11c01493de358d ) +non-apex.example. 900 IN ZONEMD 2018031900 1 1 ( 616c6c6f77656420 6275742069676e6f 7265642e20616c6c 6f77656420627574 2069676e6f726564 2e20616c6c6f7765 ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.3 +example. 86400 IN ZONEMD 2018031900 1 1 ( 62e6cf51b02e54b9 b5f967d547ce4313 6792901f9f88e637 493daaf401c92c27 9dd10f0edb1c56f8 080211f8480ee306 ) +example. 86400 IN ZONEMD 2018031900 1 2 ( 08cfa1115c7b948c 4163a901270395ea 226a930cd2cbcf2f a9a5e6eb85f37c8a 4e114d884e66f176 eab121cb02db7d65 2e0cc4827e7a3204 f166b47e5613fd27 ) +example. 86400 IN ZONEMD 2018031900 1 240 ( e2d523f654b9422a 96c5a8f44607bbee ) +example. 86400 IN ZONEMD 2018031900 241 1 ( e1846540e33a9e41 89792d18d5d131f6 05fc283e ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.4 +uri.arpa. 3600 IN ZONEMD 2018100702 1 1 ( 1291b78ddf7669b1a39d014d87626b709b55774c5d7d58fa dc556439889a10eaf6f11d615900a4f996bd46279514e473 ) +; from draft-ietf-dnsop-dns-zone-digest-12#section-A.5 +root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 ) +; from ldns issue #121, 0.10m was parsed as 0.01m. +foo. 12345 IN LOC 12 45 52.333 N 105 40 33.452 W -24m 0.1m 0.1m 0.1m diff --git a/testdata/test_ldnsrr.c5 b/testdata/test_ldnsrr.c5 index 1e292ba64..f30aa0b73 100644 --- a/testdata/test_ldnsrr.c5 +++ b/testdata/test_ldnsrr.c5 @@ -188,3 +188,27 @@ blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480523776 300 16 sBfx00GRs+tfRTm4u blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585449 300 0 59692 BADSIG 0 06626C61626C610000FA00FF00000000003A08686D61632D6D6435077369672D616C670372656703696E74000000583FF0F6012C0010EB0BE51BCDAC1151F2AAC4ED04BBD14365BC00000000 blabla. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1480585462 300 16 6wvlG82sEVHyqsTtBLvRQw== 26044 NOERROR 0 +076578616D706C65036F726700003F0001000151800046000000050102C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6 +example.org. 86400 IN ZONEMD 5 1 2 C1B8EDDF4EF128DB88125EDE9008D6FF0B33A047B8A8A4D77B00271F7D8E7AE5CCD6C86D8398F64F0DE0615BF3121FFBA6946A3CD5F32ACBC4E8D0649B4A78E6 +076578616D706C6503636F6D00003F00010001518000367848B78C0101FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE +example.com. 86400 IN ZONEMD 2018031500 1 1 FEBE3D4CE2EC2FFA4BA99D46CD69D6D29711E55217057BEE7EB1A7B641A47BA7FED2DD5B97AE499FAFA4F22C6BD647DE +076578616D706C6500003F00010001518000367848B91C0101C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C +example. 86400 IN ZONEMD 2018031900 1 1 C68090D90A7AED716BC459F9340E3D7C1370D4D24B7E2FC3A1DDC0B9A87153B9A9713B3C9AE5CC27777F98B8E730044C +076578616D706C6500003F00010001518000367848B91C010131CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D +example. 86400 IN ZONEMD 2018031900 1 1 31CEFB03814F5062AD12FA951BA0EF5F8DA6AE354A415767246F7DC932CEB1E742A2108F529DB6A33A11C01493DE358D +086E6F6E2D61706578076578616D706C6500003F00010000038400367848B91C0101616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765 +non-apex.example. 900 IN ZONEMD 2018031900 1 1 616C6C6F776564206275742069676E6F7265642E20616C6C6F776564206275742069676E6F7265642E20616C6C6F7765 +076578616D706C6500003F00010001518000367848B91C010162E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306 +example. 86400 IN ZONEMD 2018031900 1 1 62E6CF51B02E54B9B5F967D547CE43136792901F9F88E637493DAAF401C92C279DD10F0EDB1C56F8080211F8480EE306 +076578616D706C6500003F00010001518000467848B91C010208CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27 +example. 86400 IN ZONEMD 2018031900 1 2 08CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204F166B47E5613FD27 +076578616D706C6500003F00010001518000167848B91C01F0E2D523F654B9422A96C5A8F44607BBEE +example. 86400 IN ZONEMD 2018031900 1 240 E2D523F654B9422A96C5A8F44607BBEE +076578616D706C6500003F000100015180001A7848B91CF101E1846540E33A9E4189792D18D5D131F605FC283E +example. 86400 IN ZONEMD 2018031900 241 1 E1846540E33A9E4189792D18D5D131F605FC283E +03757269046172706100003F000100000E1000367849C5DE01011291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473 +uri.arpa. 3600 IN ZONEMD 2018100702 1 1 1291B78DDF7669B1A39D014D87626B709B55774C5D7D58FADC556439889A10EAF6F11D615900A4F996BD46279514E473 +0C726F6F742D73657276657273036E657400003F00010036EE8000367849A05C0101F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79 +root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 F1CA0CCD91BD5573D9F431C00EE0101B2545C97602BE0A978A3B11DBFC1C776D5B3E86AE3D973D6B5349BA7F04340F79 +03666F6F00001D00010000303900100011111182BD2D4D69530BD400988D20 +foo. 12345 IN LOC 12 45 52.333 N 105 40 33.452 W -24m 0.10m 0.10m 0.10m diff --git a/testdata/zonemd.example1.zone b/testdata/zonemd.example1.zone new file mode 100644 index 000000000..b1a44895f --- /dev/null +++ b/testdata/zonemd.example1.zone @@ -0,0 +1,4 @@ +example.org. IN SOA ns.example.org. hostmaster.example.org. 200154054 28800 7200 604800 3600 +example.org. IN NS ns.example.org. +www.example.org. IN A 127.0.0.1 +ns.example.org. IN A 127.0.0.1 diff --git a/testdata/zonemd.example10.zone b/testdata/zonemd.example10.zone new file mode 100644 index 000000000..33ca2828e --- /dev/null +++ b/testdata/zonemd.example10.zone @@ -0,0 +1,35 @@ +; DNSSEC signed but RRSIG on SOA is wrong. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +; old sig +; example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +; wrong sig +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgeAAAAA= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example11.zone b/testdata/zonemd.example11.zone new file mode 100644 index 000000000..7562f7972 --- /dev/null +++ b/testdata/zonemd.example11.zone @@ -0,0 +1,33 @@ +; DNSSEC NSEC zone, but ZONEMD is missing + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +; missing ZONEMD +;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example12.zone b/testdata/zonemd.example12.zone new file mode 100644 index 000000000..4fc04bf88 --- /dev/null +++ b/testdata/zonemd.example12.zone @@ -0,0 +1,35 @@ +; DNSSEC NSEC3 zone, but ZONEMD is missing + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +; missing ZONEMD +;example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd +;example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example13.zone b/testdata/zonemd.example13.zone new file mode 100644 index 000000000..9f311c912 --- /dev/null +++ b/testdata/zonemd.example13.zone @@ -0,0 +1,33 @@ +; DNSSEC NSEC zone without ZONEMD, but NSEC RRSIG is wrong + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY +; old sig +;example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= +; wrong sig +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVAAAAA= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example14.zone b/testdata/zonemd.example14.zone new file mode 100644 index 000000000..bc4cdacdb --- /dev/null +++ b/testdata/zonemd.example14.zone @@ -0,0 +1,35 @@ +; DNSSEC NSEC3 zone without ZONEMD, but NSEC3 RRSIG is wrong + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM +; old sig +;v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= +; wrong sig +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxAAAAA= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example15.zone b/testdata/zonemd.example15.zone new file mode 100644 index 000000000..8a1068910 --- /dev/null +++ b/testdata/zonemd.example15.zone @@ -0,0 +1,35 @@ +; DNSSEC signed but DNSKEY RRSIG is wrong. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +; old sig +;example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +; wrong sig +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2AAAAA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example16.zone b/testdata/zonemd.example16.zone new file mode 100644 index 000000000..7520744d3 --- /dev/null +++ b/testdata/zonemd.example16.zone @@ -0,0 +1,11 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the ZONEMD that should be in this file, without DNSSEC +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; duplicate zonemd with same scheme and algorithm (different at end) +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D720000 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/testdata/zonemd.example17.zone b/testdata/zonemd.example17.zone new file mode 100644 index 000000000..4315f9054 --- /dev/null +++ b/testdata/zonemd.example17.zone @@ -0,0 +1,11 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +; capitalisation is different here. +exaMPLe.cOM. IN NS Ns.exaMPLe.cOm. +; the ZONEMD that should be in this file, without DNSSEC +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; capitalisation is different here. +wWW.exAMPLe.cOM. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/testdata/zonemd.example2.zone b/testdata/zonemd.example2.zone new file mode 100644 index 000000000..14b7ea689 --- /dev/null +++ b/testdata/zonemd.example2.zone @@ -0,0 +1,15 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +; the ZONEMD that should be in this file, without DNSSEC +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; incorrect digest in example3 and example4. +;example.com. IN TYPE63 \# 70 0BEE1BC60102EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +; correct digest for example 5. +;example.com. IN TYPE63 \# 70 0BEE1BC6010258F7620F93204BBB31B44F795B3409CC4ABD9EF5601DECC15675BD7751213152984EDDCE0626E6062E744B03B3E47711202FBB79E4A2EB8BC5CF46741B5CAE6F +; correct digest for example 6. +;example.com. IN TYPE63 \# 70 0BEE1BC6010246E31506F321C58DB811C934C6446141D651A8574FB21088A2BB6FEEC875FC8B60F50BEAE00E7F6554E2CF3CB048350EF92E2946137443E30079813DB4D1BFBD +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/testdata/zonemd.example3.zone b/testdata/zonemd.example3.zone new file mode 100644 index 000000000..12389f3d5 --- /dev/null +++ b/testdata/zonemd.example3.zone @@ -0,0 +1,34 @@ +; signed version of zonemd.example2.zone +; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example4.zone b/testdata/zonemd.example4.zone new file mode 100644 index 000000000..dae0f17c7 --- /dev/null +++ b/testdata/zonemd.example4.zone @@ -0,0 +1,36 @@ +; signed with NSEC3, of zonemd.example.2.zone +; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has an incorrect ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +example.com. 3600 IN TYPE63 \# 70 0bee1bc60102efaa5b78b38ab1c45de57b8167bcce906451d0e72118e1f5e80b5f0c3cf04bffc65d53c011185528ead439d6f3a02f511961e090e5e4e0dfa013bd276d728b22 +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. RdHiJlugposfoRbog+Mkg2xeJXSzBi/UXxBnyHVF/Usqhp6Z7Acy4XwtRRb8YAbJevP9nBpCh23Fh4b1Vxl4xI0iB8aXWKtHeb98m81rfsflWvnTYbeau3ltfP/OJWqdmFsBy8DOwNxiN8sAMbGwQK8PFDk3lcRCqv8qq/tmow8= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example5.zone b/testdata/zonemd.example5.zone new file mode 100644 index 000000000..d88380ade --- /dev/null +++ b/testdata/zonemd.example5.zone @@ -0,0 +1,34 @@ +; signed version of zonemd.example2.zone +; with ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example6.zone b/testdata/zonemd.example6.zone new file mode 100644 index 000000000..0a7b05a8d --- /dev/null +++ b/testdata/zonemd.example6.zone @@ -0,0 +1,36 @@ +; signed with NSEC3, of zonemd.example.2.zone +; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +; this zonefile has a correct ZONEMD digest, with correct DNSSEC signature. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010246e31506f321c58db811c934c6446141d651a8574fb21088a2bb6feec875fc8b60f50beae00e7f6554e2cf3cb048350ef92e2946137443e30079813db4d1bfbd +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. M0f4wkOn6dcYtaQtwvp698QL7HuKEgi+PPjYJawV8d1VNOWbbRTF9L9tHFDK42Ylq238uOxi223ZEk/pq4BP64Sm31dV54K2V95QqdzN9NDD34+sqKEgGyRcmBiE50gm3kZZ4ENqBQKc+GdlbZ2fHSI6gf6X694sSmZ7dfjq+2k= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM TYPE63 +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. Yd+g1m2aDKDUuZNv2KpKk4uSNrpB5KLM3QUqypm484VjOpnj5Wy3BjUULH3P8z+S9PG7XbaOf+yUYHK8cI6i5GTcrMhoLKaanAD09i1KbXbTVJujwA9Za7WzlFVZ3o6f1D8CbrSS3YPWNF3Mb2FYaptvZ9so7MlecuLYdEer7DY= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example7.zone b/testdata/zonemd.example7.zone new file mode 100644 index 000000000..4339bd570 --- /dev/null +++ b/testdata/zonemd.example7.zone @@ -0,0 +1,31 @@ +; DNSSEC NSEC zone without ZONEMD +; created with +; ldns-signzone -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ROT+Kh6Y0sEf+L9c2HGPvppLL/DFP5KcX/zSjy7ovM7vXTrrdhEhOedbuccN84tk6VU8udGIixd5Usc+juZ+WsiWwaSNB5rKo6lZ9ceOJlYVzLCmawePzTsl6VAIiIVXwrMxGz/amBd+Ou/1NCuXJiWVThU9PDyJ/lQZbVJEHMA= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example8.zone b/testdata/zonemd.example8.zone new file mode 100644 index 000000000..2900753c0 --- /dev/null +++ b/testdata/zonemd.example8.zone @@ -0,0 +1,34 @@ +; DNSSEC NSEC3 zone without ZONEMD +; created with +; ldns-signzone -n -s 012345 -e 20201116135527 -i 20201019135527 zonemd.example2.zone Kexample.com.+008+55566 + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN NSEC3PARAM 1 0 1 012345 +example.com. 3600 IN RRSIG NSEC3PARAM 8 2 3600 20201116135527 20201019135527 55566 example.com. CDbcPLDrpVUyk3v7kwQ3LNzzhDHS40e0LDv7IZrzMt2AO/6SJ7xhlG+qByhc7CFBUMvBNaOteO5th0tvotWxk0UrVhqRyyXNCr8SmDdAaPH4SGwJ2p+XPIwn0CTXDpyOcgCrW0Kt2OjubA+4fQwjkGYFuDATY5QOITe6kGJpKpw= +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN NSEC3 1 0 1 012345 2v43f6ripfocif5h6bbi07glq6849rnj NS SOA RRSIG DNSKEY NSEC3PARAM +v4cknoe1mioduf5bmhgfjjq4dlqet8fm.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. J2LISTGtBe+x2pNESBOYrBHAJjEDVFkmjJf2kj0GSFYisvSuy6ZUvQZZUB9sfLmEX18FpdNTieE8MrR2nbpKWfgVBDdGtcU72x/GOIRRq586A1KNtP2eJ81vcblM5dvqvpht46tF+xy85j9G9BYxpcT1PQRpvmho9yhgCxq2kUQ= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN NSEC3 1 0 1 012345 f0lpjkgefgrobj5pucem78r2ouo53fq8 A RRSIG +c6ntadrd765diocebcrq6trs8npn83o3.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. gTDi/2e/RPeSOwoBr6oqfoFsGXAknLX3J96EHzMmhtRR7W4pEW8uXKsMJ3rr4qgUUX+ZtzoCMYy+UBkiJfjpWvMToGtuADNOzz0rF8BESaW/8k6iDKPmqmwdGyLGMmfGjYPcb4qg3+9egLejA+fF1OSrhHuINeO80ouw++PL0ns= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN NSEC3 1 0 1 012345 v4cknoe1mioduf5bmhgfjjq4dlqet8fm A RRSIG +r18q2sl76hceldh0keqr7vnqc15db64a.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. VugivzPyv5+qZhl+x0frrykYyOOdZfcKdmIA13P4OzhtiRNhCRHznhrdTlmfLw/b5Rs5jFX7Iw/hhU80Geg72cYG4KVJwtP6zTyFApDl/8x3rj3vhZOc2nwpYmjjFsyrlb7M2RhcStnS6c/2R4+dBFwwVZXyJBi3fo9NybujI9g= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN NSEC3 1 0 1 012345 r18q2sl76hceldh0keqr7vnqc15db64a A RRSIG +f0lpjkgefgrobj5pucem78r2ouo53fq8.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. zishUbm8GxjaHOOUdbz0ZEut99dm+DQ/zvxhOTeS3kmUnL8t3ISew641JeNvvajAUk/xn6eGHjLBuHfwNG+itF2pSD8Gl6Ppo22Y0C9uO5TyRQalYpjtz1kI/VlIelcd0TyusmIMaRChswtpctPKITbr8Wl+MoZZtPQhJ5NjQlQ= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN NSEC3 1 0 1 012345 91onuasouslv1so1i62id4rf0l763dss A RRSIG +2v43f6ripfocif5h6bbi07glq6849rnj.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. d9CluwN3zWfLe20J212CuwNzJVbVsDR4eijuJyLpyHzziSc10CauWtUiuHeQMXCVJNwhPSb5kQTfKtql+Jd44BQlenRt/sHfa6YZEOwClN4O8V0vZ43K4vlwwWbh5kxQbFQ/e+w4vlYb1m4PHwzDLtqocNQ9T4A8SXl3A8paZqI= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN NSEC3 1 0 1 012345 c6ntadrd765diocebcrq6trs8npn83o3 A RRSIG +91onuasouslv1so1i62id4rf0l763dss.example.com. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55566 example.com. czJf5HkfHLpfGcku2iZnCu9tXnM7VWOYYhGtVAwkYG0M6BO4LzRxGCV3SkUvHLFxoqQY0DZLnafPl2MKg8zsF+tusf3e3xmpcCSR29IfuDYH7GzuVCj3H0ScmXM0lvyQ92JpJ0AMqq2mW1nvKmgjkyugs+EMpxcFVjhibljocLU= diff --git a/testdata/zonemd.example9.zone b/testdata/zonemd.example9.zone new file mode 100644 index 000000000..9c035aa13 --- /dev/null +++ b/testdata/zonemd.example9.zone @@ -0,0 +1,35 @@ +; signed zone but RRSIG on ZONEMD is wrong. + +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55566 example.com. gcFHT/Q4iDZ78CK6fyY2HZr8sRtgH2Rna9fEs06RW0gqMnfDntweoIaBamOZ7NlAP84aY2bZeanmEccmkHexByUpodCoKQ4NzVXctLr0TO4PVoFyfUfj62fjhM56SF8ioDxsoDQcPtYXcjNQjwfntWofMqHCMxrb9LzbgePzhOM= +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55566 example.com. X+V3XsbJbBi9OsHpjMkGCox8RLY/uXp/XX/O/flTrIre9fMDWm9ZGnewtuQFpLgGc6hUTi0eLsuRWRA5fZXEKUBhmoR2Ph01KgE1gvlL7v6zPWQwXVcBRUr3mOSbYdNNkHkXEjiDBGEhNkfqR216zNgw563eEGXOkLUFNIx5Zpg= +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55566 example.com. fsdnVg38PKQTH2mDOwkXL6Jre7JP7Gf8WI3CvIbmeYQUJtAlpcSbZkS3wInm3kKMxOuT55BWzndQzpfmpo91OqJjG27W0k9301NMLUwFprA6b9HK+iPAT0JpYPDPzcm1bQdarLzLS+eD/GPwmyVSX7Gze+08VfE8m8sOW2r7UjA= +example.com. 3600 IN TYPE63 \# 70 0bee1bc6010258f7620f93204bbb31b44f795b3409cc4abd9ef5601decc15675bd7751213152984eddce0626e6062e744b03b3e47711202fbb79e4a2eb8bc5cf46741b5cae6f +; old sig +; example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVHxV8Y= +; wrong sig +example.com. 3600 IN RRSIG TYPE63 8 2 3600 20201116135527 20201019135527 55566 example.com. orn8ZF/yqj9u4WrhiO6gtEcTaVsnZSWWZLfXhcIOiWSB8kKCxtZl5cG17dD3Du1NllUwMRqkp0KleLhIoUS9xeQ/0x05u+CYLrfQ62oAiD7q54ZQzpXJIH52aQzKV70ZnO03CZowhQBnetmIoKX6xLogKo8pt+BdQbo3oVAAAAA= +example.com. 3600 IN NSEC bar.example.com. NS SOA RRSIG NSEC DNSKEY TYPE63 +example.com. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 55566 example.com. ufLrlOQprAqjnH85Rt3T0Mxd3ZB0mBeeNIr84eFJ8Rk6WiWEPm0Y1R7GRufNI24Mj7iqLcL4nJM6KK6B7dJqjqu73jw1acuYNnbsoV2BNDRXRFP2FNWTpctVdi+955f3FzgsmEJXfGiSUG0YXAEcZmdCPCn5ii2jk8mk7r6KKYo= +bar.example.com. 3600 IN A 1.2.3.4 +bar.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. NYhmRicF4C9+YxpWeQrepy4ALM1CM0USoDuGi3W5Xtp4/+YpCJfSIdR9vlJaJ2WayYuZrz9Ai2ci7oWwE1Fn3oywGwCKvGo9m0c3mC2eEtphE19wrop6pWu6um4RiFhmzYS1voraA3PAdYzze9U4NHzlk0+sb5vNZW9dSZS30Ds= +bar.example.com. 3600 IN NSEC ding.example.com. A RRSIG NSEC +bar.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. VhsGuBx20DXQZNU8ITAMnasn6NVyEjN9xtB8msH5xJn80UCuaqvFBURzcPWN3aHnykEvGfdPF/9P3WvlON0cMikWkqSLy6Q9bpvgAq13HWYh+ZcDoqLtICaB7RkBQc+6aHAqZFyQbD8/m8Kxt5eVJtV6rEuf+yPX0+3aXHhsRg0= +ding.example.com. 3600 IN A 1.2.3.4 +ding.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. OERsruISkpd1s68ute8Xm8YXisBCTkkiDMt34K+0dVqvySOJq63d3qN18BeUxZxLyHDB1eR3nZZKqEdkTqrv2r98skhWhjnOECpFbu5gKjtN/KPexbbJ+rxC0QqciuWOC7M6YE0cvI17/RB9KhVRy5rqY2X4Gt2wk2CNeD1dAko= +ding.example.com. 3600 IN NSEC foo.example.com. A RRSIG NSEC +ding.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. nb1W2aaKrU5iAQiY8gMsoMOejID19JMTEwY2rRoe+KsvzMs0rE0ifEkqit4blXaU0tfy0foJ70uqdJFqBoGz1NcSwZ6GNk/iNfGvG3XpxZ/zqEe7kkIucqqei794G7z9psqV94yZ3WaT+IswPpWrSaWv1w41RtcWufPhe4fOAmU= +foo.example.com. 3600 IN A 1.2.3.4 +foo.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. ZcUngb2pUejwnsshbJN/Dfr+Bzu8fcZXyqLArQ+10Bw1IPHyfx7yyUJ43V5tTYVHPSEsJzTnaWj+olVrNhVZxq5e0pgzSYPfGln2FEItEvMIOn33j8yKTpPW2MLyuFF5ZkXhosG20EUwRMvMmRHRz9mIZfwWoMbSGPukmLh8zMA= +foo.example.com. 3600 IN NSEC ns.example.com. A RRSIG NSEC +foo.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. fUZEpkEULRWDntN5Z7Kr8M83Hjhf08ECMKRpo6IBoBc3ayenj+YMgWAvFXC825wjENPYYWNGag0d32U83zCZxqgv+8uXZd3B7QDpTbL41aWZdc++s5YWTkYjyOWwJ1XHOv4nL3qEnJBXVzo/E1gbSKhTFuG97i+7J1MFd9MsC5s= +ns.example.com. 3600 IN A 127.0.0.1 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. SiuxuPtN/ITd+Z20j8UNUHJWbLHirE8zQOWMv5fAZ1rPKpAidrZgUL8J417GdrTwkueU2ywAJ7EzFJSwNTa7o/wUnq7svmOR6Ze6UQsKuZFZGEfqPNDRp4YuF86LU5jChuo+f/IRpydHrxVwGxDPCR9KarDM+ewfW+yI5bZeZcg= +ns.example.com. 3600 IN NSEC www.example.com. A RRSIG NSEC +ns.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. 0upKNYjiow4NDJm3I1RbUddE9GGuFYEVKswww5BAc/6WHuukupncL30lskvcSKGpByDssP2Hi2CufyEtYeGWh6q1TxtOFRqFBX1p6Q5b3tBlCtvv4h31dQR9uqLvq+GkGS5MR+0LO5kWagIpZmnI8YY5plVdXEtNbp2Ar8zvz/A= +www.example.com. 3600 IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55566 example.com. AaIeICaPjV50TDrpbyOn94+hs8EYIMTmN4pYqj7e8GIGimqQIk5jgpwSx6SOoOF+uOqkf9GKHkQTn5YVGaeXwEQleg7mPTmMYKAOk06Y7MFUO1Vwt1Vt7Wo+Cpa3x2a1CmEkfFOi4WqP43VJnUtjjKmXoKRz3VUmqByyJYUAGbQ= +www.example.com. 3600 IN NSEC example.com. A RRSIG NSEC +www.example.com. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55566 example.com. meg/t6nIBqQZ0d5/dT7uu/3CuP4vE+HxqFQaj2fjUNceA/6C7QIQnqQ5Kyblg+XijDkQX0yvyFNHYdgF16UDgFT7tlNUCHk1SpF5BWzV4c4tBEhxASTz7UQo111O3Tyd6CldPzO/Se15Ud0/ZYltHEqWTfY5nJoXC/OJD9V2QOI= diff --git a/testdata/zonemd.example_a1.zone b/testdata/zonemd.example_a1.zone new file mode 100644 index 000000000..331b45a15 --- /dev/null +++ b/testdata/zonemd.example_a1.zone @@ -0,0 +1,6 @@ +example. 86400 IN SOA ns1 admin 2018031900 ( 1800 900 604800 86400 ) + 86400 IN NS ns1 + 86400 IN NS ns2 + 86400 IN ZONEMD 2018031900 1 1 ( c68090d90a7aed71 6bc459f9340e3d7c 1370d4d24b7e2fc3 a1ddc0b9a87153b9 a9713b3c9ae5cc27 777f98b8e730044c ) +ns1 3600 IN A 203.0.113.63 +ns2 3600 IN AAAA 2001:db8::63 diff --git a/testdata/zonemd.example_a2.zone b/testdata/zonemd.example_a2.zone new file mode 100644 index 000000000..56d06ae06 --- /dev/null +++ b/testdata/zonemd.example_a2.zone @@ -0,0 +1,25 @@ +example. 86400 IN SOA ns1 admin 2018031900 ( + 1800 900 604800 86400 ) + 86400 IN NS ns1 + 86400 IN NS ns2 + 86400 IN ZONEMD 2018031900 1 1 ( + 31cefb03814f5062 + ad12fa951ba0ef5f + 8da6ae354a415767 + 246f7dc932ceb1e7 + 42a2108f529db6a3 + 3a11c01493de358d ) +ns1 3600 IN A 203.0.113.63 +ns2 3600 IN AAAA 2001:db8::63 +occluded.sub 7200 IN TXT "I'm occluded but must be digested" +sub 7200 IN NS ns1 +duplicate 300 IN TXT "I must be digested just once" +duplicate 300 IN TXT "I must be digested just once" +foo.test. 555 IN TXT "out-of-zone data must be excluded" +non-apex 900 IN ZONEMD 2018031900 1 1 ( + 616c6c6f77656420 + 6275742069676e6f + 7265642e20616c6c + 6f77656420627574 + 2069676e6f726564 + 2e20616c6c6f7765 ) diff --git a/testdata/zonemd.example_a3.zone b/testdata/zonemd.example_a3.zone new file mode 100644 index 000000000..45c47ad05 --- /dev/null +++ b/testdata/zonemd.example_a3.zone @@ -0,0 +1,30 @@ +example. 86400 IN SOA ns1 admin 2018031900 ( + 1800 900 604800 86400 ) +example. 86400 IN NS ns1.example. +example. 86400 IN NS ns2.example. +example. 86400 IN ZONEMD 2018031900 1 1 ( + 62e6cf51b02e54b9 + b5f967d547ce4313 + 6792901f9f88e637 + 493daaf401c92c27 + 9dd10f0edb1c56f8 + 080211f8480ee306 ) +example. 86400 IN ZONEMD 2018031900 1 2 ( + 08cfa1115c7b948c + 4163a901270395ea + 226a930cd2cbcf2f + a9a5e6eb85f37c8a + 4e114d884e66f176 + eab121cb02db7d65 + 2e0cc4827e7a3204 + f166b47e5613fd27 ) +example. 86400 IN ZONEMD 2018031900 1 240 ( + e2d523f654b9422a + 96c5a8f44607bbee ) +example. 86400 IN ZONEMD 2018031900 241 1 ( + e1846540e33a9e41 + 89792d18d5d131f6 + 05fc283e ) +ns1.example. 3600 IN A 203.0.113.63 +ns2.example. 86400 IN TXT "This example has multiple digests" +ns2.example. 3600 IN AAAA 2001:db8::63 diff --git a/testdata/zonemd.example_a4.zone b/testdata/zonemd.example_a4.zone new file mode 100644 index 000000000..74b913c89 --- /dev/null +++ b/testdata/zonemd.example_a4.zone @@ -0,0 +1,127 @@ +uri.arpa. 3600 IN SOA sns.dns.icann.org. ( + noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) +uri.arpa. 3600 IN RRSIG NSEC 8 2 3600 ( + 20181028142623 20181007205525 47155 uri.arpa. + eEC4w/oXLR1Epwgv4MBiDtSBsXhqrJVvJWUpbX8XpetAvD35bxwNCUTi + /pAJVUXefegWeiriD2rkTgCBCMmn7YQIm3gdR+HjY/+o3BXNQnz97f+e + HAE9EDDzoNVfL1PyV/2fde9tDeUuAGVVwmD399NGq9jWYMRpyri2kysr q/g= ) +uri.arpa. 86400 IN RRSIG NS 8 2 86400 ( + 20181028172020 20181007175821 47155 uri.arpa. + ATyV2A2A8ZoggC+68u4GuP5MOUuR+2rr3eWOkEU55zAHld/7FiBxl4ln + 4byJYy7NudUwlMOEXajqFZE7DVl8PpcvrP3HeeGaVzKqaWj+aus0jbKF + Bsvs2b1qDZemBfkz/IfAhUTJKnto0vSUicJKfItu0GjyYNJCz2CqEuGD Wxc= ) +uri.arpa. 600 IN RRSIG MX 8 2 600 ( + 20181028170556 20181007175821 47155 uri.arpa. + e7/r3KXDohX1lyVavetFFObp8fB8aXT76HnN9KCQDxSnSghNM83UQV0t + lTtD8JVeN1mCvcNFZpagwIgB7XhTtm6Beur/m5ES+4uSnVeS6Q66HBZK + A3mR95IpevuVIZvvJ+GcCAQpBo6KRODYvJ/c/ZG6sfYWkZ7qg/Em5/+3 4UI= ) +uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( + 20181028152832 20181007175821 15796 uri.arpa. + nzpbnh0OqsgBBP8St28pLvPEQ3wZAUdEBuUwil+rtjjWlYYiqjPxZ286 + XF4Rq1usfV5x71jZz5IqswOaQgia91ylodFpLuXD6FTGs2nXGhNKkg1V + chHgtwj70mXU72GefVgo8TxrFYzxuEFP5ZTP92t97FVWVVyyFd86sbbR + 6DZj3uA2wEvqBVLECgJLrMQ9Yy7MueJl3UA4h4E6zO2JY9Yp0W9woq0B + dqkkwYTwzogyYffPmGAJG91RJ2h6cHtFjEZe2MnaY2glqniZ0WT9vXXd + uFPm0KD9U77Ac+ZtctAF9tsZwSdAoL365E2L1usZbA+K0BnPPqGFJRJk + 5R0A1w== ) +uri.arpa. 3600 IN RRSIG DNSKEY 8 2 3600 ( + 20181028152832 20181007175821 55480 uri.arpa. + lWtQV/5szQjkXmbcD47/+rOW8kJPksRFHlzxxmzt906+DBYyfrH6uq5X + nHvrUlQO6M12uhqDeL+bDFVgqSpNy+42/OaZvaK3J8EzPZVBHPJykKMV + 63T83aAiJrAyHzOaEdmzLCpalqcEE2ImzlLHSafManRfJL8Yuv+JDZFj + 2WDWfEcUuwkmIZWX11zxp+DxwzyUlRl7x4+ok5iKZWIg5UnBAf6B8T75 + WnXzlhCw3F2pXI0a5LYg71L3Tp/xhjN6Yy9jGlIRf5BjB59X2zra3a2R + PkI09SSnuEwHyF1mDaV5BmQrLGRnCjvwXA7ho2m+vv4SP5dUdXf+GTeA + 1HeBfw== ) +uri.arpa. 3600 IN RRSIG SOA 8 2 3600 ( + 20181029114753 20181008222815 47155 uri.arpa. + qn8yBNoHDjGdT79U2Wu9IIahoS0YPOgYP8lG+qwPcrZ1BwGiHywuoUa2 + Mx6BWZlg+HDyaxj2iOmox+IIqoUHhXUbO7IUkJFlgrOKCgAR2twDHrXu + 9BUQHy9SoV16wYm3kBTEPyxW5FFm8vcdnKAF7sxSY8BbaYNpRIEjDx4A JUc= ) +uri.arpa. 3600 IN NSEC ftp.uri.arpa. NS SOA ( + MX RRSIG NSEC DNSKEY ) +uri.arpa. 86400 IN NS a.iana-servers.net. +uri.arpa. 86400 IN NS b.iana-servers.net. +uri.arpa. 86400 IN NS c.iana-servers.net. +uri.arpa. 86400 IN NS ns2.lacnic.net. +uri.arpa. 86400 IN NS sec3.apnic.net. +uri.arpa. 600 IN MX 10 pechora.icann.org. +uri.arpa. 3600 IN DNSKEY 256 3 8 ( + AwEAAcBi7tSart2J599zbYWspMNGN70IBWb4ziqyQYH9MTB/VCz6WyUK + uXunwiJJbbQ3bcLqTLWEw134B6cTMHrZpjTAb5WAwg4XcWUu8mdcPTiL + Bl6qVRlRD0WiFCTzuYUfkwsh1Rbr7rvrxSQhF5rh71zSpwV5jjjp65Wx + SdJjlH0B ) +uri.arpa. 3600 IN DNSKEY 257 3 8 ( + AwEAAbNVv6ulgRdO31MtAehz7j3ALRjwZglWesnzvllQl/+hBRZr9QoY + cO2I+DkO4Q1NKxox4DUIxj8SxPO3GwDuOFR9q2/CFi2O0mZjafbdYtWc + 3zSdBbi3q0cwCIx7GuG9eqlL+pg7mdk9dgdNZfHwB0LnqTD8ebLPsrO/ + Id7kBaiqYOfMlZnh2fp+2h6OOJZHtY0DK1UlssyB5PKsE0tVzo5s6zo9 + iXKe5u+8WTMaGDY49vG80JPAKE7ezMiH/NZcUMiE0PRZ8D3foq2dYuS5 + ym+vA83Z7v8A+Rwh4UGnjxKB8zmr803V0ASAmHz/gwH5Vb0nH+LObwFt + l3wpbp+Wpm8= ) +uri.arpa. 3600 IN DNSKEY 257 3 8 ( + AwEAAbwnFTakCvaUKsXji4mgmxZUJi1IygbnGahbkmFEa0L16J+TchKR + wcgzVfsxUGa2MmeA4hgkAooC3uy+tTmoMsgy8uq/JAj24DjiHzd46LfD + FK/qMidVqFpYSHeq2Vv5ojkuIsx4oe4KsafGWYNOczKZgH5loGjN2aJG + mrIm++XCphOskgCsQYl65MIzuXffzJyxlAuts+ecAIiVeqRaqQfr8LRU + 7wIsLxinXirprtQrbor+EtvlHp9qXE6ARTZDzf4jvsNpKvLFZtmxzFf3 + e/UJz5eHjpwDSiZL7xE8aE1o1nGfPtJx9ZnB3bapltaJ5wY+5XOCKgY0 + xmJVvNQlwdE= ) +ftp.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181028080856 20181007175821 47155 uri.arpa. + HClGAqPxzkYkAT7Q/QNtQeB6YrkP6EPOef+9Qo5/2zngwAewXEAQiyF9 + jD1USJiroM11QqBS3v3aIdW/LXORs4Ez3hLcKNO1cKHsOuWAqzmE+BPP + Arfh8N95jqh/q6vpaB9UtMkQ53tM2fYU1GszOLN0knxbHgDHAh2axMGH lqM= ) +ftp.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181028103644 20181007205525 47155 uri.arpa. + WoLi+vZzkxaoLr2IGZnwkRvcDf6KxiWQd1WZP/U+AWnV+7MiqsWPZaf0 + 9toRErerGoFOiOASNxZjBGJrRgjmavOM9U+LZSconP9zrNFd4dIu6kp5 + YxlQJ0uHOvx1ZHFCj6lAt1ACUIw04ZhMydTmi27c8MzEOMepvn7iH7r7 k7k= ) +ftp.uri.arpa. 3600 IN NSEC http.uri.arpa. NAPTR ( + RRSIG NSEC ) +ftp.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "!^ftp://([^:/?#]*).*$!\\1!i" . ) +http.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181029010647 20181007175821 47155 uri.arpa. + U03NntQ73LHWpfLmUK8nMsqkwVsOGW2KdsyuHYAjqQSZvKbtmbv7HBmE + H1+Ii3Z+wtfdMZBy5aC/6sHdx69BfZJs16xumycMlAy6325DKTQbIMN+ + ift9GrKBC7cgCd2msF/uzSrYxxg4MJQzBPvlkwXnY3b7eJSlIXisBIn7 3b8= ) +http.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181029011815 20181007205525 47155 uri.arpa. + T7mRrdag+WSmG+n22mtBSQ/0Y3v+rdDnfQV90LN5Fq32N5K2iYFajF7F + Tp56oOznytfcL4fHrqOE0wRc9NWOCCUec9C7Wa1gJQcllEvgoAM+L6f0 + RsEjWq6+9jvlLKMXQv0xQuMX17338uoD/xiAFQSnDbiQKxwWMqVAimv5 7Zs= ) +http.uri.arpa. 3600 IN NSEC mailto.uri.arpa. NAPTR ( + RRSIG NSEC ) +http.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "!^http://([^:/?#]*).*$!\\1!i" . ) +mailto.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181028110727 20181007175821 47155 uri.arpa. + GvxzVL85rEukwGqtuLxek9ipwjBMfTOFIEyJ7afC8HxVMs6mfFa/nEM/ + IdFvvFg+lcYoJSQYuSAVYFl3xPbgrxVSLK125QutCFMdC/YjuZEnq5cl + fQciMRD7R3+znZfm8d8u/snLV9w4D+lTBZrJJUBe1Efc8vum5vvV7819 ZoY= ) +mailto.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181028141825 20181007205525 47155 uri.arpa. + MaADUgc3fc5v++M0YmqjGk3jBdfIA5RuP62hUSlPsFZO4k37erjIGCfF + j+g84yc+QgbSde0PQHszl9fE/+SU5ZXiS9YdcbzSZxp2erFpZOTchrpg + 916T4vx6i59scodjb0l6bDyZ+mtIPrc1w6b4hUyOUTsDQoAJYxdfEuMg Vy4= ) +mailto.uri.arpa. 3600 IN NSEC urn.uri.arpa. NAPTR ( + RRSIG NSEC ) +mailto.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "!^mailto:(.*)@(.*)$!\\2!i" . ) +urn.uri.arpa. 3600 IN RRSIG NSEC 8 3 3600 ( + 20181028123243 20181007175821 47155 uri.arpa. + Hgsw4Deops1O8uWyELGe6hpR/OEqCnTHvahlwiQkHhO5CSEQrbhmFAWe + UOkmGAdTEYrSz+skLRQuITRMwzyFf4oUkZihGyhZyzHbcxWfuDc/Pd/9 + DSl56gdeBwy1evn5wBTms8yWQVkNtphbJH395gRqZuaJs3LD/qTyJ5Dp LvA= ) +urn.uri.arpa. 604800 IN RRSIG NAPTR 8 3 604800 ( + 20181029071816 20181007205525 47155 uri.arpa. + ALIZD0vBqAQQt40GQ0Efaj8OCyE9xSRJRdyvyn/H/wZVXFRFKrQYrLAS + D/K7q6CMTOxTRCu2J8yes63WJiaJEdnh+dscXzZkmOg4n5PsgZbkvUSW + BiGtxvz5jNncM0xVbkjbtByrvJQAO1cU1mnlDKe1FmVB1uLpVdA9Ib4J hMU= ) +urn.uri.arpa. 3600 IN NSEC uri.arpa. NAPTR RRSIG ( + NSEC ) +urn.uri.arpa. 604800 IN NAPTR 0 0 "" "" ( + "/urn:([^:]+)/\\1/i" . ) +uri.arpa. 3600 IN SOA sns.dns.icann.org. ( + noc.dns.icann.org. 2018100702 10800 3600 1209600 3600 ) diff --git a/testdata/zonemd.example_a5.zone b/testdata/zonemd.example_a5.zone new file mode 100644 index 000000000..246f5e237 --- /dev/null +++ b/testdata/zonemd.example_a5.zone @@ -0,0 +1,48 @@ +root-servers.net. 3600000 IN SOA a.root-servers.net. ( + nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) +root-servers.net. 3600000 IN NS a.root-servers.net. +root-servers.net. 3600000 IN NS b.root-servers.net. +root-servers.net. 3600000 IN NS c.root-servers.net. +root-servers.net. 3600000 IN NS d.root-servers.net. +root-servers.net. 3600000 IN NS e.root-servers.net. +root-servers.net. 3600000 IN NS f.root-servers.net. +root-servers.net. 3600000 IN NS g.root-servers.net. +root-servers.net. 3600000 IN NS h.root-servers.net. +root-servers.net. 3600000 IN NS i.root-servers.net. +root-servers.net. 3600000 IN NS j.root-servers.net. +root-servers.net. 3600000 IN NS k.root-servers.net. +root-servers.net. 3600000 IN NS l.root-servers.net. +root-servers.net. 3600000 IN NS m.root-servers.net. +a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 +a.root-servers.net. 3600000 IN A 198.41.0.4 +b.root-servers.net. 3600000 IN MX 20 mail.isi.edu. +b.root-servers.net. 3600000 IN AAAA 2001:500:200::b +b.root-servers.net. 3600000 IN A 199.9.14.201 +c.root-servers.net. 3600000 IN AAAA 2001:500:2::c +c.root-servers.net. 3600000 IN A 192.33.4.12 +d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d +d.root-servers.net. 3600000 IN A 199.7.91.13 +e.root-servers.net. 3600000 IN AAAA 2001:500:a8::e +e.root-servers.net. 3600000 IN A 192.203.230.10 +f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f +f.root-servers.net. 3600000 IN A 192.5.5.241 +g.root-servers.net. 3600000 IN AAAA 2001:500:12::d0d +g.root-servers.net. 3600000 IN A 192.112.36.4 +h.root-servers.net. 3600000 IN AAAA 2001:500:1::53 +h.root-servers.net. 3600000 IN A 198.97.190.53 +i.root-servers.net. 3600000 IN MX 10 mx.i.root-servers.org. +i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 +i.root-servers.net. 3600000 IN A 192.36.148.17 +j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 +j.root-servers.net. 3600000 IN A 192.58.128.30 +k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 +k.root-servers.net. 3600000 IN A 193.0.14.129 +l.root-servers.net. 3600000 IN AAAA 2001:500:9f::42 +l.root-servers.net. 3600000 IN A 199.7.83.42 +m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 +m.root-servers.net. 3600000 IN A 202.12.27.33 +root-servers.net. 3600000 IN SOA a.root-servers.net. ( + nstld.verisign-grs.com. 2018091100 14400 7200 1209600 3600000 ) +root-servers.net. 3600000 IN ZONEMD 2018091100 1 1 ( + f1ca0ccd91bd5573d9f431c00ee0101b2545c97602be0a97 + 8a3b11dbfc1c776d5b3e86ae3d973d6b5349ba7f04340f79 ) diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.conf b/testdata/zonemd_reload.tdir/zonemd_reload.conf new file mode 100644 index 000000000..27bdb4424 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.conf @@ -0,0 +1,22 @@ +server: + verbosity: 7 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: yes +remote-control: + control-enable: yes + control-interface: @CONTROL_PATH@/controlpipe.@CONTROL_PID@ + control-use-cert: no +auth-zone: + name: "example.com" + for-upstream: yes + for-downstream: yes + zonefile: "zonemd_reload.zone" + #master: "127.0.0.1@@TOPORT@" diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.dsc b/testdata/zonemd_reload.tdir/zonemd_reload.dsc new file mode 100644 index 000000000..016c3d6c7 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.dsc @@ -0,0 +1,16 @@ +BaseName: zonemd_reload +Version: 1.0 +Description: ZONEMD check after auth_zone_reload +CreationDate: Tue 23 Oct 12:00:00 CEST 2020 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: zonemd_reload.pre +Post: zonemd_reload.post +Test: zonemd_reload.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.post b/testdata/zonemd_reload.tdir/zonemd_reload.post new file mode 100644 index 000000000..5e315088a --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.post @@ -0,0 +1,14 @@ +# #-- zonemd_reload.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +echo "> cat logfiles" +cat fwd.log +cat unbound.log +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +rm -f $CONTROL_PATH/controlpipe.$CONTROL_PID diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.pre b/testdata/zonemd_reload.tdir/zonemd_reload.pre new file mode 100644 index 000000000..fa5e4ca29 --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.pre @@ -0,0 +1,35 @@ +# #-- zonemd_reload.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT zonemd_reload.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +CONTROL_PATH=/tmp +CONTROL_PID=$$ +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's?@CONTROL_PATH\@?'$CONTROL_PATH'?' -e 's/@CONTROL_PID@/'$CONTROL_PID'/' < zonemd_reload.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +echo "CONTROL_PATH=$CONTROL_PATH" >> .tpkg.var.test +echo "CONTROL_PID=$CONTROL_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.test b/testdata/zonemd_reload.tdir/zonemd_reload.test new file mode 100644 index 000000000..5ae1d9b0c --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.test @@ -0,0 +1,74 @@ +# #-- zonemd_reload.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig www.example.com." +dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +if grep SERVFAIL outfile; then + echo "> try again" + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep www.example.com outfile | grep "127.0.0.1"; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +echo "> unbound-control status" +$PRE/unbound-control -c ub.conf status +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +else + echo "exit value: OK" +fi + +echo "> unbound-control auth_zone_reload example.com" +$PRE/unbound-control -c ub.conf auth_zone_reload example.com 2>&1 | tee outfile +if test $? -ne 0; then + echo "wrong exit value." + exit 1 +fi +echo "> check unbound-control output" +if grep "example.com: ZONEMD verification successful" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.testns b/testdata/zonemd_reload.tdir/zonemd_reload.testns new file mode 100644 index 000000000..f1678a1cc --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.testns @@ -0,0 +1,27 @@ +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.net. +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END diff --git a/testdata/zonemd_reload.tdir/zonemd_reload.zone b/testdata/zonemd_reload.tdir/zonemd_reload.zone new file mode 100644 index 000000000..16b631c7b --- /dev/null +++ b/testdata/zonemd_reload.tdir/zonemd_reload.zone @@ -0,0 +1,8 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 200154054 28800 7200 604800 3600 +example.com. IN NS ns.example.com. +example.com. IN ZONEMD 200154054 1 2 EFAA5B78B38AB1C45DE57B8167BCCE906451D0E72118E1F5E80B5F0C3CF04BFFC65D53C011185528EAD439D6F3A02F511961E090E5E4E0DFA013BD276D728B22 +www.example.com. IN A 127.0.0.1 +ns.example.com. IN A 127.0.0.1 +bar.example.com. IN A 1.2.3.4 +ding.example.com. IN A 1.2.3.4 +foo.example.com. IN A 1.2.3.4 diff --git a/util/config_file.c b/util/config_file.c index 4c827b74e..171251f67 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -220,7 +220,7 @@ config_create(void) cfg->views = NULL; cfg->acls = NULL; cfg->tcp_connection_limits = NULL; - cfg->harden_short_bufsize = 0; + cfg->harden_short_bufsize = 1; cfg->harden_large_queries = 0; cfg->harden_glue = 1; cfg->harden_dnssec_stripped = 1; @@ -237,6 +237,9 @@ config_create(void) cfg->hide_trustanchor = 0; cfg->identity = NULL; cfg->version = NULL; + cfg->nsid_cfg_str = NULL; + cfg->nsid = NULL; + cfg->nsid_len = 0; cfg->auto_trust_anchor_file_list = NULL; cfg->trust_anchor_file_list = NULL; cfg->trust_anchor_list = NULL; @@ -258,6 +261,8 @@ config_create(void) cfg->serve_expired_ttl_reset = 0; cfg->serve_expired_reply_ttl = 30; cfg->serve_expired_client_timeout = 0; + cfg->serve_original_ttl = 0; + cfg->zonemd_permissive_mode = 0; cfg->add_holddown = 30*24*3600; cfg->del_holddown = 30*24*3600; cfg->keep_missing = 366*24*3600; /* one year plus a little leeway */ @@ -335,6 +340,10 @@ config_create(void) cfg->dnscrypt_shared_secret_cache_slabs = 4; cfg->dnscrypt_nonce_cache_size = 4*1024*1024; cfg->dnscrypt_nonce_cache_slabs = 4; + cfg->pad_responses = 1; + cfg->pad_responses_block_size = 468; /* from RFC8467 */ + cfg->pad_queries = 1; + cfg->pad_queries_block_size = 128; /* from RFC8467 */ #ifdef USE_IPSECMOD cfg->ipsecmod_enabled = 1; cfg->ipsecmod_ignore_bogus = 0; @@ -388,6 +397,7 @@ struct config_file* config_create_forlib(void) cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; cfg->minimal_responses = 0; + cfg->harden_short_bufsize = 1; return cfg; } @@ -580,6 +590,20 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("hide-trustanchor:", hide_trustanchor) else S_STR("identity:", identity) else S_STR("version:", version) + else if(strcmp(opt, "nsid:") == 0) { + free(cfg->nsid_cfg_str); + if (!(cfg->nsid_cfg_str = strdup(val))) + return 0; + /* Empty string is just validly unsetting nsid */ + if (*val == 0) { + free(cfg->nsid); + cfg->nsid = NULL; + cfg->nsid_len = 0; + return 1; + } + cfg->nsid = cfg_parse_nsid(val, &cfg->nsid_len); + return cfg->nsid != NULL; + } else S_STRLIST("root-hints:", root_hints) else S_STR("target-fetch-policy:", target_fetch_policy) else S_YNO("harden-glue:", harden_glue) @@ -624,7 +648,9 @@ int config_set_option(struct config_file* cfg, const char* opt, else if(strcmp(opt, "serve-expired-reply-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->serve_expired_reply_ttl = atoi(val); SERVE_EXPIRED_REPLY_TTL=(time_t)cfg->serve_expired_reply_ttl;} else S_NUMBER_OR_ZERO("serve-expired-client-timeout:", serve_expired_client_timeout) + else S_YNO("serve-original-ttl:", serve_original_ttl) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) + else S_YNO("zonemd-permissive-mode:", zonemd_permissive_mode) else S_UNSIGNED_OR_ZERO("add-holddown:", add_holddown) else S_UNSIGNED_OR_ZERO("del-holddown:", del_holddown) else S_UNSIGNED_OR_ZERO("keep-missing:", keep_missing) @@ -719,6 +745,10 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_NUMBER_OR_ZERO("fast-server-permil:", fast_server_permil) else S_YNO("qname-minimisation:", qname_minimisation) else S_YNO("qname-minimisation-strict:", qname_minimisation_strict) + else S_YNO("pad-responses:", pad_responses) + else S_SIZET_NONZERO("pad-responses-block-size:", pad_responses_block_size) + else S_YNO("pad-queries:", pad_queries) + else S_SIZET_NONZERO("pad-queries-block-size:", pad_queries_block_size) #ifdef USE_IPSECMOD else S_YNO("ipsecmod-enabled:", ipsecmod_enabled) else S_YNO("ipsecmod-ignore-bogus:", ipsecmod_ignore_bogus) @@ -1015,6 +1045,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "hide-trustanchor", hide_trustanchor) else O_STR(opt, "identity", identity) else O_STR(opt, "version", version) + else O_STR(opt, "nsid", nsid_cfg_str) else O_STR(opt, "target-fetch-policy", target_fetch_policy) else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize) else O_YNO(opt, "harden-large-queries", harden_large_queries) @@ -1039,7 +1070,9 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "serve-expired-ttl-reset", serve_expired_ttl_reset) else O_DEC(opt, "serve-expired-reply-ttl", serve_expired_reply_ttl) else O_DEC(opt, "serve-expired-client-timeout", serve_expired_client_timeout) + else O_YNO(opt, "serve-original-ttl", serve_original_ttl) else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations) + else O_YNO(opt, "zonemd-permissive-mode", zonemd_permissive_mode) else O_UNS(opt, "add-holddown", add_holddown) else O_UNS(opt, "del-holddown", del_holddown) else O_UNS(opt, "keep-missing", keep_missing) @@ -1158,6 +1191,10 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LS3(opt, "access-control-tag-action", acl_tag_actions) else O_LS3(opt, "access-control-tag-data", acl_tag_datas) else O_LS2(opt, "access-control-view", acl_view) + else O_YNO(opt, "pad-responses", pad_responses) + else O_DEC(opt, "pad-responses-block-size", pad_responses_block_size) + else O_YNO(opt, "pad-queries", pad_queries) + else O_DEC(opt, "pad-queries-block-size", pad_queries_block_size) else O_LS2(opt, "edns-client-strings", edns_client_strings) #ifdef USE_IPSECMOD else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled) @@ -1482,6 +1519,8 @@ config_delete(struct config_file* cfg) #endif free(cfg->identity); free(cfg->version); + free(cfg->nsid_cfg_str); + free(cfg->nsid); free(cfg->module_conf); free(cfg->outgoing_avail_ports); config_delstrlist(cfg->caps_whitelist); @@ -2020,6 +2059,38 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str, return taglist; } +uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len) +{ + uint8_t* nsid = NULL; + + if (strncasecmp(str, "ascii_", 6) == 0) { + if ((nsid = (uint8_t *)strdup(str + 6))) + *nsid_len = strlen(str + 6); + + } else if (strlen(str) % 2) { + ; /* hex string has even number of characters */ + } + + else if (*str && (nsid = calloc(1, strlen(str) / 2))) { + const char *ch; + uint8_t *dp; + + for ( ch = str, dp = nsid + ; isxdigit(ch[0]) && isxdigit(ch[1]) + ; ch += 2, dp++) { + *dp = (uint8_t)sldns_hexdigit_to_int(ch[0]) * 16; + *dp += (uint8_t)sldns_hexdigit_to_int(ch[1]); + } + if (*ch) { + free(nsid); + nsid = NULL; + } else + *nsid_len = strlen(str) / 2; + } + return nsid; +} + + char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, size_t taglen) { @@ -2062,6 +2133,7 @@ config_apply(struct config_file* config) SERVE_EXPIRED = config->serve_expired; SERVE_EXPIRED_TTL = (time_t)config->serve_expired_ttl; SERVE_EXPIRED_REPLY_TTL = (time_t)config->serve_expired_reply_ttl; + SERVE_ORIGINAL_TTL = config->serve_original_ttl; MAX_NEG_TTL = (time_t)config->max_negative_ttl; RTT_MIN_TIMEOUT = config->infra_cache_min_rtt; EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size; @@ -2536,3 +2608,27 @@ int options_remote_is_address(struct config_file* cfg) return (cfg->control_ifs.first->str[0] != '/'); } +/** see if interface is https, its port number == the https port number */ +int +if_is_https(const char* ifname, const char* port, int https_port) +{ + char* p = strchr(ifname, '@'); + if(!p && atoi(port) == https_port) + return 1; + if(p && atoi(p+1) == https_port) + return 1; + return 0; +} + +/** see if config contains https turned on */ +int cfg_has_https(struct config_file* cfg) +{ + int i; + char portbuf[32]; + snprintf(portbuf, sizeof(portbuf), "%d", cfg->port); + for(i = 0; inum_ifs; i++) { + if(if_is_https(cfg->ifs[i], portbuf, cfg->https_port)) + return 1; + } + return 0; +} diff --git a/util/config_file.h b/util/config_file.h index 556544021..f5eda738c 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -338,6 +338,10 @@ struct config_file { char* identity; /** version, package version returned if "". */ char* version; + /** nsid */ + char *nsid_cfg_str; + uint8_t *nsid; + uint16_t nsid_len; /** the module configuration string */ char* module_conf; @@ -388,8 +392,12 @@ struct config_file { /** serve expired entries only after trying to update the entries and this * timeout (in milliseconds) is reached */ int serve_expired_client_timeout; + /** serve original TTLs rather than decrementing ones */ + int serve_original_ttl; /** nsec3 maximum iterations per key size, string */ char* val_nsec3_key_iterations; + /** if zonemd failures are permitted, only logged */ + int zonemd_permissive_mode; /** autotrust add holddown time, in seconds */ unsigned int add_holddown; /** autotrust del holddown time, in seconds */ @@ -596,6 +604,17 @@ struct config_file { size_t dnscrypt_nonce_cache_size; /** number of slabs for dnscrypt nonces cache */ size_t dnscrypt_nonce_cache_slabs; + + /** EDNS padding according to RFC7830 and RFC8467 */ + /** true to enable padding of responses (default: on) */ + int pad_responses; + /** block size with which to pad encrypted responses (default: 468) */ + size_t pad_responses_block_size; + /** true to enable padding of queries (default: on) */ + int pad_queries; + /** block size with which to pad encrypted queries (default: 128) */ + size_t pad_queries_block_size; + /** IPsec module */ #ifdef USE_IPSECMOD /** false to bypass the IPsec module */ @@ -710,6 +729,8 @@ struct config_auth { /** Always reply with this CNAME target if the cname override action is * used */ char* rpz_cname; + /** Reject absence of ZONEMD records, zone must have one */ + int zonemd_reject_absence; }; /** @@ -1070,6 +1091,16 @@ int cfg_count_numbers(const char* str); */ int cfg_parse_memsize(const char* str, size_t* res); +/** + * Parse nsid from string into binary nsid. nsid is either a hexidecimal + * string or an ascii string prepended with ascii_ in which case the + * characters after ascii_ are simply copied. + * @param str: the string to parse. + * @param nsid_len: returns length of nsid in bytes. + * @return malloced bytes or NULL on parse error or malloc failure. + */ +uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len); + /** * Add a tag name to the config. It is added at the end with a new ID value. * @param cfg: the config structure. @@ -1274,5 +1305,15 @@ void w_config_adjust_directory(struct config_file* cfg); /** debug option for unit tests. */ extern int fake_dsa, fake_sha1; +/** see if interface is https, its port number == the https port number */ +int if_is_https(const char* ifname, const char* port, int https_port); + +/** + * Return true if the config contains settings that enable https. + * @param cfg: config information. + * @return true if https ports are used for server. + */ +int cfg_has_https(struct config_file* cfg); + #endif /* UTIL_CONFIG_FILE_H */ diff --git a/util/configlexer.c b/util/configlexer.c index f845e2057..cbf1c103c 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg ); (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 337 -#define YY_END_OF_BUFFER 338 +#define YY_NUM_RULES 345 +#define YY_END_OF_BUFFER 346 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,371 +363,380 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[3292] = +static const flex_int16_t yy_accept[3388] = { 0, - 1, 1, 311, 311, 315, 315, 319, 319, 323, 323, - 1, 1, 327, 327, 331, 331, 338, 335, 1, 309, - 309, 336, 2, 336, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 311, 312, 312, 313, - 336, 315, 316, 316, 317, 336, 322, 319, 320, 320, - 321, 336, 323, 324, 324, 325, 336, 334, 310, 2, - 314, 336, 334, 330, 327, 328, 328, 329, 336, 331, - 332, 332, 333, 336, 335, 0, 1, 2, 2, 2, - 2, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 1, 1, 319, 319, 323, 323, 327, 327, 331, 331, + 1, 1, 335, 335, 339, 339, 346, 343, 1, 317, + 317, 344, 2, 344, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 319, 320, 320, 321, + 344, 323, 324, 324, 325, 344, 330, 327, 328, 328, + 329, 344, 331, 332, 332, 333, 344, 342, 318, 2, + 322, 344, 342, 338, 335, 336, 336, 337, 344, 339, + 340, 340, 341, 344, 343, 0, 1, 2, 2, 2, + 2, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 311, 0, 315, - 0, 322, 0, 319, 323, 0, 334, 0, 2, 2, - 334, 330, 0, 327, 331, 0, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 319, + 0, 323, 0, 330, 0, 327, 331, 0, 342, 0, + 2, 2, 342, 338, 0, 335, 339, 0, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 334, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 342, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 125, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 134, 335, 335, 335, 335, 335, 335, - 335, 334, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 125, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 134, + 343, 343, 343, 343, 343, 343, 343, 342, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 109, 335, 335, 335, 335, 335, 335, 8, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 126, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 109, 343, 316, 343, + 343, 343, 343, 343, 343, 343, 8, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 139, 335, - 334, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 302, 335, + 343, 343, 343, 343, 343, 343, 126, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 139, 343, 343, + 342, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 309, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 334, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 64, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 238, - 335, 14, 15, 335, 19, 18, 335, 335, 222, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 132, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 342, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 64, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 241, 343, 14, 15, 343, 19, 18, 343, + 343, 225, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 220, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 3, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 334, 335, 335, 335, - 335, 335, 335, 335, 296, 335, 335, 295, 335, 335, + 343, 343, 343, 132, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 223, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 3, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 318, 335, 335, 335, 335, - 335, 335, 335, 335, 63, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 67, 335, 269, 335, 335, 335, 335, 335, 335, - 335, 335, 303, 304, 335, 335, 335, 335, 335, 68, + 343, 343, 343, 342, 343, 343, 343, 343, 343, 343, + 343, 303, 343, 343, 302, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 326, 343, 343, 343, 343, 343, 343, 343, + 343, 63, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 67, 343, - 335, 335, 133, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 129, 335, 335, - 335, 335, 335, 335, 335, 335, 209, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 21, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 158, 335, 335, - 334, 318, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 272, 343, 343, 343, 343, 343, 343, 343, 343, 310, + 311, 343, 343, 343, 343, 343, 343, 343, 68, 343, + 343, 133, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 129, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 212, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 21, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 158, 343, 343, - 335, 335, 335, 107, 335, 335, 335, 335, 335, 335, - 335, 277, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 181, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 157, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 342, 326, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 107, 343, 343, 343, 343, + 343, 343, 343, 280, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 182, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 157, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 106, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 32, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 33, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 65, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 131, 334, 335, 335, - 335, 335, 335, 124, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 66, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 106, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 32, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 33, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 65, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 242, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 182, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 54, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 131, 343, 343, 342, 343, 343, 343, 343, 343, + 124, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 66, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 245, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 183, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 54, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 260, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 58, 335, 59, 335, 335, 335, - 335, 335, 110, 335, 111, 335, 335, 335, 335, 108, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 7, - 335, 334, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 263, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 58, 343, 59, 343, 343, 343, + 343, 343, 110, 343, 111, 343, 343, 343, 343, 108, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 231, 335, 335, 335, 335, 160, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 243, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 45, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 55, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 201, 335, 200, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 7, + 343, 343, 343, 342, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 234, 343, 343, 343, 343, 160, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 246, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 45, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 16, 17, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 69, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 208, 335, 335, 335, 335, 335, 335, 113, 335, 112, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 192, 335, 335, 335, 335, 335, 335, 335, - 335, 140, 334, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 101, 335, 335, 335, 335, 335, 335, + 343, 55, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 204, 343, 203, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 16, 17, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 69, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 211, 343, 343, 343, 343, + 343, 343, 113, 343, 112, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 89, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 221, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 94, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 62, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 195, - 196, 335, 335, 335, 271, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 195, 343, 343, + 343, 343, 343, 343, 343, 343, 140, 343, 343, 342, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 101, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 89, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 224, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 94, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 6, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 275, - 335, 335, 335, 335, 335, 335, 297, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 42, 335, 335, - 335, 335, 44, 335, 335, 335, 90, 335, 335, 335, - 335, 335, 52, 335, 335, 335, 335, 335, 335, 335, - 334, 335, 188, 335, 335, 335, 135, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 213, 335, 189, + 343, 343, 343, 343, 343, 343, 343, 62, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 198, 199, 343, 343, + 343, 274, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 6, 343, 343, 343, 343, 343, + 343, 293, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 278, + 343, 343, 343, 343, 343, 343, 304, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 42, 343, - 335, 335, 335, 228, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 53, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 137, 118, 335, 119, 335, - 335, 335, 117, 335, 335, 335, 335, 335, 335, 335, - 335, 155, 335, 335, 50, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 259, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 190, 335, 335, 335, 335, 335, 193, 335, 199, - 335, 335, 335, 335, 335, 227, 335, 335, 335, 335, + 343, 343, 343, 44, 343, 343, 343, 90, 343, 343, + 343, 343, 343, 52, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 342, 343, 191, 343, 343, 343, 135, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 216, 343, 192, 343, 343, 343, 231, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 53, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 137, 118, + 343, 119, 343, 343, 343, 117, 343, 343, 343, 343, + 343, 343, 343, 343, 155, 343, 343, 50, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 105, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 130, - 335, 335, 335, 335, 335, 335, 60, 335, 335, 335, - 26, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 20, 335, 335, 335, 335, 335, 335, 27, 36, 335, - 165, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 334, 335, 335, 335, 335, 335, - 335, 77, 79, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 279, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 262, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 193, 343, 343, 343, 343, 343, + 196, 343, 202, 343, 343, 343, 343, 343, 230, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 105, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 130, 343, 343, 343, 343, 343, + 343, 343, 60, 343, 343, 343, 26, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 20, 343, 343, 343, - 335, 239, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 120, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 154, 335, 46, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 290, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 159, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 219, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 27, 36, 343, 165, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 342, 343, 343, 343, 343, 343, 343, 77, + 79, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 282, 343, 343, 343, 343, 242, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 120, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 154, 343, 46, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 300, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 176, 335, 335, 335, 335, 335, 335, - 335, 335, 114, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 171, 335, 183, 335, 335, 335, 335, 334, - 335, 143, 335, 335, 335, 335, 335, 100, 335, 335, - 335, 335, 211, 335, 335, 335, 335, 335, 335, 229, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 251, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 136, 335, 335, + 343, 343, 343, 343, 343, 343, 297, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 159, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 291, 343, + 343, 343, 222, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 307, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 176, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 114, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 171, 343, 184, 343, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 175, 335, 335, 335, 335, 335, 335, 80, - 335, 81, 335, 335, 335, 335, 335, 61, 293, 335, - 335, 335, 335, 335, 88, 184, 335, 202, 335, 232, - 335, 335, 194, 272, 335, 335, 335, 335, 335, 73, - 335, 186, 335, 335, 335, 335, 335, 9, 335, 335, - 335, 104, 335, 335, 335, 335, 264, 335, 335, 335, - 335, 210, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 342, 343, 143, 343, 343, 343, 343, + 343, 100, 343, 343, 343, 343, 214, 343, 343, 343, + 343, 343, 343, 232, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 254, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 136, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 175, 343, 343, 343, + 343, 343, 343, 80, 343, 81, 343, 343, 343, 343, + 343, 61, 300, 343, 343, 343, 343, 343, 88, 185, + 343, 205, 343, 235, 343, 343, 197, 275, 343, 343, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 334, 335, 335, - 335, 335, 174, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 161, 335, 278, 335, 335, 335, 335, - 335, 250, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 223, 335, 335, 335, 335, 335, 270, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 294, 335, 185, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 73, 343, 187, 343, 343, 343, 343, + 343, 9, 343, 343, 343, 343, 343, 104, 343, 343, + 343, 343, 267, 343, 343, 343, 343, 213, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 342, 343, 343, 343, + 343, 174, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 161, 343, 281, 343, 343, 343, 343, 343, - 72, 74, 335, 335, 335, 335, 335, 335, 335, 103, - 335, 335, 335, 335, 262, 335, 335, 335, 335, 274, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 215, 34, 28, 30, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 35, 335, 29, 31, 335, 335, - 335, 335, 335, 335, 335, 335, 99, 335, 335, 335, - 335, 335, 335, 334, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 217, 214, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 71, 335, 335, 335, 138, + 253, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 226, 343, 343, 343, 343, 343, 273, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 301, + 343, 186, 343, 343, 343, 343, 343, 343, 343, 72, + 74, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 103, 343, 343, 343, 343, 265, 343, 343, 343, 343, + 277, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 218, 34, 28, 30, 343, 343, 343, - 335, 121, 335, 335, 335, 335, 335, 335, 335, 335, - 156, 47, 335, 335, 335, 326, 13, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 288, 335, 291, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 12, 335, 335, 22, 335, 335, 335, 268, 335, 335, - 335, 335, 276, 335, 335, 335, 75, 335, 225, 335, - 335, 335, 335, 216, 335, 335, 70, 335, 335, 335, - 335, 23, 335, 43, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 170, 169, 326, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 218, 212, + 343, 343, 343, 343, 343, 343, 35, 343, 29, 31, + 343, 343, 343, 343, 343, 343, 343, 343, 99, 343, + 343, 343, 343, 343, 343, 343, 343, 342, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 220, + 217, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 71, + 343, 343, 343, 138, 343, 121, 343, 343, 343, 343, + 343, 343, 343, 343, 156, 47, 343, 343, 343, 334, + 13, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 295, 343, 298, 343, 343, 343, 343, 343, 343, - 335, 230, 335, 335, 280, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 82, 335, 335, - 335, 335, 263, 335, 335, 335, 335, 198, 335, 335, - 335, 335, 224, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 298, 299, 167, 335, 335, 76, 335, 335, - 335, 335, 177, 335, 335, 115, 116, 335, 335, 335, - 335, 162, 335, 164, 335, 203, 335, 335, 335, 335, - 168, 335, 335, 233, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 12, 343, 343, 22, 343, 343, + 343, 343, 343, 271, 343, 343, 343, 343, 279, 343, + 343, 343, 75, 343, 228, 343, 343, 343, 343, 343, + 219, 343, 343, 70, 343, 343, 343, 343, 23, 343, + 43, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 170, 169, 343, 343, 334, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 221, 215, 343, + 233, 343, 343, 283, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 145, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 241, 335, 335, 335, 335, 335, - 335, 335, 307, 335, 24, 335, 273, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 86, 204, 335, 335, 261, 335, 292, 335, 197, - 335, 335, 335, 335, 56, 335, 335, 335, 335, 4, - 335, 335, 335, 335, 128, 144, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 236, 37, 38, 335, 335, 335, - 335, 335, 335, 335, 281, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 343, 343, 82, 343, 343, 343, + 343, 266, 343, 343, 343, 343, 201, 343, 343, 343, + 343, 227, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 305, 306, 167, 343, 343, 76, 343, + 343, 343, 343, 177, 343, 343, 343, 115, 116, 343, + 343, 343, 343, 162, 343, 164, 343, 206, 343, 343, + 343, 343, 168, 343, 343, 343, 343, 236, 343, 343, + 343, 343, 343, 343, 343, 145, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 244, 343, + 343, 343, 343, 343, 343, 343, 314, 343, 24, 343, - 335, 335, 249, 335, 335, 335, 335, 335, 335, 335, - 335, 207, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 85, 335, 57, 267, 335, 237, - 335, 335, 335, 335, 11, 335, 335, 335, 335, 335, - 335, 127, 335, 335, 335, 335, 205, 91, 335, 40, - 335, 335, 335, 335, 335, 335, 335, 335, 173, 335, - 335, 335, 335, 335, 147, 335, 335, 335, 335, 240, - 335, 335, 335, 335, 335, 248, 335, 335, 335, 335, - 141, 335, 335, 335, 122, 123, 335, 335, 335, 93, - 97, 92, 335, 335, 335, 335, 83, 335, 335, 335, + 276, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 86, 207, 343, 343, 264, + 343, 299, 343, 200, 343, 343, 343, 343, 56, 343, + 343, 343, 343, 343, 343, 4, 343, 343, 343, 343, + 128, 144, 343, 343, 343, 181, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 239, 37, 38, 343, 343, 343, 343, + 343, 343, 343, 284, 343, 343, 343, 343, 343, 343, + 343, 252, 343, 343, 343, 343, 343, 343, 343, 343, + 210, 343, 343, 343, 343, 343, 343, 343, 343, 343, - 335, 335, 10, 335, 335, 335, 265, 301, 335, 335, - 335, 335, 306, 39, 335, 335, 335, 335, 335, 172, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 98, 96, 335, 51, 335, 335, 84, - 289, 335, 335, 335, 335, 335, 335, 335, 191, 335, - 335, 335, 335, 335, 206, 335, 335, 335, 335, 335, - 335, 335, 335, 163, 78, 335, 335, 335, 335, 335, - 282, 335, 335, 335, 335, 335, 335, 335, 245, 335, - 335, 244, 142, 335, 335, 95, 48, 335, 148, 149, + 343, 343, 343, 85, 343, 57, 270, 343, 240, 343, + 343, 343, 343, 11, 343, 343, 343, 343, 343, 343, + 343, 343, 127, 343, 343, 343, 343, 208, 91, 343, + 40, 343, 343, 343, 343, 343, 343, 343, 343, 173, + 343, 343, 343, 343, 343, 343, 343, 147, 343, 343, + 343, 343, 243, 343, 343, 343, 343, 343, 251, 343, + 343, 343, 343, 141, 343, 343, 343, 122, 123, 343, + 343, 343, 93, 97, 92, 343, 343, 343, 343, 83, + 343, 343, 343, 343, 343, 10, 343, 343, 343, 343, + 343, 268, 308, 343, 343, 343, 343, 313, 39, 343, - 152, 153, 150, 151, 87, 335, 266, 335, 335, 335, - 335, 166, 335, 335, 335, 335, 335, 235, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 179, 178, 41, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 102, 335, 234, 335, - 258, 286, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 308, 335, 49, 5, 335, 335, 226, - 335, 335, 287, 335, 335, 335, 335, 335, 335, 335, + 343, 343, 343, 343, 172, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 98, 96, 343, 51, 343, 343, 84, 296, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 194, 343, 343, + 343, 343, 343, 209, 343, 343, 343, 343, 343, 343, + 343, 190, 343, 343, 163, 78, 343, 343, 343, 343, + 343, 285, 343, 343, 343, 343, 343, 343, 343, 248, + 343, 343, 247, 142, 343, 343, 95, 48, 343, 148, + 149, 152, 153, 150, 151, 87, 294, 343, 343, 269, - 335, 335, 246, 25, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 247, 335, 335, 335, - 146, 335, 335, 335, 335, 335, 335, 335, 335, 180, - 335, 187, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 283, 335, 335, 335, 335, 335, 335, 335, 335, - 335, 335, 335, 335, 335, 335, 335, 335, 335, 305, - 335, 335, 254, 335, 335, 335, 335, 335, 284, 335, - 335, 335, 335, 335, 335, 285, 335, 335, 335, 252, - 335, 255, 256, 335, 335, 335, 335, 335, 253, 257, - 0 + 343, 343, 343, 343, 166, 343, 343, 343, 343, 189, + 343, 238, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 179, 178, 41, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 292, 343, 343, + 343, 343, 102, 343, 237, 343, 261, 289, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 315, + 343, 49, 5, 343, 343, 229, 343, 343, 290, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 249, 25, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 250, 343, 343, 343, 146, 343, 343, 343, + 343, 343, 343, 343, 343, 180, 343, 188, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 286, 343, 343, + 343, 343, 343, 343, 343, 343, 343, 343, 343, 343, + 343, 343, 343, 343, 343, 312, 343, 343, 257, 343, + 343, 343, 343, 343, 287, 343, 343, 343, 343, 343, + 343, 288, 343, 343, 343, 255, 343, 258, 259, 343, + 343, 343, 343, 343, 256, 260, 0 } ; static const YY_CHAR yy_ec[256] = @@ -770,743 +779,765 @@ static const YY_CHAR yy_meta[41] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[3310] = +static const flex_int16_t yy_base[3406] = { 0, 0, 0, 38, 41, 44, 46, 59, 65, 71, 77, - 90, 112, 96, 118, 124, 136, 3493, 3402, 81, 6426, - 6426, 6426, 129, 52, 130, 63, 131, 152, 70, 140, - 149, 156, 57, 88, 76, 173, 175, 95, 184, 145, - 185, 205, 194, 204, 178, 123, 3176, 6426, 6426, 6426, - 107, 2960, 6426, 6426, 6426, 154, 2373, 2342, 6426, 6426, - 6426, 226, 2208, 6426, 6426, 6426, 163, 2071, 6426, 238, - 6426, 242, 148, 1858, 1710, 6426, 6426, 6426, 246, 1553, - 6426, 6426, 6426, 250, 1440, 254, 219, 0, 258, 0, - 0, 165, 250, 191, 215, 243, 252, 256, 92, 260, + 90, 112, 96, 118, 124, 136, 4333, 3646, 81, 6613, + 6613, 6613, 129, 52, 130, 63, 131, 152, 70, 140, + 149, 156, 57, 88, 76, 173, 175, 95, 197, 145, + 185, 199, 208, 213, 178, 123, 3471, 6613, 6613, 6613, + 107, 3089, 6613, 6613, 6613, 154, 2938, 2734, 6613, 6613, + 6613, 245, 2551, 6613, 6613, 6613, 163, 2380, 6613, 249, + 6613, 253, 148, 2167, 2097, 6613, 6613, 6613, 257, 1895, + 6613, 6613, 6613, 233, 1571, 263, 201, 0, 267, 0, + 0, 165, 191, 221, 252, 205, 181, 265, 92, 261, - 261, 262, 264, 265, 266, 273, 270, 277, 278, 281, - 271, 279, 290, 288, 296, 295, 299, 310, 303, 306, - 313, 314, 307, 323, 317, 312, 328, 326, 330, 334, - 337, 340, 342, 343, 344, 346, 349, 354, 348, 356, - 364, 357, 361, 359, 372, 376, 365, 360, 377, 380, - 384, 385, 387, 388, 391, 399, 389, 1400, 411, 1086, - 415, 984, 422, 871, 689, 426, 406, 430, 434, 0, - 411, 280, 438, 233, 181, 442, 430, 442, 419, 438, - 439, 441, 440, 443, 444, 445, 446, 449, 463, 455, - 456, 467, 471, 472, 469, 476, 474, 460, 482, 488, + 216, 263, 271, 272, 210, 279, 274, 282, 278, 291, + 283, 286, 276, 285, 295, 293, 306, 314, 297, 313, + 317, 311, 315, 319, 321, 331, 327, 332, 336, 322, + 339, 337, 346, 345, 347, 348, 353, 351, 357, 284, + 358, 359, 369, 360, 380, 365, 381, 379, 375, 366, + 367, 389, 390, 394, 393, 395, 396, 403, 404, 1355, + 419, 1172, 422, 1110, 429, 1014, 912, 433, 781, 437, + 441, 0, 433, 705, 447, 479, 287, 452, 411, 445, + 426, 446, 447, 448, 449, 450, 451, 453, 452, 456, + 470, 234, 463, 473, 481, 479, 476, 483, 486, 487, - 484, 481, 491, 494, 495, 497, 502, 503, 505, 504, - 506, 507, 523, 510, 499, 509, 532, 530, 534, 539, - 535, 542, 544, 537, 551, 547, 554, 556, 557, 508, - 559, 546, 561, 549, 560, 563, 569, 570, 572, 573, - 575, 583, 580, 578, 584, 581, 592, 590, 597, 593, - 594, 598, 601, 604, 612, 616, 602, 623, 607, 614, - 624, 627, 635, 636, 631, 615, 632, 622, 639, 640, - 641, 642, 643, 651, 652, 644, 654, 662, 655, 657, - 660, 663, 664, 665, 673, 676, 680, 668, 684, 674, - 685, 687, 675, 683, 693, 695, 694, 697, 707, 700, + 488, 489, 491, 492, 501, 500, 502, 505, 508, 510, + 511, 460, 509, 513, 527, 515, 516, 519, 538, 529, + 540, 543, 539, 548, 555, 400, 550, 551, 558, 553, + 560, 561, 569, 562, 565, 566, 567, 570, 572, 574, + 576, 579, 578, 582, 577, 590, 591, 585, 595, 594, + 606, 601, 608, 604, 605, 362, 607, 611, 615, 623, + 612, 627, 613, 614, 629, 633, 640, 641, 636, 622, + 637, 639, 643, 644, 646, 648, 647, 656, 660, 659, + 663, 667, 657, 665, 669, 671, 673, 649, 682, 675, + 684, 688, 680, 683, 690, 692, 694, 696, 695, 699, - 708, 709, 710, 712, 717, 715, 719, 727, 705, 722, - 723, 605, 728, 731, 724, 726, 732, 735, 736, 738, - 745, 743, 747, 749, 750, 766, 754, 739, 759, 767, - 758, 760, 768, 774, 793, 779, 781, 789, 790, 791, - 795, 797, 805, 807, 796, 809, 803, 810, 812, 813, - 822, 818, 6426, 817, 820, 833, 826, 834, 835, 836, - 841, 842, 823, 849, 847, 848, 852, 874, 856, 863, - 854, 864, 858, 6426, 867, 868, 898, 881, 871, 889, - 885, 878, 887, 892, 894, 902, 911, 904, 908, 909, - 922, 915, 919, 924, 918, 927, 925, 935, 936, 931, + 697, 700, 708, 704, 713, 712, 721, 716, 722, 719, + 731, 732, 727, 717, 728, 729, 733, 736, 730, 740, + 738, 741, 745, 743, 750, 752, 760, 755, 756, 771, + 763, 766, 762, 773, 774, 769, 775, 793, 798, 799, + 786, 800, 801, 804, 803, 805, 807, 808, 809, 818, + 811, 823, 815, 824, 825, 829, 836, 834, 6613, 831, + 833, 847, 848, 849, 852, 765, 856, 858, 839, 868, + 864, 861, 870, 892, 865, 878, 869, 871, 874, 6613, + 887, 880, 916, 882, 889, 902, 904, 900, 903, 905, + 914, 907, 933, 850, 909, 924, 940, 936, 925, 937, - 934, 941, 948, 943, 945, 947, 956, 949, 950, 957, - 958, 769, 960, 967, 970, 964, 959, 975, 976, 977, - 979, 982, 983, 987, 985, 998, 1005, 999, 1012, 986, - 1010, 1011, 1014, 1013, 1019, 1020, 1022, 1024, 1025, 1027, - 1028, 1032, 1033, 1031, 1034, 1036, 1038, 1044, 1042, 1047, - 1048, 1049, 1056, 1058, 1051, 1064, 1052, 1050, 1068, 1060, - 6426, 1072, 1070, 1075, 1076, 1074, 1077, 6426, 1078, 1079, - 1080, 1081, 1090, 1092, 1093, 1099, 1088, 1103, 1105, 1106, - 1107, 1115, 1110, 1113, 1118, 1117, 1119, 1121, 1123, 1125, - 1127, 1126, 1128, 1134, 1135, 1138, 1155, 6426, 1137, 1145, + 939, 942, 943, 952, 948, 950, 951, 953, 961, 956, + 960, 964, 968, 962, 971, 972, 975, 977, 983, 974, + 980, 990, 973, 993, 994, 995, 997, 996, 1007, 1004, + 1000, 1001, 1015, 1014, 1028, 1017, 1026, 1027, 1030, 1029, + 1035, 1036, 1039, 1041, 1042, 1043, 1044, 1054, 1046, 1049, + 1051, 1053, 1057, 1059, 1061, 1063, 1066, 1065, 1067, 1071, + 1069, 1078, 1080, 1074, 1086, 1076, 6613, 1088, 6613, 1082, + 1091, 1092, 1090, 1097, 1093, 1094, 6613, 1096, 1100, 1104, + 1105, 1115, 1108, 1126, 1107, 1121, 1122, 1125, 1123, 1127, + 1138, 1129, 1131, 1145, 1136, 1141, 1140, 1143, 1144, 1147, - 1142, 1139, 1148, 1149, 1167, 1147, 1165, 1166, 1159, 1179, - 1177, 1178, 1180, 1186, 1187, 1188, 1190, 1195, 1191, 1140, - 1193, 1197, 1198, 1199, 1201, 1200, 1202, 1205, 6426, 1203, - 1214, 1227, 1213, 1222, 1223, 1224, 1226, 1228, 1229, 1230, - 1232, 1231, 1236, 1240, 1251, 1235, 1254, 1249, 1250, 1252, - 1256, 1257, 1260, 1258, 1259, 1270, 1265, 1273, 1280, 1282, - 1284, 1286, 1287, 1294, 1268, 1290, 1292, 1291, 1297, 1298, - 1300, 1299, 1301, 1307, 1305, 1314, 1311, 1310, 1312, 1313, - 1318, 1320, 1321, 1325, 1322, 1323, 1337, 1329, 1332, 1333, - 1339, 1347, 1340, 1349, 1350, 1351, 1352, 1353, 6426, 1360, + 1151, 1153, 1154, 1155, 1156, 1175, 6613, 1157, 1165, 1167, + 1159, 1168, 1182, 1187, 1173, 1185, 1193, 1197, 1205, 1198, + 1200, 1204, 1179, 1203, 1160, 1208, 1214, 1211, 1217, 1219, + 1218, 1220, 1222, 1221, 1224, 1225, 1232, 6613, 1235, 1241, + 1246, 1253, 1236, 1239, 1249, 1251, 1252, 1255, 1256, 1257, + 1259, 517, 1258, 1263, 1275, 1264, 1277, 1272, 1228, 1274, + 1278, 1280, 1279, 1281, 1283, 1292, 1289, 1295, 1304, 1307, + 1306, 1309, 1316, 1318, 1298, 1311, 1321, 1315, 1313, 1314, + 1325, 1326, 1327, 1329, 1330, 1339, 1336, 1335, 1337, 1338, + 1343, 1341, 1345, 1346, 1347, 1349, 1360, 1357, 1358, 1365, - 1361, 1359, 1363, 1364, 1371, 1372, 1375, 1376, 1373, 1379, - 1378, 1381, 1385, 1386, 1387, 1382, 1388, 1390, 1399, 1403, - 1404, 1413, 1405, 1412, 1396, 1415, 1422, 1418, 1425, 1421, - 1420, 1426, 1433, 1428, 1430, 1434, 1442, 1437, 1435, 1446, - 1438, 1447, 1450, 1449, 1461, 1459, 1460, 1469, 1472, 1462, - 1464, 1470, 1474, 1475, 1477, 1478, 1479, 1480, 1488, 1481, - 1483, 1484, 1486, 1490, 1491, 1494, 1497, 1509, 1502, 1505, - 1504, 1507, 1511, 1513, 1514, 1518, 1519, 1520, 1522, 1521, - 1524, 1528, 1529, 1533, 1534, 1540, 1541, 1542, 1544, 1547, - 1548, 1551, 1550, 1559, 1561, 1549, 1562, 1565, 1568, 1570, + 1361, 1370, 1364, 1359, 1378, 1380, 1367, 1374, 6613, 1390, + 1287, 1388, 1392, 1393, 1394, 1395, 1386, 1387, 1399, 1401, + 1403, 1404, 1410, 1407, 1411, 1412, 1413, 1415, 1423, 1419, + 1426, 1434, 1433, 1435, 1420, 1437, 1439, 1441, 1448, 1445, + 1449, 1452, 1421, 1453, 1462, 1454, 1457, 1459, 1469, 1447, + 1465, 1468, 1471, 1475, 1477, 1480, 1487, 1482, 1485, 1502, + 1488, 1472, 1493, 1486, 1504, 1492, 1499, 1503, 1507, 1508, + 1515, 1512, 1511, 1514, 1518, 1513, 1519, 1522, 1524, 1536, + 1523, 1532, 1527, 1535, 1541, 1525, 1540, 1542, 1547, 1548, + 1550, 1549, 1551, 1553, 1558, 1559, 1562, 1561, 1564, 1568, - 1571, 1572, 1573, 1580, 1575, 1578, 1581, 1585, 1586, 1591, - 1592, 1595, 1597, 1600, 6426, 1598, 1610, 1588, 1611, 1606, - 1603, 1605, 1619, 1612, 1614, 1616, 1622, 1624, 1648, 6426, - 1625, 6426, 6426, 315, 6426, 6426, 1626, 1627, 6426, 1630, - 1629, 1639, 1637, 1631, 1642, 1645, 1646, 1649, 1651, 1658, - 1672, 1654, 1661, 1662, 1665, 1675, 1677, 1678, 1666, 1686, - 1687, 1689, 1694, 1695, 1703, 1696, 1700, 1706, 1708, 1714, - 1710, 1719, 1720, 1709, 1716, 1723, 1724, 1726, 1725, 1728, - 1731, 1734, 1736, 1732, 1730, 1738, 1747, 1749, 1740, 1757, - 6426, 1753, 1761, 1765, 1762, 1769, 1768, 1764, 1766, 1773, + 1570, 1574, 1576, 1577, 1579, 1580, 1588, 1581, 1590, 1591, + 1592, 1594, 1595, 1602, 1604, 1598, 1608, 1605, 1611, 1610, + 1613, 1614, 1616, 1617, 1622, 1623, 1624, 6613, 1629, 1636, + 1631, 1634, 1632, 1637, 1639, 1646, 1641, 1643, 1642, 1645, + 1647, 1671, 6613, 1653, 6613, 6613, 1652, 6613, 6613, 1654, + 1655, 6613, 1658, 1656, 1659, 1674, 1681, 1684, 1666, 1679, + 1672, 1687, 1694, 1708, 1695, 1692, 1696, 1698, 1699, 1701, + 1706, 1703, 1689, 1716, 1725, 1730, 1731, 1717, 1719, 1732, + 1735, 1739, 1740, 1742, 1746, 1748, 1749, 1733, 1751, 1753, + 1756, 1754, 1757, 1759, 1763, 1764, 1760, 1767, 1766, 1776, - 1776, 1777, 1778, 1779, 1780, 1781, 1783, 1743, 1786, 1789, - 1797, 1790, 6426, 1792, 1793, 1795, 1798, 1799, 1804, 1805, - 1806, 1811, 1812, 1813, 1823, 1814, 1816, 1818, 1824, 1825, - 1827, 6426, 1832, 1829, 1835, 1839, 1840, 1842, 1843, 1845, - 1846, 1841, 1847, 1848, 1851, 1853, 1860, 1855, 1859, 1857, - 1865, 1868, 1873, 1875, 1878, 1881, 1882, 1883, 1884, 1885, - 1886, 1888, 1889, 1896, 1899, 1897, 1900, 1898, 1895, 1910, - 1919, 1902, 1914, 1916, 1917, 1918, 1920, 1929, 1924, 1925, - 1931, 1932, 1930, 1935, 1937, 1940, 1947, 1938, 1948, 1956, - 1942, 1949, 1954, 1951, 6426, 1958, 1960, 6426, 1962, 1961, + 1780, 1769, 1787, 6613, 1784, 1796, 1797, 1793, 1800, 1792, + 1799, 1801, 1772, 1783, 1802, 1803, 1806, 1807, 1804, 1808, + 1812, 1816, 1817, 1819, 1829, 1836, 1813, 6613, 1825, 1833, + 1820, 1818, 1837, 1835, 1840, 1839, 1841, 1843, 1847, 1855, + 1850, 1848, 1856, 1858, 1857, 1859, 1861, 6613, 1868, 1874, + 1862, 1871, 1865, 1869, 1878, 1879, 1880, 1882, 1884, 1888, + 1885, 1887, 1896, 1893, 1897, 1894, 1904, 1899, 1908, 1910, + 1912, 1914, 1916, 1917, 1919, 1920, 1921, 1923, 1924, 1932, + 1935, 1931, 1936, 1933, 1928, 1952, 1955, 1950, 1938, 1939, + 1953, 1941, 1960, 1969, 1964, 1956, 1965, 1972, 1968, 1971, - 1963, 1985, 1965, 1967, 1968, 1973, 1977, 1976, 1978, 1986, - 1987, 1989, 2005, 1998, 1995, 2008, 2010, 2011, 1979, 2013, - 2014, 2015, 2017, 2020, 2021, 2030, 2038, 2039, 2023, 2042, - 2040, 1997, 2041, 2043, 2062, 2044, 2045, 2051, 2046, 2047, - 2049, 2059, 2052, 2053, 2055, 2057, 2075, 2078, 2077, 2079, - 2064, 2084, 2086, 2087, 2090, 6426, 2098, 2093, 2094, 2095, - 2099, 2107, 2103, 2104, 6426, 2105, 2106, 2109, 2117, 2118, - 2116, 2119, 2120, 2122, 2121, 2126, 2128, 2130, 2142, 2129, - 2149, 6426, 2131, 6426, 2144, 2132, 2134, 2145, 2133, 2150, - 2155, 2156, 6426, 6426, 2157, 2154, 2166, 2170, 2168, 6426, + 1973, 1975, 1976, 1983, 1981, 1985, 1986, 1979, 1984, 1990, + 1993, 6613, 1997, 1999, 6613, 1998, 2000, 2002, 2024, 2005, + 2003, 2010, 2009, 2014, 2015, 2016, 2018, 2017, 2028, 2044, + 2037, 2034, 2047, 2026, 2049, 2050, 2052, 2053, 2055, 2056, + 2059, 2030, 2060, 2072, 2075, 2074, 2082, 2084, 2058, 2071, + 2061, 2091, 2081, 2083, 2086, 2089, 2094, 2098, 2096, 2102, + 2087, 2107, 2108, 2115, 2113, 2119, 2112, 2120, 2114, 2122, + 2123, 2125, 6613, 2134, 2135, 2129, 2137, 2133, 2147, 2139, + 2140, 6613, 2143, 2149, 2150, 2157, 2153, 2154, 2155, 2156, + 2161, 2163, 2165, 2169, 2170, 2168, 2164, 2186, 6613, 2171, - 2169, 2177, 6426, 2174, 2179, 2172, 2173, 2180, 2183, 2184, - 2187, 2194, 2189, 2198, 2190, 2195, 2199, 6426, 2203, 2191, - 2210, 2211, 2204, 2214, 2217, 2218, 6426, 2221, 2207, 2225, - 2232, 2229, 2224, 2234, 2235, 2236, 2239, 2240, 2241, 2242, - 2243, 2250, 2253, 2246, 2249, 2255, 2264, 6426, 2248, 2262, - 2269, 2265, 2268, 2271, 2272, 2273, 2274, 2275, 2276, 2277, - 2284, 2283, 2285, 2286, 2296, 2298, 2287, 2294, 2304, 2295, - 2306, 2300, 2311, 2308, 2309, 2310, 2313, 6426, 2315, 2317, - 2319, 171, 2321, 2322, 2324, 2323, 2331, 2333, 2325, 2347, - 2348, 2327, 2344, 2350, 2346, 2353, 2354, 2355, 2356, 2357, + 6613, 2182, 2172, 2184, 2185, 2188, 2189, 2190, 2193, 6613, + 6613, 2197, 2191, 2207, 2211, 2201, 2194, 2212, 6613, 2213, + 2220, 6613, 2217, 2223, 2216, 2215, 2222, 2224, 2227, 2228, + 2237, 2232, 2239, 2234, 2236, 2244, 6613, 2245, 2246, 2250, + 2251, 2247, 2253, 2254, 2260, 2257, 6613, 2264, 2261, 2266, + 2274, 2276, 2271, 2273, 2278, 2282, 2279, 2284, 2285, 2286, + 2287, 2294, 2296, 2293, 2299, 2301, 2308, 6613, 2292, 2295, + 2313, 2309, 2312, 2316, 2317, 2318, 2319, 2320, 2321, 2322, + 2327, 2328, 2329, 2330, 2337, 2340, 2335, 2339, 2343, 2345, + 2347, 2348, 2355, 2352, 2353, 2354, 2356, 6613, 2357, 2359, - 2358, 2359, 2361, 6426, 2363, 2364, 2366, 2370, 2369, 2372, - 2377, 6426, 2379, 2386, 2389, 2398, 2381, 2390, 2399, 2395, - 2400, 2401, 2403, 2405, 2407, 2406, 2409, 2415, 2412, 6426, - 2417, 2420, 2422, 2413, 2429, 2428, 2421, 2435, 2436, 2437, - 2440, 2438, 2439, 2442, 2441, 2443, 2444, 2449, 2448, 2445, - 2447, 2457, 2458, 2459, 2468, 2469, 2461, 2470, 2471, 6426, - 2481, 2472, 2476, 2474, 2477, 2479, 2484, 2492, 2499, 2483, - 2494, 2496, 2500, 2510, 2503, 2505, 2512, 2520, 2517, 2525, - 2513, 2526, 2527, 2535, 2524, 2537, 2539, 2528, 2540, 2541, - 2543, 2546, 2547, 2549, 2559, 2560, 2552, 2562, 2555, 2576, + 2363, 2366, 2365, 171, 2369, 2367, 2372, 2374, 2377, 2388, + 2375, 2396, 2397, 2378, 2393, 2399, 2400, 2389, 2392, 2402, + 2404, 2408, 2409, 2410, 2411, 6613, 2413, 2414, 2415, 2417, + 2418, 2420, 2429, 6613, 2422, 2435, 2437, 2439, 2444, 2441, + 2446, 2431, 2447, 2452, 2453, 2454, 2456, 2457, 2460, 2459, + 2463, 6613, 2467, 2464, 2471, 2472, 2475, 2477, 2478, 2479, + 2483, 2484, 2485, 2486, 2488, 2490, 2489, 2491, 2493, 2499, + 2500, 2496, 2504, 2509, 2506, 2507, 2510, 2513, 2514, 2519, + 2517, 6613, 2529, 2520, 2527, 2525, 2528, 2530, 2531, 2538, + 2553, 2540, 2542, 2544, 2554, 2560, 2545, 2562, 2549, 2563, - 2581, 2572, 6426, 2570, 2565, 2568, 2582, 2590, 2585, 2587, - 2588, 2592, 2595, 2596, 2597, 2598, 2605, 2600, 2602, 2603, - 2608, 2607, 2611, 2614, 2618, 2619, 2623, 2625, 2627, 2628, - 6426, 2631, 2633, 2629, 2635, 2637, 2639, 2642, 2645, 2647, - 2649, 2650, 2654, 2655, 2657, 2656, 2658, 2664, 2665, 2651, - 6426, 2674, 2666, 2678, 2668, 2679, 2672, 2685, 2686, 2687, - 2661, 2688, 2691, 2694, 2695, 2697, 6426, 2704, 2705, 2696, - 2712, 2707, 2703, 2708, 2714, 2711, 6426, 2715, 2717, 2718, - 2726, 2727, 2723, 6426, 2734, 2724, 2725, 2732, 2735, 2736, - 2733, 2739, 2742, 2743, 2746, 2748, 2755, 2749, 2756, 6426, + 2567, 2566, 2576, 2577, 2580, 2586, 2574, 2588, 2591, 2578, + 2581, 2584, 2590, 2592, 2600, 2601, 2608, 2609, 2606, 2612, + 2604, 2621, 2615, 2627, 2633, 2623, 6613, 2632, 2625, 2617, + 2637, 2644, 2639, 2641, 2642, 2645, 2649, 2650, 2651, 2652, + 2660, 2655, 2653, 2657, 2662, 2664, 2665, 2668, 2672, 2673, + 2676, 2680, 2677, 2683, 2421, 6613, 2684, 2686, 2685, 2688, + 2694, 2689, 2696, 2699, 2701, 2702, 2703, 2708, 2705, 2710, + 2711, 2712, 2718, 2605, 2714, 6613, 2716, 2715, 2721, 2720, + 2728, 2729, 2735, 2736, 2738, 2741, 2744, 2745, 2746, 2747, + 2748, 6613, 2756, 2757, 2753, 2765, 2755, 2760, 2762, 2767, - 2757, 2766, 2759, 2758, 2763, 2769, 2770, 2773, 2774, 2775, - 2778, 2781, 6426, 2792, 2789, 2787, 2800, 2790, 2530, 2796, - 2797, 2801, 2803, 2804, 2805, 2807, 6426, 2808, 2811, 2812, - 2815, 2813, 2818, 2819, 2826, 2823, 2825, 2828, 2831, 2832, - 2833, 2834, 2841, 2840, 2837, 2849, 2850, 2853, 2854, 2856, - 2859, 2867, 2870, 2843, 2866, 2869, 2862, 2871, 2872, 2879, - 2880, 2887, 2882, 2884, 6426, 2889, 2886, 2891, 2893, 2894, - 2895, 2897, 2896, 2898, 2901, 2902, 2908, 2904, 2905, 2920, - 2923, 2907, 2915, 2925, 2926, 2928, 2929, 2930, 2931, 2932, - 2939, 2935, 2936, 2947, 2938, 2942, 2952, 2953, 2954, 2955, + 2768, 6613, 2769, 832, 2770, 2771, 2772, 2780, 2781, 2776, + 6613, 2783, 2778, 2784, 2786, 2789, 2793, 2790, 2796, 2794, + 2799, 2800, 2805, 2803, 2809, 2811, 6613, 2812, 2821, 2817, + 2813, 2819, 2823, 2825, 2826, 2828, 2829, 2843, 2834, 6613, + 2852, 2847, 2839, 2855, 2842, 2830, 2853, 2857, 2858, 2859, + 2860, 2864, 2865, 6613, 2867, 2866, 2868, 2872, 2870, 2875, + 2876, 2888, 2878, 2879, 2883, 2887, 2889, 2891, 2894, 2896, + 2900, 2901, 2906, 2907, 2909, 2911, 2892, 2913, 2922, 2923, + 2918, 2926, 2921, 2928, 2929, 2930, 2937, 2939, 2940, 2941, + 2945, 6613, 2948, 2949, 2943, 2936, 2951, 2955, 2956, 2957, - 2956, 2963, 2943, 2961, 2958, 2965, 2966, 2970, 2980, 2981, - 2967, 2982, 2983, 2984, 2985, 6426, 2988, 2989, 2990, 2993, - 2996, 2999, 3002, 3009, 3000, 3001, 3011, 3017, 3018, 3008, - 3019, 3010, 3026, 3024, 6426, 3025, 6426, 3027, 3029, 3031, - 3039, 3035, 6426, 3041, 6426, 3042, 3047, 3036, 3038, 6426, - 3050, 3044, 3049, 3056, 3051, 3059, 3060, 3062, 3061, 3068, - 3063, 3065, 3070, 3071, 3073, 3076, 3074, 3081, 3082, 3086, - 3090, 3091, 3078, 3102, 3084, 3094, 3100, 3092, 3107, 6426, - 3109, 3097, 3110, 3115, 3114, 3116, 3117, 3118, 3120, 3121, - 3123, 3127, 3122, 3132, 3124, 3136, 3135, 3145, 3146, 3153, + 2958, 2960, 2962, 2961, 2965, 2967, 2974, 2978, 2975, 2981, + 2983, 2984, 2976, 2987, 2988, 2989, 2990, 2997, 2993, 2994, + 3005, 2996, 3000, 3010, 3011, 3012, 3013, 3014, 3021, 3001, + 3019, 3016, 3023, 3018, 3024, 3027, 3029, 3041, 3042, 3044, + 3025, 3036, 3046, 3049, 6613, 3052, 3053, 3050, 3054, 3056, + 3061, 3057, 3069, 3064, 3067, 3066, 3073, 3078, 3075, 3076, + 3081, 3083, 3091, 3087, 6613, 3084, 6613, 3088, 3092, 3098, + 3106, 3093, 6613, 3105, 6613, 3107, 3112, 3101, 3108, 6613, + 3115, 3096, 3114, 3119, 3121, 3122, 3125, 3126, 3127, 3128, + 3130, 3132, 3133, 3134, 3135, 3137, 3140, 3142, 3146, 3147, - 6426, 3148, 3150, 3151, 3152, 6426, 3154, 3155, 3156, 3160, - 3163, 3164, 3165, 3168, 3172, 3167, 3169, 3174, 3183, 3184, - 3187, 3188, 6426, 3190, 3193, 3175, 3202, 3196, 3203, 3210, - 3206, 3208, 3212, 3220, 3216, 3215, 3217, 3218, 3219, 3222, - 3229, 3230, 3226, 3233, 3232, 3236, 3243, 3240, 3234, 3238, - 3244, 3246, 3247, 3248, 3249, 3250, 3253, 3254, 3251, 6426, - 3259, 3265, 3263, 3272, 3268, 3269, 3273, 3278, 3274, 6426, - 3280, 3281, 3282, 3284, 3289, 3283, 3286, 3291, 3294, 3297, - 3299, 3302, 3304, 3303, 6426, 3305, 6426, 3307, 3308, 3318, - 3322, 3323, 3310, 3324, 3330, 3326, 3331, 3333, 3336, 3334, + 3153, 3145, 3156, 3157, 3161, 3163, 3164, 3165, 3166, 6613, + 3170, 3167, 3172, 3173, 3175, 3178, 3179, 3181, 3182, 3185, + 3191, 3188, 3190, 3201, 3194, 3197, 3204, 3209, 3212, 3219, + 3205, 3220, 6613, 3215, 3222, 3187, 3226, 6613, 3218, 3216, + 3227, 3230, 3233, 3234, 3235, 3236, 3237, 3241, 3242, 3243, + 3255, 3251, 3244, 3253, 6613, 3248, 3260, 3246, 3264, 3269, + 3276, 3280, 3277, 3278, 3283, 3281, 3285, 3286, 3287, 3288, + 3289, 3291, 3298, 3301, 3297, 3306, 3293, 3303, 3311, 3312, + 3296, 3304, 3313, 3315, 3318, 3320, 3319, 3321, 3262, 3323, + 3322, 6613, 3326, 3327, 3330, 3342, 3328, 3331, 3335, 3340, - 3340, 3337, 3342, 3343, 3345, 3357, 3348, 3344, 3349, 3358, - 3359, 3363, 3360, 6426, 6426, 3365, 3366, 3367, 3369, 3371, - 3370, 3377, 3374, 3382, 3381, 3388, 3389, 3397, 6426, 3394, - 3395, 3393, 3398, 3406, 3401, 3405, 3417, 3413, 3420, 3416, - 6426, 3412, 3421, 3429, 3424, 3425, 3433, 6426, 3430, 6426, - 3426, 3431, 3436, 3439, 3440, 3441, 3442, 3443, 3447, 3455, - 3458, 3451, 3460, 3461, 3462, 3463, 3466, 3470, 3473, 3469, - 3471, 3472, 6426, 3475, 3476, 3484, 3489, 3492, 3493, 3477, - 3478, 6426, 3495, 3485, 3503, 3499, 3504, 3505, 3509, 3506, - 3510, 3511, 3513, 6426, 3512, 3514, 3521, 3526, 3519, 3522, + 3344, 6613, 3350, 3351, 3352, 3356, 3358, 3345, 3353, 3361, + 3362, 3363, 3364, 3366, 3369, 3370, 6613, 3374, 6613, 3375, + 3384, 3377, 3383, 3390, 3388, 3392, 3397, 3391, 3393, 3398, + 3405, 3399, 3401, 3407, 3408, 3411, 3413, 3415, 3425, 3414, + 3419, 3421, 3426, 3428, 3436, 3433, 3429, 6613, 6613, 3431, + 3437, 3442, 3445, 3448, 3446, 3449, 3453, 3447, 3454, 3458, + 3459, 3469, 6613, 3460, 3466, 3467, 3470, 3482, 3473, 3484, + 3486, 3485, 3478, 3493, 3488, 6613, 3495, 3496, 3503, 3498, + 3499, 3506, 6613, 3501, 6613, 3504, 3505, 3512, 3507, 3513, + 3514, 3517, 3518, 3522, 3525, 3534, 3529, 3536, 3530, 3533, - 3530, 3532, 3540, 6426, 3536, 3533, 3549, 3545, 3546, 3548, - 3551, 3527, 3552, 3553, 3555, 3556, 3557, 3559, 3560, 3563, - 3564, 3566, 3565, 3577, 3576, 3579, 3584, 3586, 3570, 6426, - 3587, 3590, 3592, 3593, 3595, 3596, 3598, 3601, 3603, 3604, - 3615, 3616, 3605, 3607, 3619, 3621, 3629, 3627, 6426, 3637, - 3620, 3639, 3611, 3632, 3641, 3622, 3643, 3645, 3634, 3646, - 3647, 3650, 3653, 3660, 3656, 3657, 3655, 3659, 3671, 3661, - 6426, 3684, 3662, 3672, 3664, 3663, 3680, 3688, 3685, 3686, - 3689, 3691, 3692, 3696, 3693, 3698, 3699, 3702, 3703, 6426, - 6426, 3705, 3707, 3708, 6426, 3712, 3709, 3722, 3715, 3719, + 3537, 3539, 3540, 3547, 3544, 3545, 3546, 6613, 3549, 3552, + 3554, 3555, 3557, 3563, 3565, 3559, 6613, 3567, 3570, 3569, + 3571, 3578, 3575, 3579, 3580, 3584, 3587, 3585, 3588, 3590, + 6613, 3589, 3593, 3603, 3595, 3596, 3598, 3606, 3609, 3611, + 6613, 3615, 3616, 3623, 3619, 3621, 3622, 3626, 3627, 3628, + 3630, 3631, 3632, 3634, 3635, 3640, 3636, 3638, 3645, 3641, + 3653, 3655, 3642, 3663, 3670, 3656, 6613, 3659, 3666, 3668, + 3669, 3671, 3672, 3674, 3680, 3682, 3676, 3691, 3692, 3683, + 3687, 3695, 3697, 3705, 3700, 6613, 3712, 3698, 3713, 3702, + 3711, 3710, 3715, 3717, 3719, 3721, 3720, 3723, 3724, 3726, - 3711, 3724, 3725, 3727, 3728, 3733, 3735, 6426, 3736, 3743, - 3738, 3739, 3748, 3750, 3755, 3747, 3756, 3749, 3745, 3760, - 3763, 3757, 3761, 3767, 3776, 3777, 3762, 3773, 3774, 6426, - 3779, 3780, 3781, 3784, 3785, 3790, 6426, 3789, 3791, 3792, - 3797, 3801, 3803, 3809, 3811, 3793, 3812, 3796, 3813, 3816, - 3817, 3827, 3819, 3823, 3830, 3831, 3835, 6426, 3824, 3838, - 3822, 3841, 6426, 3844, 3851, 3852, 6426, 3853, 3848, 3855, - 3856, 3863, 6426, 3858, 3861, 3859, 3862, 3872, 3864, 3873, - 3875, 3869, 6426, 3876, 3877, 3878, 6426, 3879, 3884, 3890, - 3892, 3893, 3900, 3895, 3897, 3898, 3899, 6426, 3905, 6426, + 3738, 3730, 3733, 3729, 3734, 3745, 3737, 6613, 3752, 3748, + 3740, 3756, 3750, 3759, 3766, 3763, 3764, 3765, 3768, 3769, + 3770, 3773, 3775, 3776, 3779, 3780, 6613, 6613, 3782, 3783, + 3785, 6613, 3787, 3788, 3798, 3790, 3791, 3799, 3803, 3802, + 3801, 3804, 3806, 3807, 6613, 3813, 3821, 3816, 3817, 3825, + 3820, 6613, 3826, 3834, 3830, 3833, 3831, 3835, 3837, 3839, + 3841, 3842, 3843, 3846, 3854, 3858, 3850, 3849, 3853, 6613, + 3859, 3861, 3862, 3866, 3863, 3871, 6613, 3868, 3872, 3874, + 3878, 3880, 3891, 3877, 3885, 3893, 3888, 3894, 3895, 3897, + 3898, 3899, 3906, 3905, 3907, 3904, 3910, 3913, 6613, 3915, - 3903, 3907, 3911, 6426, 3909, 3914, 3915, 3917, 3918, 3923, - 3924, 3922, 3931, 3932, 3933, 3935, 3936, 3934, 3939, 3943, - 3940, 3941, 3945, 3946, 6426, 3947, 3949, 3956, 3951, 3961, - 3957, 3964, 3954, 3968, 3969, 6426, 6426, 3978, 6426, 3980, - 3970, 3972, 6426, 3974, 3979, 3987, 3984, 3990, 3992, 3996, - 3997, 6426, 3999, 4002, 6426, 3985, 4000, 4010, 4007, 4009, - 4012, 4015, 4011, 4013, 4017, 4018, 4021, 4023, 4019, 4022, - 4027, 6426, 4024, 4025, 4026, 4040, 4041, 4042, 4047, 4049, - 4043, 6426, 4051, 4053, 4052, 4060, 4057, 6426, 4058, 6426, - 4061, 4066, 4068, 4069, 4072, 6426, 4074, 4073, 4078, 4081, + 3916, 3921, 3923, 6613, 3926, 3934, 3935, 6613, 3936, 3931, + 3937, 3938, 3945, 6613, 3940, 3943, 3944, 3946, 3954, 3951, + 3955, 3953, 3958, 3959, 3962, 6613, 3963, 3960, 3961, 6613, + 3965, 3969, 3977, 3981, 3967, 3988, 3983, 3985, 3986, 3984, + 6613, 3991, 6613, 3994, 3995, 3998, 6613, 4000, 4001, 4003, + 4005, 4002, 4009, 4010, 4016, 4018, 4006, 4020, 4021, 4022, + 4023, 4025, 4034, 4024, 4031, 4032, 4033, 6613, 4036, 4035, + 4043, 4038, 4044, 4046, 4049, 4051, 4054, 4056, 6613, 6613, + 4063, 6613, 4057, 4064, 4065, 6613, 4067, 4070, 4074, 4066, + 4075, 4071, 4078, 4079, 6613, 4086, 4088, 6613, 4090, 4091, - 4083, 4082, 4085, 4089, 4086, 4092, 4099, 4095, 4096, 4097, - 6426, 4098, 4101, 4103, 4110, 4106, 4108, 4119, 4118, 4114, - 4120, 4124, 4126, 4122, 4129, 4135, 4133, 4139, 4127, 6426, - 4137, 4141, 4131, 4154, 4147, 4150, 6426, 4151, 4155, 4159, - 6426, 4157, 4158, 4165, 4167, 4161, 4168, 4169, 4173, 4175, - 6426, 4171, 4172, 4176, 4177, 4188, 4180, 6426, 6426, 4191, - 6426, 4192, 4181, 4194, 4195, 4199, 4202, 4201, 4203, 4206, - 4207, 4214, 4215, 4208, 4216, 4223, 4225, 4233, 4228, 4229, - 4230, 6426, 6426, 4235, 4239, 4232, 4243, 4244, 4236, 4246, - 4253, 4251, 4257, 4260, 4261, 4255, 6426, 4263, 4252, 4269, + 4098, 4093, 4094, 4095, 4101, 4096, 4099, 4106, 4107, 4108, + 4109, 4103, 4110, 4111, 6613, 4104, 4112, 4114, 4128, 4122, + 4131, 4133, 4132, 4134, 6613, 4138, 4139, 4142, 4144, 4145, + 6613, 4146, 6613, 4147, 4148, 4150, 4156, 4153, 6613, 4159, + 4163, 4167, 4164, 4168, 4169, 4170, 4174, 4176, 4178, 4186, + 4182, 4183, 4181, 4201, 4184, 6613, 4185, 4188, 4206, 4207, + 4197, 4189, 4216, 4213, 4215, 4203, 4211, 4223, 4214, 4224, + 4228, 4230, 4231, 4220, 6613, 4232, 4233, 4234, 4243, 4240, + 4245, 4246, 6613, 4247, 4248, 4251, 6613, 4249, 4250, 4257, + 4261, 4263, 4264, 4267, 4265, 4269, 6613, 4268, 4273, 4271, - 4262, 6426, 4268, 4270, 4271, 4274, 4276, 4277, 4280, 4278, - 4279, 4283, 4286, 4287, 4288, 4292, 4290, 4299, 4300, 4301, - 4302, 4306, 4304, 4309, 6426, 4310, 4311, 4313, 4314, 4315, - 4321, 4323, 4324, 4325, 6426, 4326, 6426, 4329, 4331, 4327, - 4347, 4335, 4338, 4348, 4350, 4352, 4354, 4355, 4358, 4359, - 4365, 4353, 4360, 4369, 4362, 4376, 4378, 4379, 6426, 4380, - 4372, 4381, 4382, 4387, 4389, 4383, 4391, 4393, 4396, 4397, - 4398, 4400, 4405, 4406, 4407, 4408, 4409, 6426, 4410, 4414, - 4417, 4419, 4421, 4423, 4424, 4425, 4431, 4432, 4433, 4434, - 4438, 6426, 4435, 4440, 4442, 4443, 4445, 4446, 4449, 4452, + 4272, 4287, 4286, 6613, 6613, 4288, 6613, 4290, 4274, 4278, + 4298, 4275, 4299, 4302, 4303, 4305, 4306, 4309, 4310, 4276, + 4311, 4320, 4317, 4324, 4327, 4328, 4326, 4191, 4331, 6613, + 6613, 4333, 4334, 4336, 4338, 4340, 4342, 4343, 4350, 4347, + 4355, 4358, 4348, 4365, 6613, 4362, 4363, 4364, 4367, 6613, + 4346, 4369, 4370, 4373, 4372, 4376, 4375, 4378, 4379, 4380, + 4382, 4385, 4386, 4390, 4392, 4396, 4397, 4400, 4399, 4403, + 4405, 4407, 6613, 4412, 4408, 4410, 4411, 4413, 4417, 4421, + 4426, 4422, 6613, 4415, 6613, 4428, 4425, 4440, 4431, 4445, + 4447, 4432, 4448, 4449, 4451, 4453, 4456, 4457, 4466, 4458, - 4456, 6426, 4459, 4450, 4461, 4460, 4462, 4464, 4466, 4472, - 4469, 4475, 4476, 6426, 4481, 4483, 4484, 4485, 4486, 4487, - 4490, 4491, 6426, 4497, 4498, 4500, 4507, 4504, 4511, 4509, - 4513, 4506, 4516, 4519, 4512, 4523, 4524, 4526, 4520, 4536, - 4543, 4538, 6426, 4527, 6426, 4539, 4540, 4550, 4545, 4551, - 4549, 6426, 4552, 4557, 4559, 4555, 4553, 6426, 4560, 4561, - 4563, 4564, 6426, 4579, 4575, 4565, 4574, 4567, 4583, 6426, - 4588, 4589, 4590, 4597, 4599, 4594, 4601, 4596, 4604, 4602, - 4598, 4606, 4607, 4615, 4613, 4611, 6426, 4617, 4619, 4624, - 4626, 4620, 4628, 4618, 4630, 4633, 4635, 6426, 4636, 4639, + 4462, 4467, 4460, 4471, 4477, 4474, 6613, 4478, 4480, 4481, + 4482, 4485, 4487, 4488, 4490, 4491, 4493, 4495, 4497, 4499, + 4504, 4505, 4506, 4508, 4511, 6613, 4512, 4514, 4516, 4521, + 4518, 4523, 4524, 4525, 4532, 4528, 4533, 4537, 6613, 4534, + 4538, 4543, 6613, 4540, 4544, 4546, 4550, 4552, 4545, 4553, + 4555, 4556, 6613, 4563, 4559, 4565, 4566, 4568, 4569, 4424, + 4573, 4575, 4576, 4582, 6613, 4583, 4581, 4589, 4590, 4588, + 4591, 4596, 4592, 4598, 6613, 4601, 4603, 4599, 4611, 4607, + 4615, 4616, 4618, 4610, 4612, 4619, 4620, 4627, 4630, 4631, + 4632, 4643, 4644, 4641, 6613, 4633, 6613, 4642, 4647, 4655, - 4640, 4642, 4643, 4644, 4645, 4652, 4649, 4651, 4653, 4654, - 4657, 4658, 6426, 4663, 4661, 4665, 4674, 4676, 4678, 6426, - 4681, 6426, 4671, 4666, 4683, 4682, 4687, 6426, 6426, 4689, - 4697, 4692, 4695, 4696, 6426, 6426, 4699, 6426, 4700, 6426, - 4701, 4703, 6426, 6426, 4702, 4706, 4709, 4711, 4713, 6426, - 4721, 6426, 4723, 4724, 4710, 4722, 4728, 6426, 4727, 4729, - 4731, 6426, 4734, 4742, 4735, 4737, 6426, 4739, 4745, 4740, - 4747, 6426, 4749, 4755, 4751, 4757, 4758, 4761, 4760, 4763, - 4764, 4768, 4769, 4770, 4771, 4773, 4782, 4784, 4786, 4779, - 4787, 4788, 4794, 4796, 4789, 4792, 4798, 4799, 4803, 4800, + 4656, 4650, 4660, 4658, 4652, 6613, 4654, 4662, 4667, 4664, + 4668, 6613, 4669, 4671, 4673, 4680, 6613, 4682, 4684, 4675, + 4686, 4691, 4693, 6613, 4697, 4699, 4700, 4707, 4709, 4704, + 4711, 4706, 4714, 4712, 4708, 4716, 4717, 4725, 4723, 4721, + 6613, 4727, 4729, 4734, 4736, 4730, 4738, 4728, 4740, 4743, + 4745, 6613, 4746, 4749, 4750, 4752, 4753, 4754, 4755, 4762, + 4759, 4761, 4763, 4764, 4767, 4768, 6613, 4773, 4771, 4775, + 4784, 4626, 4786, 6613, 4781, 6613, 4777, 4792, 4794, 4776, + 4795, 6613, 6613, 4799, 4804, 4800, 4806, 4801, 6613, 6613, + 4808, 6613, 4809, 6613, 4811, 4813, 6613, 6613, 4814, 4815, - 4807, 4809, 4810, 4811, 4813, 4812, 4814, 4817, 4816, 4825, - 4827, 4828, 4829, 4830, 4831, 4832, 4833, 4839, 4840, 4843, - 4838, 4842, 6426, 4846, 4848, 4835, 4859, 4849, 4860, 4861, - 4868, 4872, 4873, 6426, 4875, 6426, 4877, 4869, 4879, 4880, - 4881, 6426, 4882, 4883, 4884, 4885, 4886, 4888, 4889, 4892, - 4893, 4897, 4903, 6426, 4910, 4900, 4894, 4898, 4918, 6426, - 4913, 4920, 4921, 4923, 4924, 4925, 4926, 4927, 4930, 4928, - 4933, 4935, 4929, 4936, 4937, 4951, 4953, 4948, 4938, 4955, - 4957, 4958, 4959, 4960, 4961, 4962, 4963, 4969, 4971, 4975, - 6426, 4966, 6426, 4977, 4978, 4979, 4982, 4983, 4984, 4987, + 4816, 4817, 4824, 6613, 4831, 6613, 4826, 4832, 4818, 4828, + 4835, 6613, 4836, 4839, 4837, 4844, 4846, 6613, 4838, 4854, + 4843, 4851, 6613, 4853, 4857, 4858, 4862, 6613, 4863, 4868, + 4865, 4869, 4872, 4871, 4873, 4874, 4878, 4879, 4884, 4882, + 4883, 4885, 4894, 4896, 4898, 4900, 4901, 4886, 4905, 4906, + 4908, 4911, 4912, 4914, 4915, 4917, 4918, 4920, 4922, 4925, + 4926, 4676, 4927, 4928, 4930, 4929, 4932, 4941, 4933, 4943, + 4944, 4945, 4946, 4947, 4950, 4951, 4954, 4955, 4959, 4960, + 4962, 6613, 4963, 4957, 4965, 4971, 4973, 4978, 4980, 4990, + 4992, 4993, 6613, 4995, 6613, 4997, 4982, 4999, 4967, 5001, - 6426, 6426, 4989, 4990, 4995, 4992, 4996, 4999, 5001, 6426, - 5000, 5008, 5011, 5003, 6426, 5013, 5017, 5018, 5020, 6426, - 5021, 5022, 5023, 5025, 5026, 5030, 5034, 5032, 5035, 5036, - 5043, 6426, 6426, 6426, 6426, 5046, 5040, 5050, 5044, 5052, - 5054, 5055, 5059, 5053, 6426, 5061, 6426, 6426, 5066, 5067, - 5056, 5069, 5073, 5075, 5076, 5078, 6426, 5077, 5079, 5082, - 5080, 5089, 5091, 5097, 5093, 5098, 5083, 5099, 5108, 5104, - 5105, 5107, 5110, 5112, 5114, 6426, 6426, 5116, 5119, 5120, - 5127, 5125, 5128, 5124, 5137, 5132, 5134, 5135, 5140, 5141, - 5142, 5151, 5152, 5143, 5147, 6426, 5150, 5153, 5161, 6426, + 6613, 4984, 5002, 5003, 5006, 5005, 5007, 5009, 5008, 5012, + 5013, 5017, 6613, 5022, 5015, 5019, 5023, 5034, 6613, 5035, + 5037, 5024, 5038, 5039, 5040, 5043, 5045, 5048, 5047, 5050, + 5052, 5053, 5054, 5059, 5058, 5068, 5075, 5060, 5062, 5070, + 5071, 5074, 5076, 5080, 5081, 5082, 5088, 5090, 5094, 6613, + 5083, 6613, 5095, 5091, 5097, 5098, 5101, 5099, 5103, 6613, + 6613, 5105, 5108, 5113, 5114, 5115, 5117, 5120, 5121, 5123, + 6613, 5124, 5126, 5135, 5128, 6613, 5132, 5137, 5138, 5143, + 6613, 5140, 5144, 5145, 5151, 5146, 5155, 5156, 5159, 5148, + 5160, 5162, 5167, 6613, 6613, 6613, 6613, 5169, 5163, 5174, - 5154, 6426, 5160, 5162, 5156, 5168, 5169, 5170, 5171, 5173, - 6426, 6426, 5175, 5183, 5180, 6426, 6426, 5176, 5184, 5187, - 5189, 5185, 5190, 5191, 5196, 5198, 5194, 6426, 5199, 6426, - 5201, 5203, 5216, 5202, 5218, 5223, 5225, 5229, 5222, 5205, - 6426, 5224, 5226, 6426, 5231, 5220, 5232, 6426, 5236, 5238, - 5241, 5243, 6426, 5245, 5246, 5248, 6426, 5252, 6426, 5249, - 5254, 5255, 5263, 6426, 5258, 5260, 6426, 5265, 5271, 5272, - 5266, 6426, 5268, 6426, 5273, 5277, 5280, 5283, 5274, 5285, - 5287, 5288, 5290, 5297, 5295, 5292, 6426, 6426, 135, 5308, - 5298, 5299, 5303, 5305, 5315, 5301, 5310, 5313, 6426, 6426, + 5171, 5175, 5177, 5178, 5180, 5176, 6613, 5190, 6613, 6613, + 5192, 5193, 5181, 5194, 5196, 5183, 5200, 5203, 6613, 5201, + 5205, 5207, 5206, 5214, 5218, 5215, 5208, 5223, 5219, 5224, + 5225, 5228, 5236, 5232, 5233, 5235, 5239, 5241, 5248, 6613, + 6613, 5238, 5253, 5242, 5255, 5256, 5257, 5258, 5265, 5260, + 5263, 5266, 5267, 5269, 5270, 5279, 5280, 5271, 5278, 6613, + 5281, 5284, 5283, 6613, 5285, 6613, 5287, 5293, 5294, 5295, + 5296, 5300, 5301, 5304, 6613, 6613, 5299, 5316, 5314, 6613, + 6613, 5303, 5306, 5311, 5319, 5321, 5315, 5323, 5324, 5336, + 5325, 6613, 5327, 6613, 5329, 5333, 5341, 5331, 5351, 5352, - 5317, 6426, 5316, 5325, 6426, 5318, 5327, 5331, 5320, 5329, - 5333, 5335, 5336, 5340, 5342, 5341, 5345, 5346, 5349, 5354, - 5364, 5347, 5361, 5367, 5369, 5371, 5373, 5362, 5375, 5376, - 5377, 5379, 5381, 5382, 5383, 5385, 5386, 6426, 5389, 5391, - 5394, 5393, 6426, 5399, 5395, 5408, 5404, 6426, 5413, 5401, - 5414, 5415, 6426, 5416, 5418, 5421, 5419, 5420, 5432, 5427, - 5429, 5433, 6426, 6426, 6426, 5436, 5443, 6426, 5445, 5439, - 5422, 5430, 6426, 5446, 5449, 6426, 6426, 5450, 5451, 5452, - 5462, 6426, 5454, 6426, 5457, 6426, 5458, 5459, 5467, 5465, - 6426, 5471, 5469, 6426, 5480, 5482, 5484, 5477, 5485, 5487, + 5353, 5355, 5350, 5338, 6613, 5348, 5359, 6613, 5366, 5361, + 5363, 5362, 5365, 6613, 5368, 5370, 5374, 5378, 6613, 5382, + 5371, 5379, 6613, 5386, 6613, 5383, 5387, 5389, 5396, 5393, + 6613, 5391, 5397, 6613, 5400, 5407, 5409, 5402, 6613, 5404, + 6613, 5394, 5417, 5418, 5421, 5408, 5425, 5413, 5410, 5427, + 5435, 5431, 5432, 6613, 6613, 5439, 5437, 135, 5444, 5434, + 5440, 5445, 5446, 5453, 5448, 5450, 5456, 6613, 6613, 5458, + 6613, 5451, 5461, 6613, 5449, 5466, 5467, 5462, 5470, 5471, + 5472, 5476, 5478, 5481, 5482, 5483, 5484, 5486, 5502, 5505, + 5487, 5508, 5509, 5511, 5513, 5515, 5517, 5518, 5500, 5498, - 5488, 6426, 5495, 5491, 5492, 5499, 5490, 5500, 5494, 5502, - 5501, 5509, 5504, 5511, 6426, 5513, 5516, 5518, 5524, 5514, - 5520, 5522, 6426, 5526, 6426, 5528, 6426, 5530, 5531, 5532, - 5538, 5534, 5539, 5540, 5549, 5541, 5551, 5545, 5552, 5556, - 5553, 6426, 6426, 5562, 5565, 6426, 5559, 6426, 5567, 6426, - 5557, 5568, 5569, 5570, 6426, 5577, 5571, 5574, 5579, 6426, - 5581, 5586, 5583, 5588, 6426, 6426, 5589, 5596, 5594, 5592, - 5604, 5606, 5593, 5608, 5601, 5610, 5595, 5617, 5616, 5618, - 5620, 5622, 5623, 5624, 6426, 6426, 6426, 5629, 5628, 5637, - 5633, 5636, 5644, 5634, 6426, 5642, 5646, 5649, 5643, 5656, + 5521, 5519, 5522, 5525, 5528, 5529, 6613, 5531, 5536, 5488, + 5532, 6613, 5540, 5537, 5542, 5546, 6613, 5553, 5545, 5547, + 5555, 6613, 5543, 5558, 5559, 5560, 5562, 5565, 5567, 5572, + 5570, 5568, 5574, 6613, 6613, 6613, 5575, 5585, 6613, 5587, + 5579, 5573, 5588, 6613, 5590, 5591, 5592, 6613, 6613, 5594, + 5596, 5595, 5603, 6613, 5599, 6613, 5601, 6613, 5602, 5608, + 5609, 5612, 6613, 5618, 5614, 5616, 5624, 6613, 5632, 5634, + 5636, 5617, 5620, 5629, 5637, 6613, 5644, 5641, 5645, 5652, + 5639, 5643, 5647, 5649, 5653, 5662, 5658, 5660, 6613, 5661, + 5664, 5667, 5673, 5663, 5666, 5670, 6613, 5675, 6613, 5677, - 5651, 5658, 6426, 5653, 5655, 5659, 5661, 5664, 5660, 5666, - 5667, 6426, 5671, 5678, 5675, 5672, 5683, 5690, 5692, 5694, - 5685, 5681, 5701, 5697, 6426, 5700, 6426, 6426, 5687, 6426, - 5696, 5703, 5704, 5708, 6426, 5711, 5705, 5712, 5713, 5715, - 5717, 6426, 5727, 5720, 5723, 5724, 6426, 6426, 5731, 6426, - 5734, 5736, 5735, 5743, 5738, 5739, 5745, 5746, 6426, 5728, - 5752, 5753, 5754, 5755, 6426, 5756, 5757, 5759, 5760, 6426, - 5763, 5762, 5765, 5767, 5768, 6426, 5769, 5770, 5777, 5784, - 6426, 5775, 5791, 5785, 6426, 6426, 5787, 5793, 5796, 6426, - 6426, 6426, 5802, 5799, 5797, 5806, 6426, 5808, 5812, 5817, + 6613, 5678, 5679, 5680, 5687, 5686, 5688, 5689, 5693, 5699, + 5694, 5690, 5701, 5705, 5706, 6613, 6613, 5710, 5712, 6613, + 5713, 6613, 5715, 6613, 5716, 5717, 5719, 5718, 6613, 5721, + 5722, 5728, 5730, 5726, 5729, 6613, 5738, 5731, 5736, 5741, + 6613, 6613, 5743, 5750, 5746, 6613, 5747, 5753, 5757, 5754, + 5759, 5760, 5761, 5762, 5772, 5764, 5765, 5767, 5776, 5773, + 5781, 5786, 5779, 6613, 6613, 6613, 5785, 5790, 5798, 5794, + 5796, 5801, 5791, 6613, 5800, 5803, 5806, 5804, 5813, 5808, + 5815, 6613, 5812, 5816, 5817, 5818, 5820, 5821, 5822, 5827, + 6613, 5829, 5833, 5830, 5837, 5839, 5846, 5848, 5850, 5841, - 5821, 5820, 6426, 5823, 5811, 5813, 6426, 6426, 5825, 5826, - 5828, 5831, 6426, 6426, 5832, 5834, 5835, 5838, 5836, 6426, - 5837, 5840, 5842, 5853, 5859, 5848, 5856, 5860, 5868, 5850, - 5854, 5865, 5864, 5866, 5870, 5873, 5877, 5884, 5881, 5883, - 5889, 5886, 5890, 6426, 6426, 5894, 6426, 5897, 5891, 6426, - 6426, 5899, 5903, 5905, 5907, 5909, 5911, 5913, 6426, 5914, - 5916, 5917, 5918, 5919, 6426, 5921, 5925, 5920, 5928, 5922, - 5931, 5927, 5937, 6426, 6426, 5929, 5943, 5933, 5944, 5938, - 6426, 5948, 5955, 5950, 5952, 5953, 5958, 5954, 6426, 5960, - 5962, 6426, 6426, 5961, 5963, 6426, 6426, 5967, 6426, 6426, + 5843, 5858, 5855, 6613, 5857, 6613, 6613, 5853, 6613, 5859, + 5861, 5862, 5863, 6613, 5866, 5867, 5868, 5871, 5870, 5873, + 5875, 5877, 6613, 5886, 5878, 5888, 5889, 6613, 6613, 5892, + 6613, 5896, 5897, 5899, 5906, 5903, 5901, 5905, 5911, 6613, + 5908, 5914, 5910, 5917, 5918, 5920, 5921, 6613, 5925, 5922, + 5924, 5926, 6613, 5929, 5934, 5931, 5935, 5938, 6613, 5940, + 5939, 5942, 5952, 6613, 5951, 5955, 5953, 6613, 6613, 5961, + 5963, 5964, 6613, 6613, 6613, 5970, 5967, 5954, 5975, 6613, + 5977, 5981, 5985, 5989, 5980, 6613, 5988, 5990, 5992, 5994, + 5995, 6613, 6613, 5996, 5997, 5998, 6001, 6613, 6613, 6002, - 6426, 6426, 6426, 6426, 6426, 5974, 6426, 5968, 5980, 5983, - 5985, 6426, 5969, 5986, 5987, 5988, 5975, 6426, 5973, 5990, - 5994, 5998, 5997, 6002, 6004, 6005, 6007, 6006, 6009, 6011, - 6010, 6015, 6013, 6014, 6016, 6020, 6023, 6426, 6426, 6426, - 6029, 6030, 6032, 6033, 6037, 6038, 6045, 6047, 6041, 6048, - 6049, 6051, 6053, 6054, 6055, 6063, 6059, 6062, 6061, 6065, - 6067, 6072, 6076, 6069, 6077, 6081, 6426, 6078, 6426, 6082, - 6426, 6426, 6086, 6088, 6083, 6090, 6098, 6101, 6094, 6097, - 6099, 6102, 6104, 6426, 6106, 6426, 6426, 6111, 6113, 6426, - 6112, 6115, 6426, 6114, 6116, 6117, 6122, 6124, 6120, 6123, + 6004, 6006, 6005, 6007, 6613, 6008, 6013, 6020, 6015, 6028, + 6031, 6033, 6021, 6034, 6035, 6043, 6046, 6023, 6038, 6041, + 6045, 6049, 6051, 6056, 6058, 6057, 6060, 6065, 6061, 6066, + 6613, 6613, 6068, 6613, 6073, 6069, 6613, 6613, 6075, 6080, + 6082, 6084, 6086, 6088, 6090, 6092, 6077, 6613, 6093, 6095, + 6096, 6097, 6098, 6613, 6100, 6107, 6099, 6104, 6101, 6110, + 6116, 6613, 6108, 6121, 6613, 6613, 6112, 6122, 6124, 6126, + 6128, 6613, 6129, 6137, 6133, 6134, 6135, 6138, 6136, 6613, + 6142, 6140, 6613, 6613, 6141, 6143, 6613, 6613, 6144, 6613, + 6613, 6613, 6613, 6613, 6613, 6613, 6613, 6155, 6159, 6613, - 6125, 6141, 6426, 6426, 6127, 6131, 6129, 6143, 6145, 6144, - 6151, 6153, 6154, 6155, 6146, 6162, 6426, 6164, 6161, 6168, - 6426, 6169, 6157, 6170, 6171, 6172, 6180, 6175, 6179, 6426, - 6181, 6426, 6184, 6186, 6188, 6178, 6185, 6187, 6201, 6203, - 6196, 6426, 6189, 6205, 6199, 6210, 6212, 6214, 6216, 6207, - 6221, 6217, 6225, 6229, 6224, 6230, 6232, 6233, 6234, 6426, - 6236, 6239, 6426, 6240, 6241, 6242, 6243, 6247, 6426, 6250, - 6244, 6252, 6254, 6257, 6259, 6426, 6265, 6268, 6269, 6426, - 6270, 6426, 6426, 6272, 6260, 6273, 6281, 6283, 6426, 6426, - 6426, 6306, 6313, 6320, 6327, 6334, 6341, 6348, 88, 6355, + 6151, 6166, 6168, 6172, 6613, 6153, 6169, 6157, 6163, 6613, + 6173, 6613, 6174, 6175, 6177, 6179, 6180, 6184, 6188, 6189, + 6191, 6190, 6192, 6196, 6193, 6198, 6194, 6200, 6207, 6204, + 6205, 6213, 6613, 6613, 6613, 6214, 6215, 6220, 6222, 6224, + 6226, 6230, 6233, 6234, 6216, 6237, 6238, 6239, 6241, 6242, + 6251, 6246, 6247, 6249, 6256, 6248, 6262, 6613, 6264, 6250, + 6252, 6270, 6613, 6258, 6613, 6267, 6613, 6613, 6275, 6276, + 6272, 6278, 6287, 6288, 6279, 6283, 6284, 6286, 6290, 6613, + 6295, 6613, 6613, 6292, 6298, 6613, 6300, 6301, 6613, 6299, + 6302, 6304, 6308, 6309, 6306, 6310, 6311, 6327, 6613, 6613, - 6362, 6369, 6376, 6383, 6390, 6397, 6404, 6411, 6418 + 6312, 6317, 6320, 6329, 6331, 6330, 6333, 6337, 6338, 6340, + 6341, 6350, 6613, 6347, 6348, 6352, 6613, 6354, 6349, 6355, + 6356, 6357, 6365, 6361, 6364, 6613, 6366, 6613, 6370, 6372, + 6373, 6363, 6371, 6374, 6385, 6383, 6379, 6613, 6389, 6393, + 6391, 6395, 6397, 6399, 6400, 6401, 6403, 6406, 6412, 6409, + 6416, 6417, 6413, 6421, 6418, 6613, 6428, 6419, 6613, 6425, + 6429, 6422, 6431, 6435, 6613, 6440, 6433, 6442, 6443, 6446, + 6447, 6613, 6449, 6456, 6451, 6613, 6457, 6613, 6613, 6459, + 6453, 6460, 6466, 6468, 6613, 6613, 6613, 6493, 6500, 6507, + 6514, 6521, 6528, 6535, 88, 6542, 6549, 6556, 6563, 6570, + + 6577, 6584, 6591, 6598, 6605 } ; -static const flex_int16_t yy_def[3310] = +static const flex_int16_t yy_def[3406] = { 0, - 3291, 1, 3292, 3292, 3293, 3293, 3294, 3294, 3295, 3295, - 3296, 3296, 3297, 3297, 3298, 3298, 3291, 3299, 3291, 3291, - 3291, 3291, 3300, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3301, 3291, 3291, 3291, - 3301, 3302, 3291, 3291, 3291, 3302, 3303, 3291, 3291, 3291, - 3291, 3303, 3304, 3291, 3291, 3291, 3304, 3305, 3291, 3306, - 3291, 3305, 3305, 3307, 3291, 3291, 3291, 3291, 3307, 3308, - 3291, 3291, 3291, 3308, 3299, 3299, 3291, 3309, 3300, 3309, - 3300, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3387, 1, 3388, 3388, 3389, 3389, 3390, 3390, 3391, 3391, + 3392, 3392, 3393, 3393, 3394, 3394, 3387, 3395, 3387, 3387, + 3387, 3387, 3396, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3397, 3387, 3387, 3387, + 3397, 3398, 3387, 3387, 3387, 3398, 3399, 3387, 3387, 3387, + 3387, 3399, 3400, 3387, 3387, 3387, 3400, 3401, 3387, 3402, + 3387, 3401, 3401, 3403, 3387, 3387, 3387, 3387, 3403, 3404, + 3387, 3387, 3387, 3404, 3395, 3395, 3387, 3405, 3396, 3405, + 3396, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3301, 3301, 3302, - 3302, 3303, 3303, 3291, 3304, 3304, 3305, 3305, 3306, 3306, - 3305, 3307, 3307, 3291, 3308, 3308, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3397, + 3397, 3398, 3398, 3399, 3399, 3387, 3400, 3400, 3401, 3401, + 3402, 3402, 3401, 3403, 3403, 3387, 3404, 3404, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3305, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3401, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3305, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3401, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3305, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3401, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3305, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3291, 3291, 3299, 3291, 3291, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3401, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3387, 3387, 3395, 3387, 3387, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3305, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3291, 3299, 3299, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3291, + 3395, 3395, 3395, 3401, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3305, 3305, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3401, 3401, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3305, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3387, 3395, 3395, 3401, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3291, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3305, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3291, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3401, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3305, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3291, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3401, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3305, 3299, 3291, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3291, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3387, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3291, 3291, 3299, 3291, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3401, 3395, 3387, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3387, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3387, + 3395, 3387, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3387, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3291, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3305, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3387, 3387, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3401, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3291, 3299, 3299, 3299, 3299, 3305, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3291, 3299, - 3299, 3299, 3299, 3299, 3291, 3291, 3299, 3291, 3299, 3291, - 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3401, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3387, 3387, 3395, 3395, 3395, 3395, 3395, 3387, 3387, + 3395, 3387, 3395, 3387, 3395, 3395, 3387, 3387, 3395, 3395, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3305, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3291, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3401, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3395, - 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3291, 3291, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3291, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3305, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3291, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3291, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3387, 3387, 3387, 3395, 3395, 3395, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3291, 3299, 3299, 3299, 3291, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3291, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3291, 3299, 3291, 3299, - 3299, 3299, 3299, 3291, 3299, 3299, 3291, 3299, 3299, 3299, - 3299, 3291, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3291, 3305, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3291, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3401, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3387, 3387, 3395, 3395, 3395, 3387, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3291, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3291, 3291, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3291, 3299, 3299, 3291, 3291, 3299, 3299, 3299, - 3299, 3291, 3299, 3291, 3299, 3291, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3387, 3395, 3395, 3401, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3387, 3395, + 3387, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3291, 3299, 3291, 3299, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3291, 3299, 3299, 3291, 3299, 3291, 3299, 3291, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3291, 3291, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3387, 3387, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3387, 3387, 3395, + 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3387, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3395, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3291, 3291, 3299, 3291, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3291, 3291, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3291, - 3291, 3291, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3387, 3395, 3395, 3387, + 3395, 3387, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3387, 3387, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3387, 3387, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, - 3299, 3299, 3291, 3299, 3299, 3299, 3291, 3291, 3299, 3299, - 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3291, 3299, 3291, 3299, 3299, 3291, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3291, 3291, 3299, 3299, 3291, 3291, 3299, 3291, 3291, + 3395, 3395, 3395, 3387, 3395, 3387, 3387, 3395, 3387, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, 3387, 3395, + 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3387, 3387, 3395, + 3395, 3395, 3387, 3387, 3387, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, + 3395, 3387, 3387, 3395, 3395, 3395, 3395, 3387, 3387, 3395, - 3291, 3291, 3291, 3291, 3291, 3299, 3291, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3291, 3291, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3291, 3299, - 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3291, 3299, 3291, 3291, 3299, 3299, 3291, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3387, 3387, 3395, 3387, 3395, 3395, 3387, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3387, 3387, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3395, 3387, 3387, 3395, 3395, 3387, 3387, 3395, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3395, 3395, 3387, - 3299, 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, - 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, - 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3299, 3291, - 3299, 3299, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3299, - 3299, 3299, 3299, 3299, 3299, 3291, 3299, 3299, 3299, 3291, - 3299, 3291, 3291, 3299, 3299, 3299, 3299, 3299, 3291, 3291, - 0, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3387, + 3395, 3387, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3387, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3387, 3395, 3387, 3395, 3387, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, + 3395, 3387, 3387, 3395, 3395, 3387, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3387, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291 + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3387, 3395, 3395, 3395, 3387, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, 3395, + 3395, 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3387, 3395, + 3395, 3395, 3395, 3395, 3387, 3395, 3395, 3395, 3395, 3395, + 3395, 3387, 3395, 3395, 3395, 3387, 3395, 3387, 3387, 3395, + 3395, 3395, 3395, 3395, 3387, 3387, 0, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + + 3387, 3387, 3387, 3387, 3387 } ; -static const flex_int16_t yy_nxt[6467] = +static const flex_int16_t yy_nxt[6654] = { 0, 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, 18, 18, 22, 24, 25, 26, 27, 28, 29, 30, @@ -1520,708 +1551,729 @@ static const flex_int16_t yy_nxt[6467] = 67, 19, 20, 21, 69, 70, 71, 75, 76, 77, 78, 86, 22, 72, 121, 86, 120, 109, 86, 79, - 158, 158, 73, 19, 20, 21, 69, 70, 71, 75, - 76, 77, 78, 185, 22, 72, 81, 82, 83, 129, + 160, 160, 73, 19, 20, 21, 69, 70, 71, 75, + 76, 77, 78, 187, 22, 72, 81, 82, 83, 130, 90, 79, 90, 90, 73, 90, 86, 84, 81, 82, - 83, 90, 91, 86, 86, 98, 92, 93, 168, 84, - 94, 157, 99, 86, 110, 95, 100, 160, 86, 101, - 160, 168, 86, 112, 96, 86, 165, 165, 111, 86, - 102, 113, 135, 115, 103, 171, 116, 104, 86, 105, - 106, 177, 114, 117, 168, 118, 86, 122, 86, 126, - 107, 86, 154, 127, 176, 123, 155, 86, 86, 136, + 83, 90, 91, 86, 86, 98, 92, 93, 170, 84, + 94, 159, 99, 86, 110, 95, 100, 162, 86, 101, + 162, 170, 86, 112, 96, 86, 167, 167, 111, 86, + 102, 113, 137, 115, 103, 173, 116, 104, 86, 105, + 106, 179, 114, 117, 170, 118, 86, 122, 86, 126, + 107, 86, 156, 127, 86, 123, 157, 184, 86, 138, - 156, 124, 130, 137, 86, 125, 131, 86, 146, 128, - 147, 179, 132, 138, 139, 133, 140, 86, 86, 148, - 87, 150, 134, 141, 88, 149, 142, 162, 86, 162, - 162, 151, 162, 143, 174, 152, 153, 144, 145, 90, - 180, 90, 90, 167, 90, 167, 167, 172, 167, 172, - 172, 170, 172, 175, 175, 85, 86, 85, 85, 90, - 85, 90, 90, 86, 90, 86, 85, 178, 182, 86, - 90, 91, 183, 86, 86, 86, 181, 86, 86, 86, - 195, 188, 186, 86, 86, 184, 86, 189, 187, 190, - 86, 86, 86, 173, 86, 191, 192, 197, 194, 196, + 158, 124, 87, 139, 86, 125, 88, 128, 180, 129, + 86, 131, 86, 140, 141, 132, 142, 143, 86, 133, + 144, 86, 148, 86, 149, 134, 86, 145, 135, 86, + 152, 146, 147, 150, 86, 136, 177, 177, 183, 151, + 153, 181, 196, 189, 154, 155, 164, 86, 164, 164, + 90, 164, 90, 90, 169, 90, 169, 169, 174, 169, + 174, 174, 172, 174, 85, 86, 85, 85, 90, 85, + 90, 90, 289, 90, 86, 85, 86, 182, 86, 90, + 91, 185, 190, 188, 86, 86, 197, 86, 191, 86, + 192, 86, 86, 207, 186, 86, 86, 86, 86, 86, - 193, 86, 203, 86, 198, 200, 201, 205, 86, 86, - 204, 199, 86, 202, 207, 209, 86, 213, 210, 86, - 86, 206, 208, 86, 216, 86, 86, 86, 86, 218, - 86, 211, 212, 219, 223, 215, 86, 225, 226, 86, - 224, 86, 214, 86, 217, 922, 221, 86, 227, 220, - 86, 222, 228, 86, 231, 86, 86, 86, 236, 86, - 233, 86, 86, 229, 234, 230, 238, 86, 248, 86, - 86, 232, 86, 86, 86, 239, 235, 86, 86, 237, - 244, 240, 241, 247, 249, 86, 250, 242, 243, 86, - 86, 245, 256, 86, 255, 246, 253, 86, 86, 259, + 178, 199, 193, 194, 86, 198, 86, 195, 86, 200, + 86, 201, 245, 209, 205, 202, 203, 206, 208, 86, + 210, 215, 211, 204, 86, 212, 86, 86, 86, 217, + 86, 218, 86, 220, 86, 86, 226, 221, 213, 214, + 86, 227, 225, 223, 86, 86, 216, 229, 224, 86, + 86, 219, 86, 222, 230, 232, 233, 228, 86, 86, + 86, 86, 231, 235, 86, 237, 86, 240, 234, 238, + 86, 86, 86, 86, 242, 86, 236, 370, 86, 86, + 86, 239, 86, 243, 241, 248, 251, 252, 86, 244, + 253, 247, 86, 86, 86, 254, 249, 246, 260, 257, - 86, 86, 86, 251, 86, 263, 252, 254, 260, 258, - 262, 257, 86, 264, 158, 158, 267, 266, 160, 168, - 261, 160, 265, 162, 168, 162, 162, 268, 162, 165, - 165, 167, 86, 167, 167, 90, 167, 90, 90, 172, - 90, 172, 172, 86, 172, 175, 175, 170, 269, 270, - 272, 86, 86, 86, 86, 86, 86, 86, 86, 86, - 274, 277, 86, 280, 271, 276, 273, 275, 86, 86, - 283, 282, 279, 86, 286, 278, 86, 284, 288, 281, - 86, 287, 86, 289, 86, 86, 292, 86, 290, 86, - 297, 293, 299, 285, 86, 86, 294, 86, 304, 298, + 250, 261, 86, 86, 259, 263, 86, 86, 86, 86, + 258, 267, 255, 86, 264, 256, 86, 86, 262, 266, + 268, 270, 160, 160, 86, 162, 265, 269, 162, 273, + 164, 271, 164, 164, 337, 164, 167, 167, 169, 86, + 169, 169, 90, 169, 90, 90, 170, 90, 174, 272, + 174, 174, 274, 174, 172, 177, 177, 276, 86, 86, + 86, 86, 86, 86, 86, 86, 86, 275, 278, 86, + 281, 284, 280, 86, 277, 279, 86, 287, 286, 283, + 176, 290, 282, 86, 288, 285, 86, 291, 292, 86, + 293, 317, 86, 296, 86, 294, 86, 301, 297, 86, - 300, 86, 295, 296, 86, 291, 301, 86, 86, 302, - 86, 306, 86, 307, 303, 86, 86, 86, 86, 86, - 86, 86, 86, 86, 314, 315, 308, 305, 321, 309, - 311, 310, 322, 312, 339, 313, 86, 316, 323, 324, - 317, 326, 318, 86, 325, 86, 328, 86, 86, 330, - 86, 331, 86, 327, 319, 86, 320, 86, 334, 86, - 86, 336, 86, 337, 86, 335, 332, 86, 329, 86, - 86, 333, 86, 86, 86, 343, 86, 338, 340, 341, - 342, 345, 86, 86, 344, 86, 86, 347, 86, 346, - 352, 86, 348, 86, 86, 353, 86, 86, 354, 358, + 86, 86, 86, 298, 86, 86, 304, 305, 308, 299, + 300, 302, 295, 86, 86, 86, 306, 310, 86, 303, + 311, 86, 86, 86, 86, 307, 86, 318, 86, 86, + 86, 319, 86, 325, 312, 313, 315, 309, 314, 316, + 86, 320, 86, 329, 321, 328, 322, 330, 327, 326, + 332, 86, 86, 86, 726, 334, 86, 338, 323, 331, + 324, 86, 335, 86, 86, 340, 86, 342, 86, 339, + 341, 86, 333, 86, 86, 86, 344, 336, 86, 86, + 86, 343, 86, 86, 346, 86, 348, 86, 345, 86, + 86, 86, 86, 351, 353, 86, 349, 358, 86, 347, - 349, 356, 350, 86, 361, 86, 86, 86, 351, 355, - 86, 86, 363, 364, 86, 86, 357, 86, 86, 367, - 86, 359, 360, 368, 366, 86, 362, 86, 86, 86, - 370, 428, 371, 365, 369, 168, 86, 86, 373, 374, - 86, 372, 375, 377, 86, 86, 378, 382, 86, 86, - 381, 380, 86, 86, 86, 86, 86, 86, 388, 389, - 386, 384, 390, 379, 86, 86, 376, 86, 86, 392, - 86, 383, 391, 86, 385, 86, 86, 86, 86, 387, - 399, 86, 402, 393, 394, 397, 86, 86, 86, 86, - 396, 395, 400, 86, 403, 401, 86, 86, 86, 405, + 352, 354, 359, 86, 86, 350, 355, 86, 86, 360, + 357, 356, 362, 364, 86, 367, 361, 86, 86, 86, + 86, 86, 373, 369, 86, 86, 86, 86, 86, 363, + 374, 372, 365, 366, 376, 86, 86, 368, 377, 371, + 86, 378, 86, 379, 375, 380, 86, 381, 383, 86, + 86, 384, 170, 86, 86, 387, 86, 86, 386, 86, + 86, 86, 86, 394, 388, 390, 392, 395, 385, 86, + 86, 382, 86, 86, 398, 389, 86, 396, 86, 391, + 86, 397, 86, 393, 86, 399, 86, 404, 86, 405, + 409, 406, 400, 86, 403, 86, 86, 86, 402, 407, - 86, 406, 166, 398, 407, 404, 86, 86, 86, 409, - 86, 408, 410, 86, 413, 415, 411, 417, 86, 412, - 86, 86, 86, 86, 416, 86, 422, 414, 86, 418, - 86, 420, 86, 421, 423, 86, 86, 86, 425, 86, - 86, 86, 429, 432, 86, 86, 419, 430, 86, 86, - 435, 86, 86, 426, 440, 431, 86, 427, 86, 424, - 86, 437, 86, 86, 433, 441, 434, 86, 439, 436, - 450, 86, 86, 86, 455, 442, 449, 451, 438, 86, - 86, 86, 86, 452, 564, 453, 456, 86, 443, 458, - 459, 444, 86, 457, 86, 462, 445, 446, 447, 448, + 401, 86, 408, 86, 411, 86, 412, 86, 86, 86, + 86, 415, 86, 86, 410, 419, 416, 86, 175, 417, + 421, 86, 418, 413, 414, 86, 86, 422, 423, 86, + 86, 420, 86, 424, 86, 86, 426, 427, 428, 429, + 86, 86, 86, 86, 86, 86, 86, 435, 432, 86, + 425, 86, 436, 86, 86, 434, 86, 438, 86, 441, + 431, 437, 433, 86, 430, 86, 443, 446, 86, 86, + 439, 447, 440, 86, 442, 86, 86, 445, 86, 86, + 457, 448, 86, 444, 86, 455, 86, 86, 86, 458, + 461, 459, 499, 449, 170, 462, 450, 456, 469, 86, - 460, 454, 86, 86, 86, 461, 86, 468, 86, 86, - 86, 463, 466, 467, 464, 469, 86, 465, 86, 470, - 86, 471, 86, 86, 472, 86, 86, 473, 474, 478, - 86, 86, 479, 86, 480, 86, 86, 496, 483, 86, - 484, 477, 475, 481, 485, 476, 86, 86, 86, 86, - 482, 488, 486, 489, 86, 86, 497, 491, 487, 498, - 86, 86, 86, 490, 495, 86, 499, 86, 500, 86, - 492, 86, 164, 493, 501, 494, 86, 86, 502, 511, - 86, 86, 513, 516, 86, 515, 503, 86, 504, 510, - 505, 168, 514, 527, 86, 518, 528, 512, 86, 517, + 463, 451, 452, 453, 454, 466, 86, 460, 464, 465, + 467, 86, 86, 86, 86, 468, 86, 86, 86, 477, + 86, 86, 86, 479, 86, 475, 478, 476, 86, 472, + 470, 86, 480, 471, 473, 474, 86, 86, 86, 481, + 483, 482, 86, 487, 86, 86, 86, 86, 488, 86, + 489, 492, 86, 505, 493, 1513, 484, 486, 485, 490, + 86, 86, 86, 86, 491, 86, 494, 495, 497, 86, + 498, 86, 500, 496, 86, 506, 507, 86, 86, 508, + 504, 86, 86, 86, 86, 501, 509, 86, 502, 547, + 503, 86, 510, 86, 520, 86, 511, 522, 519, 523, - 86, 529, 86, 506, 530, 86, 507, 86, 508, 526, - 509, 86, 531, 519, 520, 86, 534, 86, 536, 532, - 533, 86, 86, 521, 86, 522, 523, 524, 86, 540, - 525, 86, 86, 542, 535, 86, 539, 86, 86, 541, - 86, 538, 549, 537, 86, 547, 546, 86, 86, 86, - 550, 543, 544, 548, 86, 554, 86, 545, 86, 552, - 86, 86, 86, 86, 551, 557, 558, 559, 553, 86, - 86, 86, 86, 86, 556, 565, 566, 86, 571, 561, - 86, 555, 560, 86, 568, 563, 562, 569, 86, 86, - 86, 572, 86, 567, 585, 86, 86, 163, 86, 86, + 86, 524, 86, 525, 512, 86, 513, 527, 514, 537, + 535, 536, 521, 170, 538, 86, 86, 86, 86, 526, + 86, 515, 86, 539, 516, 168, 517, 86, 518, 86, + 540, 528, 529, 543, 541, 542, 544, 86, 86, 545, + 546, 530, 548, 531, 532, 533, 86, 550, 534, 86, + 86, 549, 86, 86, 552, 86, 86, 551, 554, 559, + 557, 86, 560, 86, 86, 86, 86, 556, 564, 86, + 555, 558, 553, 86, 86, 86, 562, 86, 568, 569, + 563, 86, 567, 561, 86, 86, 86, 86, 86, 566, + 86, 578, 574, 86, 565, 570, 86, 579, 575, 576, - 86, 580, 570, 573, 577, 574, 576, 586, 575, 581, - 582, 86, 86, 583, 584, 578, 587, 579, 86, 590, - 591, 589, 588, 86, 86, 86, 86, 86, 593, 592, - 594, 595, 86, 86, 597, 86, 599, 86, 86, 603, - 86, 86, 602, 600, 86, 86, 86, 86, 598, 86, - 604, 86, 596, 601, 607, 86, 608, 86, 609, 605, - 86, 86, 86, 86, 86, 86, 610, 611, 606, 86, - 619, 86, 615, 86, 614, 616, 617, 86, 618, 613, - 612, 86, 621, 86, 620, 86, 623, 86, 86, 86, - 86, 86, 86, 86, 86, 622, 625, 634, 626, 161, + 571, 572, 573, 86, 581, 582, 86, 86, 86, 86, + 86, 595, 580, 86, 86, 166, 577, 86, 587, 597, + 86, 583, 596, 584, 586, 590, 585, 86, 86, 588, + 86, 589, 598, 591, 592, 600, 599, 593, 594, 86, + 86, 86, 86, 86, 603, 602, 604, 605, 86, 86, + 607, 601, 86, 609, 86, 86, 86, 86, 612, 86, + 610, 613, 86, 614, 86, 608, 86, 86, 606, 611, + 86, 617, 86, 619, 86, 618, 86, 615, 86, 86, + 86, 620, 86, 625, 86, 616, 621, 86, 626, 86, + 624, 86, 628, 86, 627, 86, 622, 623, 629, 86, - 636, 86, 628, 86, 624, 86, 86, 627, 633, 629, - 631, 630, 86, 632, 635, 638, 86, 637, 86, 86, - 86, 641, 644, 86, 639, 647, 86, 640, 86, 646, - 86, 86, 86, 642, 86, 643, 86, 650, 86, 86, - 86, 86, 653, 645, 649, 654, 656, 86, 86, 648, - 86, 86, 86, 86, 655, 86, 651, 652, 86, 670, - 86, 86, 86, 657, 659, 692, 673, 658, 86, 660, - 668, 671, 86, 669, 661, 676, 662, 672, 86, 86, - 86, 680, 663, 677, 664, 674, 681, 665, 666, 675, - 86, 86, 86, 86, 667, 678, 685, 682, 679, 86, + 631, 86, 633, 86, 86, 86, 86, 86, 630, 86, + 86, 632, 635, 86, 636, 638, 634, 86, 86, 640, + 86, 86, 646, 165, 637, 649, 639, 641, 86, 642, + 647, 643, 645, 648, 86, 86, 86, 644, 86, 86, + 86, 653, 86, 651, 86, 656, 652, 658, 650, 86, + 654, 86, 659, 86, 86, 655, 86, 86, 86, 662, + 86, 665, 657, 661, 86, 666, 86, 86, 86, 86, + 86, 668, 86, 86, 700, 663, 660, 664, 86, 667, + 86, 86, 671, 669, 682, 163, 86, 670, 86, 672, + 680, 683, 86, 681, 673, 86, 674, 684, 86, 685, - 86, 86, 688, 86, 86, 683, 86, 684, 86, 690, - 86, 86, 86, 86, 86, 86, 86, 696, 86, 691, - 687, 693, 686, 697, 700, 701, 86, 168, 689, 694, - 699, 702, 698, 695, 703, 86, 86, 86, 704, 86, - 86, 86, 86, 86, 86, 86, 710, 712, 86, 86, - 705, 707, 715, 86, 708, 706, 711, 714, 716, 709, - 717, 718, 86, 86, 86, 86, 720, 86, 713, 86, - 86, 86, 86, 86, 719, 723, 724, 729, 86, 721, - 725, 86, 730, 86, 722, 732, 86, 726, 728, 734, - 727, 731, 733, 86, 737, 86, 735, 86, 736, 86, + 86, 688, 675, 689, 676, 686, 86, 677, 678, 687, + 86, 86, 693, 86, 679, 698, 86, 86, 86, 692, + 697, 86, 690, 694, 86, 691, 695, 86, 702, 696, + 86, 86, 86, 86, 86, 86, 699, 86, 86, 703, + 708, 86, 704, 709, 733, 86, 701, 705, 86, 86, + 706, 712, 86, 711, 86, 707, 710, 713, 714, 170, + 716, 717, 86, 715, 86, 86, 86, 718, 86, 86, + 86, 86, 86, 723, 725, 728, 86, 86, 720, 727, + 721, 719, 729, 724, 731, 86, 722, 86, 86, 730, + 86, 86, 86, 86, 86, 737, 86, 732, 736, 742, - 86, 738, 740, 86, 86, 86, 739, 86, 742, 743, - 86, 86, 86, 86, 86, 741, 746, 747, 86, 745, - 86, 751, 750, 86, 86, 86, 86, 86, 752, 744, - 754, 86, 756, 86, 86, 86, 86, 748, 86, 749, - 755, 753, 86, 759, 762, 86, 86, 763, 757, 765, - 86, 760, 86, 86, 766, 758, 761, 767, 768, 764, - 86, 770, 86, 86, 86, 86, 86, 777, 773, 774, - 769, 771, 86, 86, 86, 779, 86, 86, 772, 775, - 780, 776, 782, 778, 86, 86, 86, 783, 86, 86, - 784, 86, 86, 787, 86, 86, 789, 791, 86, 86, + 86, 734, 86, 738, 743, 86, 735, 745, 86, 791, + 739, 86, 741, 740, 747, 744, 746, 86, 748, 86, + 86, 749, 86, 750, 86, 751, 86, 86, 86, 86, + 752, 86, 753, 756, 86, 758, 754, 755, 86, 86, + 86, 759, 86, 86, 760, 757, 764, 763, 86, 86, + 86, 86, 86, 765, 86, 767, 86, 769, 86, 86, + 86, 762, 86, 761, 772, 768, 766, 775, 161, 770, + 86, 86, 86, 86, 86, 776, 773, 86, 86, 771, + 86, 778, 774, 86, 783, 777, 779, 86, 785, 780, + 781, 86, 782, 86, 788, 784, 786, 790, 787, 86, - 86, 86, 781, 86, 785, 788, 797, 786, 792, 86, - 795, 794, 86, 159, 790, 796, 86, 86, 86, 793, - 799, 802, 798, 800, 801, 86, 86, 804, 86, 806, - 803, 86, 808, 86, 86, 86, 807, 809, 86, 86, - 812, 86, 805, 86, 811, 813, 86, 86, 86, 819, - 86, 86, 816, 86, 814, 86, 815, 821, 810, 86, - 86, 824, 86, 86, 822, 826, 817, 818, 828, 820, - 825, 823, 86, 86, 86, 86, 831, 86, 830, 835, - 827, 832, 86, 86, 829, 86, 833, 86, 86, 837, - 86, 86, 86, 86, 86, 843, 86, 86, 844, 86, + 86, 86, 789, 86, 792, 86, 86, 86, 86, 793, + 796, 795, 86, 797, 86, 798, 86, 86, 799, 800, + 86, 802, 804, 86, 86, 86, 86, 801, 86, 805, + 810, 794, 86, 86, 86, 808, 86, 803, 811, 86, + 809, 807, 812, 806, 813, 814, 86, 86, 86, 815, + 86, 817, 86, 816, 86, 821, 823, 819, 86, 825, + 86, 86, 86, 822, 818, 86, 86, 86, 824, 827, + 86, 826, 86, 820, 828, 86, 834, 831, 86, 835, + 829, 86, 86, 830, 86, 86, 837, 836, 86, 839, + 86, 832, 833, 86, 843, 86, 841, 840, 86, 86, - 834, 86, 836, 86, 86, 845, 838, 86, 839, 840, - 86, 841, 846, 842, 847, 86, 852, 86, 86, 850, - 86, 848, 86, 849, 86, 851, 86, 86, 857, 853, - 854, 86, 86, 86, 86, 86, 855, 86, 866, 856, - 864, 86, 86, 859, 858, 867, 86, 86, 865, 860, - 861, 862, 863, 86, 86, 86, 868, 86, 870, 872, - 86, 86, 86, 86, 86, 869, 176, 871, 876, 877, - 878, 873, 86, 875, 86, 86, 874, 879, 86, 880, - 881, 86, 882, 86, 86, 168, 86, 883, 86, 888, - 887, 86, 885, 86, 86, 884, 886, 889, 86, 86, + 86, 86, 849, 845, 838, 86, 86, 844, 851, 847, + 850, 842, 86, 846, 848, 86, 86, 86, 852, 853, + 86, 86, 859, 854, 86, 86, 86, 86, 86, 860, + 855, 86, 86, 861, 856, 86, 86, 86, 86, 857, + 86, 858, 862, 868, 864, 86, 863, 866, 86, 86, + 869, 865, 867, 86, 86, 86, 874, 870, 873, 871, + 86, 86, 86, 86, 86, 882, 86, 872, 880, 875, + 883, 86, 86, 876, 86, 86, 881, 86, 877, 878, + 879, 86, 888, 86, 86, 884, 886, 86, 887, 86, + 86, 885, 86, 86, 86, 893, 892, 889, 895, 894, - 891, 86, 890, 895, 86, 86, 896, 898, 86, 892, - 86, 86, 893, 86, 897, 899, 86, 902, 86, 86, - 894, 903, 900, 86, 86, 86, 908, 86, 904, 86, - 901, 905, 86, 909, 910, 86, 907, 86, 86, 86, - 86, 906, 86, 86, 86, 929, 924, 911, 923, 925, - 86, 926, 86, 921, 928, 86, 930, 913, 86, 86, - 912, 86, 86, 914, 86, 935, 915, 86, 927, 931, - 916, 86, 943, 917, 86, 86, 933, 932, 86, 86, - 918, 919, 946, 920, 934, 86, 936, 937, 86, 938, - 86, 86, 939, 945, 948, 944, 950, 940, 951, 86, + 891, 86, 890, 86, 86, 86, 896, 86, 86, 903, + 898, 86, 897, 899, 905, 86, 901, 170, 86, 900, + 902, 86, 904, 86, 86, 906, 86, 86, 912, 86, + 86, 913, 907, 908, 915, 86, 86, 86, 909, 914, + 910, 916, 86, 919, 86, 86, 917, 86, 911, 86, + 86, 921, 86, 925, 86, 86, 86, 922, 86, 86, + 86, 918, 926, 927, 920, 86, 86, 86, 86, 86, + 924, 86, 86, 928, 941, 923, 940, 942, 943, 86, + 930, 938, 939, 929, 86, 86, 931, 86, 944, 932, + 948, 945, 86, 933, 86, 946, 934, 86, 947, 950, - 86, 955, 86, 941, 942, 954, 956, 86, 86, 86, - 949, 174, 947, 86, 952, 957, 86, 958, 960, 86, - 961, 86, 86, 86, 959, 953, 962, 86, 964, 86, - 963, 965, 86, 86, 967, 966, 86, 86, 86, 86, - 969, 86, 973, 86, 86, 86, 972, 86, 968, 86, - 976, 86, 982, 86, 980, 978, 86, 970, 971, 974, - 86, 975, 86, 977, 983, 1001, 86, 981, 986, 984, - 86, 985, 987, 979, 86, 86, 989, 86, 86, 86, - 988, 86, 86, 991, 990, 993, 86, 992, 994, 86, - 86, 86, 86, 86, 86, 1000, 86, 997, 995, 86, + 86, 952, 86, 935, 936, 86, 937, 86, 86, 86, + 949, 86, 86, 960, 86, 963, 86, 969, 965, 86, + 951, 86, 953, 954, 967, 955, 961, 962, 956, 86, + 86, 975, 86, 957, 966, 968, 964, 972, 86, 958, + 959, 971, 973, 86, 86, 86, 86, 976, 86, 978, + 977, 974, 86, 86, 970, 86, 980, 979, 982, 86, + 981, 86, 86, 983, 86, 985, 86, 86, 986, 86, + 86, 990, 86, 86, 984, 989, 86, 86, 993, 86, + 86, 999, 86, 997, 1010, 86, 987, 991, 988, 86, + 992, 994, 995, 86, 1000, 1011, 86, 86, 998, 1001, - 998, 1003, 86, 86, 1004, 86, 86, 1002, 86, 996, - 86, 86, 86, 999, 1006, 1007, 1009, 86, 86, 86, - 1011, 1010, 1005, 1012, 86, 86, 86, 86, 1019, 86, - 1017, 86, 1008, 1013, 1015, 1018, 86, 86, 86, 1016, - 86, 1027, 86, 1024, 1020, 86, 1022, 1026, 86, 1014, - 1021, 1025, 86, 86, 86, 86, 86, 1029, 86, 86, - 86, 86, 1023, 1035, 86, 1037, 86, 1040, 86, 1028, - 86, 173, 86, 86, 1030, 1031, 1032, 1041, 86, 1034, - 1033, 86, 1038, 1036, 1042, 1039, 86, 1045, 86, 1043, - 1048, 86, 1044, 1047, 86, 86, 86, 86, 86, 86, + 86, 996, 1002, 1003, 1004, 86, 86, 1006, 1007, 86, + 86, 1005, 86, 86, 86, 86, 86, 86, 1008, 86, + 86, 86, 1009, 1012, 1014, 86, 86, 1015, 1019, 86, + 86, 86, 86, 86, 1013, 1016, 1028, 1017, 86, 1020, + 1021, 1022, 86, 1023, 1018, 1024, 86, 1025, 86, 86, + 86, 1030, 86, 86, 86, 1026, 86, 1027, 1031, 1029, + 86, 86, 1036, 86, 1038, 1034, 1032, 1037, 86, 86, + 86, 86, 86, 1035, 86, 86, 1039, 1044, 86, 1033, + 1041, 86, 86, 1046, 86, 1045, 1047, 86, 1040, 1049, + 1043, 86, 86, 86, 1042, 86, 1048, 86, 86, 1050, - 1046, 86, 86, 1057, 1050, 1052, 1058, 1060, 86, 86, - 86, 86, 86, 86, 1049, 86, 1051, 1063, 1053, 1065, - 1055, 1054, 1056, 86, 1059, 1061, 1064, 86, 1062, 86, - 86, 86, 86, 86, 1071, 1069, 1072, 86, 86, 1076, - 1073, 1067, 86, 86, 86, 86, 1066, 1078, 86, 1068, - 86, 86, 1070, 86, 1081, 86, 1074, 1075, 1080, 1082, - 168, 86, 86, 1077, 86, 1084, 1083, 86, 1079, 86, - 1085, 86, 1088, 86, 86, 86, 86, 1086, 86, 1101, - 86, 86, 1087, 1089, 1102, 1104, 86, 1091, 1092, 86, - 86, 86, 86, 1106, 1093, 1090, 1103, 1094, 86, 86, + 86, 86, 1051, 1060, 1055, 1057, 86, 86, 178, 86, + 86, 1052, 86, 1054, 1053, 1061, 1058, 86, 1065, 1059, + 1056, 86, 1062, 86, 1068, 86, 1063, 86, 1067, 86, + 86, 1064, 86, 86, 86, 1066, 86, 86, 1070, 1077, + 1072, 86, 1078, 1080, 86, 86, 86, 1069, 86, 86, + 1071, 86, 86, 1073, 86, 1075, 1074, 1076, 1079, 1083, + 1081, 1082, 1084, 86, 1087, 86, 86, 1085, 86, 86, + 1086, 1089, 1088, 86, 1091, 1090, 1092, 86, 86, 1096, + 1093, 86, 86, 1098, 86, 86, 86, 1094, 86, 86, + 1103, 1095, 86, 1100, 86, 1104, 170, 86, 86, 86, - 86, 1095, 86, 1096, 1120, 1109, 1107, 1097, 86, 1098, - 86, 86, 1111, 1108, 1099, 1105, 1110, 1112, 86, 1100, - 1113, 86, 1114, 86, 86, 1115, 86, 86, 86, 1118, - 86, 1121, 1133, 86, 86, 1130, 86, 1116, 1117, 1119, - 1126, 1122, 1125, 86, 1124, 1128, 1129, 1132, 1127, 1123, - 1131, 86, 86, 86, 86, 86, 86, 86, 86, 86, - 86, 1147, 86, 1144, 86, 86, 86, 1148, 86, 1143, - 86, 1146, 86, 1134, 1135, 86, 1136, 86, 1145, 1150, - 1149, 1137, 1154, 1138, 168, 1151, 1153, 1152, 86, 1139, - 86, 86, 86, 1158, 1140, 1141, 1155, 86, 1160, 86, + 1107, 1097, 1106, 86, 1099, 1101, 86, 1102, 1110, 1105, + 86, 86, 86, 86, 1108, 86, 86, 1109, 86, 1123, + 1124, 1126, 86, 86, 1114, 1111, 1113, 86, 86, 86, + 86, 86, 1128, 1115, 1112, 1131, 1116, 86, 1125, 86, + 1117, 86, 1118, 86, 1129, 1130, 1119, 86, 1120, 1148, + 86, 1133, 1127, 1121, 1139, 1132, 1134, 86, 1122, 1135, + 86, 1136, 86, 86, 1137, 86, 86, 1140, 86, 86, + 1143, 86, 86, 86, 86, 1142, 1138, 1141, 1149, 1150, + 1144, 1147, 1151, 1146, 86, 86, 1152, 86, 86, 1145, + 1153, 1154, 1157, 1155, 86, 86, 86, 86, 176, 86, - 86, 1142, 1156, 86, 1161, 1163, 86, 86, 86, 1164, - 1157, 86, 86, 1166, 1168, 1159, 86, 86, 86, 86, - 86, 1169, 86, 1162, 1174, 1167, 1165, 1171, 1172, 86, - 86, 86, 86, 86, 86, 86, 1170, 1177, 1173, 86, - 1175, 86, 86, 86, 86, 86, 86, 86, 1176, 1179, - 1182, 1181, 1183, 1178, 1180, 86, 1186, 86, 86, 1185, - 1187, 1184, 86, 86, 1192, 1189, 1190, 86, 86, 86, - 86, 1188, 1191, 1194, 1195, 1196, 1197, 1199, 1193, 86, - 1198, 86, 86, 86, 1202, 86, 86, 86, 1204, 1203, - 86, 1205, 86, 86, 1200, 1206, 86, 86, 1201, 1207, + 86, 1166, 86, 1156, 86, 1158, 1165, 86, 1169, 86, + 1159, 86, 1160, 1167, 1168, 86, 1170, 1171, 1161, 1173, + 86, 86, 1176, 1162, 1163, 86, 86, 86, 86, 1172, + 1164, 1177, 86, 86, 1182, 86, 86, 1175, 86, 1174, + 1183, 1185, 86, 1179, 1178, 1181, 86, 86, 86, 1180, + 86, 1186, 86, 86, 1190, 1188, 86, 1191, 1184, 1189, + 86, 1187, 86, 86, 1196, 1193, 86, 86, 86, 86, + 86, 1194, 1192, 1199, 86, 1197, 86, 86, 86, 1195, + 175, 86, 86, 86, 86, 86, 1198, 1206, 1201, 1200, + 1203, 1204, 1205, 1208, 1207, 86, 1202, 86, 86, 86, - 86, 1213, 86, 86, 86, 1215, 1208, 86, 86, 1209, - 1211, 86, 86, 1217, 1210, 1212, 86, 86, 1216, 1219, - 86, 166, 1214, 86, 86, 1220, 1218, 86, 1221, 1222, - 86, 86, 1224, 1223, 86, 1225, 1228, 86, 86, 1230, - 1227, 1231, 86, 1226, 1229, 86, 1232, 86, 86, 86, - 1235, 1234, 86, 86, 86, 86, 86, 1241, 1239, 86, - 1242, 86, 86, 86, 1243, 1233, 86, 1244, 86, 1240, - 1236, 1246, 1237, 1245, 1238, 86, 1249, 86, 86, 1247, - 1251, 86, 86, 1250, 86, 86, 86, 86, 86, 86, - 86, 1256, 1257, 1252, 1253, 1248, 86, 86, 86, 86, + 1209, 86, 86, 86, 86, 1211, 86, 86, 1216, 1210, + 86, 1217, 1213, 1219, 86, 1218, 1212, 1215, 1221, 1214, + 86, 1220, 1223, 1222, 86, 86, 86, 1226, 86, 86, + 86, 1228, 1227, 86, 1229, 86, 86, 86, 1224, 1230, + 86, 86, 1225, 1231, 1237, 86, 1239, 86, 1232, 86, + 86, 1233, 86, 1235, 1241, 1234, 1236, 86, 86, 86, + 86, 1243, 1240, 86, 86, 1238, 86, 86, 1245, 1246, + 86, 1242, 1249, 86, 86, 1248, 1247, 86, 1250, 86, + 1244, 1255, 1251, 1252, 86, 1254, 86, 86, 1256, 86, + 1253, 86, 86, 1257, 1259, 86, 1260, 86, 86, 86, - 86, 1258, 1259, 1263, 1254, 1264, 1255, 86, 86, 86, - 1261, 86, 1266, 86, 1260, 1265, 1267, 86, 1262, 86, - 1271, 86, 86, 86, 86, 1270, 86, 1268, 86, 1277, - 86, 1273, 168, 1269, 86, 86, 86, 86, 86, 1272, - 86, 1282, 1274, 164, 86, 1284, 86, 1276, 1279, 1281, - 1280, 1275, 1278, 1283, 1286, 1287, 1288, 86, 1285, 86, - 86, 86, 1289, 86, 1291, 1290, 86, 86, 86, 86, - 86, 86, 86, 1294, 86, 1300, 86, 86, 1297, 86, - 1292, 1293, 86, 86, 1295, 86, 163, 1298, 1304, 1296, - 86, 1301, 86, 1299, 86, 1306, 1310, 1302, 1303, 86, + 86, 1266, 1264, 1267, 1258, 86, 86, 86, 86, 86, + 1261, 1268, 86, 1265, 86, 1271, 1262, 1269, 1263, 1270, + 1274, 86, 86, 1272, 1276, 86, 86, 1275, 1273, 86, + 86, 86, 86, 86, 86, 86, 1281, 1282, 1277, 1278, + 86, 86, 86, 86, 1288, 1284, 1283, 1289, 86, 1279, + 86, 1280, 86, 86, 1286, 1292, 86, 1291, 86, 1285, + 86, 86, 1287, 1290, 1296, 86, 86, 86, 86, 86, + 86, 1302, 86, 1295, 1294, 1298, 86, 1293, 170, 86, + 86, 1303, 86, 1297, 1304, 86, 1299, 86, 86, 1301, + 86, 86, 1309, 170, 1300, 1307, 1306, 1308, 1305, 1310, - 1311, 1314, 86, 86, 1307, 1305, 1308, 1312, 86, 1309, - 1313, 86, 86, 86, 86, 1316, 86, 1315, 86, 86, - 86, 1320, 86, 1319, 1323, 86, 86, 1317, 86, 1327, - 86, 1318, 1322, 86, 86, 86, 1324, 1321, 1328, 1325, - 1329, 86, 86, 1333, 1326, 1332, 1330, 1331, 86, 86, - 86, 86, 86, 86, 86, 86, 86, 86, 86, 1339, - 86, 86, 86, 1334, 1335, 1337, 1338, 1340, 1344, 1336, - 86, 86, 86, 1341, 86, 1343, 1345, 1342, 1346, 1348, - 1347, 86, 86, 86, 86, 86, 1349, 86, 1356, 86, - 86, 1350, 86, 1351, 86, 1359, 86, 86, 1354, 1353, + 1311, 86, 86, 1313, 1314, 86, 86, 1315, 1312, 86, + 86, 1316, 86, 86, 1317, 86, 1319, 86, 1318, 1320, + 1321, 86, 86, 86, 86, 1327, 86, 86, 86, 1324, + 86, 86, 1322, 86, 86, 86, 1468, 1331, 1325, 1337, + 1323, 1328, 86, 1326, 86, 1330, 1329, 1333, 86, 1338, + 86, 1340, 86, 1332, 86, 1339, 1334, 86, 1335, 86, + 86, 1336, 1343, 1344, 1341, 86, 86, 86, 1342, 86, + 86, 1347, 86, 86, 1346, 1350, 86, 86, 1345, 1354, + 86, 1349, 1355, 1352, 86, 86, 1348, 1351, 86, 1356, + 86, 86, 86, 1358, 1359, 1353, 86, 86, 86, 86, - 1357, 1352, 1362, 1358, 1355, 86, 1364, 86, 1361, 86, - 1360, 1365, 86, 86, 1369, 1366, 86, 1363, 86, 1379, - 1383, 1367, 1368, 86, 1370, 86, 86, 1378, 1371, 1377, - 86, 1372, 1373, 86, 1380, 1381, 1374, 86, 86, 86, - 86, 86, 1375, 86, 1384, 1385, 1376, 1382, 86, 1386, - 86, 1388, 86, 86, 86, 1389, 86, 1390, 1387, 86, - 86, 1391, 86, 1393, 1395, 86, 1398, 1399, 86, 1525, - 1400, 1392, 86, 86, 1396, 86, 1394, 1402, 86, 1401, - 1397, 86, 1403, 86, 1404, 86, 1405, 1411, 1406, 86, - 1407, 1408, 1409, 1412, 86, 86, 1410, 1415, 86, 1413, + 1360, 86, 86, 86, 86, 1357, 86, 1361, 1366, 86, + 1364, 1362, 86, 86, 1365, 1367, 1363, 86, 1371, 86, + 86, 1368, 86, 86, 1370, 1369, 86, 86, 1372, 1373, + 86, 1375, 86, 86, 1376, 1378, 1383, 1374, 86, 1377, + 86, 86, 86, 86, 86, 1379, 1386, 1381, 1384, 1389, + 1382, 86, 1380, 86, 1385, 86, 1406, 86, 86, 1388, + 1391, 1387, 86, 1390, 168, 1392, 86, 86, 1396, 1394, + 1395, 1404, 1393, 86, 1397, 86, 86, 1407, 1398, 86, + 86, 1399, 1400, 1410, 1405, 1408, 1401, 86, 1409, 86, + 86, 86, 1402, 86, 86, 1411, 1403, 86, 1412, 86, - 86, 86, 1416, 86, 1414, 86, 1419, 1417, 86, 86, - 86, 86, 1425, 86, 1426, 86, 86, 1421, 86, 1420, - 86, 86, 1418, 1427, 86, 1424, 1429, 86, 1422, 1423, - 1428, 86, 86, 1431, 1430, 1435, 86, 1434, 86, 1437, - 86, 86, 86, 1438, 86, 1432, 86, 1439, 86, 1443, - 86, 1440, 86, 1436, 1445, 86, 1433, 1442, 86, 1446, - 86, 1441, 86, 86, 86, 1447, 1450, 86, 86, 86, - 86, 86, 1444, 1452, 86, 1467, 1454, 86, 86, 86, - 1456, 86, 1457, 1448, 1449, 86, 1455, 86, 1451, 1453, - 1458, 86, 86, 1463, 1459, 1461, 1460, 1462, 86, 86, + 1413, 86, 1415, 86, 86, 86, 1420, 1416, 1414, 1417, + 1422, 1418, 1419, 86, 86, 1425, 1426, 86, 86, 86, + 1486, 86, 86, 1421, 1427, 86, 1429, 1423, 86, 1428, + 86, 1430, 1424, 1431, 86, 1432, 86, 1433, 86, 1434, + 86, 1436, 1435, 1437, 1438, 86, 86, 1439, 1442, 1440, + 86, 1444, 86, 1441, 86, 86, 1445, 86, 86, 1443, + 1448, 1446, 86, 86, 86, 86, 86, 1454, 86, 1455, + 86, 1450, 1449, 86, 1456, 86, 1447, 86, 86, 1453, + 1458, 86, 1451, 1452, 1457, 86, 86, 1460, 1461, 86, + 86, 1459, 1465, 86, 1464, 1467, 86, 86, 86, 86, - 86, 86, 1465, 1464, 86, 1466, 1468, 86, 86, 86, - 86, 1473, 1474, 1470, 1475, 1471, 86, 86, 86, 1476, - 86, 86, 1469, 1472, 86, 86, 1480, 86, 168, 1477, - 86, 86, 1479, 1485, 1486, 1478, 86, 86, 86, 86, - 86, 1488, 1487, 1482, 1481, 86, 86, 86, 86, 86, - 1483, 1489, 86, 1496, 1484, 86, 86, 1490, 1491, 86, - 1493, 86, 86, 1494, 1495, 1492, 1500, 1501, 86, 86, - 86, 86, 86, 1505, 1503, 1497, 86, 1499, 1506, 86, - 1508, 1498, 86, 86, 1509, 1502, 86, 86, 86, 1504, - 1507, 86, 1514, 1517, 86, 1515, 1510, 1516, 1511, 1519, + 1469, 86, 86, 1462, 1470, 1466, 1473, 86, 1475, 86, + 1472, 1463, 86, 1476, 86, 86, 86, 1471, 86, 1477, + 1480, 86, 1474, 86, 86, 86, 1482, 86, 86, 86, + 1484, 86, 1488, 86, 86, 166, 1478, 1479, 1481, 1490, + 1485, 86, 86, 1489, 1483, 1487, 1492, 1491, 86, 86, + 1493, 86, 1495, 1494, 86, 1497, 1496, 86, 86, 86, + 86, 86, 1498, 1503, 1504, 1500, 86, 1501, 86, 86, + 86, 1505, 1506, 86, 1502, 86, 1499, 1507, 86, 1510, + 86, 86, 86, 170, 86, 86, 1509, 1517, 1518, 86, + 1520, 86, 1508, 86, 86, 1519, 86, 86, 1514, 86, - 86, 1512, 86, 86, 1513, 86, 1520, 1522, 1518, 86, - 86, 1521, 1523, 86, 86, 1527, 86, 86, 86, 1528, - 86, 86, 1524, 1531, 86, 86, 86, 1526, 86, 1536, - 1537, 86, 86, 1540, 1529, 1533, 86, 1530, 86, 86, - 1532, 86, 1534, 1535, 86, 86, 86, 86, 1541, 1538, - 86, 1539, 1547, 86, 86, 1543, 86, 1542, 1549, 1544, - 1545, 1548, 86, 86, 1552, 1546, 86, 86, 1550, 86, - 1559, 1551, 86, 1556, 1557, 86, 1554, 1558, 1560, 86, - 86, 1553, 86, 86, 86, 86, 1565, 1566, 1561, 1555, - 1564, 1562, 86, 86, 1567, 86, 1568, 86, 1569, 86, + 1512, 1511, 86, 86, 1515, 1521, 86, 86, 1516, 86, + 1528, 1522, 86, 86, 1525, 1533, 86, 1523, 86, 1524, + 1526, 1527, 86, 1532, 86, 86, 86, 1529, 1537, 1535, + 86, 1531, 86, 1538, 86, 1540, 86, 1530, 86, 86, + 1541, 86, 86, 86, 1536, 1534, 1546, 86, 1539, 1547, + 1542, 1548, 86, 1543, 1544, 86, 86, 1545, 1549, 1551, + 86, 1550, 1554, 1553, 1552, 86, 86, 1555, 86, 1557, + 86, 86, 86, 86, 1556, 1559, 1560, 86, 86, 86, + 86, 86, 1563, 86, 1558, 86, 1568, 1569, 86, 86, + 1561, 86, 86, 1562, 1565, 1572, 86, 1566, 1564, 1567, - 86, 1570, 86, 1571, 86, 1563, 86, 86, 86, 86, - 86, 86, 1578, 1572, 86, 86, 1577, 86, 86, 1574, - 86, 86, 1575, 1580, 1573, 1576, 1581, 1584, 86, 1589, - 1586, 1582, 1585, 86, 1579, 1587, 86, 1583, 86, 86, - 1588, 86, 86, 86, 86, 86, 1597, 1593, 86, 86, - 1592, 86, 86, 1598, 1600, 86, 86, 1590, 1591, 1603, - 86, 1602, 1594, 1596, 1595, 86, 86, 86, 86, 86, - 1601, 86, 1611, 161, 86, 1599, 86, 1609, 86, 86, - 86, 1612, 1614, 86, 1617, 1604, 1605, 1606, 1607, 1610, - 1608, 1613, 1615, 86, 86, 86, 86, 86, 86, 1616, + 86, 86, 86, 1573, 86, 86, 1570, 86, 1571, 86, + 1575, 1574, 1579, 86, 86, 1576, 1580, 1577, 1581, 86, + 86, 1584, 86, 1578, 86, 1587, 86, 1588, 1583, 1589, + 1590, 86, 1582, 1586, 86, 86, 86, 1585, 1592, 86, + 1593, 86, 86, 86, 1597, 1591, 1598, 1599, 1596, 86, + 86, 165, 86, 86, 86, 1600, 86, 1594, 86, 1601, + 1602, 86, 86, 1595, 86, 1604, 1603, 1605, 86, 86, + 86, 86, 1610, 86, 86, 86, 1606, 1609, 86, 1613, + 86, 1616, 1607, 1612, 1608, 1618, 1617, 86, 86, 86, + 1619, 86, 1614, 1611, 86, 1621, 86, 86, 1624, 1615, - 1621, 86, 86, 86, 1622, 1619, 86, 1625, 1618, 86, - 1620, 1629, 86, 86, 86, 86, 1631, 1623, 1626, 1624, - 1630, 86, 86, 86, 86, 1628, 1627, 1633, 1632, 1634, - 86, 86, 86, 1640, 1635, 1636, 1641, 86, 86, 86, - 86, 1637, 86, 1639, 86, 1645, 1646, 1644, 86, 86, - 1638, 86, 86, 1648, 86, 86, 1642, 86, 1649, 1650, - 86, 1643, 86, 86, 86, 1651, 1653, 1652, 1647, 86, - 1656, 1655, 86, 86, 86, 86, 86, 1654, 86, 1657, - 1660, 86, 1662, 86, 86, 1663, 86, 86, 1661, 86, - 1668, 86, 1659, 1658, 86, 86, 1664, 86, 1665, 86, + 86, 86, 86, 86, 1629, 1625, 86, 86, 1620, 86, + 86, 1630, 1632, 86, 86, 1622, 1623, 1635, 86, 1634, + 1626, 1628, 1627, 86, 86, 86, 86, 86, 1633, 86, + 1643, 86, 86, 1631, 86, 1641, 86, 86, 86, 1644, + 86, 1648, 86, 1636, 1637, 1638, 1639, 1642, 1640, 86, + 1645, 1652, 1647, 1649, 86, 86, 1646, 86, 1653, 86, + 1650, 1651, 86, 86, 1655, 86, 86, 86, 1656, 86, + 86, 1659, 1654, 1663, 86, 1664, 1665, 86, 1660, 86, + 86, 1657, 86, 1658, 1668, 1662, 86, 1661, 86, 86, + 1669, 86, 1666, 1667, 86, 1670, 86, 86, 1675, 1676, - 1671, 1669, 1673, 86, 86, 86, 1667, 86, 1674, 1666, - 168, 1675, 1670, 86, 1672, 86, 1676, 1679, 1678, 1677, - 86, 1682, 86, 86, 1680, 1681, 1683, 86, 86, 86, - 86, 86, 1690, 86, 86, 86, 86, 86, 1691, 1694, - 86, 1684, 1685, 1688, 1695, 86, 1686, 1687, 86, 86, - 1696, 1698, 1700, 1699, 1692, 1689, 1693, 1697, 86, 86, - 1702, 86, 1704, 86, 86, 86, 86, 86, 86, 86, - 1709, 1706, 1707, 86, 1710, 1703, 86, 86, 86, 1701, - 86, 86, 86, 1705, 1714, 86, 1715, 86, 86, 159, - 1711, 1722, 1708, 1713, 1717, 1712, 86, 86, 1716, 1719, + 86, 86, 163, 1673, 86, 86, 86, 1672, 1671, 86, + 1679, 86, 1680, 1681, 86, 1677, 1674, 1683, 86, 86, + 86, 86, 1678, 1684, 1685, 86, 1682, 86, 86, 1689, + 1686, 1688, 86, 1691, 86, 86, 1690, 1687, 86, 86, + 86, 86, 1697, 86, 1695, 86, 86, 86, 86, 1692, + 86, 1703, 1698, 86, 1696, 86, 1693, 1694, 86, 86, + 86, 1700, 1709, 1699, 1706, 1708, 86, 1704, 1702, 86, + 86, 1711, 1701, 1705, 86, 1707, 86, 86, 86, 86, + 86, 1714, 1717, 86, 1716, 86, 170, 1713, 86, 1710, + 1719, 86, 86, 1718, 86, 86, 1712, 1715, 86, 1727, - 86, 86, 1720, 86, 1724, 1723, 86, 1718, 1730, 86, - 1731, 1727, 1726, 1728, 1721, 86, 86, 1732, 1729, 86, - 1725, 86, 1734, 86, 1733, 86, 1735, 1736, 86, 86, - 86, 86, 86, 86, 1737, 86, 1743, 1744, 1742, 86, - 1746, 1738, 86, 86, 1745, 86, 86, 86, 1739, 86, - 1740, 86, 1741, 86, 1748, 1749, 86, 86, 1750, 86, - 86, 86, 86, 86, 86, 1751, 86, 86, 1747, 1760, - 1759, 1752, 86, 1754, 1755, 1756, 86, 1753, 86, 1765, - 1757, 86, 86, 1761, 1762, 86, 86, 86, 1758, 1764, - 1763, 86, 1771, 86, 86, 86, 86, 86, 1767, 86, + 86, 86, 1720, 86, 86, 1722, 1721, 86, 1725, 1728, + 86, 1723, 1724, 1731, 86, 1733, 1732, 86, 86, 1742, + 1726, 1729, 86, 1730, 1735, 86, 1737, 1739, 86, 86, + 1736, 86, 86, 86, 1741, 86, 1744, 1734, 1738, 86, + 86, 1746, 1740, 86, 1747, 1743, 86, 86, 86, 86, + 86, 1752, 1751, 1745, 86, 86, 86, 86, 1759, 86, + 1748, 86, 1760, 1750, 86, 1749, 86, 1754, 86, 1761, + 1763, 1756, 1753, 86, 1757, 86, 1755, 86, 1764, 1796, + 1766, 1767, 86, 1768, 1765, 1762, 1758, 1769, 1773, 86, + 86, 86, 1771, 86, 86, 1770, 86, 1772, 86, 86, - 1773, 1766, 86, 1775, 86, 1769, 1768, 86, 1770, 1774, - 86, 1776, 86, 1777, 1772, 86, 86, 86, 86, 1780, - 86, 86, 1782, 86, 1789, 1779, 1783, 1781, 1778, 1784, - 1790, 86, 1785, 1786, 1791, 86, 86, 86, 1787, 86, - 1794, 1793, 1795, 86, 86, 1788, 86, 86, 1792, 86, - 86, 1798, 1796, 86, 1799, 86, 86, 86, 86, 1802, - 1808, 86, 86, 1797, 1807, 1804, 1800, 1806, 1805, 1801, - 86, 86, 86, 86, 1803, 1810, 86, 1809, 86, 86, - 86, 1817, 86, 86, 86, 1814, 1812, 86, 1820, 1811, - 86, 1821, 1813, 1819, 86, 86, 1823, 1816, 1818, 1824, + 86, 86, 86, 1774, 86, 1780, 86, 1779, 1781, 86, + 86, 86, 1775, 1783, 86, 1782, 86, 86, 1776, 86, + 1777, 1785, 1778, 1786, 86, 86, 86, 1788, 86, 1784, + 1787, 86, 86, 86, 86, 86, 86, 1789, 1797, 86, + 86, 86, 1791, 86, 86, 1792, 1790, 1793, 86, 1802, + 1794, 1799, 1800, 86, 1798, 86, 1801, 86, 86, 1795, + 1804, 1803, 1808, 86, 86, 86, 86, 1806, 1805, 86, + 1810, 86, 1812, 1813, 86, 86, 86, 86, 1807, 86, + 1814, 1811, 86, 86, 1809, 1817, 1819, 86, 86, 1827, + 86, 1820, 1818, 1816, 1821, 1828, 86, 86, 1815, 1822, - 1825, 86, 86, 1815, 1829, 1822, 86, 86, 86, 1830, - 86, 86, 1826, 1835, 86, 86, 1834, 1837, 86, 86, - 1828, 1831, 1827, 1832, 1838, 86, 86, 1840, 1833, 86, - 86, 1839, 1836, 86, 86, 1841, 1844, 86, 86, 86, - 1848, 1846, 86, 86, 86, 1842, 86, 1847, 1843, 86, - 1845, 1849, 86, 86, 86, 86, 86, 1852, 1850, 1858, - 86, 1853, 1860, 1851, 86, 1861, 1854, 1855, 86, 1856, - 1857, 86, 1863, 86, 86, 86, 86, 1862, 1867, 86, - 1869, 1859, 86, 86, 86, 86, 86, 1873, 86, 86, - 86, 86, 3291, 1865, 1864, 1866, 1868, 86, 86, 1879, + 1826, 86, 1823, 86, 86, 86, 86, 1824, 1831, 1832, + 86, 86, 86, 1825, 86, 1829, 1835, 1833, 86, 1830, + 86, 86, 1844, 1836, 86, 1834, 86, 86, 86, 1839, + 1838, 1837, 86, 1841, 86, 1843, 1842, 1845, 86, 86, + 1840, 86, 86, 1851, 86, 1847, 86, 1846, 1852, 86, + 86, 1853, 1848, 1849, 1854, 86, 1857, 1850, 86, 86, + 86, 86, 86, 1861, 1860, 1865, 86, 86, 1856, 1855, + 1859, 86, 86, 86, 1858, 1863, 1869, 1862, 1864, 86, + 86, 1870, 86, 86, 161, 1866, 86, 1871, 1874, 1875, + 1868, 86, 1867, 1878, 1872, 86, 1877, 86, 86, 86, - 1871, 1875, 86, 1872, 1870, 86, 86, 1876, 168, 1874, - 1877, 1878, 86, 1882, 1880, 1883, 86, 86, 86, 86, - 1881, 1887, 86, 86, 86, 86, 86, 86, 1894, 1885, - 1889, 1884, 86, 1888, 86, 86, 1890, 1886, 1891, 86, - 86, 1897, 1898, 86, 1892, 86, 86, 1893, 1899, 86, - 1896, 1895, 1900, 86, 1901, 1902, 1903, 1904, 86, 86, - 1908, 86, 86, 1906, 86, 86, 86, 1907, 86, 86, - 86, 1905, 86, 86, 1912, 1913, 86, 86, 86, 86, - 3291, 1914, 1917, 86, 1910, 1915, 1911, 1909, 1918, 86, - 86, 1916, 86, 1926, 1923, 1921, 1925, 86, 1920, 86, + 1881, 86, 1873, 1879, 1876, 1880, 86, 1882, 86, 86, + 1885, 86, 86, 1889, 86, 1887, 86, 86, 86, 86, + 86, 1888, 1890, 1884, 1886, 86, 86, 86, 1883, 1894, + 86, 86, 1901, 1893, 1899, 86, 1891, 1892, 86, 1895, + 1896, 1902, 86, 86, 1897, 1898, 86, 86, 1904, 86, + 86, 1908, 86, 86, 1910, 1903, 1900, 86, 86, 86, + 86, 1914, 86, 1905, 1906, 86, 1909, 86, 86, 1907, + 86, 1916, 86, 1917, 1912, 1918, 86, 1913, 86, 1911, + 86, 1919, 170, 86, 86, 1915, 1923, 1920, 86, 1922, + 1926, 86, 86, 86, 1924, 1921, 1930, 86, 86, 1925, - 86, 1919, 1922, 86, 1927, 86, 86, 1924, 86, 86, - 1932, 86, 1935, 1936, 86, 1937, 86, 86, 86, 1928, - 86, 1930, 1929, 1933, 86, 1934, 1931, 1939, 86, 86, - 1940, 1943, 86, 86, 86, 86, 1945, 1938, 1944, 1941, - 86, 1942, 86, 1946, 1947, 86, 1949, 86, 1951, 1950, - 86, 1948, 86, 1952, 86, 1953, 86, 1955, 86, 86, - 86, 1954, 1956, 86, 1959, 1958, 86, 1961, 86, 86, - 86, 1960, 86, 86, 86, 86, 86, 86, 1969, 1975, - 1957, 1962, 1963, 1964, 86, 86, 1967, 1976, 1965, 1973, - 1966, 1971, 1968, 86, 1970, 1978, 1972, 86, 86, 86, + 86, 86, 86, 86, 1928, 1932, 86, 1927, 86, 86, + 1937, 86, 1929, 1933, 1931, 1934, 86, 1940, 1941, 86, + 1938, 1935, 86, 1943, 86, 1942, 1936, 1939, 86, 86, + 1946, 1947, 86, 1944, 86, 86, 86, 1949, 1945, 86, + 86, 86, 1950, 86, 86, 86, 1948, 86, 86, 86, + 1955, 86, 1956, 86, 86, 86, 1960, 1957, 86, 86, + 1951, 1953, 1954, 1952, 1959, 1958, 86, 1961, 86, 86, + 1967, 1964, 86, 1966, 1963, 1968, 86, 1969, 1965, 86, + 1962, 86, 86, 86, 86, 86, 1975, 86, 1978, 86, + 1970, 1971, 1979, 86, 1980, 86, 86, 1973, 1972, 1976, - 1974, 86, 86, 1982, 86, 86, 86, 1979, 1977, 86, - 1984, 86, 86, 1987, 1988, 86, 86, 1990, 86, 1980, - 86, 86, 86, 1981, 86, 86, 1985, 1996, 86, 1995, - 1992, 1983, 86, 1986, 1993, 86, 1989, 86, 86, 1998, - 86, 86, 2002, 1994, 1999, 1991, 86, 2000, 86, 86, - 2006, 86, 86, 1997, 2005, 2009, 86, 2010, 86, 2008, - 86, 86, 86, 86, 2004, 2012, 2001, 2011, 86, 86, - 86, 2007, 2003, 86, 86, 86, 86, 2015, 2013, 2017, - 86, 2020, 2014, 2021, 2022, 2016, 86, 86, 2018, 86, - 86, 2025, 86, 86, 86, 2023, 2030, 86, 86, 2029, + 86, 1977, 1974, 1982, 86, 86, 1983, 1986, 86, 1981, + 86, 86, 1988, 86, 1987, 86, 1989, 1984, 86, 1990, + 1992, 1985, 1995, 86, 86, 86, 86, 1994, 86, 1991, + 86, 1998, 86, 86, 86, 1997, 86, 86, 2002, 86, + 1993, 2001, 86, 86, 2003, 2004, 86, 86, 1996, 1999, + 86, 86, 2012, 86, 2000, 2005, 2006, 2007, 86, 2014, + 2010, 86, 2008, 86, 2015, 86, 2009, 2011, 2017, 86, + 2013, 2018, 86, 2021, 2019, 2016, 86, 86, 86, 86, + 2025, 86, 86, 86, 2027, 2022, 86, 2020, 86, 86, + 2030, 2031, 86, 86, 2033, 86, 86, 2023, 86, 2024, - 2019, 2024, 86, 86, 86, 86, 86, 2026, 2034, 86, - 86, 2035, 2027, 2037, 86, 2028, 86, 2031, 2032, 2036, - 2038, 2033, 86, 2041, 86, 86, 86, 2042, 2044, 86, - 86, 2045, 86, 2039, 2048, 86, 86, 86, 2040, 2043, - 86, 2050, 2051, 86, 86, 2052, 2054, 2049, 86, 2046, - 2047, 86, 2053, 2058, 86, 2057, 2059, 86, 2060, 2062, - 2063, 86, 2055, 2061, 86, 86, 86, 2056, 86, 86, - 2067, 86, 86, 2065, 86, 86, 86, 86, 2069, 2072, - 2074, 2066, 86, 2068, 2070, 86, 86, 2064, 168, 86, - 86, 86, 86, 2075, 2076, 2080, 2079, 86, 2081, 2073, + 86, 86, 2039, 86, 86, 2038, 2028, 2035, 2026, 2036, + 2029, 86, 86, 2032, 86, 86, 86, 86, 2045, 86, + 86, 2034, 2037, 2042, 2043, 2040, 86, 2041, 2049, 86, + 86, 2048, 2052, 86, 86, 2053, 2047, 2051, 86, 86, + 2044, 2055, 2056, 86, 86, 2046, 86, 86, 86, 2050, + 86, 2057, 86, 2058, 86, 86, 86, 2062, 2054, 86, + 2065, 2066, 86, 86, 2061, 2067, 86, 86, 2059, 2060, + 2070, 86, 86, 2063, 86, 86, 86, 2069, 2075, 86, + 2074, 86, 2064, 2068, 86, 86, 2071, 86, 2080, 2079, + 86, 86, 2072, 86, 2084, 2076, 2073, 2081, 86, 2077, - 2071, 2077, 2082, 86, 2083, 86, 86, 2085, 86, 2078, - 86, 86, 86, 86, 2086, 2087, 86, 2088, 86, 2091, - 86, 2089, 86, 2090, 86, 2093, 2084, 86, 86, 2097, - 86, 86, 2092, 2096, 2094, 86, 86, 86, 2101, 2095, - 2098, 2099, 2100, 2102, 86, 86, 86, 86, 86, 86, - 2109, 2107, 86, 86, 86, 2104, 86, 2108, 86, 86, - 86, 2114, 86, 2111, 86, 2103, 2105, 86, 2106, 86, - 86, 2110, 2115, 2113, 86, 2119, 2112, 86, 2117, 2120, - 2116, 86, 86, 86, 2118, 86, 2123, 86, 2122, 2121, - 2125, 86, 86, 86, 2131, 2124, 2126, 86, 86, 2127, + 2078, 86, 2082, 2083, 86, 2087, 86, 86, 86, 2085, + 86, 86, 86, 2094, 2086, 2091, 2097, 86, 86, 86, + 86, 2089, 2088, 86, 2098, 2096, 86, 2090, 86, 86, + 2099, 2092, 2093, 2095, 86, 2104, 86, 2100, 2105, 86, + 2101, 2106, 2108, 2109, 86, 2102, 2107, 86, 86, 86, + 86, 86, 2113, 86, 2103, 2111, 86, 86, 86, 86, + 2115, 2118, 2120, 2112, 86, 2114, 86, 86, 86, 2116, + 2110, 86, 170, 86, 86, 86, 86, 2123, 86, 2127, + 86, 2128, 86, 2129, 2117, 2121, 2119, 2124, 2125, 2130, + 86, 2122, 2126, 2131, 86, 2133, 86, 86, 86, 86, - 86, 2128, 2129, 86, 2133, 86, 2130, 2134, 2135, 86, - 86, 2137, 86, 86, 2132, 86, 2138, 2141, 2136, 2140, - 86, 2139, 86, 86, 86, 86, 86, 2142, 86, 2145, - 86, 86, 86, 2146, 86, 86, 86, 86, 86, 86, - 86, 3291, 2148, 2149, 2143, 2144, 2154, 2147, 2151, 2150, - 2153, 2158, 2159, 86, 86, 86, 86, 2156, 2152, 2155, - 86, 2157, 86, 2162, 86, 86, 86, 2163, 2166, 2165, - 86, 86, 2160, 86, 86, 2161, 2164, 2169, 2168, 86, - 2170, 86, 86, 2167, 2174, 86, 86, 86, 2172, 2176, - 2178, 86, 2171, 2173, 86, 86, 86, 2181, 86, 86, + 2132, 86, 2134, 2135, 86, 2136, 2137, 86, 86, 2138, + 2139, 86, 2141, 86, 86, 86, 86, 2145, 86, 86, + 2140, 2144, 86, 86, 2146, 2142, 2143, 2147, 2148, 86, + 2150, 86, 2149, 86, 86, 86, 86, 86, 86, 2151, + 2155, 2157, 2152, 2156, 86, 86, 86, 86, 86, 86, + 2162, 86, 2153, 2159, 2154, 2158, 86, 86, 2167, 86, + 2161, 2163, 86, 2160, 86, 2165, 2164, 86, 2168, 86, + 86, 2166, 2171, 2174, 2169, 2173, 86, 86, 86, 86, + 86, 2179, 2172, 86, 86, 2170, 2182, 86, 86, 2181, + 2183, 86, 86, 2175, 2176, 2177, 2180, 2178, 2185, 86, - 2177, 2180, 86, 2182, 2175, 86, 2186, 2183, 86, 86, - 86, 86, 86, 2187, 86, 2192, 86, 2184, 2189, 86, - 2179, 86, 2188, 86, 2193, 2185, 2196, 86, 2191, 2198, - 2190, 86, 86, 86, 2194, 86, 2197, 86, 2202, 86, - 86, 2195, 86, 2204, 86, 2200, 86, 2203, 86, 2205, - 86, 2199, 86, 2201, 86, 2206, 2211, 2207, 2208, 2209, - 86, 2213, 2210, 86, 86, 2212, 2214, 86, 86, 2215, - 86, 86, 86, 2218, 86, 2216, 2217, 2219, 86, 2223, - 86, 86, 86, 2220, 86, 86, 86, 2222, 86, 86, - 86, 2221, 2224, 86, 86, 2232, 2229, 2230, 2226, 2225, + 2184, 86, 2186, 86, 86, 2189, 86, 86, 86, 86, + 2188, 86, 86, 2190, 86, 2193, 86, 86, 2194, 86, + 86, 86, 86, 86, 86, 86, 2187, 86, 2192, 2191, + 2202, 2196, 2197, 2195, 2199, 86, 2198, 2204, 2201, 2206, + 2207, 86, 2200, 2203, 86, 86, 86, 86, 2205, 2210, + 2211, 86, 86, 2208, 2214, 86, 2213, 86, 86, 86, + 86, 86, 2216, 86, 2209, 2217, 86, 2212, 2218, 86, + 2220, 2222, 86, 2215, 2224, 2221, 86, 86, 2219, 2226, + 86, 86, 86, 86, 2229, 2223, 2228, 86, 2230, 86, + 2225, 86, 2231, 2234, 86, 86, 86, 86, 86, 86, - 2227, 86, 2234, 2228, 86, 86, 2233, 86, 86, 2231, - 2235, 2237, 86, 2243, 86, 86, 86, 2238, 2245, 86, - 86, 86, 2239, 2236, 2242, 2244, 2240, 86, 86, 168, - 2251, 2247, 2253, 2248, 2249, 2252, 86, 2241, 86, 2246, - 2254, 86, 86, 86, 2255, 86, 86, 2258, 86, 86, - 2256, 2250, 86, 2259, 2262, 2263, 86, 86, 2264, 86, - 2267, 2265, 2272, 2257, 86, 86, 86, 2260, 86, 2268, - 86, 2269, 2270, 86, 86, 86, 86, 2266, 2261, 2271, - 2273, 86, 86, 86, 86, 2274, 2275, 86, 2278, 86, - 86, 86, 86, 86, 2281, 2276, 86, 2285, 2287, 86, + 2235, 86, 86, 2227, 86, 2240, 2237, 2232, 2238, 2236, + 86, 2233, 2310, 2239, 86, 2242, 86, 2241, 2243, 86, + 86, 2244, 2246, 2247, 86, 2245, 86, 86, 86, 86, + 2249, 2248, 2251, 86, 2250, 2253, 86, 86, 2255, 2254, + 2252, 86, 2256, 86, 86, 86, 86, 86, 2262, 2258, + 2264, 2259, 2257, 86, 2260, 2265, 86, 2261, 86, 86, + 86, 86, 86, 86, 86, 2266, 2270, 2267, 2263, 2271, + 86, 2268, 2269, 2275, 86, 2272, 86, 86, 86, 2274, + 86, 86, 86, 2273, 86, 86, 86, 86, 86, 86, + 2284, 86, 2279, 2281, 2276, 2277, 2278, 2280, 2282, 86, - 86, 86, 2280, 86, 2288, 86, 2277, 2279, 2282, 2283, - 2290, 2284, 86, 86, 86, 86, 2289, 86, 2286, 86, - 2295, 2298, 86, 86, 86, 2293, 86, 86, 86, 2291, - 2292, 2299, 2296, 2294, 86, 2297, 86, 86, 86, 86, - 86, 3291, 86, 2300, 86, 2301, 2311, 2313, 86, 2306, - 2302, 86, 2303, 2304, 2308, 2309, 2314, 2305, 2310, 2307, - 86, 86, 2312, 86, 2315, 86, 86, 86, 86, 2319, - 2320, 86, 86, 86, 2321, 86, 2316, 2322, 86, 2317, - 2318, 2323, 86, 2325, 2326, 86, 2324, 2327, 2328, 86, - 2329, 86, 86, 86, 86, 86, 86, 2330, 2331, 2335, + 86, 86, 2301, 86, 2283, 2285, 2291, 2287, 2286, 2289, + 2290, 86, 86, 2293, 2295, 86, 86, 2297, 86, 86, + 2288, 2294, 86, 86, 86, 2296, 2299, 2303, 2300, 2292, + 170, 2305, 3387, 86, 2307, 2308, 2306, 86, 2298, 86, + 86, 86, 2309, 2302, 86, 2312, 86, 86, 2313, 86, + 2317, 86, 2304, 86, 2318, 86, 86, 2321, 2316, 86, + 86, 86, 2314, 86, 2311, 2322, 2325, 2319, 86, 2323, + 2324, 86, 2326, 2315, 2320, 86, 86, 86, 86, 2327, + 86, 2329, 86, 86, 2331, 86, 86, 2332, 86, 86, + 2335, 86, 86, 86, 2341, 86, 2328, 2339, 86, 86, - 86, 2336, 86, 2338, 86, 2332, 86, 2334, 2340, 86, - 86, 86, 2343, 86, 2333, 2337, 2342, 2344, 86, 86, - 86, 86, 86, 86, 2339, 2341, 2350, 86, 2349, 2346, - 86, 2352, 86, 2345, 86, 2347, 86, 86, 86, 2356, - 2355, 2348, 2354, 2358, 86, 86, 86, 86, 86, 2351, - 2362, 86, 2353, 86, 2357, 86, 86, 2367, 86, 86, - 2366, 2360, 86, 86, 2359, 86, 2361, 2369, 2363, 86, - 2365, 2372, 86, 86, 86, 86, 2364, 86, 2368, 86, - 2370, 2374, 86, 2373, 2371, 86, 2379, 2375, 86, 86, - 2381, 2380, 2382, 2376, 86, 2377, 86, 86, 86, 86, + 2330, 2334, 2342, 86, 2337, 86, 2333, 2336, 2344, 86, + 86, 2338, 86, 86, 2343, 2340, 86, 2349, 86, 2352, + 86, 86, 2347, 86, 86, 86, 86, 2346, 86, 2350, + 86, 2345, 2348, 2353, 86, 86, 2351, 86, 86, 86, + 2354, 86, 2355, 2362, 86, 86, 2366, 2356, 2369, 2358, + 2357, 2360, 2364, 86, 2363, 2359, 2361, 2367, 86, 2365, + 86, 86, 86, 2434, 86, 2368, 86, 2373, 2374, 86, + 86, 86, 2375, 86, 2370, 86, 2371, 2372, 2376, 86, + 86, 2379, 2380, 2382, 86, 2381, 2377, 86, 2378, 2383, + 86, 86, 2384, 86, 86, 86, 2385, 2389, 86, 2390, - 86, 2386, 2387, 86, 86, 2378, 2385, 2383, 2391, 2384, - 86, 86, 2389, 86, 2396, 2393, 2394, 86, 2398, 86, - 86, 2390, 86, 2388, 86, 86, 86, 2399, 2395, 86, - 2392, 2400, 86, 86, 2404, 2403, 86, 86, 2397, 86, - 86, 3291, 2402, 2409, 2401, 2405, 2406, 2408, 2407, 86, - 2410, 86, 86, 86, 2414, 2411, 86, 2415, 86, 2416, - 2412, 2413, 86, 86, 168, 86, 86, 2417, 86, 2418, - 86, 2423, 86, 86, 86, 2425, 86, 86, 86, 2434, - 86, 2421, 2419, 2424, 2420, 2426, 2422, 86, 86, 2429, - 2427, 2428, 86, 2431, 3291, 2430, 86, 2435, 2432, 2433, + 86, 86, 2392, 86, 86, 2394, 86, 2388, 86, 3387, + 86, 2397, 86, 2386, 2387, 2396, 2398, 86, 86, 86, + 2391, 86, 2393, 2395, 86, 86, 2404, 86, 2400, 86, + 2403, 86, 2399, 2406, 86, 2401, 86, 86, 86, 2410, + 2409, 86, 2408, 2402, 2412, 86, 86, 86, 2405, 2407, + 86, 86, 2415, 86, 2411, 2418, 86, 86, 86, 86, + 2413, 2414, 2416, 86, 2423, 86, 86, 2422, 86, 86, + 2417, 2425, 86, 2419, 2421, 2428, 86, 2424, 86, 86, + 2420, 86, 86, 2426, 2427, 2430, 86, 2435, 86, 86, + 2441, 2437, 2429, 2431, 86, 86, 86, 2436, 2438, 2432, - 2436, 86, 86, 86, 2439, 2437, 2440, 86, 2438, 86, - 86, 86, 86, 2442, 86, 86, 2441, 86, 2444, 86, - 86, 2448, 2449, 2443, 86, 2446, 86, 2445, 86, 2451, - 86, 86, 86, 86, 2452, 2453, 2454, 86, 2447, 86, - 2450, 86, 2456, 86, 2455, 2460, 86, 2459, 86, 86, - 2457, 2458, 86, 86, 2462, 86, 86, 86, 86, 2469, - 2466, 2461, 86, 2468, 86, 86, 86, 86, 2470, 2465, - 86, 86, 2463, 2464, 86, 2474, 86, 2467, 86, 86, - 2484, 2479, 2471, 2478, 86, 2472, 2473, 86, 2476, 86, - 2477, 86, 2475, 2481, 86, 86, 86, 2480, 2483, 2485, + 2433, 86, 86, 86, 86, 86, 2442, 2443, 2444, 86, + 2448, 86, 86, 2439, 86, 2440, 86, 2446, 2453, 2450, + 86, 2451, 2455, 86, 86, 86, 2445, 2452, 86, 86, + 2447, 86, 86, 86, 2456, 2460, 2457, 2449, 2459, 86, + 86, 2454, 2461, 86, 86, 86, 86, 2539, 2458, 2462, + 2466, 2467, 2463, 2464, 86, 86, 86, 86, 2468, 2465, + 86, 2471, 2472, 86, 2470, 86, 2469, 86, 86, 86, + 2473, 170, 2475, 86, 2476, 86, 2477, 86, 2474, 2482, + 86, 86, 86, 2480, 86, 2478, 86, 2479, 86, 86, + 2484, 2481, 2483, 86, 2485, 86, 2613, 86, 2489, 86, - 86, 2487, 86, 2482, 2489, 86, 2488, 2491, 86, 86, - 86, 2493, 86, 86, 86, 86, 86, 2490, 2492, 86, - 2497, 2486, 86, 86, 86, 2501, 86, 2499, 2495, 2500, - 2503, 2494, 2496, 2502, 86, 86, 86, 86, 2504, 2505, - 86, 86, 86, 2510, 86, 2498, 2507, 86, 86, 2512, - 86, 2515, 86, 86, 2509, 86, 2511, 2506, 86, 2508, - 86, 2516, 86, 2519, 86, 2514, 2513, 2520, 86, 2521, - 86, 86, 2517, 86, 86, 2525, 86, 86, 2518, 2524, - 2523, 86, 86, 86, 86, 2532, 86, 2529, 2522, 2531, - 2526, 2527, 86, 2528, 2533, 86, 2534, 86, 2535, 86, + 2486, 2487, 2490, 2493, 86, 2488, 86, 2494, 2491, 2495, + 86, 2492, 86, 86, 2498, 2496, 2499, 86, 2497, 86, + 86, 86, 86, 2501, 86, 86, 2500, 86, 2503, 86, + 86, 2507, 2508, 2502, 86, 2505, 86, 2504, 86, 2510, + 86, 86, 86, 86, 2511, 2512, 2513, 86, 2506, 86, + 2509, 86, 2515, 86, 2514, 2519, 86, 2518, 86, 86, + 2516, 2517, 86, 86, 2521, 86, 86, 86, 86, 2528, + 2525, 2520, 86, 2527, 86, 86, 86, 86, 2529, 2524, + 86, 86, 2522, 2523, 86, 2533, 86, 2526, 86, 86, + 86, 2538, 2530, 2537, 86, 2531, 2532, 86, 2535, 86, - 86, 86, 86, 2530, 2536, 86, 2538, 86, 2539, 86, - 2540, 86, 86, 86, 2541, 2545, 86, 2542, 2537, 2547, - 86, 2548, 86, 86, 86, 86, 86, 86, 2544, 86, - 86, 2543, 2546, 2551, 2549, 2554, 2550, 2552, 86, 2557, - 86, 86, 86, 86, 86, 86, 86, 2553, 86, 2555, - 2558, 86, 168, 86, 2565, 86, 86, 2561, 2556, 86, - 2563, 86, 86, 2560, 2564, 2566, 2567, 3291, 2559, 2562, - 2568, 2571, 86, 86, 86, 2572, 2573, 2569, 2574, 2575, - 2576, 86, 86, 2570, 2577, 86, 86, 2578, 86, 2579, - 86, 2580, 86, 86, 86, 86, 86, 86, 86, 86, + 2536, 2540, 2534, 2541, 2542, 86, 2543, 86, 86, 2546, + 2544, 2548, 86, 86, 86, 2545, 2547, 86, 2550, 86, + 2552, 86, 86, 2551, 86, 2549, 86, 86, 86, 86, + 86, 86, 2556, 2562, 2558, 2559, 2560, 86, 2554, 86, + 2553, 86, 2555, 2561, 86, 86, 2563, 2564, 86, 86, + 86, 86, 86, 2566, 2557, 2568, 86, 86, 2571, 86, + 2572, 2573, 2569, 2565, 86, 2576, 86, 86, 2567, 2570, + 86, 86, 3387, 2577, 2574, 86, 86, 2580, 86, 2575, + 2581, 86, 86, 2582, 86, 86, 86, 86, 2586, 2585, + 2578, 86, 86, 2579, 2584, 86, 86, 86, 86, 86, - 2581, 86, 86, 2582, 2591, 86, 86, 86, 2589, 2584, - 86, 86, 2583, 86, 2586, 2585, 86, 2595, 2588, 2587, - 2599, 2590, 2596, 86, 2593, 2592, 86, 2597, 2594, 2598, - 2600, 86, 2602, 86, 86, 2601, 86, 86, 86, 86, - 86, 86, 86, 86, 2605, 2611, 86, 2612, 86, 86, - 86, 86, 2603, 2606, 2604, 2618, 2615, 2607, 2608, 2609, - 2610, 86, 2613, 2616, 86, 2617, 86, 2614, 86, 2619, - 86, 86, 86, 86, 86, 86, 86, 2623, 2627, 86, - 2626, 2628, 86, 2620, 86, 2622, 2629, 2630, 86, 2621, - 86, 86, 86, 2624, 2625, 86, 86, 86, 2631, 2632, + 2583, 2587, 2590, 2593, 2589, 2588, 2594, 86, 2595, 86, + 2596, 86, 2597, 86, 86, 2591, 2592, 2599, 86, 86, + 2601, 86, 2602, 2600, 86, 86, 2598, 86, 86, 2607, + 86, 86, 2609, 86, 2610, 86, 2603, 2604, 86, 86, + 86, 86, 86, 86, 2606, 86, 86, 2605, 2616, 2611, + 2608, 2612, 2614, 2619, 86, 2620, 86, 86, 86, 86, + 86, 2615, 2617, 86, 86, 2618, 2627, 170, 86, 2629, + 86, 2623, 86, 86, 2625, 86, 86, 2622, 86, 2628, + 86, 2630, 2621, 2624, 86, 2626, 86, 2636, 2631, 3387, + 2632, 86, 2634, 86, 2633, 86, 2638, 86, 2639, 2647, - 86, 2636, 86, 86, 2634, 86, 2640, 2641, 86, 86, - 2633, 2644, 86, 86, 86, 2635, 86, 2637, 2645, 2638, - 2642, 86, 2639, 2648, 86, 2647, 86, 2643, 2646, 2649, - 86, 86, 2653, 86, 86, 86, 86, 2657, 86, 86, - 2656, 2650, 2659, 86, 2655, 86, 2654, 86, 86, 86, - 2651, 2652, 2660, 86, 2661, 2664, 86, 86, 2658, 86, - 2665, 2663, 2667, 86, 2662, 86, 86, 86, 86, 86, - 2668, 2672, 86, 2674, 86, 2666, 2670, 2671, 2669, 86, - 86, 2673, 86, 2677, 2675, 2676, 86, 2678, 86, 86, - 86, 86, 86, 86, 2679, 86, 86, 2684, 2681, 2682, + 2637, 2635, 2640, 86, 2641, 86, 86, 2642, 86, 2643, + 86, 2644, 86, 2645, 86, 86, 86, 2649, 86, 86, + 86, 86, 86, 2646, 2655, 86, 86, 2653, 86, 2648, + 86, 2659, 86, 2650, 2660, 86, 86, 86, 2651, 2652, + 2654, 2656, 2661, 2657, 2658, 2663, 2664, 86, 86, 2666, + 86, 86, 86, 86, 2662, 2667, 86, 2665, 86, 2669, + 86, 86, 2675, 86, 2676, 86, 86, 86, 2670, 2668, + 2680, 86, 86, 86, 2671, 86, 2672, 2673, 2679, 2674, + 2681, 86, 2682, 86, 86, 2678, 2677, 86, 86, 86, + 2684, 2683, 2687, 86, 86, 86, 86, 2691, 2686, 2690, - 2685, 2687, 86, 2688, 86, 2683, 86, 2680, 2686, 2689, - 168, 86, 86, 2690, 2692, 2694, 2691, 86, 86, 2696, - 86, 86, 2695, 86, 2699, 86, 2700, 86, 2698, 86, - 2693, 2702, 86, 86, 2704, 2697, 2703, 86, 86, 2705, - 86, 86, 2701, 2706, 2709, 86, 2707, 86, 86, 2710, - 86, 2708, 2711, 86, 86, 86, 86, 2712, 2716, 2717, - 86, 2718, 2714, 86, 86, 86, 86, 86, 2713, 86, - 2720, 2721, 2719, 86, 86, 86, 2715, 2722, 2724, 2723, - 2725, 86, 86, 86, 86, 2730, 86, 2726, 86, 86, - 2733, 2728, 2729, 86, 2727, 2731, 86, 86, 86, 2734, + 2692, 86, 2685, 86, 86, 2693, 2694, 86, 86, 2688, + 86, 86, 86, 2689, 86, 2695, 86, 2696, 86, 2700, + 3387, 86, 2698, 2697, 2704, 2705, 86, 86, 86, 2708, + 86, 2699, 2701, 86, 86, 2702, 86, 86, 2703, 86, + 2711, 86, 2706, 2713, 2709, 86, 2707, 2714, 86, 2710, + 86, 86, 2712, 86, 2715, 2719, 86, 86, 86, 86, + 2716, 86, 2722, 2723, 86, 2720, 2721, 2725, 86, 86, + 2717, 2718, 86, 86, 2726, 86, 86, 2728, 2724, 2731, + 86, 2727, 86, 2732, 86, 2729, 2734, 86, 86, 86, + 86, 86, 2739, 86, 86, 2730, 86, 2735, 2733, 2737, - 86, 2738, 86, 86, 86, 2739, 2732, 86, 2735, 86, - 2743, 86, 86, 2741, 86, 86, 86, 2736, 86, 2737, - 2747, 3291, 2740, 2755, 2742, 2750, 2744, 2745, 2748, 86, - 2751, 86, 2752, 86, 2746, 86, 86, 86, 86, 86, - 2749, 2753, 86, 2754, 86, 86, 2756, 2759, 2758, 86, - 2761, 86, 2757, 2763, 86, 2764, 86, 2765, 86, 86, - 2760, 86, 86, 2766, 2768, 86, 2767, 86, 86, 2762, - 2772, 86, 2770, 86, 2775, 2773, 86, 2776, 86, 86, - 2771, 86, 2769, 2777, 86, 86, 86, 86, 2778, 2782, - 86, 2774, 2779, 86, 2783, 2784, 86, 2786, 86, 2780, + 2738, 2736, 2741, 86, 2740, 86, 86, 86, 2744, 86, + 2742, 2743, 2745, 86, 86, 2747, 86, 2746, 86, 86, + 86, 86, 2748, 2751, 2749, 2752, 2754, 86, 86, 2750, + 2755, 86, 86, 2756, 2753, 2758, 170, 86, 86, 2759, + 2757, 86, 2760, 2763, 3387, 86, 86, 2765, 86, 86, + 2764, 86, 86, 2768, 86, 86, 2761, 2767, 2772, 2762, + 2769, 86, 2773, 2766, 2770, 2771, 86, 2774, 86, 86, + 86, 86, 2778, 86, 2775, 2776, 86, 2779, 86, 86, + 86, 2780, 86, 86, 86, 2777, 2785, 2786, 2781, 2787, + 2783, 86, 86, 86, 86, 2782, 86, 86, 86, 2791, - 86, 86, 2785, 86, 2790, 86, 2781, 2791, 86, 2792, - 86, 86, 86, 2787, 86, 2793, 86, 2789, 86, 2788, - 2794, 86, 2799, 86, 2798, 2802, 86, 2801, 86, 86, - 86, 86, 2796, 86, 2795, 2803, 2797, 2804, 86, 2800, - 86, 2805, 86, 2807, 86, 2808, 86, 2811, 86, 86, - 2809, 2810, 2815, 86, 86, 86, 2806, 2817, 86, 86, - 86, 2822, 86, 2814, 2812, 2818, 2823, 86, 2813, 2816, - 2821, 2824, 2819, 2827, 86, 86, 2825, 86, 2820, 2826, - 86, 2828, 86, 2829, 86, 2830, 86, 2831, 86, 86, - 86, 2832, 86, 2833, 86, 86, 86, 2836, 86, 86, + 86, 2789, 2790, 2788, 2784, 2793, 86, 86, 86, 86, + 2792, 2794, 86, 86, 86, 2799, 86, 86, 2797, 86, + 3387, 2796, 2798, 2802, 86, 2795, 2800, 86, 86, 86, + 2801, 2807, 86, 2803, 86, 2804, 86, 86, 86, 2805, + 86, 2808, 86, 2806, 86, 2810, 86, 2809, 2812, 86, + 2816, 86, 2811, 2817, 86, 2814, 2824, 2813, 2819, 2820, + 2821, 86, 2815, 86, 86, 86, 86, 2822, 86, 2818, + 2825, 2823, 86, 2827, 86, 86, 86, 2828, 86, 86, + 2829, 86, 2832, 86, 86, 2826, 2834, 86, 2837, 2830, + 2835, 86, 86, 2831, 2836, 86, 86, 2838, 2839, 86, - 2838, 2842, 86, 2843, 86, 2839, 86, 86, 86, 2834, - 2844, 2846, 86, 2837, 86, 2847, 2835, 86, 2840, 2841, - 2848, 86, 2849, 2851, 2845, 2850, 86, 86, 86, 86, - 2855, 86, 86, 86, 86, 86, 2852, 2853, 2856, 2859, - 86, 2857, 86, 86, 2860, 86, 86, 2854, 2858, 86, - 2863, 2862, 86, 2861, 2864, 2865, 86, 2866, 86, 86, - 2868, 2869, 86, 86, 86, 86, 2867, 86, 2870, 2875, - 86, 86, 86, 2873, 2871, 86, 2878, 2879, 86, 2876, - 86, 2880, 86, 2883, 86, 2874, 2884, 2881, 2872, 2882, - 86, 2877, 2885, 86, 2886, 86, 2887, 86, 86, 2888, + 86, 2833, 86, 2843, 86, 2841, 86, 86, 2844, 86, + 86, 2847, 2848, 86, 2842, 86, 2840, 86, 2845, 2849, + 86, 86, 86, 86, 2846, 2850, 86, 2853, 2851, 2854, + 86, 86, 2855, 2856, 86, 2852, 2857, 2858, 86, 2859, + 86, 2860, 2862, 2863, 86, 86, 2865, 86, 86, 2864, + 86, 2867, 86, 86, 2861, 2866, 2868, 86, 86, 86, + 2873, 86, 86, 86, 86, 2872, 86, 2875, 2876, 86, + 2869, 86, 2878, 2870, 86, 86, 2877, 2879, 2871, 86, + 86, 2882, 2881, 86, 86, 86, 2874, 2880, 2885, 86, + 2889, 86, 2883, 2884, 86, 86, 86, 86, 2891, 86, - 86, 86, 2892, 86, 86, 86, 2891, 86, 86, 2893, - 2894, 2895, 86, 86, 86, 86, 2901, 86, 2889, 2890, - 2899, 2896, 86, 2903, 86, 2897, 86, 86, 2898, 86, - 2904, 86, 2900, 86, 2905, 86, 2906, 86, 2907, 86, - 2912, 86, 2902, 86, 86, 86, 2908, 86, 2909, 2915, - 2910, 86, 86, 86, 86, 2921, 2913, 2914, 86, 2911, - 2916, 2919, 86, 2917, 86, 86, 86, 2920, 2925, 86, - 86, 2918, 86, 2922, 2927, 86, 2923, 2928, 86, 2930, - 86, 86, 86, 86, 86, 2926, 2931, 86, 2934, 2935, - 86, 2924, 86, 2929, 86, 2939, 86, 2932, 2933, 86, + 86, 86, 2886, 2888, 2918, 2887, 2892, 2895, 2890, 2896, + 2893, 86, 2898, 86, 2897, 86, 2894, 2899, 86, 2900, + 2901, 86, 86, 2902, 86, 2903, 86, 2904, 86, 2905, + 86, 86, 86, 2908, 86, 86, 2907, 2909, 86, 2910, + 2912, 86, 86, 2916, 86, 86, 2906, 2913, 2917, 86, + 86, 2911, 2920, 86, 2922, 86, 86, 2921, 86, 86, + 86, 2914, 2915, 2919, 2923, 2924, 86, 2925, 86, 2926, + 2929, 86, 86, 86, 2928, 86, 2930, 2927, 86, 2935, + 86, 86, 2931, 86, 2936, 86, 86, 86, 86, 2933, + 2938, 2939, 86, 2940, 2932, 2934, 2937, 2941, 86, 2942, - 2942, 86, 86, 2944, 2936, 86, 86, 86, 86, 86, - 2937, 2938, 2945, 2940, 86, 2941, 2947, 86, 2948, 86, - 2950, 86, 2943, 86, 2955, 2952, 2949, 2946, 2954, 86, - 86, 86, 2953, 86, 2959, 86, 86, 86, 2961, 2960, - 2951, 86, 86, 2957, 2964, 2965, 86, 86, 2956, 86, - 86, 2967, 2966, 2958, 2962, 86, 86, 86, 2970, 86, - 2969, 2963, 86, 2973, 86, 2968, 86, 2971, 86, 86, - 2976, 86, 86, 86, 86, 2972, 2981, 86, 2977, 86, - 86, 2974, 2975, 2985, 86, 86, 2978, 2980, 86, 2984, - 2986, 86, 2982, 2987, 86, 2983, 86, 2979, 86, 2988, + 86, 86, 2946, 86, 86, 86, 2943, 86, 86, 86, + 2952, 2944, 86, 2947, 86, 86, 86, 2948, 2950, 2945, + 2955, 86, 86, 2957, 2953, 86, 2956, 86, 2951, 86, + 86, 86, 2949, 86, 2958, 2954, 2959, 86, 2962, 2967, + 2960, 2963, 86, 2961, 2964, 86, 2965, 86, 2966, 86, + 86, 2971, 86, 2968, 86, 2970, 86, 86, 86, 2972, + 86, 2969, 86, 2973, 2974, 86, 86, 2978, 2976, 2980, + 2975, 86, 2982, 86, 86, 86, 86, 86, 2983, 86, + 86, 2977, 2984, 86, 2979, 2985, 86, 2986, 86, 2991, + 86, 86, 86, 86, 2988, 2987, 2981, 2994, 2989, 86, - 86, 2989, 2990, 86, 2991, 86, 2992, 86, 2995, 86, - 86, 2993, 2997, 86, 86, 2996, 86, 86, 86, 2998, - 2994, 86, 3002, 3003, 86, 86, 86, 3007, 86, 3008, - 86, 2999, 3004, 86, 3009, 3006, 86, 86, 3000, 3001, - 86, 86, 3012, 3013, 86, 3005, 3014, 86, 86, 86, - 3017, 86, 86, 3010, 3015, 3011, 86, 3020, 86, 86, - 3019, 3022, 3016, 3018, 3021, 86, 86, 86, 86, 86, - 86, 3024, 86, 86, 3026, 86, 86, 3027, 86, 3025, - 86, 86, 86, 86, 3039, 3023, 3036, 3037, 86, 3028, - 86, 3032, 3029, 3030, 3031, 3033, 3034, 86, 86, 3044, + 86, 86, 86, 86, 2992, 2993, 86, 86, 2990, 2995, + 2998, 2999, 86, 3000, 86, 2996, 3001, 3004, 86, 86, + 2997, 3002, 3006, 86, 3007, 86, 86, 3009, 86, 86, + 86, 86, 86, 3014, 86, 86, 3013, 3017, 3005, 86, + 3003, 86, 86, 86, 86, 3010, 3011, 3008, 3012, 86, + 3016, 86, 3020, 3023, 86, 3015, 86, 3025, 3021, 86, + 86, 3019, 3018, 86, 3026, 3028, 86, 86, 3022, 3029, + 86, 3031, 86, 86, 86, 86, 3024, 86, 86, 3036, + 86, 3387, 3027, 3034, 3033, 86, 86, 3030, 3040, 86, + 3038, 3032, 86, 3044, 86, 3035, 3037, 3042, 86, 86, - 86, 3035, 3040, 3038, 86, 3045, 86, 3042, 3041, 86, - 86, 3043, 86, 3046, 3047, 86, 3291, 3048, 3050, 86, - 3051, 86, 3052, 3053, 86, 86, 86, 3054, 3055, 3049, - 86, 3056, 3057, 86, 86, 3059, 86, 3058, 86, 86, - 3061, 86, 3060, 3065, 86, 86, 3064, 86, 86, 86, - 86, 86, 3068, 86, 3067, 86, 3073, 3082, 3062, 3063, - 3069, 86, 3072, 86, 3070, 3074, 86, 86, 3071, 86, - 3066, 3075, 86, 86, 3077, 3080, 3076, 86, 86, 86, - 3081, 86, 3078, 86, 3086, 3079, 86, 3291, 3087, 3089, - 86, 3090, 3083, 3084, 86, 3092, 86, 86, 3085, 86, + 3039, 3041, 3043, 86, 86, 3047, 3048, 86, 3050, 86, + 3045, 86, 3049, 86, 86, 3053, 86, 86, 3052, 86, + 3056, 86, 3051, 3046, 3054, 86, 86, 3059, 86, 86, + 86, 86, 3064, 86, 86, 86, 3055, 3060, 3057, 3058, + 86, 3068, 86, 86, 3063, 3069, 86, 3061, 3070, 3067, + 86, 3066, 86, 3065, 86, 3062, 86, 3072, 3073, 86, + 3074, 86, 3075, 86, 3071, 3078, 86, 3076, 86, 3080, + 86, 86, 86, 3079, 86, 86, 86, 3085, 3086, 86, + 86, 86, 3077, 86, 86, 3081, 86, 3092, 86, 3093, + 86, 86, 3387, 3094, 3082, 3091, 3083, 3084, 3089, 86, - 3091, 3093, 86, 86, 86, 3088, 3096, 86, 3095, 3097, - 86, 3099, 86, 3098, 3094, 3100, 86, 3101, 86, 3102, - 86, 3103, 86, 3104, 86, 3105, 86, 86, 3107, 86, - 86, 86, 86, 86, 86, 86, 3106, 3112, 86, 3108, - 86, 86, 86, 3109, 86, 3116, 86, 3115, 3113, 3118, - 86, 86, 3110, 3111, 3114, 3117, 86, 86, 3122, 3120, - 3119, 86, 3125, 86, 3124, 86, 86, 86, 86, 3123, - 3127, 86, 3121, 86, 86, 86, 86, 3126, 3133, 3131, - 86, 86, 86, 3130, 3132, 3128, 86, 86, 86, 3129, - 3136, 3134, 3138, 86, 3137, 3139, 86, 3140, 86, 86, + 3088, 86, 86, 3090, 3098, 86, 3087, 3097, 3099, 86, + 86, 3095, 86, 3102, 86, 3100, 86, 3105, 86, 86, + 3096, 86, 3104, 86, 86, 3107, 3101, 86, 3103, 3106, + 86, 86, 3108, 86, 86, 86, 3111, 86, 86, 86, + 3113, 3387, 86, 3109, 86, 3112, 3114, 86, 86, 3126, + 3110, 86, 86, 86, 3115, 86, 3123, 3116, 3124, 3117, + 3118, 3120, 3121, 3119, 86, 86, 86, 86, 86, 3122, + 3127, 3129, 3125, 3131, 86, 3132, 86, 86, 3387, 3130, + 86, 3133, 3134, 86, 3128, 3135, 3136, 3137, 86, 3138, + 86, 3139, 3140, 86, 86, 3141, 3142, 3145, 86, 3143, - 86, 86, 3145, 86, 3143, 3141, 3135, 86, 3142, 3146, - 86, 86, 3148, 3149, 3147, 86, 3151, 86, 86, 86, - 86, 3144, 86, 86, 86, 3150, 86, 86, 86, 86, - 3152, 3160, 3158, 86, 3162, 3155, 86, 3153, 3154, 3157, - 3159, 3164, 86, 86, 3167, 86, 86, 3156, 3161, 3169, - 86, 86, 3170, 3163, 86, 3168, 3165, 3171, 86, 3172, - 86, 86, 86, 3166, 86, 3175, 86, 86, 86, 3176, - 3180, 3177, 86, 3173, 86, 86, 86, 3184, 86, 3183, - 86, 3174, 86, 3179, 3186, 86, 3181, 3182, 3187, 86, - 86, 86, 3178, 3190, 86, 86, 86, 3188, 3193, 86, + 3144, 86, 86, 86, 3148, 86, 3146, 86, 86, 86, + 86, 86, 3147, 3154, 86, 86, 3153, 86, 86, 86, + 86, 86, 3150, 3157, 3156, 3149, 86, 3158, 86, 3151, + 3152, 3161, 3162, 86, 86, 3159, 86, 3163, 3387, 3160, + 3155, 86, 3164, 3165, 86, 3166, 86, 86, 86, 3167, + 3171, 86, 3168, 3173, 86, 3172, 86, 3169, 86, 86, + 3170, 3174, 86, 3177, 86, 3181, 3175, 3178, 3180, 86, + 86, 86, 3183, 86, 86, 3176, 3182, 3184, 86, 86, + 3187, 86, 86, 3179, 3186, 3188, 86, 3190, 86, 3185, + 86, 3189, 3191, 86, 3192, 86, 3193, 86, 3194, 86, - 3185, 86, 3194, 86, 3195, 3197, 3191, 86, 3198, 3189, - 86, 86, 86, 3192, 86, 86, 3203, 86, 3204, 86, - 3202, 3199, 3196, 3200, 86, 86, 86, 86, 86, 86, - 86, 3201, 3208, 86, 3210, 86, 86, 86, 86, 3207, - 86, 3215, 86, 3216, 86, 3205, 3206, 3209, 3212, 3211, - 3213, 3223, 3214, 3217, 86, 3221, 86, 86, 86, 86, - 3218, 3220, 3219, 3222, 86, 3224, 86, 86, 86, 3229, - 86, 3225, 3226, 3227, 86, 86, 3230, 86, 3228, 3231, - 3232, 86, 86, 86, 86, 86, 3233, 3238, 86, 3234, - 3235, 86, 86, 86, 86, 3241, 3242, 86, 86, 86, + 3195, 86, 3196, 86, 3197, 86, 86, 3200, 86, 86, + 86, 86, 86, 86, 86, 3199, 3198, 86, 3201, 3205, + 86, 86, 3202, 86, 3209, 86, 3208, 3206, 3210, 86, + 3207, 3203, 3204, 3212, 86, 86, 3211, 86, 3214, 86, + 3216, 86, 86, 3213, 3219, 3218, 86, 86, 86, 86, + 86, 86, 3221, 86, 86, 86, 86, 86, 3227, 3217, + 3220, 3225, 3226, 3215, 86, 3224, 86, 3222, 86, 3223, + 86, 3228, 86, 3230, 3238, 3231, 86, 3232, 3233, 86, + 3234, 86, 86, 3229, 3235, 86, 86, 86, 86, 3236, + 86, 3237, 86, 86, 3244, 3243, 3239, 86, 3246, 3242, - 86, 86, 86, 3236, 3237, 3240, 3245, 3239, 3243, 86, - 3246, 3244, 86, 3248, 86, 3249, 86, 3247, 86, 3253, - 86, 3250, 3251, 86, 3255, 86, 3256, 86, 3252, 86, - 86, 3254, 3257, 3260, 86, 3261, 3258, 86, 86, 3259, - 3262, 3263, 86, 86, 3264, 86, 86, 86, 3269, 86, - 3265, 3267, 86, 86, 86, 86, 86, 86, 3271, 3272, - 86, 3275, 3276, 86, 3266, 86, 3268, 86, 3279, 3280, - 86, 3270, 86, 86, 3273, 3274, 3277, 3282, 86, 3281, - 3283, 86, 86, 86, 3278, 86, 86, 3291, 3285, 3284, - 3286, 3291, 3287, 3289, 86, 3290, 86, 3291, 3291, 3291, + 3240, 86, 86, 86, 86, 86, 86, 86, 3245, 86, + 3241, 86, 3255, 86, 3247, 3253, 3258, 86, 86, 3250, + 86, 3248, 3249, 3254, 3252, 3257, 86, 86, 86, 86, + 3251, 3260, 3263, 86, 3256, 86, 3265, 86, 3259, 86, + 3266, 3261, 3267, 86, 3264, 3268, 86, 86, 3262, 3270, + 86, 86, 86, 3271, 86, 86, 3272, 3273, 3276, 86, + 86, 86, 86, 86, 86, 86, 3269, 3279, 3280, 86, + 3275, 86, 3278, 3277, 3282, 86, 3283, 86, 3284, 3274, + 86, 3281, 3286, 86, 3285, 86, 3287, 3289, 86, 86, + 3290, 86, 86, 3291, 3293, 3294, 86, 86, 3288, 86, - 3291, 3291, 3291, 3291, 3291, 3288, 47, 47, 47, 47, - 47, 47, 47, 52, 52, 52, 52, 52, 52, 52, - 57, 57, 57, 57, 57, 57, 57, 63, 63, 63, - 63, 63, 63, 63, 68, 68, 68, 68, 68, 68, - 68, 74, 74, 74, 74, 74, 74, 74, 80, 80, - 80, 80, 80, 80, 80, 89, 89, 3291, 89, 89, - 89, 89, 158, 158, 3291, 3291, 3291, 158, 158, 160, - 160, 3291, 3291, 160, 3291, 160, 162, 3291, 3291, 3291, - 3291, 3291, 162, 165, 165, 3291, 3291, 3291, 165, 165, - 167, 3291, 3291, 3291, 3291, 3291, 167, 169, 169, 3291, + 86, 86, 3299, 86, 3298, 86, 3295, 3300, 86, 3296, + 3292, 86, 86, 86, 86, 86, 3297, 86, 3304, 86, + 3306, 86, 86, 86, 86, 86, 3301, 3303, 3311, 3312, + 86, 3302, 3305, 86, 3308, 3309, 3307, 3319, 3310, 3313, + 86, 3317, 86, 86, 86, 3314, 86, 3320, 3315, 3318, + 86, 86, 3316, 86, 86, 3321, 3322, 3325, 3323, 3326, + 86, 86, 86, 86, 3328, 86, 3327, 86, 86, 86, + 86, 3329, 3334, 3324, 86, 3331, 86, 86, 86, 86, + 3337, 3330, 3338, 86, 86, 86, 86, 86, 3332, 3333, + 3336, 3341, 86, 3335, 3339, 3342, 86, 3340, 86, 3345, - 169, 169, 169, 169, 172, 3291, 3291, 3291, 3291, 3291, - 172, 175, 175, 3291, 3291, 3291, 175, 175, 90, 90, - 3291, 90, 90, 90, 90, 17, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291 + 3344, 3346, 86, 3343, 86, 3347, 86, 3349, 86, 3351, + 86, 3352, 86, 86, 86, 3356, 86, 3353, 3387, 86, + 3354, 3359, 86, 3350, 3357, 86, 86, 3358, 3348, 86, + 86, 86, 86, 3355, 86, 86, 3360, 3361, 86, 3363, + 3365, 86, 86, 3367, 86, 3362, 86, 3368, 86, 3371, + 3364, 3366, 3372, 86, 3369, 86, 86, 3375, 3376, 86, + 86, 3378, 86, 3370, 86, 3373, 86, 3377, 3379, 86, + 86, 3380, 86, 86, 3374, 3381, 3387, 3382, 3385, 86, + 3386, 86, 3387, 3387, 3387, 3383, 3387, 3387, 3387, 3387, + 3387, 3387, 3384, 47, 47, 47, 47, 47, 47, 47, + + 52, 52, 52, 52, 52, 52, 52, 57, 57, 57, + 57, 57, 57, 57, 63, 63, 63, 63, 63, 63, + 63, 68, 68, 68, 68, 68, 68, 68, 74, 74, + 74, 74, 74, 74, 74, 80, 80, 80, 80, 80, + 80, 80, 89, 89, 3387, 89, 89, 89, 89, 160, + 160, 3387, 3387, 3387, 160, 160, 162, 162, 3387, 3387, + 162, 3387, 162, 164, 3387, 3387, 3387, 3387, 3387, 164, + 167, 167, 3387, 3387, 3387, 167, 167, 169, 3387, 3387, + 3387, 3387, 3387, 169, 171, 171, 3387, 171, 171, 171, + 171, 174, 3387, 3387, 3387, 3387, 3387, 174, 177, 177, + + 3387, 3387, 3387, 177, 177, 90, 90, 3387, 90, 90, + 90, 90, 17, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387 } ; -static const flex_int16_t yy_chk[6467] = +static const flex_int16_t yy_chk[6654] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -2231,709 +2283,730 @@ static const flex_int16_t yy_chk[6467] = 5, 3, 6, 24, 4, 24, 24, 5, 24, 6, 7, 7, 7, 7, 24, 7, 8, 8, 8, 8, 33, 8, 7, 9, 9, 9, 26, 26, 8, 10, - 10, 10, 19, 29, 9, 33, 19, 29, 3299, 35, + 10, 10, 19, 29, 9, 33, 19, 29, 3395, 35, 10, 11, 11, 11, 11, 11, 11, 13, 13, 13, 13, 34, 13, 11, 35, 99, 34, 29, 38, 13, 51, 51, 11, 12, 12, 12, 12, 12, 12, 14, 14, 14, 14, 99, 14, 12, 15, 15, 15, 38, 23, 14, 23, 23, 12, 23, 46, 15, 16, 16, - 16, 23, 23, 25, 27, 27, 25, 25, 2689, 16, + 16, 23, 23, 25, 27, 27, 25, 25, 2758, 16, 25, 46, 27, 30, 30, 25, 27, 56, 40, 27, 56, 73, 31, 31, 25, 28, 67, 67, 30, 32, 28, 31, 40, 32, 28, 73, 32, 28, 92, 28, - 28, 92, 31, 32, 1082, 32, 36, 36, 37, 37, - 28, 45, 45, 37, 175, 36, 45, 39, 41, 41, + 28, 92, 31, 32, 1104, 32, 36, 36, 37, 37, + 28, 45, 45, 37, 97, 36, 45, 97, 41, 41, - 45, 36, 39, 41, 94, 36, 39, 43, 43, 37, - 43, 94, 39, 41, 41, 39, 41, 44, 42, 43, - 87, 44, 39, 42, 87, 43, 42, 62, 95, 62, - 62, 44, 62, 42, 174, 44, 44, 42, 42, 70, - 95, 70, 70, 72, 70, 72, 72, 79, 72, 79, - 79, 70, 79, 84, 84, 86, 96, 86, 86, 89, - 86, 89, 89, 93, 89, 97, 86, 93, 97, 98, - 89, 89, 98, 100, 101, 102, 96, 103, 104, 105, - 106, 102, 100, 107, 111, 98, 106, 102, 101, 102, - 108, 109, 112, 172, 110, 103, 103, 107, 105, 106, + 45, 36, 87, 41, 93, 36, 87, 37, 93, 37, + 39, 39, 42, 41, 41, 39, 41, 42, 96, 39, + 42, 43, 43, 105, 43, 39, 44, 42, 39, 101, + 44, 42, 42, 43, 94, 39, 84, 84, 96, 43, + 44, 94, 105, 101, 44, 44, 62, 192, 62, 62, + 70, 62, 70, 70, 72, 70, 72, 72, 79, 72, + 79, 79, 70, 79, 86, 95, 86, 86, 89, 86, + 89, 89, 192, 89, 100, 86, 102, 95, 98, 89, + 89, 98, 102, 100, 103, 104, 106, 107, 102, 113, + 102, 109, 106, 113, 98, 108, 111, 140, 114, 112, - 104, 114, 111, 113, 108, 110, 110, 113, 116, 115, - 112, 109, 117, 110, 115, 117, 119, 118, 117, 120, - 123, 114, 116, 118, 120, 126, 121, 122, 734, 121, - 125, 117, 117, 121, 123, 119, 124, 125, 126, 128, - 124, 127, 118, 129, 120, 734, 122, 130, 127, 121, - 131, 122, 128, 132, 131, 133, 134, 135, 135, 136, - 133, 139, 137, 129, 133, 130, 137, 138, 143, 140, - 142, 132, 144, 148, 143, 137, 134, 141, 147, 136, - 141, 137, 138, 142, 144, 145, 145, 139, 140, 146, - 149, 141, 148, 150, 147, 141, 146, 151, 152, 151, + 177, 107, 103, 103, 110, 106, 116, 104, 115, 108, + 119, 109, 140, 115, 111, 110, 110, 112, 114, 117, + 116, 118, 117, 110, 122, 117, 120, 118, 123, 119, + 121, 120, 124, 121, 125, 130, 124, 121, 117, 117, + 127, 125, 123, 122, 126, 128, 118, 127, 122, 129, + 132, 120, 131, 121, 128, 130, 131, 126, 134, 133, + 135, 136, 129, 133, 138, 135, 137, 137, 132, 135, + 139, 141, 142, 144, 139, 256, 134, 256, 146, 150, + 151, 136, 143, 139, 138, 143, 144, 145, 149, 139, + 146, 142, 148, 145, 147, 147, 143, 141, 150, 148, - 153, 154, 157, 145, 155, 153, 145, 146, 151, 150, - 152, 149, 156, 154, 159, 159, 157, 156, 161, 167, - 151, 161, 155, 163, 171, 163, 163, 171, 163, 166, - 166, 168, 179, 168, 168, 169, 168, 169, 169, 173, - 169, 173, 173, 177, 173, 176, 176, 169, 177, 178, - 179, 180, 181, 183, 182, 178, 184, 185, 186, 187, - 181, 183, 188, 186, 178, 182, 180, 181, 190, 191, - 189, 188, 185, 198, 191, 184, 189, 189, 193, 187, - 192, 192, 195, 194, 193, 194, 195, 197, 194, 196, - 196, 195, 198, 190, 202, 199, 195, 201, 203, 197, + 143, 151, 152, 153, 149, 153, 155, 154, 156, 157, + 148, 155, 147, 226, 153, 147, 158, 159, 152, 154, + 156, 158, 161, 161, 179, 163, 153, 157, 163, 179, + 165, 159, 165, 165, 226, 165, 168, 168, 170, 181, + 170, 170, 171, 170, 171, 171, 173, 171, 175, 173, + 175, 175, 180, 175, 171, 178, 178, 181, 180, 182, + 183, 184, 185, 186, 187, 189, 188, 180, 183, 190, + 185, 188, 184, 212, 182, 183, 193, 191, 190, 187, + 176, 193, 186, 191, 191, 189, 194, 194, 195, 197, + 196, 212, 196, 197, 195, 196, 198, 198, 197, 199, - 199, 200, 195, 195, 203, 194, 200, 204, 205, 201, - 206, 204, 215, 205, 202, 207, 208, 210, 209, 211, - 212, 230, 216, 214, 211, 212, 206, 203, 214, 207, - 209, 208, 215, 209, 230, 210, 213, 213, 216, 217, - 213, 219, 213, 218, 218, 217, 220, 219, 221, 222, - 224, 223, 220, 219, 213, 222, 213, 223, 225, 232, - 226, 227, 234, 228, 225, 226, 223, 227, 221, 228, - 229, 224, 231, 235, 233, 234, 236, 229, 231, 232, - 233, 235, 237, 238, 234, 239, 240, 237, 241, 236, - 242, 244, 238, 243, 246, 242, 242, 245, 243, 247, + 200, 201, 202, 197, 203, 204, 201, 202, 205, 197, + 197, 199, 196, 206, 205, 207, 203, 206, 208, 200, + 207, 209, 213, 210, 211, 204, 214, 213, 216, 217, + 552, 214, 218, 216, 208, 209, 211, 205, 210, 211, + 215, 215, 220, 220, 215, 219, 215, 221, 218, 217, + 222, 219, 223, 221, 552, 224, 222, 227, 215, 221, + 215, 224, 225, 227, 228, 229, 230, 231, 225, 228, + 230, 229, 223, 231, 232, 234, 233, 225, 235, 236, + 237, 232, 233, 238, 235, 239, 237, 240, 234, 241, + 245, 243, 242, 239, 241, 244, 238, 246, 248, 236, - 239, 245, 240, 248, 249, 247, 250, 251, 241, 244, - 249, 252, 251, 252, 253, 257, 246, 254, 312, 255, - 259, 248, 248, 256, 254, 255, 250, 260, 266, 256, - 258, 312, 259, 253, 257, 268, 258, 261, 261, 262, - 262, 260, 263, 264, 265, 267, 265, 268, 263, 264, - 267, 266, 269, 270, 271, 272, 273, 276, 274, 275, - 272, 270, 276, 265, 274, 275, 263, 277, 279, 278, - 280, 269, 277, 281, 271, 278, 282, 283, 284, 273, - 285, 288, 288, 279, 280, 283, 285, 290, 293, 286, - 282, 281, 286, 287, 289, 287, 294, 289, 291, 291, + 240, 242, 246, 246, 247, 238, 243, 250, 249, 247, + 245, 244, 249, 251, 252, 253, 248, 254, 255, 251, + 257, 253, 259, 255, 258, 261, 263, 264, 259, 250, + 260, 258, 252, 252, 262, 270, 260, 254, 263, 257, + 262, 264, 265, 265, 261, 266, 266, 267, 268, 269, + 271, 269, 272, 267, 268, 271, 273, 274, 270, 275, + 277, 276, 288, 278, 272, 274, 276, 279, 269, 278, + 283, 267, 280, 279, 282, 273, 281, 280, 284, 275, + 282, 281, 285, 277, 286, 283, 287, 288, 290, 289, + 293, 290, 284, 293, 287, 289, 294, 291, 286, 291, - 292, 292, 165, 284, 293, 290, 295, 297, 296, 295, - 298, 294, 296, 300, 299, 301, 297, 303, 309, 298, - 299, 301, 302, 303, 302, 304, 307, 300, 306, 304, - 305, 305, 307, 306, 308, 310, 311, 315, 309, 316, - 308, 313, 313, 316, 314, 317, 304, 314, 318, 319, - 319, 320, 328, 310, 323, 315, 322, 311, 321, 308, - 323, 321, 324, 325, 317, 324, 318, 327, 322, 320, - 328, 331, 329, 332, 331, 325, 327, 329, 321, 326, - 330, 333, 412, 330, 412, 330, 332, 334, 326, 334, - 334, 326, 336, 333, 337, 336, 326, 326, 326, 326, + 285, 292, 292, 295, 295, 296, 296, 297, 299, 298, + 301, 299, 300, 302, 294, 303, 300, 304, 174, 301, + 305, 303, 302, 297, 298, 306, 305, 306, 307, 308, + 314, 304, 310, 308, 307, 309, 309, 310, 311, 312, + 313, 315, 316, 319, 311, 312, 317, 317, 314, 318, + 308, 321, 318, 320, 322, 316, 324, 320, 323, 323, + 313, 319, 315, 325, 312, 326, 325, 327, 328, 329, + 321, 328, 322, 327, 324, 333, 331, 326, 366, 332, + 333, 329, 336, 325, 330, 331, 334, 335, 337, 334, + 335, 334, 366, 330, 169, 336, 330, 332, 341, 341, - 335, 330, 338, 339, 340, 335, 335, 341, 341, 345, - 342, 337, 339, 340, 337, 342, 347, 338, 343, 343, - 344, 344, 346, 348, 345, 349, 350, 346, 347, 351, - 354, 352, 352, 355, 352, 351, 363, 363, 355, 357, - 356, 350, 348, 352, 357, 349, 356, 358, 359, 360, - 354, 359, 358, 359, 361, 362, 364, 361, 358, 365, - 365, 366, 364, 360, 362, 367, 366, 371, 367, 369, - 361, 373, 164, 361, 367, 361, 370, 372, 367, 370, - 375, 376, 371, 375, 379, 373, 367, 368, 368, 369, - 368, 382, 372, 379, 378, 376, 380, 370, 381, 375, + 337, 330, 330, 330, 330, 339, 338, 334, 338, 338, + 339, 339, 340, 342, 343, 340, 345, 344, 346, 347, + 347, 348, 349, 349, 351, 345, 348, 346, 353, 343, + 342, 350, 350, 342, 344, 344, 352, 354, 355, 351, + 353, 352, 356, 357, 360, 1304, 361, 358, 358, 357, + 358, 361, 369, 369, 362, 1304, 354, 356, 355, 358, + 362, 363, 364, 394, 360, 365, 363, 364, 365, 367, + 365, 368, 367, 364, 372, 370, 371, 371, 375, 372, + 368, 370, 377, 373, 378, 367, 373, 379, 367, 394, + 367, 376, 373, 382, 376, 384, 373, 377, 375, 378, - 383, 380, 380, 368, 381, 384, 368, 385, 368, 378, - 368, 377, 382, 377, 377, 386, 385, 388, 387, 383, - 384, 389, 390, 377, 387, 377, 377, 377, 392, 391, - 377, 395, 393, 392, 386, 391, 390, 394, 397, 391, - 396, 389, 398, 388, 400, 396, 395, 401, 398, 399, - 399, 392, 393, 397, 402, 403, 404, 394, 405, 401, - 406, 403, 408, 409, 400, 406, 407, 407, 402, 407, - 410, 411, 417, 413, 405, 413, 413, 416, 416, 409, - 414, 404, 408, 415, 414, 411, 410, 415, 418, 419, - 420, 417, 421, 413, 424, 422, 423, 162, 425, 430, + 381, 379, 385, 381, 373, 374, 374, 382, 374, 386, + 384, 385, 376, 388, 386, 386, 389, 387, 390, 381, + 392, 374, 395, 387, 374, 167, 374, 391, 374, 383, + 387, 383, 383, 390, 388, 389, 391, 396, 399, 392, + 393, 383, 395, 383, 383, 383, 393, 397, 383, 398, + 400, 396, 401, 397, 398, 402, 403, 397, 399, 404, + 402, 405, 405, 406, 407, 404, 408, 401, 409, 410, + 400, 403, 398, 411, 409, 414, 407, 412, 413, 413, + 408, 413, 412, 406, 415, 416, 423, 420, 417, 411, + 418, 420, 418, 421, 410, 414, 419, 421, 419, 419, - 424, 423, 415, 418, 422, 419, 421, 425, 420, 423, - 423, 426, 428, 423, 423, 422, 426, 422, 427, 429, - 430, 428, 427, 431, 432, 429, 434, 433, 432, 431, - 433, 434, 435, 436, 436, 437, 438, 438, 439, 442, - 440, 441, 441, 439, 444, 442, 443, 445, 437, 446, - 443, 447, 435, 440, 446, 449, 447, 448, 448, 444, - 450, 451, 452, 458, 455, 457, 448, 449, 445, 453, - 457, 454, 453, 460, 452, 454, 455, 456, 456, 451, - 450, 459, 459, 463, 458, 462, 462, 466, 464, 465, - 467, 469, 470, 471, 472, 460, 464, 473, 465, 160, + 415, 416, 417, 422, 422, 423, 424, 425, 426, 428, + 427, 430, 421, 431, 432, 166, 419, 430, 428, 432, + 429, 424, 431, 425, 427, 429, 426, 434, 433, 428, + 436, 428, 433, 429, 429, 435, 434, 429, 429, 437, + 438, 435, 440, 439, 438, 437, 439, 440, 441, 442, + 442, 436, 443, 444, 444, 445, 446, 447, 447, 449, + 445, 448, 450, 449, 451, 443, 452, 448, 441, 446, + 453, 452, 454, 454, 455, 453, 456, 450, 458, 457, + 459, 454, 461, 459, 460, 451, 455, 464, 460, 466, + 458, 462, 462, 463, 461, 470, 456, 457, 463, 465, - 475, 477, 467, 473, 463, 474, 475, 466, 472, 469, - 470, 469, 476, 471, 474, 477, 478, 476, 479, 480, - 481, 479, 482, 483, 478, 485, 484, 478, 482, 484, - 486, 485, 487, 480, 488, 481, 489, 487, 490, 492, - 491, 493, 490, 483, 486, 491, 493, 494, 495, 485, - 499, 496, 502, 520, 492, 501, 488, 489, 500, 501, - 506, 503, 504, 494, 496, 520, 504, 495, 497, 497, - 499, 502, 509, 500, 497, 506, 497, 503, 507, 508, - 505, 509, 497, 507, 497, 505, 510, 497, 497, 505, - 511, 512, 510, 513, 497, 508, 513, 510, 508, 514, + 465, 468, 468, 473, 471, 472, 475, 476, 464, 478, + 474, 466, 471, 479, 472, 474, 470, 480, 481, 476, + 485, 483, 482, 164, 473, 485, 475, 478, 482, 478, + 483, 479, 481, 484, 486, 487, 489, 480, 488, 484, + 490, 488, 492, 487, 493, 491, 487, 493, 486, 495, + 489, 491, 494, 497, 496, 490, 498, 499, 494, 496, + 500, 499, 492, 495, 501, 500, 502, 503, 504, 505, + 508, 502, 511, 525, 525, 497, 494, 498, 509, 501, + 510, 512, 505, 503, 510, 162, 515, 504, 506, 506, + 508, 511, 523, 509, 506, 513, 506, 512, 516, 513, - 515, 516, 516, 517, 519, 511, 521, 512, 518, 518, - 522, 523, 524, 526, 525, 527, 530, 524, 528, 519, - 515, 521, 514, 525, 528, 530, 533, 531, 517, 522, - 527, 531, 526, 523, 532, 534, 535, 536, 533, 537, - 532, 538, 539, 540, 542, 541, 539, 541, 546, 543, - 534, 536, 544, 544, 537, 535, 540, 543, 545, 538, - 546, 547, 548, 549, 545, 550, 549, 547, 542, 551, - 552, 554, 555, 553, 548, 552, 553, 556, 557, 550, - 554, 565, 556, 556, 551, 558, 558, 554, 555, 560, - 554, 557, 559, 559, 563, 560, 561, 561, 562, 562, + 514, 515, 506, 516, 506, 514, 517, 506, 506, 514, + 518, 520, 519, 521, 506, 523, 524, 522, 519, 518, + 522, 526, 517, 519, 528, 517, 520, 527, 527, 521, + 529, 531, 530, 532, 534, 533, 524, 535, 536, 528, + 533, 559, 529, 534, 559, 537, 526, 530, 539, 543, + 531, 537, 544, 536, 540, 532, 535, 539, 540, 541, + 542, 543, 545, 541, 546, 547, 542, 544, 548, 549, + 550, 553, 551, 549, 551, 554, 554, 556, 546, 553, + 547, 545, 555, 550, 557, 558, 548, 560, 555, 556, + 557, 561, 563, 562, 564, 563, 565, 558, 562, 566, - 563, 564, 565, 566, 568, 567, 564, 564, 567, 568, - 569, 570, 572, 571, 573, 566, 571, 572, 575, 570, - 574, 576, 575, 578, 577, 579, 580, 576, 577, 569, - 579, 581, 581, 582, 583, 585, 586, 573, 584, 574, - 580, 578, 588, 584, 587, 589, 590, 588, 582, 590, - 587, 585, 591, 593, 590, 583, 586, 590, 590, 589, - 592, 592, 594, 595, 596, 597, 598, 600, 595, 596, - 591, 593, 602, 600, 601, 602, 603, 604, 594, 597, - 603, 598, 604, 601, 605, 606, 609, 605, 607, 608, - 606, 611, 610, 609, 612, 616, 611, 613, 613, 614, + 611, 560, 567, 564, 566, 566, 561, 568, 568, 611, + 564, 575, 565, 564, 570, 567, 569, 569, 571, 571, + 570, 572, 572, 573, 576, 574, 579, 580, 578, 573, + 574, 574, 575, 578, 577, 580, 576, 577, 581, 582, + 583, 581, 584, 585, 582, 579, 586, 585, 588, 587, + 589, 590, 586, 587, 592, 589, 591, 591, 593, 594, + 595, 584, 596, 583, 594, 590, 588, 597, 160, 592, + 598, 599, 604, 597, 601, 598, 595, 603, 600, 593, + 607, 600, 596, 602, 602, 599, 600, 608, 604, 600, + 600, 605, 601, 606, 607, 603, 605, 610, 606, 617, - 615, 617, 603, 618, 607, 610, 619, 608, 614, 625, - 617, 616, 619, 158, 612, 618, 620, 621, 623, 615, - 621, 623, 620, 622, 622, 624, 622, 625, 626, 627, - 624, 628, 629, 631, 630, 627, 628, 630, 629, 632, - 633, 634, 626, 635, 632, 633, 633, 636, 639, 637, - 638, 641, 636, 85, 634, 637, 635, 639, 631, 640, - 642, 642, 644, 643, 640, 644, 636, 636, 645, 638, - 643, 641, 646, 647, 645, 650, 648, 651, 647, 651, - 644, 648, 648, 652, 646, 649, 649, 653, 654, 653, - 655, 656, 657, 658, 660, 659, 661, 662, 660, 663, + 618, 612, 608, 610, 612, 613, 614, 615, 616, 613, + 615, 614, 619, 616, 620, 617, 621, 622, 618, 619, + 624, 621, 623, 623, 625, 626, 627, 620, 628, 624, + 629, 613, 630, 635, 643, 627, 629, 622, 630, 631, + 628, 626, 631, 625, 632, 632, 633, 632, 634, 633, + 636, 635, 637, 634, 638, 639, 641, 637, 640, 643, + 650, 639, 641, 640, 636, 642, 644, 646, 642, 645, + 647, 644, 648, 638, 645, 645, 649, 648, 651, 650, + 646, 652, 649, 647, 653, 662, 652, 651, 654, 654, + 655, 648, 648, 656, 657, 658, 656, 655, 659, 664, - 650, 659, 652, 664, 665, 661, 654, 666, 655, 656, - 667, 657, 662, 658, 663, 669, 668, 671, 670, 666, - 672, 664, 668, 665, 673, 667, 674, 675, 673, 669, - 670, 676, 677, 678, 680, 679, 671, 681, 681, 672, - 679, 682, 683, 675, 674, 682, 684, 685, 680, 676, - 677, 677, 678, 686, 687, 688, 683, 689, 685, 687, - 690, 691, 696, 693, 692, 684, 80, 686, 691, 692, - 693, 688, 694, 690, 695, 697, 689, 694, 698, 695, - 696, 699, 697, 700, 701, 702, 703, 698, 705, 703, - 702, 706, 700, 704, 707, 699, 701, 704, 708, 709, + 657, 661, 661, 659, 653, 666, 663, 658, 663, 660, + 662, 656, 667, 659, 660, 660, 668, 665, 664, 665, + 669, 670, 671, 666, 673, 672, 676, 674, 671, 672, + 667, 675, 677, 673, 668, 678, 681, 679, 686, 669, + 683, 670, 674, 680, 676, 682, 675, 678, 684, 680, + 681, 677, 679, 687, 685, 688, 686, 682, 685, 683, + 689, 690, 692, 691, 693, 693, 694, 684, 691, 687, + 694, 695, 696, 688, 698, 697, 692, 699, 689, 689, + 690, 700, 699, 701, 85, 695, 697, 702, 698, 703, + 704, 696, 705, 706, 708, 704, 703, 700, 706, 705, - 706, 718, 705, 710, 710, 711, 711, 712, 712, 707, - 713, 716, 708, 714, 711, 713, 721, 717, 722, 720, - 709, 718, 714, 717, 719, 724, 723, 725, 719, 726, - 716, 720, 723, 724, 725, 727, 722, 728, 731, 737, - 738, 721, 741, 740, 744, 744, 738, 726, 737, 740, - 743, 741, 742, 731, 743, 745, 745, 728, 746, 747, - 727, 729, 748, 729, 749, 750, 729, 752, 742, 746, - 729, 750, 752, 729, 753, 754, 748, 747, 755, 759, - 729, 729, 755, 729, 749, 751, 751, 751, 756, 751, - 757, 758, 751, 754, 757, 753, 758, 751, 759, 760, + 702, 707, 701, 709, 710, 711, 707, 712, 713, 714, + 709, 716, 708, 710, 716, 714, 712, 715, 718, 711, + 713, 717, 715, 720, 719, 717, 721, 722, 723, 723, + 724, 724, 718, 719, 725, 725, 726, 727, 720, 724, + 721, 726, 729, 730, 731, 733, 727, 732, 722, 730, + 734, 732, 735, 736, 737, 739, 738, 733, 740, 736, + 741, 729, 737, 738, 731, 747, 744, 750, 751, 754, + 735, 753, 755, 739, 751, 734, 750, 753, 754, 759, + 741, 744, 747, 740, 742, 761, 742, 756, 755, 742, + 759, 756, 760, 742, 757, 757, 742, 758, 758, 761, - 761, 763, 762, 751, 751, 762, 763, 763, 764, 766, - 757, 75, 756, 767, 760, 764, 765, 765, 767, 768, - 768, 769, 774, 771, 766, 761, 769, 770, 771, 775, - 770, 772, 772, 773, 774, 773, 776, 777, 779, 778, - 776, 780, 780, 785, 781, 784, 779, 782, 775, 783, - 783, 786, 789, 789, 787, 785, 808, 777, 778, 781, - 787, 782, 788, 784, 790, 808, 792, 788, 793, 790, - 790, 792, 794, 786, 793, 795, 796, 798, 794, 799, - 795, 797, 796, 798, 797, 800, 800, 799, 801, 801, - 802, 803, 804, 805, 806, 807, 807, 804, 802, 809, + 762, 763, 773, 742, 742, 766, 742, 763, 765, 767, + 760, 768, 769, 765, 770, 768, 772, 773, 770, 771, + 762, 764, 764, 764, 771, 764, 766, 767, 764, 774, + 778, 778, 779, 764, 770, 772, 769, 776, 775, 764, + 764, 775, 776, 776, 777, 780, 788, 779, 781, 781, + 780, 777, 782, 783, 774, 784, 783, 782, 785, 785, + 784, 786, 787, 786, 789, 788, 790, 792, 789, 791, + 793, 793, 794, 797, 787, 792, 795, 796, 796, 799, + 798, 802, 802, 800, 813, 813, 790, 794, 791, 800, + 795, 797, 798, 801, 803, 814, 814, 805, 801, 803, - 805, 810, 810, 812, 811, 814, 815, 809, 816, 803, - 811, 817, 818, 806, 814, 815, 817, 819, 820, 821, - 819, 818, 812, 820, 822, 823, 824, 826, 826, 827, - 825, 828, 816, 821, 823, 825, 825, 829, 830, 824, - 831, 834, 834, 831, 827, 833, 829, 833, 835, 822, - 828, 831, 836, 837, 842, 838, 839, 836, 840, 841, - 843, 844, 830, 842, 845, 844, 846, 847, 848, 835, - 850, 74, 849, 847, 837, 838, 839, 848, 851, 841, - 840, 852, 845, 843, 849, 846, 853, 852, 854, 850, - 855, 855, 851, 854, 856, 857, 858, 859, 860, 861, + 803, 799, 805, 806, 807, 810, 808, 809, 810, 806, + 807, 808, 811, 809, 812, 815, 816, 819, 811, 817, + 818, 820, 812, 815, 817, 821, 827, 818, 822, 822, + 823, 832, 824, 831, 816, 819, 832, 820, 829, 823, + 824, 825, 825, 826, 821, 827, 830, 829, 834, 826, + 833, 834, 836, 835, 837, 830, 838, 831, 835, 833, + 839, 842, 840, 841, 841, 838, 836, 840, 840, 843, + 845, 844, 846, 839, 847, 851, 842, 847, 853, 837, + 844, 849, 854, 849, 852, 847, 850, 850, 843, 852, + 846, 855, 856, 857, 845, 858, 851, 859, 861, 853, - 853, 862, 863, 864, 857, 859, 865, 867, 869, 864, - 866, 868, 865, 867, 856, 872, 858, 870, 860, 872, - 862, 861, 863, 870, 866, 868, 871, 873, 869, 874, - 875, 876, 871, 877, 877, 875, 878, 879, 880, 882, - 879, 874, 878, 883, 881, 882, 873, 884, 884, 874, - 885, 888, 876, 886, 887, 891, 880, 881, 886, 887, - 887, 889, 892, 883, 894, 889, 888, 893, 885, 890, - 890, 896, 893, 897, 900, 899, 901, 891, 903, 903, - 904, 905, 892, 894, 904, 906, 906, 897, 899, 908, - 907, 909, 919, 908, 900, 896, 905, 901, 902, 910, + 862, 860, 854, 863, 858, 860, 864, 866, 80, 863, + 865, 855, 868, 857, 856, 864, 861, 867, 868, 862, + 859, 869, 865, 870, 871, 871, 866, 872, 870, 873, + 874, 867, 875, 876, 877, 869, 878, 879, 873, 880, + 875, 885, 881, 883, 882, 880, 884, 872, 881, 883, + 874, 889, 890, 876, 892, 878, 877, 879, 882, 886, + 884, 885, 887, 888, 890, 886, 891, 888, 887, 896, + 889, 891, 890, 893, 893, 892, 894, 895, 897, 898, + 895, 899, 894, 900, 900, 898, 901, 896, 902, 903, + 904, 897, 908, 902, 905, 904, 904, 909, 906, 907, - 911, 902, 912, 902, 919, 911, 909, 902, 915, 902, - 932, 914, 913, 910, 902, 907, 912, 913, 913, 902, - 914, 916, 915, 917, 918, 916, 920, 921, 922, 918, - 923, 920, 932, 924, 925, 929, 929, 916, 917, 918, - 925, 921, 924, 926, 923, 927, 928, 931, 926, 922, - 930, 927, 928, 931, 933, 930, 934, 936, 937, 939, - 940, 940, 941, 937, 938, 943, 944, 941, 945, 936, - 946, 939, 942, 933, 934, 935, 935, 951, 938, 943, - 942, 935, 947, 935, 68, 944, 946, 945, 947, 935, - 949, 948, 950, 951, 935, 935, 948, 952, 953, 953, + 907, 899, 906, 910, 901, 903, 911, 903, 910, 905, + 913, 916, 914, 917, 908, 918, 921, 909, 920, 920, + 921, 923, 923, 922, 916, 911, 914, 924, 925, 926, + 928, 927, 925, 917, 913, 928, 918, 919, 922, 934, + 919, 929, 919, 942, 926, 927, 919, 932, 919, 942, + 931, 930, 924, 919, 934, 929, 930, 930, 919, 931, + 933, 932, 935, 936, 933, 937, 938, 935, 939, 940, + 937, 949, 941, 943, 951, 936, 933, 935, 943, 944, + 938, 941, 945, 940, 950, 944, 946, 946, 945, 939, + 947, 948, 951, 949, 953, 947, 954, 948, 75, 955, - 954, 935, 949, 955, 954, 957, 958, 959, 960, 958, - 950, 957, 961, 960, 962, 952, 963, 964, 966, 967, - 962, 963, 968, 955, 969, 961, 959, 966, 967, 971, - 969, 970, 972, 973, 975, 974, 964, 972, 968, 976, - 970, 977, 980, 978, 983, 986, 989, 987, 971, 974, - 977, 976, 978, 973, 975, 979, 981, 985, 988, 980, - 983, 979, 981, 990, 989, 986, 987, 996, 991, 992, - 995, 985, 988, 991, 992, 995, 996, 998, 990, 997, - 997, 999, 1001, 998, 1002, 1006, 1007, 1004, 1004, 1002, - 1002, 1004, 1005, 1008, 999, 1005, 1009, 1010, 1001, 1006, + 961, 954, 956, 950, 952, 952, 953, 957, 957, 959, + 952, 958, 952, 955, 956, 960, 958, 959, 952, 961, + 962, 963, 964, 952, 952, 967, 965, 969, 964, 960, + 952, 965, 966, 968, 970, 970, 971, 963, 972, 962, + 971, 974, 976, 967, 966, 969, 978, 974, 975, 968, + 977, 975, 980, 981, 979, 977, 983, 980, 972, 978, + 979, 976, 984, 985, 986, 983, 987, 988, 989, 990, + 986, 984, 981, 989, 991, 987, 992, 997, 993, 985, + 74, 996, 994, 995, 1000, 1003, 988, 996, 991, 990, + 993, 994, 995, 998, 997, 1002, 992, 1004, 1005, 998, - 1011, 1012, 1013, 1015, 1020, 1014, 1007, 1012, 1016, 1008, - 1010, 1014, 1017, 1016, 1009, 1011, 1019, 1023, 1015, 1019, - 1029, 63, 1013, 1021, 1022, 1020, 1017, 1024, 1021, 1022, - 1025, 1026, 1024, 1023, 1028, 1025, 1029, 1033, 1030, 1031, - 1028, 1032, 1032, 1026, 1030, 1031, 1033, 1034, 1035, 1036, - 1036, 1035, 1037, 1038, 1039, 1040, 1041, 1042, 1040, 1044, - 1043, 1049, 1045, 1042, 1044, 1034, 1043, 1045, 1046, 1041, - 1037, 1047, 1038, 1046, 1039, 1050, 1051, 1047, 1052, 1049, - 1053, 1053, 1051, 1052, 1054, 1055, 1056, 1057, 1058, 1059, - 1060, 1058, 1059, 1054, 1055, 1050, 1062, 1061, 1063, 1064, + 1000, 1006, 1007, 1008, 1013, 1003, 1009, 1017, 1008, 1002, + 1012, 1009, 1005, 1013, 1016, 1012, 1004, 1007, 1015, 1006, + 1014, 1014, 1017, 1016, 1015, 1018, 1020, 1021, 1026, 1025, + 1023, 1023, 1021, 1021, 1023, 1027, 1024, 1028, 1018, 1024, + 1029, 1030, 1020, 1025, 1031, 1032, 1033, 1034, 1026, 1035, + 1031, 1027, 1033, 1029, 1035, 1028, 1030, 1036, 1038, 1039, + 1042, 1038, 1034, 1040, 1041, 1032, 1043, 1044, 1040, 1041, + 1046, 1036, 1044, 1045, 1049, 1043, 1042, 1048, 1045, 1050, + 1039, 1051, 1046, 1048, 1053, 1050, 1054, 1051, 1052, 1052, + 1049, 1055, 1057, 1053, 1055, 1056, 1056, 1058, 1059, 1060, - 1067, 1060, 1061, 1065, 1056, 1066, 1057, 1068, 1070, 1065, - 1063, 1066, 1068, 1072, 1062, 1067, 1069, 1069, 1064, 1071, - 1073, 1074, 1075, 1076, 1073, 1072, 1077, 1070, 1079, 1080, - 1080, 1075, 1081, 1071, 1083, 1084, 1086, 1085, 1089, 1074, - 1092, 1086, 1076, 58, 1087, 1088, 1088, 1079, 1083, 1085, - 1084, 1077, 1081, 1087, 1090, 1091, 1092, 1093, 1089, 1095, - 1090, 1091, 1093, 1094, 1095, 1094, 1096, 1097, 1098, 1099, - 1100, 1101, 1102, 1098, 1103, 1105, 1105, 1106, 1101, 1107, - 1096, 1097, 1109, 1108, 1099, 1110, 57, 1102, 1109, 1100, - 1111, 1106, 1113, 1103, 1117, 1111, 1113, 1107, 1108, 1114, + 1061, 1062, 1060, 1063, 1054, 1069, 1064, 1062, 1070, 1063, + 1057, 1064, 1065, 1061, 1066, 1067, 1058, 1065, 1059, 1066, + 1071, 1067, 1072, 1069, 1073, 1073, 1071, 1072, 1070, 1074, + 1075, 1076, 1077, 1078, 1079, 1080, 1078, 1079, 1074, 1075, + 1081, 1082, 1083, 1084, 1085, 1081, 1080, 1086, 1087, 1076, + 1085, 1077, 1088, 1086, 1083, 1089, 1089, 1088, 1090, 1082, + 1091, 1092, 1084, 1087, 1093, 1094, 1095, 1096, 1093, 1097, + 1099, 1100, 1100, 1092, 1091, 1095, 1101, 1090, 1103, 1102, + 1106, 1101, 1105, 1094, 1102, 1107, 1096, 1108, 1111, 1099, + 1109, 1114, 1108, 68, 1097, 1106, 1105, 1107, 1103, 1109, - 1114, 1117, 1115, 1118, 1111, 1110, 1111, 1115, 1120, 1111, - 1116, 1116, 1119, 1121, 1122, 1119, 1123, 1118, 1124, 1126, - 1125, 1123, 1127, 1122, 1126, 1129, 1134, 1120, 1128, 1131, - 1131, 1121, 1125, 1132, 1137, 1133, 1127, 1124, 1132, 1128, - 1133, 1136, 1135, 1137, 1129, 1136, 1134, 1135, 1138, 1139, - 1140, 1142, 1143, 1141, 1145, 1144, 1146, 1147, 1150, 1143, - 1151, 1149, 1148, 1138, 1139, 1141, 1142, 1144, 1148, 1140, - 1152, 1153, 1154, 1145, 1157, 1147, 1149, 1146, 1150, 1152, - 1151, 1155, 1156, 1158, 1159, 1162, 1153, 1164, 1161, 1163, - 1165, 1154, 1166, 1155, 1161, 1164, 1170, 1167, 1158, 1157, + 1110, 1110, 1118, 1112, 1113, 1119, 1115, 1114, 1111, 1112, + 1113, 1115, 1116, 1117, 1116, 1120, 1118, 1121, 1117, 1119, + 1120, 1122, 1123, 1124, 1125, 1127, 1127, 1128, 1129, 1123, + 1130, 1131, 1121, 1132, 1255, 1135, 1255, 1131, 1124, 1135, + 1122, 1128, 1133, 1125, 1142, 1130, 1129, 1133, 1136, 1136, + 1137, 1138, 1138, 1132, 1140, 1137, 1133, 1139, 1133, 1141, + 1143, 1133, 1141, 1142, 1139, 1144, 1145, 1146, 1140, 1147, + 1148, 1145, 1150, 1149, 1144, 1148, 1151, 1154, 1143, 1153, + 1153, 1147, 1154, 1150, 1155, 1156, 1146, 1149, 1157, 1155, + 1158, 1159, 1160, 1157, 1158, 1151, 1161, 1162, 1163, 1164, - 1162, 1156, 1167, 1163, 1159, 1168, 1169, 1171, 1166, 1172, - 1165, 1169, 1169, 1173, 1173, 1170, 1175, 1168, 1176, 1177, - 1181, 1171, 1172, 1174, 1174, 1177, 1181, 1176, 1174, 1175, - 1179, 1174, 1174, 1178, 1178, 1179, 1174, 1185, 1180, 1182, - 1183, 1188, 1174, 1319, 1182, 1183, 1174, 1180, 1184, 1184, - 1186, 1186, 1187, 1189, 1190, 1187, 1191, 1187, 1185, 1192, - 1193, 1188, 1194, 1190, 1192, 1197, 1195, 1196, 1199, 1319, - 1197, 1189, 1195, 1196, 1193, 1198, 1191, 1199, 1205, 1198, - 1194, 1206, 1199, 1204, 1199, 1202, 1199, 1204, 1199, 1200, - 1200, 1201, 1201, 1205, 1201, 1207, 1202, 1208, 1209, 1206, + 1159, 1165, 1167, 1166, 1168, 1156, 1169, 1160, 1165, 1172, + 1163, 1161, 1170, 1171, 1164, 1166, 1162, 1173, 1170, 1175, + 1176, 1167, 1174, 1177, 1169, 1168, 1178, 1179, 1171, 1172, + 1181, 1174, 1180, 1184, 1175, 1177, 1183, 1173, 1186, 1176, + 1185, 1187, 1183, 1188, 1189, 1178, 1186, 1180, 1184, 1189, + 1181, 1190, 1179, 1192, 1185, 1193, 1199, 1194, 1197, 1188, + 1191, 1187, 1199, 1190, 63, 1191, 1191, 1195, 1195, 1193, + 1194, 1197, 1192, 1196, 1196, 1198, 1200, 1200, 1196, 1202, + 1201, 1196, 1196, 1203, 1198, 1201, 1196, 1207, 1202, 1203, + 1204, 1210, 1196, 1205, 1211, 1204, 1196, 1212, 1205, 1206, - 1210, 1211, 1208, 1208, 1207, 1212, 1211, 1209, 1213, 1214, - 1215, 1216, 1217, 1218, 1218, 1219, 1220, 1213, 1217, 1212, - 1222, 1221, 1210, 1219, 1223, 1216, 1221, 1224, 1214, 1215, - 1220, 1225, 1226, 1223, 1222, 1227, 1227, 1226, 1228, 1229, - 1229, 1230, 1234, 1230, 1232, 1224, 1233, 1232, 1235, 1236, - 1236, 1233, 1237, 1228, 1238, 1238, 1225, 1235, 1239, 1239, - 1240, 1234, 1241, 1242, 1250, 1240, 1243, 1243, 1244, 1246, - 1245, 1247, 1237, 1245, 1261, 1261, 1247, 1248, 1249, 1253, - 1249, 1255, 1250, 1241, 1242, 1257, 1248, 1252, 1244, 1246, - 1252, 1254, 1256, 1257, 1253, 1255, 1254, 1256, 1258, 1259, + 1206, 1208, 1208, 1213, 1209, 1214, 1212, 1209, 1207, 1209, + 1214, 1210, 1211, 1215, 1216, 1217, 1218, 1221, 1274, 1219, + 1274, 1217, 1218, 1213, 1219, 1220, 1221, 1215, 1223, 1220, + 1230, 1221, 1216, 1221, 1222, 1221, 1226, 1221, 1229, 1222, + 1224, 1224, 1223, 1225, 1225, 1228, 1225, 1226, 1230, 1228, + 1231, 1232, 1233, 1229, 1234, 1235, 1232, 1232, 1236, 1231, + 1235, 1233, 1237, 1238, 1239, 1240, 1243, 1241, 1242, 1242, + 1244, 1237, 1236, 1241, 1243, 1245, 1234, 1246, 1247, 1240, + 1245, 1248, 1238, 1239, 1244, 1249, 1250, 1247, 1248, 1251, + 1253, 1246, 1252, 1252, 1251, 1254, 1254, 1257, 1259, 1258, - 1260, 1262, 1259, 1258, 1263, 1260, 1262, 1264, 1265, 1270, - 1266, 1268, 1269, 1264, 1270, 1265, 1273, 1268, 1269, 1271, - 1272, 1274, 1263, 1266, 1276, 1271, 1275, 1275, 1278, 1272, - 1279, 1280, 1274, 1281, 1282, 1273, 1283, 1286, 1287, 1281, - 1282, 1285, 1283, 1278, 1276, 1288, 1291, 1285, 1289, 1290, - 1279, 1286, 1292, 1292, 1280, 1293, 1294, 1286, 1287, 1295, - 1289, 1296, 1298, 1290, 1291, 1288, 1296, 1297, 1297, 1299, - 1301, 1304, 1303, 1302, 1299, 1293, 1305, 1295, 1302, 1302, - 1304, 1294, 1306, 1307, 1305, 1298, 1308, 1309, 1310, 1301, - 1303, 1311, 1309, 1311, 1312, 1309, 1306, 1310, 1307, 1314, + 1257, 1260, 1262, 1249, 1258, 1253, 1261, 1261, 1263, 1263, + 1260, 1250, 1264, 1264, 1265, 1266, 1267, 1259, 1269, 1265, + 1268, 1268, 1262, 1270, 1271, 1272, 1270, 1275, 1278, 1277, + 1272, 1273, 1277, 1280, 1279, 58, 1266, 1267, 1269, 1279, + 1273, 1281, 1282, 1278, 1271, 1275, 1281, 1280, 1283, 1284, + 1282, 1285, 1284, 1283, 1286, 1286, 1285, 1287, 1288, 1289, + 1290, 1291, 1287, 1293, 1294, 1289, 1295, 1290, 1297, 1293, + 1294, 1295, 1296, 1298, 1291, 1299, 1288, 1297, 1296, 1300, + 1300, 1301, 1303, 1305, 1306, 1307, 1299, 1308, 1309, 1310, + 1312, 1313, 1298, 1308, 1309, 1310, 1312, 1314, 1305, 1315, - 1316, 1308, 1315, 1318, 1308, 1314, 1315, 1317, 1312, 1320, - 1321, 1316, 1317, 1317, 1322, 1321, 1323, 1324, 1325, 1322, - 1326, 1328, 1318, 1325, 1329, 1330, 1332, 1320, 1331, 1331, - 1332, 1333, 1334, 1335, 1323, 1328, 1336, 1324, 1337, 1335, - 1326, 1338, 1329, 1330, 1339, 1340, 1341, 1342, 1336, 1333, - 1345, 1334, 1342, 1344, 1343, 1338, 1354, 1337, 1344, 1339, - 1340, 1343, 1346, 1347, 1347, 1341, 1348, 1349, 1345, 1350, - 1354, 1346, 1351, 1351, 1352, 1357, 1349, 1353, 1355, 1355, - 1352, 1348, 1356, 1353, 1358, 1359, 1360, 1361, 1356, 1350, - 1359, 1357, 1360, 1361, 1362, 1363, 1363, 1364, 1364, 1367, + 1303, 1301, 1316, 1318, 1306, 1313, 1317, 1320, 1307, 1319, + 1319, 1313, 1321, 1322, 1316, 1324, 1324, 1314, 1323, 1315, + 1317, 1318, 1325, 1323, 1326, 1328, 1331, 1320, 1329, 1326, + 1330, 1322, 1332, 1329, 1329, 1331, 1333, 1321, 1334, 1335, + 1332, 1336, 1337, 1346, 1328, 1325, 1336, 1339, 1330, 1336, + 1333, 1337, 1343, 1334, 1335, 1345, 1338, 1335, 1338, 1341, + 1342, 1339, 1344, 1343, 1342, 1341, 1347, 1344, 1344, 1346, + 1348, 1349, 1350, 1351, 1345, 1348, 1349, 1352, 1353, 1356, + 1355, 1357, 1352, 1359, 1347, 1358, 1358, 1359, 1360, 1361, + 1350, 1363, 1364, 1351, 1355, 1362, 1365, 1356, 1353, 1357, - 1362, 1366, 1366, 1367, 1368, 1358, 1369, 1370, 1371, 1373, - 1372, 1374, 1374, 1368, 1375, 1376, 1373, 1378, 1379, 1370, - 1382, 1377, 1371, 1376, 1369, 1372, 1377, 1380, 1383, 1383, - 1381, 1378, 1380, 1380, 1375, 1381, 1381, 1379, 1384, 1385, - 1382, 1386, 1387, 1388, 1389, 1390, 1391, 1387, 1392, 1393, - 1386, 1395, 1391, 1392, 1394, 1396, 1403, 1384, 1385, 1397, - 1394, 1396, 1388, 1390, 1389, 1397, 1398, 1399, 1400, 1401, - 1395, 1405, 1405, 52, 1404, 1393, 1402, 1403, 1406, 1407, - 1411, 1406, 1408, 1408, 1411, 1398, 1399, 1400, 1401, 1404, - 1402, 1407, 1409, 1409, 1410, 1412, 1413, 1414, 1415, 1410, + 1366, 1362, 1367, 1363, 1368, 1377, 1360, 1369, 1361, 1370, + 1365, 1364, 1369, 1371, 1372, 1366, 1370, 1367, 1371, 1373, + 1374, 1374, 1375, 1368, 1376, 1377, 1378, 1378, 1373, 1379, + 1380, 1381, 1372, 1376, 1383, 1379, 1380, 1375, 1382, 1382, + 1383, 1384, 1385, 1386, 1387, 1381, 1388, 1389, 1386, 1396, + 1387, 57, 1388, 1389, 1390, 1390, 1395, 1384, 1391, 1391, + 1393, 1393, 1394, 1385, 1397, 1395, 1394, 1396, 1398, 1399, + 1400, 1401, 1401, 1402, 1404, 1403, 1397, 1400, 1405, 1404, + 1406, 1407, 1398, 1403, 1399, 1408, 1407, 1407, 1409, 1413, + 1408, 1408, 1405, 1402, 1410, 1410, 1411, 1412, 1413, 1406, - 1415, 1417, 1418, 1419, 1415, 1413, 1420, 1418, 1412, 1421, - 1414, 1422, 1422, 1425, 1426, 1423, 1424, 1415, 1419, 1417, - 1423, 1430, 1424, 1432, 1427, 1421, 1420, 1426, 1425, 1427, - 1428, 1429, 1431, 1433, 1428, 1429, 1434, 1434, 1436, 1433, - 1438, 1430, 1439, 1432, 1440, 1440, 1441, 1439, 1442, 1448, - 1431, 1449, 1441, 1444, 1444, 1446, 1436, 1452, 1446, 1447, - 1447, 1438, 1453, 1451, 1455, 1448, 1451, 1449, 1442, 1454, - 1454, 1453, 1456, 1457, 1459, 1458, 1461, 1452, 1462, 1455, - 1458, 1460, 1460, 1463, 1464, 1461, 1465, 1467, 1459, 1466, - 1466, 1473, 1457, 1456, 1468, 1469, 1462, 1475, 1463, 1470, + 1414, 1415, 1416, 1417, 1418, 1414, 1419, 1420, 1409, 1422, + 1418, 1419, 1421, 1423, 1430, 1411, 1412, 1424, 1421, 1423, + 1415, 1417, 1416, 1424, 1425, 1426, 1427, 1428, 1422, 1432, + 1432, 1434, 1431, 1420, 1429, 1430, 1433, 1435, 1441, 1433, + 1436, 1437, 1437, 1425, 1426, 1427, 1428, 1431, 1429, 1442, + 1434, 1441, 1436, 1438, 1438, 1439, 1435, 1440, 1442, 1443, + 1439, 1440, 1444, 1448, 1444, 1446, 1447, 1449, 1444, 1450, + 1452, 1447, 1443, 1451, 1451, 1452, 1453, 1454, 1448, 1456, + 1455, 1444, 1453, 1446, 1456, 1450, 1457, 1449, 1459, 1460, + 1457, 1458, 1454, 1455, 1461, 1458, 1462, 1466, 1463, 1464, - 1469, 1467, 1471, 1471, 1472, 1478, 1465, 1476, 1472, 1464, - 1482, 1473, 1468, 1477, 1470, 1474, 1474, 1477, 1476, 1475, - 1479, 1481, 1481, 1483, 1478, 1479, 1482, 1485, 1484, 1486, - 1487, 1488, 1488, 1489, 1490, 1493, 1491, 1495, 1489, 1492, - 1492, 1483, 1484, 1486, 1493, 1494, 1485, 1485, 1497, 1496, - 1494, 1496, 1498, 1497, 1490, 1487, 1491, 1495, 1498, 1499, - 1500, 1502, 1503, 1503, 1504, 1505, 1500, 1507, 1508, 1509, - 1509, 1505, 1507, 1510, 1510, 1502, 1511, 1512, 1513, 1499, - 1516, 1514, 1517, 1504, 1514, 1515, 1515, 1518, 1526, 47, - 1511, 1520, 1508, 1513, 1517, 1512, 1519, 1520, 1516, 1519, + 1464, 1468, 52, 1461, 1463, 1469, 1472, 1460, 1459, 1482, + 1469, 1470, 1470, 1471, 1478, 1466, 1462, 1474, 1474, 1471, + 1476, 1479, 1468, 1476, 1477, 1477, 1472, 1483, 1481, 1482, + 1478, 1481, 1484, 1484, 1485, 1486, 1483, 1479, 1487, 1488, + 1489, 1490, 1490, 1491, 1488, 1492, 1493, 1494, 1495, 1485, + 1496, 1496, 1491, 1497, 1489, 1498, 1486, 1487, 1502, 1499, + 1500, 1493, 1502, 1492, 1499, 1501, 1501, 1497, 1495, 1503, + 1504, 1504, 1494, 1498, 1505, 1500, 1506, 1507, 1508, 1509, + 1512, 1507, 1511, 1511, 1509, 1513, 1514, 1506, 1515, 1503, + 1513, 1516, 1517, 1512, 1518, 1519, 1505, 1508, 1520, 1520, - 1521, 1522, 1519, 1524, 1522, 1521, 1525, 1518, 1528, 1528, - 1529, 1525, 1524, 1526, 1519, 1527, 1529, 1530, 1527, 1531, - 1522, 1532, 1532, 1530, 1531, 1533, 1533, 1534, 1536, 1535, - 1537, 1538, 1539, 1534, 1535, 1540, 1541, 1542, 1540, 1543, - 1544, 1536, 1541, 1542, 1543, 1545, 1544, 1549, 1537, 1546, - 1538, 1550, 1539, 1548, 1546, 1547, 1547, 1551, 1548, 1552, - 1553, 1554, 1555, 1556, 1559, 1549, 1557, 1558, 1545, 1558, - 1557, 1550, 1561, 1552, 1553, 1554, 1563, 1551, 1562, 1564, - 1555, 1565, 1566, 1559, 1561, 1564, 1567, 1569, 1556, 1563, - 1562, 1568, 1571, 1571, 1572, 1573, 1576, 1574, 1566, 1577, + 1536, 1522, 1514, 1523, 1521, 1516, 1515, 1525, 1518, 1521, + 1526, 1517, 1517, 1524, 1524, 1526, 1525, 1527, 1531, 1536, + 1519, 1522, 1528, 1523, 1528, 1529, 1530, 1532, 1534, 1540, + 1529, 1539, 1530, 1532, 1535, 1535, 1539, 1527, 1531, 1537, + 1541, 1541, 1534, 1542, 1542, 1537, 1543, 1544, 1545, 1546, + 1547, 1547, 1546, 1540, 1548, 1549, 1550, 1553, 1552, 1558, + 1543, 1556, 1553, 1545, 1552, 1544, 1554, 1549, 1551, 1554, + 1556, 1551, 1548, 1557, 1551, 1589, 1550, 1559, 1557, 1589, + 1559, 1560, 1560, 1561, 1558, 1554, 1551, 1562, 1566, 1561, + 1563, 1564, 1564, 1562, 1566, 1563, 1565, 1565, 1567, 1568, - 1573, 1565, 1575, 1575, 1578, 1568, 1567, 1579, 1569, 1574, - 1580, 1576, 1581, 1577, 1572, 1582, 1584, 1583, 1586, 1580, - 1588, 1589, 1582, 1593, 1589, 1579, 1583, 1581, 1578, 1583, - 1590, 1590, 1584, 1586, 1591, 1591, 1592, 1594, 1586, 1596, - 1594, 1593, 1595, 1595, 1597, 1588, 1598, 1600, 1592, 1599, - 1602, 1598, 1596, 1601, 1599, 1603, 1604, 1608, 1605, 1602, - 1607, 1607, 1609, 1597, 1606, 1604, 1600, 1605, 1604, 1601, - 1606, 1610, 1611, 1613, 1603, 1609, 1612, 1608, 1616, 1617, - 1618, 1618, 1619, 1621, 1620, 1613, 1611, 1623, 1621, 1610, - 1622, 1622, 1612, 1620, 1625, 1624, 1623, 1617, 1619, 1623, + 1569, 1570, 1571, 1567, 1572, 1573, 1577, 1572, 1574, 1581, + 1575, 1573, 1568, 1576, 1574, 1575, 1578, 1582, 1569, 1576, + 1570, 1578, 1571, 1579, 1579, 1580, 1583, 1581, 1584, 1577, + 1580, 1585, 1587, 1586, 1588, 1591, 1590, 1582, 1590, 1593, + 1594, 1597, 1584, 1595, 1598, 1585, 1583, 1586, 1599, 1596, + 1587, 1593, 1594, 1600, 1591, 1596, 1595, 1601, 1608, 1588, + 1598, 1597, 1603, 1603, 1604, 1605, 1609, 1600, 1599, 1606, + 1605, 1607, 1607, 1608, 1610, 1611, 1612, 1613, 1601, 1614, + 1609, 1606, 1615, 1616, 1604, 1612, 1614, 1618, 1620, 1622, + 1622, 1615, 1613, 1611, 1615, 1623, 1623, 1621, 1610, 1616, - 1624, 1626, 1627, 1616, 1628, 1622, 1632, 1630, 1631, 1628, - 1628, 1633, 1625, 1634, 1635, 18, 1633, 1636, 1636, 1634, - 1627, 1630, 1626, 1631, 1637, 1642, 1638, 1639, 1632, 1640, - 1637, 1638, 1635, 1639, 1643, 1640, 1644, 1645, 1646, 1651, - 1647, 1646, 1644, 1649, 1652, 1642, 1647, 1646, 1643, 1653, - 1645, 1649, 1654, 1655, 1656, 1657, 1658, 1653, 1651, 1659, - 1659, 1654, 1660, 1652, 1662, 1661, 1655, 1656, 1660, 1657, - 1658, 1661, 1663, 1663, 1664, 1665, 1666, 1662, 1667, 1667, - 1669, 1659, 1670, 1668, 1671, 1672, 1669, 1674, 1674, 1675, - 1680, 1681, 17, 1665, 1664, 1666, 1668, 1676, 1684, 1680, + 1621, 1625, 1618, 1624, 1628, 1626, 1629, 1618, 1626, 1627, + 1627, 1630, 1632, 1620, 1633, 1624, 1630, 1628, 1631, 1625, + 1634, 1635, 1638, 1631, 1636, 1629, 1637, 1640, 1638, 1634, + 1633, 1632, 1641, 1636, 1642, 1637, 1636, 1639, 1639, 1643, + 1635, 1644, 1647, 1645, 1650, 1641, 1646, 1640, 1645, 1645, + 1651, 1646, 1642, 1643, 1647, 1652, 1652, 1644, 1653, 1655, + 1658, 1654, 1656, 1656, 1655, 1658, 1657, 1659, 1651, 1650, + 1654, 1660, 1661, 1664, 1653, 1657, 1662, 1656, 1657, 1665, + 1666, 1662, 1662, 1667, 47, 1659, 1669, 1664, 1667, 1668, + 1661, 1673, 1660, 1671, 1665, 1668, 1670, 1670, 1672, 1671, - 1671, 1676, 1677, 1672, 1670, 1678, 1679, 1677, 1683, 1675, - 1678, 1679, 1686, 1684, 1681, 1685, 1685, 1687, 1688, 1690, - 1683, 1689, 1689, 1691, 1692, 1695, 1693, 1696, 1697, 1687, - 1691, 1686, 1699, 1690, 1697, 1700, 1692, 1688, 1693, 1698, - 1712, 1700, 1701, 1701, 1695, 1702, 1706, 1696, 1702, 1705, - 1699, 1698, 1703, 1703, 1705, 1706, 1707, 1708, 1708, 1709, - 1712, 1710, 1707, 1710, 1711, 1713, 1714, 1711, 1715, 1716, - 1717, 1709, 1718, 1719, 1716, 1717, 1720, 1721, 1723, 1722, - 0, 1718, 1721, 1729, 1714, 1719, 1715, 1713, 1722, 1725, - 1724, 1720, 1726, 1728, 1725, 1724, 1727, 1727, 1723, 1728, + 1674, 1675, 1666, 1672, 1669, 1673, 1674, 1675, 1677, 1678, + 1679, 1680, 1681, 1682, 1684, 1681, 1679, 1686, 1687, 1682, + 1689, 1681, 1684, 1678, 1680, 1688, 1690, 1691, 1677, 1689, + 1692, 1693, 1695, 1688, 1694, 1694, 1686, 1687, 1695, 1690, + 1691, 1696, 1697, 1699, 1692, 1693, 1700, 1696, 1698, 1698, + 1701, 1702, 1702, 1703, 1704, 1697, 1694, 1705, 1706, 1707, + 1704, 1709, 1709, 1699, 1700, 1710, 1703, 1711, 1712, 1701, + 1713, 1711, 1716, 1712, 1706, 1713, 1714, 1707, 1715, 1705, + 1718, 1714, 1720, 1719, 1721, 1710, 1719, 1715, 1723, 1718, + 1722, 1722, 1724, 1725, 1720, 1716, 1726, 1726, 1728, 1721, - 1731, 1722, 1724, 1732, 1729, 1733, 1734, 1726, 1735, 1736, - 1735, 1737, 1737, 1738, 1738, 1739, 1739, 1740, 1743, 1731, - 1744, 1733, 1732, 1736, 1753, 1736, 1734, 1741, 1741, 1742, - 1742, 1745, 1745, 1751, 1746, 1756, 1747, 1740, 1746, 1743, - 1748, 1744, 1747, 1748, 1750, 1754, 1752, 1759, 1754, 1753, - 1750, 1751, 1752, 1755, 1755, 1756, 1757, 1758, 1758, 1760, - 1761, 1757, 1759, 1762, 1762, 1761, 1763, 1764, 1767, 1765, - 1766, 1763, 1768, 1764, 1770, 1773, 1776, 1775, 1769, 1775, - 1760, 1765, 1765, 1765, 1769, 1774, 1767, 1776, 1765, 1773, - 1766, 1772, 1768, 1777, 1770, 1778, 1772, 1772, 1779, 1780, + 1727, 1729, 1732, 1730, 1724, 1728, 1733, 1723, 1735, 1736, + 1734, 1737, 1725, 1729, 1727, 1730, 1734, 1737, 1738, 1738, + 1735, 1732, 1739, 1740, 1740, 1739, 1733, 1736, 1742, 1743, + 1744, 1745, 1745, 1742, 1746, 1747, 1744, 1747, 1743, 1748, + 1749, 1750, 1748, 1751, 1752, 1753, 1746, 1754, 1755, 1757, + 1753, 1758, 1754, 1756, 1760, 1763, 1758, 1755, 1759, 18, + 1749, 1751, 1752, 1750, 1757, 1756, 1761, 1759, 1762, 1766, + 1763, 1761, 1768, 1762, 1760, 1764, 1764, 1765, 1761, 1769, + 1759, 1770, 1771, 1765, 1772, 1773, 1772, 1774, 1774, 1777, + 1766, 1768, 1775, 1775, 1776, 1776, 1780, 1770, 1769, 1773, - 1774, 1778, 1781, 1782, 1782, 1783, 1785, 1779, 1777, 1784, - 1784, 1786, 1787, 1787, 1788, 1788, 1789, 1792, 1792, 1780, - 1793, 1794, 1797, 1781, 1801, 1796, 1785, 1799, 1799, 1798, - 1794, 1783, 1800, 1786, 1796, 1798, 1789, 1802, 1803, 1801, - 1804, 1805, 1805, 1797, 1802, 1793, 1806, 1803, 1807, 1809, - 1810, 1811, 1812, 1800, 1809, 1813, 1810, 1814, 1819, 1812, - 1816, 1813, 1818, 1814, 1807, 1816, 1804, 1815, 1815, 1817, - 1822, 1811, 1806, 1820, 1823, 1827, 1821, 1819, 1817, 1821, - 1824, 1824, 1818, 1825, 1826, 1820, 1828, 1829, 1822, 1825, - 1826, 1829, 1831, 1832, 1833, 1827, 1834, 1834, 1835, 1833, + 1781, 1773, 1771, 1778, 1778, 1779, 1779, 1782, 1782, 1777, + 1783, 1788, 1784, 1785, 1783, 1790, 1785, 1780, 1784, 1787, + 1789, 1781, 1792, 1792, 1791, 1787, 1789, 1791, 1793, 1788, + 1794, 1795, 1795, 1797, 1796, 1794, 1798, 1799, 1799, 1800, + 1790, 1798, 1804, 1802, 1800, 1801, 1803, 1805, 1793, 1796, + 1807, 1801, 1806, 1811, 1797, 1802, 1802, 1802, 1806, 1809, + 1804, 1810, 1802, 1813, 1809, 1809, 1803, 1805, 1811, 1812, + 1807, 1812, 1814, 1815, 1813, 1810, 1816, 1817, 1818, 1815, + 1819, 1819, 1820, 1821, 1821, 1816, 1822, 1814, 1823, 1824, + 1824, 1825, 1825, 1826, 1829, 1829, 1830, 1817, 1831, 1818, - 1823, 1828, 1838, 1836, 1839, 1840, 1846, 1829, 1839, 1848, - 1841, 1840, 1831, 1842, 1842, 1832, 1843, 1835, 1836, 1841, - 1843, 1838, 1844, 1845, 1845, 1847, 1849, 1846, 1848, 1850, - 1851, 1849, 1853, 1844, 1852, 1861, 1854, 1859, 1844, 1847, - 1852, 1854, 1855, 1855, 1856, 1856, 1859, 1853, 1857, 1850, - 1851, 1860, 1857, 1862, 1862, 1861, 1864, 1864, 1865, 1866, - 1868, 1869, 1860, 1865, 1865, 1866, 1868, 1860, 1870, 1871, - 1872, 1874, 1876, 1870, 1875, 1877, 1872, 1879, 1875, 1878, - 1880, 1871, 1882, 1874, 1876, 1878, 1880, 1869, 1881, 1884, - 1885, 1886, 1888, 1881, 1882, 1888, 1886, 1889, 1889, 1879, + 1833, 1834, 1836, 1836, 1837, 1835, 1822, 1831, 1820, 1833, + 1823, 1835, 1838, 1826, 1841, 1840, 1839, 1842, 1842, 1843, + 1844, 1830, 1834, 1839, 1840, 1837, 1846, 1838, 1847, 1848, + 1849, 1846, 1850, 1851, 1847, 1851, 1844, 1849, 1850, 1853, + 1841, 1854, 1855, 1855, 1857, 1843, 1856, 1854, 1858, 1848, + 1859, 1856, 1860, 1857, 1861, 1862, 1863, 1861, 1853, 1864, + 1864, 1865, 1868, 1867, 1860, 1866, 1869, 1865, 1858, 1859, + 1869, 1866, 1871, 1862, 1872, 1873, 1875, 1868, 1874, 1874, + 1873, 1878, 1863, 1867, 1876, 1879, 1869, 1880, 1880, 1879, + 1884, 1881, 1871, 1882, 1884, 1875, 1872, 1881, 1885, 1876, - 1877, 1884, 1890, 1890, 1891, 1891, 1892, 1893, 1894, 1885, - 1895, 1896, 1897, 1893, 1894, 1895, 1901, 1896, 1899, 1901, - 1902, 1897, 1905, 1899, 1903, 1903, 1892, 1906, 1907, 1908, - 1908, 1909, 1902, 1907, 1905, 1912, 1910, 1911, 1912, 1906, - 1909, 1910, 1911, 1913, 1913, 1914, 1915, 1918, 1916, 1917, - 1920, 1918, 1919, 1921, 1922, 1915, 1920, 1919, 1923, 1924, - 1926, 1926, 1927, 1922, 1929, 1914, 1916, 1933, 1917, 1928, - 1931, 1921, 1926, 1924, 1930, 1930, 1923, 1932, 1928, 1931, - 1927, 1934, 1935, 1941, 1929, 1942, 1934, 1944, 1933, 1932, - 1938, 1938, 1945, 1940, 1946, 1935, 1940, 1947, 1956, 1941, + 1878, 1887, 1882, 1883, 1883, 1886, 1886, 1888, 1889, 1885, + 1890, 1891, 1892, 1893, 1885, 1890, 1896, 1896, 1894, 1893, + 1895, 1888, 1887, 1897, 1897, 1895, 1898, 1889, 1900, 1901, + 1898, 1891, 1892, 1894, 1902, 1903, 1903, 1900, 1905, 1905, + 1901, 1906, 1907, 1909, 1910, 1901, 1906, 1906, 1907, 1909, + 1911, 1912, 1913, 1915, 1902, 1911, 1916, 1917, 1913, 1918, + 1916, 1919, 1921, 1912, 1920, 1915, 1922, 1919, 1921, 1917, + 1910, 1923, 1924, 1928, 1929, 1925, 1927, 1924, 1931, 1929, + 1935, 1931, 1932, 1932, 1918, 1922, 1920, 1925, 1927, 1933, + 1933, 1923, 1928, 1934, 1934, 1936, 1937, 1940, 1938, 1939, - 1946, 1942, 1944, 1948, 1948, 1949, 1945, 1949, 1950, 1950, - 1951, 1953, 1953, 1957, 1947, 1954, 1954, 1958, 1951, 1957, - 1959, 1956, 1960, 1958, 1963, 1961, 1964, 1959, 1962, 1962, - 1965, 1966, 1969, 1963, 1967, 1970, 1968, 1973, 1974, 1975, - 1971, 0, 1965, 1966, 1960, 1961, 1971, 1964, 1968, 1967, - 1970, 1975, 1976, 1976, 1977, 1978, 1981, 1973, 1969, 1971, - 1979, 1974, 1980, 1979, 1983, 1985, 1984, 1980, 1984, 1983, - 1987, 1989, 1977, 1986, 1991, 1978, 1981, 1987, 1986, 1992, - 1989, 1993, 1994, 1985, 1994, 1995, 1998, 1997, 1992, 1997, - 1999, 1999, 1991, 1993, 2000, 2002, 2001, 2002, 2003, 2005, + 1935, 1936, 1937, 1938, 1942, 1939, 1940, 1944, 1945, 1942, + 1944, 1946, 1946, 1948, 1949, 1952, 1950, 1951, 1951, 1957, + 1945, 1950, 1953, 1954, 1952, 1948, 1949, 1953, 1954, 1955, + 1956, 1956, 1955, 1958, 1959, 1960, 1961, 1964, 1962, 1957, + 1961, 1963, 1958, 1962, 1965, 1966, 1967, 1963, 1970, 1969, + 1969, 1972, 1959, 1965, 1960, 1964, 1971, 1973, 1973, 1974, + 1967, 1969, 1975, 1966, 1976, 1971, 1970, 1977, 1974, 1978, + 1983, 1972, 1977, 1983, 1975, 1981, 1981, 1984, 1985, 1990, + 1987, 1989, 1978, 1988, 1992, 1976, 1992, 1989, 1991, 1991, + 1993, 1993, 1994, 1984, 1985, 1987, 1990, 1988, 1996, 1996, - 1998, 2001, 2004, 2003, 1995, 2006, 2007, 2004, 2008, 2009, - 2010, 2012, 2007, 2008, 2013, 2014, 2014, 2005, 2010, 2016, - 2000, 2017, 2009, 2015, 2015, 2006, 2018, 2020, 2013, 2020, - 2012, 2019, 2018, 2021, 2016, 2024, 2019, 2022, 2023, 2023, - 2029, 2017, 2025, 2025, 2033, 2022, 2027, 2024, 2026, 2026, - 2031, 2021, 2028, 2022, 2032, 2027, 2032, 2028, 2029, 2031, - 2035, 2034, 2031, 2036, 2038, 2033, 2034, 2034, 2039, 2035, - 2042, 2043, 2040, 2039, 2046, 2036, 2038, 2040, 2044, 2045, - 2045, 2047, 2048, 2042, 2052, 2053, 2049, 2044, 2050, 2054, - 2055, 2043, 2046, 2057, 2063, 2055, 2052, 2053, 2048, 2047, + 1994, 1997, 1997, 1999, 2000, 2001, 2002, 2003, 2004, 2006, + 2000, 2001, 2007, 2002, 2005, 2005, 2012, 2016, 2006, 2008, + 2009, 2010, 2011, 2013, 2014, 2017, 1999, 2018, 2004, 2003, + 2014, 2008, 2009, 2007, 2011, 2020, 2010, 2016, 2013, 2018, + 2019, 2019, 2012, 2014, 2021, 2023, 2022, 2024, 2017, 2022, + 2023, 2026, 2027, 2020, 2027, 2028, 2026, 2029, 2030, 2032, + 2034, 2035, 2029, 2036, 2021, 2030, 2038, 2024, 2032, 2037, + 2035, 2037, 2040, 2028, 2040, 2036, 2041, 2043, 2034, 2042, + 2042, 2044, 2045, 2046, 2045, 2038, 2044, 2047, 2046, 2048, + 2041, 2049, 2047, 2050, 2053, 2051, 2052, 2055, 2057, 2050, - 2049, 2056, 2057, 2050, 2060, 2062, 2056, 2064, 2065, 2054, - 2060, 2062, 2066, 2068, 2068, 2067, 2069, 2063, 2070, 2070, - 2071, 2074, 2064, 2060, 2067, 2069, 2065, 2072, 2073, 2075, - 2076, 2072, 2077, 2073, 2074, 2076, 2076, 2066, 2077, 2071, - 2078, 2079, 2080, 2081, 2079, 2086, 2078, 2084, 2084, 2089, - 2080, 2075, 2085, 2085, 2086, 2087, 2087, 2088, 2088, 2090, - 2091, 2089, 2096, 2081, 2092, 2099, 2091, 2085, 2096, 2092, - 2093, 2093, 2094, 2094, 2095, 2101, 2098, 2090, 2085, 2095, - 2098, 2103, 2100, 2104, 2105, 2099, 2100, 2106, 2104, 2107, - 2108, 2110, 2111, 2109, 2107, 2101, 2112, 2111, 2113, 2113, + 2051, 2058, 2062, 2043, 2128, 2055, 2053, 2048, 2054, 2052, + 2061, 2049, 2128, 2054, 2054, 2058, 2066, 2057, 2059, 2059, + 2060, 2060, 2062, 2063, 2067, 2061, 2064, 2069, 2065, 2063, + 2065, 2064, 2067, 2074, 2066, 2068, 2068, 2070, 2070, 2069, + 2067, 2071, 2071, 2072, 2073, 2076, 2077, 2078, 2077, 2073, + 2079, 2074, 2072, 2080, 2076, 2079, 2079, 2076, 2081, 2082, + 2084, 2085, 2088, 2089, 2086, 2080, 2085, 2081, 2078, 2086, + 2090, 2082, 2084, 2091, 2091, 2088, 2092, 2093, 2095, 2090, + 2094, 2098, 2096, 2089, 2100, 2101, 2099, 2109, 2112, 2120, + 2101, 2110, 2095, 2098, 2092, 2093, 2094, 2096, 2099, 2103, - 2114, 2115, 2106, 2117, 2114, 2116, 2103, 2105, 2108, 2109, - 2116, 2110, 2118, 2119, 2120, 2121, 2115, 2123, 2112, 2122, - 2121, 2124, 2124, 2126, 2127, 2119, 2128, 2129, 2130, 2117, - 2118, 2126, 2122, 2120, 2131, 2123, 2132, 2133, 2134, 2136, - 2140, 0, 2138, 2127, 2139, 2128, 2140, 2142, 2142, 2133, - 2129, 2143, 2130, 2131, 2136, 2138, 2143, 2132, 2139, 2134, - 2141, 2144, 2141, 2145, 2144, 2146, 2152, 2147, 2148, 2148, - 2149, 2149, 2150, 2153, 2150, 2155, 2145, 2151, 2151, 2146, - 2147, 2152, 2154, 2154, 2155, 2161, 2153, 2155, 2156, 2156, - 2157, 2157, 2158, 2160, 2162, 2163, 2166, 2158, 2160, 2164, + 2102, 2106, 2120, 2108, 2100, 2102, 2110, 2106, 2103, 2108, + 2109, 2111, 2113, 2112, 2114, 2114, 2115, 2116, 2116, 2117, + 2106, 2113, 2118, 2119, 2121, 2115, 2118, 2122, 2119, 2111, + 2123, 2124, 17, 2122, 2125, 2126, 2124, 2124, 2117, 2127, + 2125, 2126, 2127, 2121, 2129, 2132, 2132, 2133, 2133, 2134, + 2135, 2135, 2123, 2136, 2136, 2137, 2138, 2139, 2134, 2151, + 2140, 2143, 2133, 2139, 2129, 2140, 2143, 2137, 2141, 2141, + 2142, 2142, 2144, 2133, 2138, 2146, 2147, 2148, 2144, 2146, + 2149, 2148, 2152, 2153, 2151, 2155, 2154, 2152, 2157, 2156, + 2155, 2158, 2159, 2160, 2161, 2161, 2147, 2159, 2162, 2163, - 2164, 2165, 2165, 2167, 2167, 2161, 2168, 2163, 2169, 2169, - 2170, 2171, 2172, 2172, 2162, 2166, 2171, 2173, 2173, 2174, - 2175, 2176, 2177, 2179, 2168, 2170, 2180, 2180, 2179, 2175, - 2181, 2182, 2182, 2174, 2183, 2176, 2184, 2185, 2186, 2186, - 2185, 2177, 2184, 2187, 2187, 2188, 2189, 2190, 2193, 2181, - 2191, 2191, 2183, 2194, 2186, 2195, 2196, 2197, 2197, 2198, - 2196, 2189, 2199, 2204, 2188, 2200, 2190, 2199, 2193, 2201, - 2195, 2203, 2203, 2206, 2205, 2207, 2194, 2208, 2198, 2209, - 2200, 2205, 2211, 2204, 2201, 2210, 2210, 2206, 2212, 2213, - 2212, 2211, 2213, 2207, 2215, 2208, 2216, 2217, 2218, 2219, + 2149, 2154, 2162, 2164, 2157, 2165, 2153, 2156, 2164, 2166, + 2167, 2158, 2169, 2168, 2163, 2160, 2170, 2169, 2171, 2172, + 2172, 2175, 2167, 2176, 2177, 2174, 2178, 2166, 2184, 2170, + 2179, 2165, 2168, 2174, 2180, 2182, 2171, 2260, 2187, 2181, + 2175, 2186, 2176, 2184, 2189, 2192, 2189, 2177, 2192, 2179, + 2178, 2181, 2187, 2188, 2186, 2180, 2182, 2190, 2190, 2188, + 2191, 2193, 2194, 2260, 2195, 2191, 2196, 2196, 2197, 2197, + 2198, 2200, 2198, 2203, 2193, 2201, 2194, 2195, 2199, 2199, + 2202, 2202, 2203, 2204, 2204, 2203, 2200, 2206, 2201, 2205, + 2205, 2208, 2206, 2209, 2210, 2211, 2208, 2212, 2212, 2213, - 2220, 2216, 2217, 2221, 2222, 2209, 2215, 2213, 2221, 2213, - 2224, 2225, 2219, 2226, 2227, 2224, 2225, 2228, 2229, 2232, - 2227, 2220, 2230, 2218, 2229, 2235, 2231, 2230, 2226, 2233, - 2222, 2231, 2234, 2239, 2235, 2234, 2236, 2237, 2228, 2238, - 2244, 0, 2233, 2240, 2232, 2236, 2237, 2239, 2238, 2240, - 2241, 2242, 2246, 2247, 2247, 2242, 2241, 2248, 2249, 2249, - 2244, 2246, 2251, 2248, 2250, 2253, 2257, 2249, 2256, 2250, - 2254, 2255, 2255, 2259, 2260, 2257, 2261, 2262, 2266, 2268, - 2268, 2253, 2251, 2256, 2251, 2259, 2254, 2267, 2265, 2262, - 2260, 2261, 2264, 2265, 0, 2264, 2269, 2269, 2266, 2267, + 2213, 2214, 2215, 2215, 2216, 2217, 2217, 2211, 2218, 0, + 2219, 2220, 2220, 2209, 2210, 2219, 2221, 2221, 2222, 2223, + 2214, 2224, 2216, 2218, 2225, 2227, 2228, 2228, 2223, 2229, + 2227, 2231, 2222, 2230, 2230, 2224, 2232, 2233, 2234, 2234, + 2233, 2236, 2232, 2225, 2235, 2235, 2237, 2240, 2229, 2231, + 2238, 2241, 2238, 2244, 2234, 2242, 2242, 2245, 2249, 2246, + 2236, 2237, 2240, 2247, 2248, 2248, 2250, 2247, 2251, 2252, + 2241, 2250, 2255, 2244, 2246, 2254, 2254, 2249, 2256, 2257, + 2245, 2258, 2259, 2251, 2252, 2256, 2261, 2261, 2262, 2263, + 2266, 2263, 2255, 2257, 2267, 2264, 2266, 2262, 2264, 2258, - 2271, 2271, 2272, 2273, 2274, 2272, 2275, 2276, 2273, 2278, - 2274, 2281, 2275, 2277, 2277, 2280, 2276, 2279, 2279, 2282, - 2283, 2283, 2284, 2278, 2286, 2281, 2285, 2280, 2284, 2286, - 2288, 2294, 2289, 2292, 2288, 2289, 2290, 2290, 2282, 2291, - 2285, 2293, 2292, 2295, 2291, 2296, 2296, 2295, 2297, 2299, - 2293, 2294, 2300, 2301, 2299, 2302, 2303, 2304, 2305, 2306, - 2303, 2297, 2307, 2305, 2308, 2306, 2309, 2310, 2307, 2302, - 2311, 2312, 2300, 2301, 2315, 2311, 2314, 2304, 2316, 2324, - 2324, 2317, 2308, 2316, 2323, 2309, 2310, 2317, 2314, 2318, - 2315, 2319, 2312, 2319, 2321, 2326, 2325, 2318, 2323, 2325, + 2259, 2270, 2268, 2269, 2271, 2273, 2267, 2268, 2269, 2272, + 2273, 2274, 2278, 2264, 2276, 2264, 2277, 2271, 2279, 2276, + 2280, 2277, 2281, 2284, 2279, 2285, 2270, 2278, 2281, 2282, + 2272, 2283, 2286, 2287, 2282, 2286, 2283, 2274, 2285, 2372, + 2288, 2280, 2287, 2289, 2290, 2291, 2296, 2372, 2284, 2288, + 2292, 2293, 2289, 2290, 2294, 2298, 2292, 2293, 2294, 2291, + 2299, 2299, 2300, 2302, 2298, 2305, 2296, 2307, 2300, 2301, + 2301, 2304, 2302, 2303, 2303, 2308, 2304, 2310, 2301, 2309, + 2309, 2311, 2313, 2307, 2314, 2305, 2315, 2305, 2320, 2462, + 2311, 2308, 2310, 2316, 2313, 2318, 2462, 2319, 2318, 2321, - 2327, 2327, 2330, 2321, 2331, 2332, 2330, 2333, 2333, 2334, - 2331, 2337, 2337, 2339, 2341, 2345, 2342, 2332, 2334, 2346, - 2345, 2326, 2347, 2355, 2348, 2349, 2349, 2347, 2341, 2348, - 2353, 2339, 2342, 2351, 2351, 2356, 2353, 2354, 2354, 2355, - 2359, 2357, 2360, 2361, 2361, 2346, 2357, 2363, 2365, 2364, - 2366, 2368, 2368, 2370, 2360, 2364, 2363, 2356, 2369, 2359, - 2371, 2369, 2373, 2373, 2375, 2366, 2365, 2374, 2374, 2375, - 2376, 2377, 2370, 2379, 2378, 2379, 2380, 2381, 2371, 2378, - 2377, 2382, 2383, 2384, 2385, 2386, 2386, 2383, 2376, 2385, - 2380, 2381, 2390, 2382, 2387, 2387, 2388, 2388, 2389, 2389, + 2314, 2315, 2319, 2322, 2322, 2316, 2323, 2323, 2320, 2325, + 2325, 2321, 2326, 2327, 2328, 2326, 2329, 2330, 2327, 2332, + 2328, 2335, 2329, 2331, 2331, 2334, 2330, 2333, 2333, 2336, + 2337, 2337, 2338, 2332, 2340, 2335, 2339, 2334, 2338, 2340, + 2342, 2348, 2343, 2346, 2342, 2343, 2344, 2344, 2336, 2345, + 2339, 2347, 2346, 2349, 2345, 2350, 2350, 2349, 2351, 2353, + 2347, 2348, 2354, 2355, 2353, 2356, 2357, 2358, 2359, 2360, + 2357, 2351, 2361, 2359, 2362, 2360, 2363, 2364, 2361, 2356, + 2365, 2366, 2354, 2355, 2369, 2365, 2368, 2358, 2370, 2380, + 2377, 2371, 2362, 2370, 2375, 2363, 2364, 2371, 2368, 2373, - 2391, 2392, 2395, 2384, 2390, 2396, 2392, 2393, 2393, 2394, - 2394, 2397, 2398, 2400, 2395, 2399, 2399, 2396, 2391, 2401, - 2401, 2402, 2402, 2403, 2404, 2406, 2405, 2407, 2398, 2409, - 2408, 2397, 2400, 2405, 2403, 2408, 2404, 2406, 2410, 2411, - 2411, 2412, 2413, 2414, 2415, 2416, 2417, 2407, 2426, 2409, - 2412, 2421, 2418, 2419, 2419, 2422, 2420, 2415, 2410, 2424, - 2417, 2425, 2428, 2414, 2418, 2420, 2421, 0, 2413, 2416, - 2422, 2426, 2427, 2429, 2430, 2427, 2428, 2424, 2429, 2430, - 2431, 2431, 2438, 2425, 2432, 2432, 2433, 2433, 2435, 2435, - 2437, 2437, 2439, 2440, 2441, 2443, 2444, 2445, 2446, 2447, + 2369, 2373, 2366, 2375, 2377, 2378, 2378, 2379, 2381, 2381, + 2379, 2385, 2384, 2386, 2388, 2380, 2384, 2385, 2387, 2387, + 2391, 2391, 2393, 2388, 2395, 2386, 2396, 2399, 2400, 2401, + 2402, 2409, 2399, 2407, 2401, 2402, 2403, 2403, 2395, 2407, + 2393, 2410, 2396, 2405, 2405, 2408, 2408, 2409, 2411, 2413, + 2415, 2419, 2414, 2411, 2400, 2414, 2421, 2416, 2417, 2417, + 2419, 2420, 2415, 2410, 2422, 2424, 2424, 2420, 2413, 2416, + 2425, 2426, 0, 2425, 2421, 2427, 2429, 2429, 2431, 2422, + 2430, 2430, 2432, 2431, 2434, 2433, 2435, 2436, 2435, 2434, + 2426, 2437, 2438, 2427, 2433, 2440, 2441, 2439, 2442, 2448, - 2438, 2448, 2449, 2439, 2449, 2450, 2451, 2457, 2447, 2441, - 2452, 2458, 2440, 2456, 2444, 2443, 2453, 2453, 2446, 2445, - 2458, 2448, 2455, 2455, 2451, 2450, 2461, 2456, 2452, 2457, - 2459, 2459, 2462, 2462, 2463, 2461, 2464, 2465, 2466, 2467, - 2468, 2470, 2473, 2469, 2465, 2471, 2471, 2472, 2472, 2474, - 2475, 2479, 2463, 2466, 2464, 2478, 2475, 2467, 2468, 2469, - 2470, 2478, 2473, 2476, 2476, 2477, 2477, 2474, 2480, 2479, - 2481, 2482, 2483, 2484, 2485, 2486, 2487, 2483, 2487, 2492, - 2486, 2488, 2488, 2480, 2489, 2482, 2489, 2490, 2490, 2481, - 2494, 2495, 2496, 2484, 2485, 2497, 2498, 2499, 2492, 2494, + 2432, 2436, 2439, 2442, 2438, 2437, 2443, 2443, 2444, 2444, + 2445, 2445, 2446, 2446, 2447, 2440, 2441, 2448, 2449, 2450, + 2450, 2451, 2451, 2449, 2452, 2453, 2447, 2454, 2455, 2456, + 2456, 2457, 2458, 2458, 2459, 2459, 2452, 2453, 2460, 2461, + 2463, 2464, 2466, 2465, 2455, 2467, 2469, 2454, 2465, 2460, + 2457, 2461, 2463, 2468, 2468, 2469, 2470, 2471, 2472, 2473, + 2474, 2464, 2466, 2475, 2476, 2467, 2476, 2477, 2478, 2478, + 2484, 2472, 2479, 2480, 2474, 2481, 2483, 2471, 2485, 2477, + 2499, 2479, 2470, 2473, 2486, 2475, 2487, 2486, 2480, 0, + 2481, 2488, 2484, 2489, 2483, 2497, 2488, 2502, 2489, 2499, - 2500, 2498, 2503, 2504, 2496, 2506, 2504, 2505, 2505, 2507, - 2495, 2508, 2508, 2511, 2509, 2497, 2514, 2499, 2509, 2500, - 2506, 2512, 2503, 2513, 2513, 2512, 2516, 2507, 2511, 2514, - 2517, 2518, 2519, 2519, 2521, 2522, 2523, 2524, 2524, 2525, - 2523, 2516, 2526, 2526, 2522, 2528, 2521, 2527, 2529, 2530, - 2517, 2518, 2527, 2537, 2528, 2531, 2531, 2539, 2525, 2536, - 2536, 2530, 2538, 2538, 2529, 2540, 2544, 2541, 2542, 2551, - 2539, 2543, 2543, 2546, 2546, 2537, 2541, 2542, 2540, 2549, - 2550, 2544, 2552, 2551, 2549, 2550, 2553, 2552, 2554, 2555, - 2558, 2556, 2559, 2561, 2553, 2560, 2567, 2559, 2555, 2556, + 2487, 2485, 2490, 2490, 2491, 2491, 2492, 2492, 2494, 2494, + 2496, 2496, 2498, 2497, 2500, 2503, 2504, 2502, 2506, 2505, + 2507, 2509, 2508, 2498, 2508, 2510, 2511, 2506, 2515, 2500, + 2512, 2512, 2516, 2503, 2514, 2514, 2517, 2522, 2504, 2505, + 2507, 2509, 2515, 2510, 2511, 2517, 2518, 2518, 2520, 2521, + 2521, 2523, 2524, 2525, 2516, 2522, 2526, 2520, 2527, 2524, + 2529, 2528, 2530, 2530, 2531, 2531, 2532, 2533, 2525, 2523, + 2535, 2535, 2534, 2538, 2526, 2539, 2527, 2528, 2534, 2529, + 2536, 2536, 2537, 2540, 2541, 2533, 2532, 2542, 2537, 2543, + 2539, 2538, 2542, 2544, 2545, 2546, 2551, 2546, 2541, 2545, - 2560, 2562, 2562, 2563, 2563, 2558, 2565, 2554, 2561, 2564, - 2564, 2566, 2568, 2565, 2567, 2569, 2566, 2570, 2571, 2571, - 2572, 2569, 2570, 2573, 2574, 2574, 2575, 2575, 2573, 2578, - 2568, 2579, 2579, 2580, 2581, 2572, 2580, 2584, 2582, 2581, - 2581, 2583, 2578, 2582, 2585, 2586, 2583, 2587, 2588, 2586, - 2585, 2584, 2587, 2589, 2590, 2591, 2594, 2588, 2592, 2593, - 2595, 2594, 2590, 2597, 2592, 2593, 2598, 2601, 2589, 2605, - 2597, 2598, 2595, 2603, 2599, 2604, 2591, 2599, 2603, 2601, - 2604, 2606, 2607, 2608, 2609, 2609, 2610, 2605, 2613, 2618, - 2614, 2607, 2608, 2615, 2606, 2610, 2614, 2619, 2622, 2615, + 2547, 2547, 2540, 2548, 2554, 2548, 2549, 2549, 2553, 2543, + 2555, 2556, 2558, 2544, 2557, 2551, 2559, 2553, 2562, 2557, + 0, 2563, 2555, 2554, 2563, 2564, 2564, 2565, 2566, 2567, + 2567, 2556, 2558, 2568, 2569, 2559, 2570, 2572, 2562, 2573, + 2570, 2575, 2565, 2573, 2568, 2577, 2566, 2574, 2574, 2569, + 2578, 2579, 2572, 2582, 2575, 2580, 2580, 2583, 2584, 2586, + 2577, 2590, 2584, 2585, 2585, 2582, 2583, 2587, 2587, 2588, + 2578, 2579, 2589, 2591, 2588, 2592, 2599, 2590, 2586, 2593, + 2593, 2589, 2598, 2598, 2601, 2591, 2600, 2600, 2602, 2606, + 2603, 2604, 2605, 2605, 2613, 2592, 2616, 2601, 2599, 2603, - 2620, 2621, 2621, 2623, 2624, 2622, 2613, 2627, 2618, 2625, - 2626, 2626, 2629, 2624, 2631, 2634, 2632, 2619, 2640, 2620, - 2632, 0, 2623, 2640, 2625, 2635, 2627, 2629, 2633, 2633, - 2636, 2635, 2637, 2646, 2631, 2639, 2636, 2642, 2637, 2643, - 2634, 2638, 2638, 2639, 2645, 2647, 2642, 2646, 2645, 2649, - 2649, 2650, 2643, 2651, 2651, 2652, 2652, 2654, 2654, 2655, - 2647, 2656, 2660, 2655, 2658, 2658, 2656, 2661, 2662, 2650, - 2663, 2665, 2661, 2666, 2666, 2663, 2663, 2668, 2668, 2671, - 2662, 2673, 2660, 2669, 2669, 2670, 2675, 2679, 2670, 2676, - 2676, 2665, 2671, 2677, 2677, 2678, 2678, 2680, 2680, 2673, + 2604, 2602, 2608, 2608, 2606, 2611, 2612, 2614, 2613, 2615, + 2611, 2612, 2614, 2617, 2620, 2616, 2618, 2615, 2621, 2623, + 2622, 2627, 2617, 2621, 2618, 2622, 2624, 2624, 2626, 2620, + 2625, 2625, 2629, 2626, 2623, 2628, 2628, 2630, 2631, 2629, + 2627, 2632, 2630, 2633, 0, 2634, 2635, 2635, 2636, 2633, + 2634, 2642, 2637, 2638, 2638, 2644, 2631, 2637, 2644, 2632, + 2639, 2639, 2645, 2636, 2642, 2643, 2643, 2645, 2645, 2646, + 2647, 2648, 2649, 2650, 2646, 2647, 2651, 2650, 2649, 2652, + 2653, 2651, 2654, 2655, 2658, 2648, 2656, 2657, 2652, 2658, + 2654, 2659, 2656, 2657, 2661, 2653, 2663, 2662, 2665, 2663, - 2681, 2682, 2679, 2683, 2684, 2686, 2675, 2685, 2685, 2686, - 2684, 2691, 2692, 2681, 2696, 2690, 2693, 2683, 2694, 2682, - 2690, 2690, 2695, 2697, 2694, 2698, 2698, 2697, 2695, 2703, - 2701, 2706, 2692, 2709, 2691, 2701, 2693, 2703, 2704, 2696, - 2707, 2704, 2710, 2707, 2708, 2708, 2711, 2710, 2712, 2713, - 2709, 2709, 2714, 2714, 2716, 2715, 2706, 2716, 2717, 2718, - 2722, 2720, 2719, 2713, 2711, 2716, 2720, 2720, 2712, 2715, - 2719, 2721, 2717, 2723, 2723, 2728, 2721, 2721, 2718, 2722, - 2724, 2724, 2725, 2725, 2726, 2726, 2727, 2727, 2729, 2730, - 2731, 2728, 2732, 2729, 2733, 2734, 2735, 2732, 2736, 2737, + 2667, 2661, 2662, 2659, 2655, 2667, 2668, 2669, 2670, 2671, + 2665, 2668, 2677, 2672, 2673, 2673, 2682, 2674, 2671, 2683, + 0, 2670, 2672, 2678, 2684, 2669, 2674, 2679, 2687, 2678, + 2677, 2685, 2685, 2679, 2686, 2682, 2688, 2689, 2691, 2683, + 2693, 2686, 2695, 2684, 2698, 2688, 2696, 2687, 2690, 2690, + 2696, 2704, 2689, 2697, 2697, 2693, 2704, 2691, 2699, 2700, + 2701, 2706, 2695, 2703, 2699, 2700, 2701, 2702, 2702, 2698, + 2706, 2703, 2707, 2709, 2710, 2712, 2711, 2710, 2713, 2709, + 2711, 2715, 2715, 2716, 2721, 2707, 2717, 2717, 2721, 2712, + 2718, 2718, 2722, 2713, 2720, 2720, 2726, 2722, 2724, 2724, - 2734, 2739, 2739, 2740, 2740, 2735, 2742, 2741, 2745, 2730, - 2741, 2744, 2744, 2733, 2750, 2745, 2731, 2747, 2736, 2737, - 2746, 2746, 2747, 2750, 2742, 2749, 2749, 2751, 2752, 2754, - 2755, 2755, 2757, 2758, 2756, 2771, 2751, 2752, 2756, 2759, - 2760, 2757, 2761, 2772, 2759, 2759, 2762, 2754, 2758, 2766, - 2762, 2761, 2770, 2760, 2766, 2767, 2767, 2769, 2769, 2774, - 2771, 2772, 2775, 2778, 2779, 2780, 2770, 2783, 2774, 2781, - 2785, 2787, 2788, 2779, 2775, 2781, 2787, 2788, 2790, 2783, - 2789, 2789, 2793, 2793, 2792, 2780, 2793, 2790, 2778, 2792, - 2798, 2785, 2795, 2795, 2796, 2796, 2797, 2797, 2799, 2798, + 2727, 2716, 2728, 2729, 2732, 2727, 2730, 2742, 2729, 2729, + 2733, 2733, 2735, 2735, 2728, 2738, 2726, 2740, 2730, 2736, + 2736, 2746, 2737, 2749, 2732, 2737, 2748, 2742, 2738, 2743, + 2743, 2744, 2744, 2745, 2745, 2740, 2746, 2747, 2747, 2748, + 2750, 2749, 2751, 2752, 2752, 2753, 2756, 2760, 2751, 2753, + 2757, 2759, 2756, 2761, 2750, 2757, 2759, 2759, 2762, 2763, + 2764, 2765, 2775, 2766, 2772, 2763, 2764, 2766, 2767, 2767, + 2760, 2770, 2772, 2761, 2773, 2778, 2770, 2773, 2762, 2776, + 2777, 2777, 2776, 2779, 2780, 2781, 2765, 2775, 2779, 2782, + 2783, 2783, 2778, 2778, 2784, 2785, 2786, 2787, 2785, 2788, - 2800, 2801, 2803, 2807, 2804, 2805, 2801, 2809, 2803, 2804, - 2805, 2806, 2806, 2808, 2811, 2810, 2812, 2813, 2799, 2800, - 2810, 2807, 2812, 2814, 2814, 2808, 2816, 2820, 2809, 2817, - 2816, 2818, 2811, 2821, 2817, 2822, 2818, 2819, 2819, 2824, - 2826, 2826, 2813, 2828, 2829, 2830, 2820, 2832, 2821, 2830, - 2822, 2831, 2833, 2834, 2836, 2836, 2828, 2829, 2838, 2824, - 2831, 2834, 2835, 2832, 2837, 2839, 2841, 2835, 2840, 2840, - 2851, 2833, 2847, 2837, 2844, 2844, 2838, 2845, 2845, 2849, - 2849, 2852, 2853, 2854, 2857, 2841, 2851, 2858, 2854, 2856, - 2856, 2839, 2859, 2847, 2861, 2861, 2863, 2852, 2853, 2862, + 2791, 2810, 2780, 2782, 2810, 2781, 2785, 2788, 2784, 2789, + 2786, 2800, 2790, 2799, 2789, 2789, 2787, 2790, 2790, 2791, + 2792, 2792, 2793, 2793, 2794, 2794, 2795, 2795, 2796, 2796, + 2797, 2798, 2802, 2799, 2801, 2803, 2798, 2800, 2804, 2801, + 2803, 2805, 2806, 2808, 2808, 2811, 2797, 2804, 2809, 2809, + 2814, 2802, 2813, 2813, 2815, 2815, 2823, 2814, 2819, 2816, + 2820, 2805, 2806, 2811, 2816, 2818, 2818, 2819, 2821, 2820, + 2824, 2824, 2825, 2826, 2823, 2827, 2825, 2821, 2828, 2830, + 2829, 2832, 2826, 2831, 2830, 2830, 2842, 2833, 2837, 2828, + 2832, 2833, 2841, 2837, 2827, 2829, 2831, 2838, 2838, 2840, - 2864, 2864, 2867, 2868, 2857, 2870, 2873, 2869, 2877, 2868, - 2858, 2859, 2869, 2862, 2875, 2863, 2871, 2871, 2872, 2872, - 2874, 2874, 2867, 2876, 2878, 2875, 2873, 2870, 2877, 2879, - 2878, 2880, 2876, 2881, 2882, 2882, 2883, 2884, 2884, 2883, - 2874, 2889, 2888, 2880, 2890, 2891, 2891, 2894, 2879, 2892, - 2890, 2893, 2892, 2881, 2888, 2896, 2899, 2893, 2897, 2897, - 2896, 2889, 2898, 2900, 2901, 2894, 2904, 2898, 2905, 2900, - 2902, 2902, 2906, 2909, 2907, 2899, 2908, 2908, 2904, 2910, - 2911, 2901, 2901, 2913, 2913, 2916, 2905, 2907, 2915, 2911, - 2914, 2914, 2909, 2915, 2922, 2910, 2917, 2906, 2921, 2916, + 2840, 2843, 2845, 2845, 2846, 2847, 2841, 2850, 2852, 2851, + 2853, 2842, 2855, 2846, 2857, 2859, 2853, 2847, 2851, 2843, + 2859, 2860, 2861, 2861, 2855, 2862, 2860, 2865, 2852, 2866, + 2872, 2864, 2850, 2873, 2862, 2857, 2864, 2867, 2867, 2872, + 2865, 2867, 2874, 2866, 2869, 2869, 2870, 2870, 2871, 2871, + 2875, 2877, 2881, 2873, 2878, 2875, 2882, 2877, 2879, 2878, + 2883, 2874, 2884, 2879, 2880, 2880, 2885, 2884, 2882, 2886, + 2881, 2887, 2888, 2888, 2890, 2886, 2894, 2891, 2890, 2895, + 2892, 2883, 2891, 2896, 2885, 2892, 2893, 2893, 2898, 2900, + 2900, 2902, 2903, 2904, 2895, 2894, 2887, 2904, 2896, 2906, - 2929, 2917, 2918, 2918, 2919, 2919, 2920, 2920, 2923, 2931, - 2924, 2921, 2926, 2926, 2923, 2924, 2932, 2933, 2937, 2929, - 2922, 2934, 2934, 2936, 2936, 2938, 2939, 2940, 2940, 2941, - 2941, 2931, 2937, 2944, 2943, 2939, 2945, 2946, 2932, 2933, - 2943, 2960, 2946, 2949, 2949, 2938, 2951, 2951, 2953, 2952, - 2954, 2955, 2956, 2944, 2952, 2945, 2954, 2957, 2957, 2958, - 2956, 2960, 2953, 2955, 2958, 2961, 2962, 2963, 2964, 2966, - 2967, 2962, 2968, 2969, 2964, 2972, 2971, 2966, 2973, 2963, - 2974, 2975, 2977, 2978, 2979, 2961, 2975, 2977, 2982, 2967, - 2979, 2972, 2968, 2969, 2971, 2973, 2973, 2980, 2984, 2987, + 2905, 2907, 2908, 2912, 2902, 2903, 2909, 2911, 2898, 2905, + 2908, 2909, 2910, 2910, 2913, 2906, 2911, 2914, 2914, 2915, + 2907, 2912, 2918, 2918, 2919, 2919, 2921, 2923, 2923, 2925, + 2926, 2928, 2927, 2930, 2930, 2931, 2928, 2933, 2915, 2934, + 2913, 2932, 2935, 2933, 2938, 2925, 2926, 2921, 2927, 2939, + 2932, 2937, 2937, 2940, 2940, 2931, 2943, 2944, 2938, 2945, + 2947, 2935, 2934, 2944, 2945, 2948, 2948, 2950, 2939, 2949, + 2949, 2951, 2951, 2952, 2953, 2954, 2943, 2956, 2957, 2955, + 2958, 0, 2947, 2953, 2952, 2955, 2960, 2950, 2959, 2959, + 2957, 2951, 2963, 2963, 2961, 2954, 2956, 2961, 2967, 2962, - 2987, 2974, 2980, 2978, 2983, 2988, 2988, 2983, 2982, 2989, - 2995, 2984, 2994, 2989, 2993, 2993, 0, 2994, 2996, 2996, - 2998, 2998, 2999, 2999, 3005, 2999, 3006, 3000, 3000, 2995, - 3000, 3001, 3001, 3002, 3001, 3004, 3004, 3002, 3009, 3010, - 3006, 3011, 3005, 3012, 3012, 3015, 3011, 3016, 3017, 3019, - 3021, 3018, 3017, 3022, 3016, 3023, 3023, 3030, 3009, 3010, - 3018, 3026, 3022, 3030, 3019, 3024, 3024, 3031, 3021, 3027, - 3015, 3025, 3025, 3028, 3027, 3029, 3026, 3033, 3032, 3034, - 3029, 3029, 3028, 3035, 3034, 3028, 3036, 0, 3035, 3037, - 3037, 3038, 3031, 3032, 3039, 3040, 3040, 3038, 3033, 3042, + 2958, 2960, 2962, 2968, 2973, 2969, 2970, 2970, 2972, 2971, + 2967, 2969, 2971, 2975, 2972, 2976, 2976, 2978, 2975, 2977, + 2979, 2980, 2973, 2968, 2977, 2983, 2979, 2981, 2981, 2984, + 2985, 2986, 2987, 2987, 2988, 2989, 2978, 2983, 2980, 2980, + 2990, 2992, 2992, 2994, 2986, 2993, 2993, 2984, 2994, 2990, + 2995, 2989, 2996, 2988, 3000, 2985, 3001, 2996, 2997, 2997, + 2998, 2998, 2999, 2999, 2995, 3002, 3008, 3000, 3003, 3005, + 3005, 3002, 3010, 3003, 3011, 3012, 3013, 3013, 3015, 3015, + 3016, 3017, 3001, 3019, 3018, 3008, 3020, 3021, 3021, 3022, + 3022, 3025, 0, 3024, 3010, 3020, 3011, 3012, 3018, 3024, - 3039, 3041, 3041, 3043, 3049, 3036, 3046, 3046, 3043, 3048, - 3048, 3052, 3052, 3049, 3042, 3053, 3053, 3054, 3054, 3055, - 3055, 3056, 3056, 3057, 3057, 3058, 3058, 3060, 3061, 3061, - 3062, 3063, 3064, 3068, 3066, 3070, 3060, 3067, 3067, 3062, - 3072, 3069, 3076, 3063, 3071, 3071, 3078, 3070, 3068, 3073, - 3073, 3080, 3064, 3066, 3069, 3072, 3077, 3079, 3079, 3077, - 3076, 3082, 3083, 3084, 3082, 3085, 3086, 3088, 3083, 3080, - 3085, 3087, 3078, 3090, 3094, 3091, 3095, 3084, 3094, 3090, - 3098, 3108, 3113, 3088, 3091, 3086, 3119, 3106, 3117, 3087, - 3106, 3095, 3109, 3109, 3108, 3110, 3110, 3111, 3111, 3114, + 3017, 3026, 3027, 3019, 3030, 3030, 3016, 3027, 3032, 3032, + 3033, 3025, 3034, 3035, 3037, 3033, 3036, 3038, 3038, 3035, + 3026, 3041, 3037, 3043, 3039, 3041, 3034, 3042, 3036, 3039, + 3044, 3045, 3042, 3046, 3047, 3050, 3045, 3051, 3049, 3052, + 3047, 0, 3054, 3043, 3056, 3046, 3049, 3055, 3057, 3062, + 3044, 3058, 3061, 3060, 3050, 3062, 3058, 3051, 3060, 3052, + 3054, 3056, 3056, 3055, 3065, 3063, 3067, 3078, 3066, 3057, + 3063, 3066, 3061, 3070, 3070, 3071, 3071, 3072, 0, 3067, + 3077, 3072, 3076, 3076, 3065, 3077, 3078, 3079, 3079, 3081, + 3081, 3082, 3082, 3085, 3082, 3083, 3083, 3085, 3083, 3084, - 3115, 3116, 3117, 3120, 3115, 3113, 3098, 3121, 3114, 3119, - 3123, 3122, 3121, 3122, 3120, 3124, 3124, 3125, 3126, 3128, - 3127, 3116, 3129, 3131, 3130, 3123, 3133, 3134, 3132, 3135, - 3125, 3133, 3131, 3136, 3135, 3128, 3137, 3126, 3127, 3130, - 3132, 3137, 3141, 3142, 3143, 3143, 3144, 3129, 3134, 3145, - 3145, 3146, 3146, 3136, 3149, 3144, 3141, 3147, 3147, 3148, - 3148, 3150, 3151, 3142, 3152, 3151, 3153, 3154, 3155, 3152, - 3156, 3153, 3157, 3149, 3159, 3158, 3156, 3160, 3160, 3159, - 3161, 3150, 3164, 3155, 3162, 3162, 3157, 3158, 3163, 3163, - 3165, 3168, 3154, 3166, 3166, 3170, 3175, 3164, 3173, 3173, + 3084, 3087, 3084, 3088, 3089, 3089, 3087, 3090, 3091, 3094, + 3095, 3096, 3088, 3097, 3097, 3100, 3096, 3101, 3103, 3102, + 3104, 3106, 3091, 3102, 3101, 3090, 3107, 3103, 3109, 3094, + 3095, 3107, 3108, 3108, 3113, 3104, 3118, 3109, 0, 3106, + 3100, 3110, 3110, 3111, 3111, 3112, 3112, 3114, 3115, 3113, + 3116, 3119, 3114, 3117, 3120, 3116, 3116, 3115, 3121, 3117, + 3115, 3118, 3122, 3121, 3123, 3125, 3119, 3122, 3124, 3124, + 3126, 3125, 3127, 3127, 3129, 3120, 3126, 3128, 3128, 3130, + 3133, 3133, 3136, 3123, 3130, 3135, 3135, 3139, 3139, 3129, + 3147, 3136, 3140, 3140, 3141, 3141, 3142, 3142, 3143, 3143, - 3161, 3174, 3174, 3176, 3175, 3177, 3168, 3179, 3178, 3165, - 3180, 3177, 3181, 3170, 3178, 3182, 3183, 3183, 3185, 3185, - 3182, 3179, 3176, 3180, 3188, 3191, 3189, 3194, 3192, 3195, - 3196, 3181, 3192, 3199, 3195, 3197, 3200, 3198, 3201, 3191, - 3205, 3200, 3207, 3201, 3206, 3188, 3189, 3194, 3197, 3196, - 3198, 3210, 3199, 3202, 3202, 3208, 3208, 3210, 3209, 3215, - 3205, 3207, 3206, 3209, 3211, 3211, 3212, 3213, 3214, 3216, - 3223, 3212, 3213, 3214, 3219, 3216, 3218, 3218, 3215, 3219, - 3220, 3220, 3222, 3224, 3225, 3226, 3222, 3227, 3228, 3223, - 3224, 3236, 3229, 3227, 3231, 3231, 3233, 3233, 3237, 3234, + 3144, 3144, 3145, 3145, 3146, 3146, 3149, 3150, 3150, 3151, + 3152, 3153, 3157, 3155, 3159, 3149, 3147, 3158, 3151, 3156, + 3156, 3163, 3152, 3160, 3160, 3167, 3159, 3157, 3161, 3161, + 3158, 3153, 3155, 3164, 3164, 3168, 3163, 3169, 3168, 3170, + 3170, 3171, 3173, 3167, 3174, 3173, 3175, 3176, 3177, 3179, + 3174, 3178, 3176, 3182, 3185, 3181, 3186, 3189, 3185, 3171, + 3175, 3181, 3182, 3169, 3201, 3179, 3206, 3177, 3198, 3178, + 3208, 3186, 3199, 3198, 3208, 3199, 3209, 3201, 3202, 3202, + 3203, 3203, 3207, 3189, 3204, 3204, 3211, 3213, 3214, 3206, + 3215, 3207, 3216, 3217, 3216, 3215, 3209, 3218, 3218, 3214, - 3238, 3235, 3243, 3225, 3226, 3229, 3235, 3228, 3234, 3241, - 3236, 3234, 3245, 3238, 3239, 3239, 3240, 3237, 3244, 3244, - 3250, 3240, 3241, 3246, 3246, 3247, 3247, 3248, 3243, 3249, - 3252, 3245, 3248, 3251, 3251, 3252, 3249, 3255, 3253, 3250, - 3253, 3254, 3254, 3256, 3255, 3257, 3258, 3259, 3261, 3261, - 3256, 3258, 3262, 3264, 3265, 3266, 3267, 3271, 3264, 3265, - 3268, 3268, 3270, 3270, 3257, 3272, 3259, 3273, 3273, 3274, - 3274, 3262, 3275, 3285, 3266, 3267, 3271, 3277, 3277, 3275, - 3278, 3278, 3279, 3281, 3272, 3284, 3286, 0, 3281, 3279, - 3284, 0, 3285, 3287, 3287, 3288, 3288, 0, 0, 0, + 3211, 3219, 3220, 3222, 3221, 3223, 3225, 3227, 3217, 3224, + 3213, 3226, 3227, 3228, 3219, 3225, 3230, 3230, 3231, 3222, + 3229, 3220, 3221, 3226, 3224, 3229, 3232, 3236, 3237, 3245, + 3223, 3232, 3238, 3238, 3228, 3239, 3240, 3240, 3231, 3241, + 3241, 3236, 3242, 3242, 3239, 3243, 3243, 3244, 3237, 3245, + 3246, 3247, 3248, 3246, 3249, 3250, 3247, 3248, 3251, 3252, + 3253, 3256, 3254, 3260, 3251, 3261, 3244, 3254, 3255, 3255, + 3250, 3264, 3253, 3252, 3257, 3257, 3259, 3259, 3260, 3249, + 3266, 3256, 3262, 3262, 3261, 3271, 3264, 3269, 3269, 3270, + 3270, 3272, 3275, 3271, 3273, 3274, 3276, 3277, 3266, 3278, - 0, 0, 0, 0, 0, 3286, 3292, 3292, 3292, 3292, - 3292, 3292, 3292, 3293, 3293, 3293, 3293, 3293, 3293, 3293, - 3294, 3294, 3294, 3294, 3294, 3294, 3294, 3295, 3295, 3295, - 3295, 3295, 3295, 3295, 3296, 3296, 3296, 3296, 3296, 3296, - 3296, 3297, 3297, 3297, 3297, 3297, 3297, 3297, 3298, 3298, - 3298, 3298, 3298, 3298, 3298, 3300, 3300, 0, 3300, 3300, - 3300, 3300, 3301, 3301, 0, 0, 0, 3301, 3301, 3302, - 3302, 0, 0, 3302, 0, 3302, 3303, 0, 0, 0, - 0, 0, 3303, 3304, 3304, 0, 0, 0, 3304, 3304, - 3305, 0, 0, 0, 0, 0, 3305, 3306, 3306, 0, + 3273, 3274, 3279, 3279, 3278, 3284, 3275, 3281, 3281, 3276, + 3272, 3285, 3290, 3287, 3288, 3291, 3277, 3292, 3288, 3295, + 3291, 3293, 3294, 3296, 3297, 3301, 3284, 3287, 3296, 3297, + 3302, 3285, 3290, 3303, 3293, 3294, 3292, 3306, 3295, 3298, + 3298, 3304, 3304, 3306, 3305, 3301, 3307, 3307, 3302, 3305, + 3308, 3309, 3303, 3310, 3311, 3308, 3309, 3312, 3310, 3314, + 3314, 3315, 3319, 3312, 3316, 3316, 3315, 3318, 3320, 3321, + 3322, 3318, 3323, 3311, 3324, 3320, 3332, 3325, 3323, 3327, + 3327, 3319, 3329, 3329, 3333, 3330, 3331, 3334, 3321, 3322, + 3325, 3331, 3337, 3324, 3330, 3332, 3336, 3330, 3335, 3335, - 3306, 3306, 3306, 3306, 3307, 0, 0, 0, 0, 0, - 3307, 3308, 3308, 0, 0, 0, 3308, 3308, 3309, 3309, - 0, 3309, 3309, 3309, 3309, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, 3291, - 3291, 3291, 3291, 3291, 3291, 3291 + 3334, 3336, 3339, 3333, 3341, 3337, 3340, 3340, 3342, 3342, + 3343, 3343, 3344, 3345, 3346, 3347, 3347, 3344, 0, 3348, + 3345, 3350, 3350, 3341, 3348, 3349, 3353, 3349, 3339, 3351, + 3352, 3355, 3358, 3346, 3354, 3362, 3351, 3352, 3360, 3354, + 3357, 3357, 3361, 3360, 3363, 3353, 3367, 3361, 3364, 3364, + 3355, 3358, 3366, 3366, 3362, 3368, 3369, 3369, 3370, 3370, + 3371, 3373, 3373, 3363, 3375, 3367, 3381, 3371, 3374, 3374, + 3377, 3375, 3380, 3382, 3368, 3377, 0, 3380, 3383, 3383, + 3384, 3384, 0, 0, 0, 3381, 0, 0, 0, 0, + 0, 0, 3382, 3388, 3388, 3388, 3388, 3388, 3388, 3388, + + 3389, 3389, 3389, 3389, 3389, 3389, 3389, 3390, 3390, 3390, + 3390, 3390, 3390, 3390, 3391, 3391, 3391, 3391, 3391, 3391, + 3391, 3392, 3392, 3392, 3392, 3392, 3392, 3392, 3393, 3393, + 3393, 3393, 3393, 3393, 3393, 3394, 3394, 3394, 3394, 3394, + 3394, 3394, 3396, 3396, 0, 3396, 3396, 3396, 3396, 3397, + 3397, 0, 0, 0, 3397, 3397, 3398, 3398, 0, 0, + 3398, 0, 3398, 3399, 0, 0, 0, 0, 0, 3399, + 3400, 3400, 0, 0, 0, 3400, 3400, 3401, 0, 0, + 0, 0, 0, 3401, 3402, 3402, 0, 3402, 3402, 3402, + 3402, 3403, 0, 0, 0, 0, 0, 3403, 3404, 3404, + + 0, 0, 0, 3404, 3404, 3405, 3405, 0, 3405, 3405, + 3405, 3405, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, 3387, + 3387, 3387, 3387 } ; static yy_state_type yy_last_accepting_state; @@ -3139,7 +3212,7 @@ static void config_end_include(void) } #endif -#line 3140 "" +#line 3213 "" #define YY_NO_INPUT 1 #line 191 "./util/configlexer.lex" #ifndef YY_NO_UNPUT @@ -3148,9 +3221,9 @@ static void config_end_include(void) #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 3149 "" +#line 3222 "" -#line 3151 "" +#line 3224 "" #define INITIAL 0 #define quotedstring 1 @@ -3374,7 +3447,7 @@ YY_DECL { #line 211 "./util/configlexer.lex" -#line 3375 "" +#line 3448 "" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -3407,13 +3480,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3292 ) + if ( yy_current_state >= 3388 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 6426 ); + while ( yy_base[yy_current_state] != 6613 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -4343,689 +4416,729 @@ YY_RULE_SETUP case 181: YY_RULE_SETUP #line 395 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } YY_BREAK case 182: YY_RULE_SETUP #line 396 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 183: YY_RULE_SETUP #line 397 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 184: YY_RULE_SETUP #line 398 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 185: YY_RULE_SETUP #line 399 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 186: YY_RULE_SETUP #line 400 "./util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 187: YY_RULE_SETUP #line 401 "./util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 188: YY_RULE_SETUP -#line 403 "./util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +#line 402 "./util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 189: YY_RULE_SETUP #line 404 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +{ YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } YY_BREAK case 190: YY_RULE_SETUP #line 405 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +{ YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } YY_BREAK case 191: YY_RULE_SETUP #line 406 "./util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 192: YY_RULE_SETUP #line 407 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 193: YY_RULE_SETUP #line 408 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 194: YY_RULE_SETUP #line 409 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 195: YY_RULE_SETUP #line 410 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 196: YY_RULE_SETUP #line 411 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 197: YY_RULE_SETUP #line 412 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 198: YY_RULE_SETUP #line 413 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 199: YY_RULE_SETUP #line 414 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_SERVFAIL) } +{ YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 200: YY_RULE_SETUP #line 415 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK case 201: YY_RULE_SETUP #line 416 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK case 202: YY_RULE_SETUP #line 417 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +{ YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK case 203: YY_RULE_SETUP #line 418 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 204: YY_RULE_SETUP #line 419 "./util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 205: YY_RULE_SETUP #line 420 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 206: YY_RULE_SETUP #line 421 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 207: YY_RULE_SETUP #line 422 "./util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 208: YY_RULE_SETUP #line 423 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 209: YY_RULE_SETUP #line 424 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 210: YY_RULE_SETUP #line 425 "./util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 211: YY_RULE_SETUP #line 426 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +{ YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 212: YY_RULE_SETUP #line 427 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +{ YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 213: YY_RULE_SETUP #line 428 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 214: YY_RULE_SETUP #line 429 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 215: YY_RULE_SETUP #line 430 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 216: YY_RULE_SETUP #line 431 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 217: YY_RULE_SETUP #line 432 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 218: YY_RULE_SETUP #line 433 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 219: YY_RULE_SETUP #line 434 "./util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 220: YY_RULE_SETUP #line 435 "./util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 221: YY_RULE_SETUP #line 436 "./util/configlexer.lex" -{ YDVAR(1, VAR_DYNLIB_FILE) } +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 222: YY_RULE_SETUP #line 437 "./util/configlexer.lex" -{ YDVAR(0, VAR_DYNLIB) } +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 223: YY_RULE_SETUP #line 438 "./util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 224: YY_RULE_SETUP #line 439 "./util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +{ YDVAR(1, VAR_DYNLIB_FILE) } YY_BREAK case 225: YY_RULE_SETUP #line 440 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +{ YDVAR(0, VAR_DYNLIB) } YY_BREAK case 226: YY_RULE_SETUP #line 441 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 227: YY_RULE_SETUP #line 442 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 228: YY_RULE_SETUP #line 443 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 229: YY_RULE_SETUP #line 444 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK case 230: YY_RULE_SETUP #line 445 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 231: YY_RULE_SETUP #line 446 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 232: YY_RULE_SETUP #line 447 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 233: YY_RULE_SETUP #line 448 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK case 234: YY_RULE_SETUP #line 449 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 235: YY_RULE_SETUP #line 450 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 236: YY_RULE_SETUP #line 451 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 237: YY_RULE_SETUP #line 452 "./util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 238: YY_RULE_SETUP #line 453 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 239: YY_RULE_SETUP #line 454 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 240: YY_RULE_SETUP #line 455 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 241: YY_RULE_SETUP #line 456 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +{ YDVAR(0, VAR_DNSTAP) } YY_BREAK case 242: YY_RULE_SETUP #line 457 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IP) } +{ YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 243: YY_RULE_SETUP #line 458 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS) } +{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } YY_BREAK case 244: YY_RULE_SETUP #line 459 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK case 245: YY_RULE_SETUP #line 460 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } +{ YDVAR(1, VAR_DNSTAP_IP) } YY_BREAK case 246: YY_RULE_SETUP #line 461 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } +{ YDVAR(1, VAR_DNSTAP_TLS) } YY_BREAK case 247: YY_RULE_SETUP -#line 463 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } +#line 462 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } YY_BREAK case 248: YY_RULE_SETUP -#line 465 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +#line 463 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } YY_BREAK case 249: YY_RULE_SETUP -#line 466 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +#line 464 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } YY_BREAK case 250: YY_RULE_SETUP -#line 467 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +#line 466 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } YY_BREAK case 251: YY_RULE_SETUP #line 468 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK case 252: YY_RULE_SETUP #line 469 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK case 253: YY_RULE_SETUP -#line 471 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } +#line 470 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK case 254: YY_RULE_SETUP -#line 473 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } +#line 471 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK case 255: YY_RULE_SETUP -#line 475 "./util/configlexer.lex" +#line 472 "./util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK case 256: YY_RULE_SETUP -#line 477 "./util/configlexer.lex" +#line 474 "./util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK case 257: YY_RULE_SETUP -#line 479 "./util/configlexer.lex" +#line 476 "./util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK case 258: YY_RULE_SETUP -#line 481 "./util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } +#line 478 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK case 259: YY_RULE_SETUP -#line 482 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } +#line 480 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK case 260: YY_RULE_SETUP -#line 483 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +#line 482 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK case 261: YY_RULE_SETUP #line 484 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 262: YY_RULE_SETUP #line 485 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +{ YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 263: YY_RULE_SETUP #line 486 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } +{ YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 264: YY_RULE_SETUP #line 487 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 265: YY_RULE_SETUP #line 488 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +{ YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 266: YY_RULE_SETUP #line 489 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 267: YY_RULE_SETUP #line 490 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } +{ YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 268: YY_RULE_SETUP #line 491 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 269: YY_RULE_SETUP #line 492 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 270: YY_RULE_SETUP #line 493 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } +{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 271: YY_RULE_SETUP #line 494 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 272: YY_RULE_SETUP #line 495 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 273: YY_RULE_SETUP #line 496 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 274: YY_RULE_SETUP #line 497 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 275: YY_RULE_SETUP #line 498 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 276: YY_RULE_SETUP #line 499 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 277: YY_RULE_SETUP #line 500 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 278: YY_RULE_SETUP #line 501 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } +{ YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 279: YY_RULE_SETUP #line 502 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 280: YY_RULE_SETUP #line 503 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +{ YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 281: YY_RULE_SETUP #line 504 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 282: YY_RULE_SETUP #line 505 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +{ YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 283: YY_RULE_SETUP #line 506 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 284: YY_RULE_SETUP #line 507 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 285: YY_RULE_SETUP -#line 509 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } +#line 508 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 286: YY_RULE_SETUP -#line 511 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } +#line 509 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 287: YY_RULE_SETUP -#line 512 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +#line 510 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 288: YY_RULE_SETUP -#line 513 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } +#line 512 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 289: YY_RULE_SETUP #line 514 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 290: YY_RULE_SETUP #line 515 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 291: YY_RULE_SETUP #line 516 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } +{ YDVAR(1, VAR_PAD_RESPONSES) } YY_BREAK case 292: YY_RULE_SETUP #line 517 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } YY_BREAK case 293: YY_RULE_SETUP #line 518 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +{ YDVAR(1, VAR_PAD_QUERIES) } YY_BREAK case 294: YY_RULE_SETUP #line 519 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } +{ YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } YY_BREAK case 295: YY_RULE_SETUP #line 520 "./util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } +{ YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 296: YY_RULE_SETUP #line 521 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } +{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 297: YY_RULE_SETUP #line 522 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } +{ YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 298: YY_RULE_SETUP #line 523 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } +{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK case 299: YY_RULE_SETUP #line 524 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 300: YY_RULE_SETUP #line 525 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 301: YY_RULE_SETUP #line 526 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } +{ YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK case 302: YY_RULE_SETUP #line 527 "./util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } +{ YDVAR(0, VAR_CACHEDB) } YY_BREAK case 303: YY_RULE_SETUP #line 528 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } +{ YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK case 304: YY_RULE_SETUP #line 529 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } +{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK case 305: YY_RULE_SETUP #line 530 "./util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } +{ YDVAR(1, VAR_CACHEDB_REDISHOST) } YY_BREAK case 306: YY_RULE_SETUP #line 531 "./util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +{ YDVAR(1, VAR_CACHEDB_REDISPORT) } YY_BREAK case 307: YY_RULE_SETUP #line 532 "./util/configlexer.lex" -{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } +{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } YY_BREAK case 308: YY_RULE_SETUP #line 533 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } YY_BREAK case 309: -/* rule 309 can match eol */ YY_RULE_SETUP #line 534 "./util/configlexer.lex" +{ YDVAR(0, VAR_IPSET) } + YY_BREAK +case 310: +YY_RULE_SETUP +#line 535 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V4) } + YY_BREAK +case 311: +YY_RULE_SETUP +#line 536 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V6) } + YY_BREAK +case 312: +YY_RULE_SETUP +#line 537 "./util/configlexer.lex" +{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } + YY_BREAK +case 313: +YY_RULE_SETUP +#line 538 "./util/configlexer.lex" +{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } + YY_BREAK +case 314: +YY_RULE_SETUP +#line 539 "./util/configlexer.lex" +{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } + YY_BREAK +case 315: +YY_RULE_SETUP +#line 540 "./util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } + YY_BREAK +case 316: +YY_RULE_SETUP +#line 541 "./util/configlexer.lex" +{ YDVAR(1, VAR_NSID ) } + YY_BREAK +case 317: +/* rule 317 can match eol */ +YY_RULE_SETUP +#line 542 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 310: +case 318: YY_RULE_SETUP -#line 537 "./util/configlexer.lex" +#line 545 "./util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 538 "./util/configlexer.lex" +#line 546 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 311: +case 319: YY_RULE_SETUP -#line 543 "./util/configlexer.lex" +#line 551 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 312: -/* rule 312 can match eol */ +case 320: +/* rule 320 can match eol */ YY_RULE_SETUP -#line 544 "./util/configlexer.lex" +#line 552 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 313: +case 321: YY_RULE_SETUP -#line 546 "./util/configlexer.lex" +#line 554 "./util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5038,34 +5151,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 314: +case 322: YY_RULE_SETUP -#line 558 "./util/configlexer.lex" +#line 566 "./util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 559 "./util/configlexer.lex" +#line 567 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 315: +case 323: YY_RULE_SETUP -#line 564 "./util/configlexer.lex" +#line 572 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 316: -/* rule 316 can match eol */ +case 324: +/* rule 324 can match eol */ YY_RULE_SETUP -#line 565 "./util/configlexer.lex" +#line 573 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 317: +case 325: YY_RULE_SETUP -#line 567 "./util/configlexer.lex" +#line 575 "./util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -5078,38 +5191,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 318: +case 326: YY_RULE_SETUP -#line 579 "./util/configlexer.lex" +#line 587 "./util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 581 "./util/configlexer.lex" +#line 589 "./util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 319: +case 327: YY_RULE_SETUP -#line 585 "./util/configlexer.lex" +#line 593 "./util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 320: -/* rule 320 can match eol */ +case 328: +/* rule 328 can match eol */ YY_RULE_SETUP -#line 586 "./util/configlexer.lex" +#line 594 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 321: +case 329: YY_RULE_SETUP -#line 587 "./util/configlexer.lex" +#line 595 "./util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 322: +case 330: YY_RULE_SETUP -#line 588 "./util/configlexer.lex" +#line 596 "./util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 0); @@ -5117,27 +5230,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 593 "./util/configlexer.lex" +#line 601 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 323: +case 331: YY_RULE_SETUP -#line 597 "./util/configlexer.lex" +#line 605 "./util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 324: -/* rule 324 can match eol */ +case 332: +/* rule 332 can match eol */ YY_RULE_SETUP -#line 598 "./util/configlexer.lex" +#line 606 "./util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 325: +case 333: YY_RULE_SETUP -#line 600 "./util/configlexer.lex" +#line 608 "./util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -5147,7 +5260,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 606 "./util/configlexer.lex" +#line 614 "./util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -5162,39 +5275,39 @@ case YY_STATE_EOF(val): } YY_BREAK /* include-toplevel: directive */ -case 326: +case 334: YY_RULE_SETUP -#line 620 "./util/configlexer.lex" +#line 628 "./util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); } YY_BREAK case YY_STATE_EOF(include_toplevel): -#line 623 "./util/configlexer.lex" +#line 631 "./util/configlexer.lex" { yyerror("EOF inside include_toplevel directive"); BEGIN(inc_prev); } YY_BREAK -case 327: +case 335: YY_RULE_SETUP -#line 627 "./util/configlexer.lex" +#line 635 "./util/configlexer.lex" { LEXOUT(("ITSP ")); /* ignore */ } YY_BREAK -case 328: -/* rule 328 can match eol */ +case 336: +/* rule 336 can match eol */ YY_RULE_SETUP -#line 628 "./util/configlexer.lex" +#line 636 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK -case 329: +case 337: YY_RULE_SETUP -#line 629 "./util/configlexer.lex" +#line 637 "./util/configlexer.lex" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } YY_BREAK -case 330: +case 338: YY_RULE_SETUP -#line 630 "./util/configlexer.lex" +#line 638 "./util/configlexer.lex" { LEXOUT(("ITunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 1); @@ -5203,29 +5316,29 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_toplevel_quoted): -#line 636 "./util/configlexer.lex" +#line 644 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 331: +case 339: YY_RULE_SETUP -#line 640 "./util/configlexer.lex" +#line 648 "./util/configlexer.lex" { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } YY_BREAK -case 332: -/* rule 332 can match eol */ +case 340: +/* rule 340 can match eol */ YY_RULE_SETUP -#line 641 "./util/configlexer.lex" +#line 649 "./util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 333: +case 341: YY_RULE_SETUP -#line 645 "./util/configlexer.lex" +#line 653 "./util/configlexer.lex" { LEXOUT(("ITQE ")); yytext[yyleng - 1] = '\0'; @@ -5234,33 +5347,33 @@ YY_RULE_SETUP return (VAR_FORCE_TOPLEVEL); } YY_BREAK -case 334: +case 342: YY_RULE_SETUP -#line 653 "./util/configlexer.lex" +#line 661 "./util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 335: +case 343: YY_RULE_SETUP -#line 657 "./util/configlexer.lex" +#line 665 "./util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 336: +case 344: YY_RULE_SETUP -#line 661 "./util/configlexer.lex" +#line 669 "./util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 337: +case 345: YY_RULE_SETUP -#line 665 "./util/configlexer.lex" +#line 673 "./util/configlexer.lex" ECHO; YY_BREAK -#line 5261 "" +#line 5374 "" case YY_END_OF_BUFFER: { @@ -5555,7 +5668,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3292 ) + if ( yy_current_state >= 3388 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -5583,11 +5696,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3292 ) + if ( yy_current_state >= 3388 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 3291); + yy_is_jam = (yy_current_state == 3387); return yy_is_jam ? 0 : yy_current_state; } @@ -6226,6 +6339,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 665 "./util/configlexer.lex" +#line 673 "./util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index 55c584a76..b52ddf81e 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -392,6 +392,7 @@ serve-expired-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL) } serve-expired-ttl-reset{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } serve-expired-reply-ttl{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } serve-expired-client-timeout{COLON} { YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } +serve-original-ttl{COLON} { YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } fake-sha1{COLON} { YDVAR(1, VAR_FAKE_SHA1) } val-log-level{COLON} { YDVAR(1, VAR_VAL_LOG_LEVEL) } @@ -400,6 +401,8 @@ key-cache-slabs{COLON} { YDVAR(1, VAR_KEY_CACHE_SLABS) } neg-cache-size{COLON} { YDVAR(1, VAR_NEG_CACHE_SIZE) } val-nsec3-keysize-iterations{COLON} { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +zonemd-permissive-mode{COLON} { YDVAR(1, VAR_ZONEMD_PERMISSIVE_MODE) } +zonemd-reject-absence{COLON} { YDVAR(1, VAR_ZONEMD_REJECT_ABSENCE) } add-holddown{COLON} { YDVAR(1, VAR_ADD_HOLDDOWN) } del-holddown{COLON} { YDVAR(1, VAR_DEL_HOLDDOWN) } keep-missing{COLON} { YDVAR(1, VAR_KEEP_MISSING) } @@ -510,6 +513,10 @@ dnscrypt-shared-secret-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } dnscrypt-nonce-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } dnscrypt-nonce-cache-slabs{COLON} { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +pad-responses{COLON} { YDVAR(1, VAR_PAD_RESPONSES) } +pad-responses-block-size{COLON} { YDVAR(1, VAR_PAD_RESPONSES_BLOCK_SIZE) } +pad-queries{COLON} { YDVAR(1, VAR_PAD_QUERIES) } +pad-queries-block-size{COLON} { YDVAR(1, VAR_PAD_QUERIES_BLOCK_SIZE) } ipsecmod-enabled{COLON} { YDVAR(1, VAR_IPSECMOD_ENABLED) } ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } @@ -531,6 +538,7 @@ udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNS tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +nsid{COLON} { YDVAR(1, VAR_NSID ) } {NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ diff --git a/util/configparser.c b/util/configparser.c index c8ea478ea..4da644d3a 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.4.1. */ +/* A Bison parser, made by GNU Bison 3.6.4. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation, + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -34,6 +34,10 @@ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. @@ -41,14 +45,11 @@ define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ -/* Undocumented macros, especially those whose name start with YY_, - are private implementation details. Do not rely on them. */ - /* Identify Bison output. */ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.4.1" +#define YYBISON_VERSION "3.6.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -95,8 +96,17 @@ extern struct config_parser_state* cfg_parser; #endif -#line 99 "util/configparser.c" +#line 100 "util/configparser.c" +# ifndef YY_CAST +# ifdef __cplusplus +# define YY_CAST(Type, Val) static_cast (Val) +# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) +# else +# define YY_CAST(Type, Val) ((Type) (Val)) +# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) +# endif +# endif # ifndef YY_NULLPTR # if defined __cplusplus # if 201103L <= __cplusplus @@ -109,14 +119,6 @@ extern struct config_parser_state* cfg_parser; # endif # endif -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 0 -#endif - /* Use api.header.include to #include this header instead of duplicating it here. */ #ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED @@ -129,314 +131,330 @@ extern struct config_parser_state* cfg_parser; extern int yydebug; #endif -/* Token type. */ +/* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE enum yytokentype { - SPACE = 258, - LETTER = 259, - NEWLINE = 260, - COMMENT = 261, - COLON = 262, - ANY = 263, - ZONESTR = 264, - STRING_ARG = 265, - VAR_FORCE_TOPLEVEL = 266, - VAR_SERVER = 267, - VAR_VERBOSITY = 268, - VAR_NUM_THREADS = 269, - VAR_PORT = 270, - VAR_OUTGOING_RANGE = 271, - VAR_INTERFACE = 272, - VAR_PREFER_IP4 = 273, - VAR_DO_IP4 = 274, - VAR_DO_IP6 = 275, - VAR_PREFER_IP6 = 276, - VAR_DO_UDP = 277, - VAR_DO_TCP = 278, - VAR_TCP_MSS = 279, - VAR_OUTGOING_TCP_MSS = 280, - VAR_TCP_IDLE_TIMEOUT = 281, - VAR_EDNS_TCP_KEEPALIVE = 282, - VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, - VAR_CHROOT = 284, - VAR_USERNAME = 285, - VAR_DIRECTORY = 286, - VAR_LOGFILE = 287, - VAR_PIDFILE = 288, - VAR_MSG_CACHE_SIZE = 289, - VAR_MSG_CACHE_SLABS = 290, - VAR_NUM_QUERIES_PER_THREAD = 291, - VAR_RRSET_CACHE_SIZE = 292, - VAR_RRSET_CACHE_SLABS = 293, - VAR_OUTGOING_NUM_TCP = 294, - VAR_INFRA_HOST_TTL = 295, - VAR_INFRA_LAME_TTL = 296, - VAR_INFRA_CACHE_SLABS = 297, - VAR_INFRA_CACHE_NUMHOSTS = 298, - VAR_INFRA_CACHE_LAME_SIZE = 299, - VAR_NAME = 300, - VAR_STUB_ZONE = 301, - VAR_STUB_HOST = 302, - VAR_STUB_ADDR = 303, - VAR_TARGET_FETCH_POLICY = 304, - VAR_HARDEN_SHORT_BUFSIZE = 305, - VAR_HARDEN_LARGE_QUERIES = 306, - VAR_FORWARD_ZONE = 307, - VAR_FORWARD_HOST = 308, - VAR_FORWARD_ADDR = 309, - VAR_DO_NOT_QUERY_ADDRESS = 310, - VAR_HIDE_IDENTITY = 311, - VAR_HIDE_VERSION = 312, - VAR_IDENTITY = 313, - VAR_VERSION = 314, - VAR_HARDEN_GLUE = 315, - VAR_MODULE_CONF = 316, - VAR_TRUST_ANCHOR_FILE = 317, - VAR_TRUST_ANCHOR = 318, - VAR_VAL_OVERRIDE_DATE = 319, - VAR_BOGUS_TTL = 320, - VAR_VAL_CLEAN_ADDITIONAL = 321, - VAR_VAL_PERMISSIVE_MODE = 322, - VAR_INCOMING_NUM_TCP = 323, - VAR_MSG_BUFFER_SIZE = 324, - VAR_KEY_CACHE_SIZE = 325, - VAR_KEY_CACHE_SLABS = 326, - VAR_TRUSTED_KEYS_FILE = 327, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, - VAR_USE_SYSLOG = 329, - VAR_OUTGOING_INTERFACE = 330, - VAR_ROOT_HINTS = 331, - VAR_DO_NOT_QUERY_LOCALHOST = 332, - VAR_CACHE_MAX_TTL = 333, - VAR_HARDEN_DNSSEC_STRIPPED = 334, - VAR_ACCESS_CONTROL = 335, - VAR_LOCAL_ZONE = 336, - VAR_LOCAL_DATA = 337, - VAR_INTERFACE_AUTOMATIC = 338, - VAR_STATISTICS_INTERVAL = 339, - VAR_DO_DAEMONIZE = 340, - VAR_USE_CAPS_FOR_ID = 341, - VAR_STATISTICS_CUMULATIVE = 342, - VAR_OUTGOING_PORT_PERMIT = 343, - VAR_OUTGOING_PORT_AVOID = 344, - VAR_DLV_ANCHOR_FILE = 345, - VAR_DLV_ANCHOR = 346, - VAR_NEG_CACHE_SIZE = 347, - VAR_HARDEN_REFERRAL_PATH = 348, - VAR_PRIVATE_ADDRESS = 349, - VAR_PRIVATE_DOMAIN = 350, - VAR_REMOTE_CONTROL = 351, - VAR_CONTROL_ENABLE = 352, - VAR_CONTROL_INTERFACE = 353, - VAR_CONTROL_PORT = 354, - VAR_SERVER_KEY_FILE = 355, - VAR_SERVER_CERT_FILE = 356, - VAR_CONTROL_KEY_FILE = 357, - VAR_CONTROL_CERT_FILE = 358, - VAR_CONTROL_USE_CERT = 359, - VAR_EXTENDED_STATISTICS = 360, - VAR_LOCAL_DATA_PTR = 361, - VAR_JOSTLE_TIMEOUT = 362, - VAR_STUB_PRIME = 363, - VAR_UNWANTED_REPLY_THRESHOLD = 364, - VAR_LOG_TIME_ASCII = 365, - VAR_DOMAIN_INSECURE = 366, - VAR_PYTHON = 367, - VAR_PYTHON_SCRIPT = 368, - VAR_VAL_SIG_SKEW_MIN = 369, - VAR_VAL_SIG_SKEW_MAX = 370, - VAR_CACHE_MIN_TTL = 371, - VAR_VAL_LOG_LEVEL = 372, - VAR_AUTO_TRUST_ANCHOR_FILE = 373, - VAR_KEEP_MISSING = 374, - VAR_ADD_HOLDDOWN = 375, - VAR_DEL_HOLDDOWN = 376, - VAR_SO_RCVBUF = 377, - VAR_EDNS_BUFFER_SIZE = 378, - VAR_PREFETCH = 379, - VAR_PREFETCH_KEY = 380, - VAR_SO_SNDBUF = 381, - VAR_SO_REUSEPORT = 382, - VAR_HARDEN_BELOW_NXDOMAIN = 383, - VAR_IGNORE_CD_FLAG = 384, - VAR_LOG_QUERIES = 385, - VAR_LOG_REPLIES = 386, - VAR_LOG_LOCAL_ACTIONS = 387, - VAR_TCP_UPSTREAM = 388, - VAR_SSL_UPSTREAM = 389, - VAR_SSL_SERVICE_KEY = 390, - VAR_SSL_SERVICE_PEM = 391, - VAR_SSL_PORT = 392, - VAR_FORWARD_FIRST = 393, - VAR_STUB_SSL_UPSTREAM = 394, - VAR_FORWARD_SSL_UPSTREAM = 395, - VAR_TLS_CERT_BUNDLE = 396, - VAR_HTTPS_PORT = 397, - VAR_HTTP_ENDPOINT = 398, - VAR_HTTP_MAX_STREAMS = 399, - VAR_HTTP_QUERY_BUFFER_SIZE = 400, - VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, - VAR_HTTP_NODELAY = 402, - VAR_HTTP_NOTLS_DOWNSTREAM = 403, - VAR_STUB_FIRST = 404, - VAR_MINIMAL_RESPONSES = 405, - VAR_RRSET_ROUNDROBIN = 406, - VAR_MAX_UDP_SIZE = 407, - VAR_DELAY_CLOSE = 408, - VAR_UDP_CONNECT = 409, - VAR_UNBLOCK_LAN_ZONES = 410, - VAR_INSECURE_LAN_ZONES = 411, - VAR_INFRA_CACHE_MIN_RTT = 412, - VAR_INFRA_KEEP_PROBING = 413, - VAR_DNS64_PREFIX = 414, - VAR_DNS64_SYNTHALL = 415, - VAR_DNS64_IGNORE_AAAA = 416, - VAR_DNSTAP = 417, - VAR_DNSTAP_ENABLE = 418, - VAR_DNSTAP_SOCKET_PATH = 419, - VAR_DNSTAP_IP = 420, - VAR_DNSTAP_TLS = 421, - VAR_DNSTAP_TLS_SERVER_NAME = 422, - VAR_DNSTAP_TLS_CERT_BUNDLE = 423, - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, - VAR_DNSTAP_SEND_IDENTITY = 426, - VAR_DNSTAP_SEND_VERSION = 427, - VAR_DNSTAP_BIDIRECTIONAL = 428, - VAR_DNSTAP_IDENTITY = 429, - VAR_DNSTAP_VERSION = 430, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, - VAR_RESPONSE_IP_TAG = 437, - VAR_RESPONSE_IP = 438, - VAR_RESPONSE_IP_DATA = 439, - VAR_HARDEN_ALGO_DOWNGRADE = 440, - VAR_IP_TRANSPARENT = 441, - VAR_IP_DSCP = 442, - VAR_DISABLE_DNSSEC_LAME_CHECK = 443, - VAR_IP_RATELIMIT = 444, - VAR_IP_RATELIMIT_SLABS = 445, - VAR_IP_RATELIMIT_SIZE = 446, - VAR_RATELIMIT = 447, - VAR_RATELIMIT_SLABS = 448, - VAR_RATELIMIT_SIZE = 449, - VAR_RATELIMIT_FOR_DOMAIN = 450, - VAR_RATELIMIT_BELOW_DOMAIN = 451, - VAR_IP_RATELIMIT_FACTOR = 452, - VAR_RATELIMIT_FACTOR = 453, - VAR_SEND_CLIENT_SUBNET = 454, - VAR_CLIENT_SUBNET_ZONE = 455, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, - VAR_CLIENT_SUBNET_OPCODE = 457, - VAR_MAX_CLIENT_SUBNET_IPV4 = 458, - VAR_MAX_CLIENT_SUBNET_IPV6 = 459, - VAR_MIN_CLIENT_SUBNET_IPV4 = 460, - VAR_MIN_CLIENT_SUBNET_IPV6 = 461, - VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, - VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, - VAR_CAPS_WHITELIST = 464, - VAR_CACHE_MAX_NEGATIVE_TTL = 465, - VAR_PERMIT_SMALL_HOLDDOWN = 466, - VAR_QNAME_MINIMISATION = 467, - VAR_QNAME_MINIMISATION_STRICT = 468, - VAR_IP_FREEBIND = 469, - VAR_DEFINE_TAG = 470, - VAR_LOCAL_ZONE_TAG = 471, - VAR_ACCESS_CONTROL_TAG = 472, - VAR_LOCAL_ZONE_OVERRIDE = 473, - VAR_ACCESS_CONTROL_TAG_ACTION = 474, - VAR_ACCESS_CONTROL_TAG_DATA = 475, - VAR_VIEW = 476, - VAR_ACCESS_CONTROL_VIEW = 477, - VAR_VIEW_FIRST = 478, - VAR_SERVE_EXPIRED = 479, - VAR_SERVE_EXPIRED_TTL = 480, - VAR_SERVE_EXPIRED_TTL_RESET = 481, - VAR_SERVE_EXPIRED_REPLY_TTL = 482, - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, - VAR_FAKE_DSA = 484, - VAR_FAKE_SHA1 = 485, - VAR_LOG_IDENTITY = 486, - VAR_HIDE_TRUSTANCHOR = 487, - VAR_TRUST_ANCHOR_SIGNALING = 488, - VAR_AGGRESSIVE_NSEC = 489, - VAR_USE_SYSTEMD = 490, - VAR_SHM_ENABLE = 491, - VAR_SHM_KEY = 492, - VAR_ROOT_KEY_SENTINEL = 493, - VAR_DNSCRYPT = 494, - VAR_DNSCRYPT_ENABLE = 495, - VAR_DNSCRYPT_PORT = 496, - VAR_DNSCRYPT_PROVIDER = 497, - VAR_DNSCRYPT_SECRET_KEY = 498, - VAR_DNSCRYPT_PROVIDER_CERT = 499, - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504, - VAR_IPSECMOD_ENABLED = 505, - VAR_IPSECMOD_HOOK = 506, - VAR_IPSECMOD_IGNORE_BOGUS = 507, - VAR_IPSECMOD_MAX_TTL = 508, - VAR_IPSECMOD_WHITELIST = 509, - VAR_IPSECMOD_STRICT = 510, - VAR_CACHEDB = 511, - VAR_CACHEDB_BACKEND = 512, - VAR_CACHEDB_SECRETSEED = 513, - VAR_CACHEDB_REDISHOST = 514, - VAR_CACHEDB_REDISPORT = 515, - VAR_CACHEDB_REDISTIMEOUT = 516, - VAR_CACHEDB_REDISEXPIRERECORDS = 517, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518, - VAR_FOR_UPSTREAM = 519, - VAR_AUTH_ZONE = 520, - VAR_ZONEFILE = 521, - VAR_MASTER = 522, - VAR_URL = 523, - VAR_FOR_DOWNSTREAM = 524, - VAR_FALLBACK_ENABLED = 525, - VAR_TLS_ADDITIONAL_PORT = 526, - VAR_LOW_RTT = 527, - VAR_LOW_RTT_PERMIL = 528, - VAR_FAST_SERVER_PERMIL = 529, - VAR_FAST_SERVER_NUM = 530, - VAR_ALLOW_NOTIFY = 531, - VAR_TLS_WIN_CERT = 532, - VAR_TCP_CONNECTION_LIMIT = 533, - VAR_FORWARD_NO_CACHE = 534, - VAR_STUB_NO_CACHE = 535, - VAR_LOG_SERVFAIL = 536, - VAR_DENY_ANY = 537, - VAR_UNKNOWN_SERVER_TIME_LIMIT = 538, - VAR_LOG_TAG_QUERYREPLY = 539, - VAR_STREAM_WAIT_SIZE = 540, - VAR_TLS_CIPHERS = 541, - VAR_TLS_CIPHERSUITES = 542, - VAR_TLS_USE_SNI = 543, - VAR_IPSET = 544, - VAR_IPSET_NAME_V4 = 545, - VAR_IPSET_NAME_V6 = 546, - VAR_TLS_SESSION_TICKET_KEYS = 547, - VAR_RPZ = 548, - VAR_TAGS = 549, - VAR_RPZ_ACTION_OVERRIDE = 550, - VAR_RPZ_CNAME_OVERRIDE = 551, - VAR_RPZ_LOG = 552, - VAR_RPZ_LOG_NAME = 553, - VAR_DYNLIB = 554, - VAR_DYNLIB_FILE = 555, - VAR_EDNS_CLIENT_STRING = 556, - VAR_EDNS_CLIENT_STRING_OPCODE = 557 + YYEMPTY = -2, + YYEOF = 0, /* "end of file" */ + YYerror = 256, /* error */ + YYUNDEF = 257, /* "invalid token" */ + SPACE = 258, /* SPACE */ + LETTER = 259, /* LETTER */ + NEWLINE = 260, /* NEWLINE */ + COMMENT = 261, /* COMMENT */ + COLON = 262, /* COLON */ + ANY = 263, /* ANY */ + ZONESTR = 264, /* ZONESTR */ + STRING_ARG = 265, /* STRING_ARG */ + VAR_FORCE_TOPLEVEL = 266, /* VAR_FORCE_TOPLEVEL */ + VAR_SERVER = 267, /* VAR_SERVER */ + VAR_VERBOSITY = 268, /* VAR_VERBOSITY */ + VAR_NUM_THREADS = 269, /* VAR_NUM_THREADS */ + VAR_PORT = 270, /* VAR_PORT */ + VAR_OUTGOING_RANGE = 271, /* VAR_OUTGOING_RANGE */ + VAR_INTERFACE = 272, /* VAR_INTERFACE */ + VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */ + VAR_DO_IP4 = 274, /* VAR_DO_IP4 */ + VAR_DO_IP6 = 275, /* VAR_DO_IP6 */ + VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */ + VAR_DO_UDP = 277, /* VAR_DO_UDP */ + VAR_DO_TCP = 278, /* VAR_DO_TCP */ + VAR_TCP_MSS = 279, /* VAR_TCP_MSS */ + VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */ + VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */ + VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */ + VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + VAR_CHROOT = 284, /* VAR_CHROOT */ + VAR_USERNAME = 285, /* VAR_USERNAME */ + VAR_DIRECTORY = 286, /* VAR_DIRECTORY */ + VAR_LOGFILE = 287, /* VAR_LOGFILE */ + VAR_PIDFILE = 288, /* VAR_PIDFILE */ + VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */ + VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */ + VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */ + VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */ + VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */ + VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */ + VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */ + VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */ + VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */ + VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */ + VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */ + VAR_NAME = 300, /* VAR_NAME */ + VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */ + VAR_STUB_HOST = 302, /* VAR_STUB_HOST */ + VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */ + VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */ + VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */ + VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */ + VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */ + VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */ + VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */ + VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */ + VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */ + VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */ + VAR_IDENTITY = 313, /* VAR_IDENTITY */ + VAR_VERSION = 314, /* VAR_VERSION */ + VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */ + VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */ + VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */ + VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */ + VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */ + VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */ + VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */ + VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */ + VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */ + VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */ + VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */ + VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */ + VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */ + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */ + VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */ + VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */ + VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */ + VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */ + VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */ + VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */ + VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */ + VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */ + VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */ + VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */ + VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */ + VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */ + VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */ + VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */ + VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */ + VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */ + VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */ + VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */ + VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */ + VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */ + VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */ + VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */ + VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */ + VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */ + VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */ + VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */ + VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */ + VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ + VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ + VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ + VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */ + VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */ + VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */ + VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */ + VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */ + VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */ + VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */ + VAR_PYTHON = 367, /* VAR_PYTHON */ + VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */ + VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */ + VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */ + VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */ + VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */ + VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */ + VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */ + VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */ + VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */ + VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */ + VAR_PREFETCH = 379, /* VAR_PREFETCH */ + VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */ + VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */ + VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */ + VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */ + VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */ + VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */ + VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */ + VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */ + VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */ + VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */ + VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */ + VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */ + VAR_SSL_PORT = 392, /* VAR_SSL_PORT */ + VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */ + VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */ + VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */ + VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */ + VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */ + VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */ + VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */ + VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */ + VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */ + VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */ + VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */ + VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */ + VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */ + VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */ + VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */ + VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */ + VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */ + VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */ + VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */ + VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */ + VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */ + VAR_DNSTAP = 417, /* VAR_DNSTAP */ + VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */ + VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */ + VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */ + VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */ + VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */ + VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */ + VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */ + VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */ + VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */ + VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */ + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */ + VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */ + VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */ + VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */ + VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */ + VAR_IP_DSCP = 442, /* VAR_IP_DSCP */ + VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */ + VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */ + VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */ + VAR_RATELIMIT = 447, /* VAR_RATELIMIT */ + VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */ + VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */ + VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */ + VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 476, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */ + VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */ + VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 493, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */ + VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */ + VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */ + VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */ + VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */ + VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */ + VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */ + VAR_CACHEDB = 516, /* VAR_CACHEDB */ + VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */ + VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */ + VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */ + VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */ + VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */ + VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */ + VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */ + VAR_ZONEFILE = 526, /* VAR_ZONEFILE */ + VAR_MASTER = 527, /* VAR_MASTER */ + VAR_URL = 528, /* VAR_URL */ + VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */ + VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */ + VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */ + VAR_LOW_RTT = 532, /* VAR_LOW_RTT */ + VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */ + VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */ + VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */ + VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */ + VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */ + VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */ + VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */ + VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */ + VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */ + VAR_DENY_ANY = 542, /* VAR_DENY_ANY */ + VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */ + VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */ + VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */ + VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */ + VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */ + VAR_IPSET = 549, /* VAR_IPSET */ + VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */ + VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */ + VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */ + VAR_RPZ = 553, /* VAR_RPZ */ + VAR_TAGS = 554, /* VAR_TAGS */ + VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */ + VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */ + VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */ + VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */ + VAR_DYNLIB = 559, /* VAR_DYNLIB */ + VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */ + VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */ + VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + VAR_NSID = 563, /* VAR_NSID */ + VAR_ZONEMD_PERMISSIVE_MODE = 564, /* VAR_ZONEMD_PERMISSIVE_MODE */ + VAR_ZONEMD_REJECT_ABSENCE = 565 /* VAR_ZONEMD_REJECT_ABSENCE */ }; + typedef enum yytokentype yytoken_kind_t; #endif -/* Tokens. */ +/* Token kinds. */ +#define YYEOF 0 +#define YYerror 256 +#define YYUNDEF 257 #define SPACE 258 #define LETTER 259 #define NEWLINE 260 @@ -663,80 +681,88 @@ extern int yydebug; #define VAR_SERVE_EXPIRED_TTL_RESET 481 #define VAR_SERVE_EXPIRED_REPLY_TTL 482 #define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 -#define VAR_FAKE_DSA 484 -#define VAR_FAKE_SHA1 485 -#define VAR_LOG_IDENTITY 486 -#define VAR_HIDE_TRUSTANCHOR 487 -#define VAR_TRUST_ANCHOR_SIGNALING 488 -#define VAR_AGGRESSIVE_NSEC 489 -#define VAR_USE_SYSTEMD 490 -#define VAR_SHM_ENABLE 491 -#define VAR_SHM_KEY 492 -#define VAR_ROOT_KEY_SENTINEL 493 -#define VAR_DNSCRYPT 494 -#define VAR_DNSCRYPT_ENABLE 495 -#define VAR_DNSCRYPT_PORT 496 -#define VAR_DNSCRYPT_PROVIDER 497 -#define VAR_DNSCRYPT_SECRET_KEY 498 -#define VAR_DNSCRYPT_PROVIDER_CERT 499 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504 -#define VAR_IPSECMOD_ENABLED 505 -#define VAR_IPSECMOD_HOOK 506 -#define VAR_IPSECMOD_IGNORE_BOGUS 507 -#define VAR_IPSECMOD_MAX_TTL 508 -#define VAR_IPSECMOD_WHITELIST 509 -#define VAR_IPSECMOD_STRICT 510 -#define VAR_CACHEDB 511 -#define VAR_CACHEDB_BACKEND 512 -#define VAR_CACHEDB_SECRETSEED 513 -#define VAR_CACHEDB_REDISHOST 514 -#define VAR_CACHEDB_REDISPORT 515 -#define VAR_CACHEDB_REDISTIMEOUT 516 -#define VAR_CACHEDB_REDISEXPIRERECORDS 517 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 518 -#define VAR_FOR_UPSTREAM 519 -#define VAR_AUTH_ZONE 520 -#define VAR_ZONEFILE 521 -#define VAR_MASTER 522 -#define VAR_URL 523 -#define VAR_FOR_DOWNSTREAM 524 -#define VAR_FALLBACK_ENABLED 525 -#define VAR_TLS_ADDITIONAL_PORT 526 -#define VAR_LOW_RTT 527 -#define VAR_LOW_RTT_PERMIL 528 -#define VAR_FAST_SERVER_PERMIL 529 -#define VAR_FAST_SERVER_NUM 530 -#define VAR_ALLOW_NOTIFY 531 -#define VAR_TLS_WIN_CERT 532 -#define VAR_TCP_CONNECTION_LIMIT 533 -#define VAR_FORWARD_NO_CACHE 534 -#define VAR_STUB_NO_CACHE 535 -#define VAR_LOG_SERVFAIL 536 -#define VAR_DENY_ANY 537 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 538 -#define VAR_LOG_TAG_QUERYREPLY 539 -#define VAR_STREAM_WAIT_SIZE 540 -#define VAR_TLS_CIPHERS 541 -#define VAR_TLS_CIPHERSUITES 542 -#define VAR_TLS_USE_SNI 543 -#define VAR_IPSET 544 -#define VAR_IPSET_NAME_V4 545 -#define VAR_IPSET_NAME_V6 546 -#define VAR_TLS_SESSION_TICKET_KEYS 547 -#define VAR_RPZ 548 -#define VAR_TAGS 549 -#define VAR_RPZ_ACTION_OVERRIDE 550 -#define VAR_RPZ_CNAME_OVERRIDE 551 -#define VAR_RPZ_LOG 552 -#define VAR_RPZ_LOG_NAME 553 -#define VAR_DYNLIB 554 -#define VAR_DYNLIB_FILE 555 -#define VAR_EDNS_CLIENT_STRING 556 -#define VAR_EDNS_CLIENT_STRING_OPCODE 557 +#define VAR_SERVE_ORIGINAL_TTL 484 +#define VAR_FAKE_DSA 485 +#define VAR_FAKE_SHA1 486 +#define VAR_LOG_IDENTITY 487 +#define VAR_HIDE_TRUSTANCHOR 488 +#define VAR_TRUST_ANCHOR_SIGNALING 489 +#define VAR_AGGRESSIVE_NSEC 490 +#define VAR_USE_SYSTEMD 491 +#define VAR_SHM_ENABLE 492 +#define VAR_SHM_KEY 493 +#define VAR_ROOT_KEY_SENTINEL 494 +#define VAR_DNSCRYPT 495 +#define VAR_DNSCRYPT_ENABLE 496 +#define VAR_DNSCRYPT_PORT 497 +#define VAR_DNSCRYPT_PROVIDER 498 +#define VAR_DNSCRYPT_SECRET_KEY 499 +#define VAR_DNSCRYPT_PROVIDER_CERT 500 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505 +#define VAR_PAD_RESPONSES 506 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 507 +#define VAR_PAD_QUERIES 508 +#define VAR_PAD_QUERIES_BLOCK_SIZE 509 +#define VAR_IPSECMOD_ENABLED 510 +#define VAR_IPSECMOD_HOOK 511 +#define VAR_IPSECMOD_IGNORE_BOGUS 512 +#define VAR_IPSECMOD_MAX_TTL 513 +#define VAR_IPSECMOD_WHITELIST 514 +#define VAR_IPSECMOD_STRICT 515 +#define VAR_CACHEDB 516 +#define VAR_CACHEDB_BACKEND 517 +#define VAR_CACHEDB_SECRETSEED 518 +#define VAR_CACHEDB_REDISHOST 519 +#define VAR_CACHEDB_REDISPORT 520 +#define VAR_CACHEDB_REDISTIMEOUT 521 +#define VAR_CACHEDB_REDISEXPIRERECORDS 522 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523 +#define VAR_FOR_UPSTREAM 524 +#define VAR_AUTH_ZONE 525 +#define VAR_ZONEFILE 526 +#define VAR_MASTER 527 +#define VAR_URL 528 +#define VAR_FOR_DOWNSTREAM 529 +#define VAR_FALLBACK_ENABLED 530 +#define VAR_TLS_ADDITIONAL_PORT 531 +#define VAR_LOW_RTT 532 +#define VAR_LOW_RTT_PERMIL 533 +#define VAR_FAST_SERVER_PERMIL 534 +#define VAR_FAST_SERVER_NUM 535 +#define VAR_ALLOW_NOTIFY 536 +#define VAR_TLS_WIN_CERT 537 +#define VAR_TCP_CONNECTION_LIMIT 538 +#define VAR_FORWARD_NO_CACHE 539 +#define VAR_STUB_NO_CACHE 540 +#define VAR_LOG_SERVFAIL 541 +#define VAR_DENY_ANY 542 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 543 +#define VAR_LOG_TAG_QUERYREPLY 544 +#define VAR_STREAM_WAIT_SIZE 545 +#define VAR_TLS_CIPHERS 546 +#define VAR_TLS_CIPHERSUITES 547 +#define VAR_TLS_USE_SNI 548 +#define VAR_IPSET 549 +#define VAR_IPSET_NAME_V4 550 +#define VAR_IPSET_NAME_V6 551 +#define VAR_TLS_SESSION_TICKET_KEYS 552 +#define VAR_RPZ 553 +#define VAR_TAGS 554 +#define VAR_RPZ_ACTION_OVERRIDE 555 +#define VAR_RPZ_CNAME_OVERRIDE 556 +#define VAR_RPZ_LOG 557 +#define VAR_RPZ_LOG_NAME 558 +#define VAR_DYNLIB 559 +#define VAR_DYNLIB_FILE 560 +#define VAR_EDNS_CLIENT_STRING 561 +#define VAR_EDNS_CLIENT_STRING_OPCODE 562 +#define VAR_NSID 563 +#define VAR_ZONEMD_PERMISSIVE_MODE 564 +#define VAR_ZONEMD_REJECT_ABSENCE 565 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -746,7 +772,7 @@ union YYSTYPE char* str; -#line 750 "util/configparser.c" +#line 776 "util/configparser.c" }; typedef union YYSTYPE YYSTYPE; @@ -760,6 +786,660 @@ extern YYSTYPE yylval; int yyparse (void); #endif /* !YY_YY_UTIL_CONFIGPARSER_H_INCLUDED */ +/* Symbol kind. */ +enum yysymbol_kind_t +{ + YYSYMBOL_YYEMPTY = -2, + YYSYMBOL_YYEOF = 0, /* "end of file" */ + YYSYMBOL_YYerror = 1, /* error */ + YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ + YYSYMBOL_SPACE = 3, /* SPACE */ + YYSYMBOL_LETTER = 4, /* LETTER */ + YYSYMBOL_NEWLINE = 5, /* NEWLINE */ + YYSYMBOL_COMMENT = 6, /* COMMENT */ + YYSYMBOL_COLON = 7, /* COLON */ + YYSYMBOL_ANY = 8, /* ANY */ + YYSYMBOL_ZONESTR = 9, /* ZONESTR */ + YYSYMBOL_STRING_ARG = 10, /* STRING_ARG */ + YYSYMBOL_VAR_FORCE_TOPLEVEL = 11, /* VAR_FORCE_TOPLEVEL */ + YYSYMBOL_VAR_SERVER = 12, /* VAR_SERVER */ + YYSYMBOL_VAR_VERBOSITY = 13, /* VAR_VERBOSITY */ + YYSYMBOL_VAR_NUM_THREADS = 14, /* VAR_NUM_THREADS */ + YYSYMBOL_VAR_PORT = 15, /* VAR_PORT */ + YYSYMBOL_VAR_OUTGOING_RANGE = 16, /* VAR_OUTGOING_RANGE */ + YYSYMBOL_VAR_INTERFACE = 17, /* VAR_INTERFACE */ + YYSYMBOL_VAR_PREFER_IP4 = 18, /* VAR_PREFER_IP4 */ + YYSYMBOL_VAR_DO_IP4 = 19, /* VAR_DO_IP4 */ + YYSYMBOL_VAR_DO_IP6 = 20, /* VAR_DO_IP6 */ + YYSYMBOL_VAR_PREFER_IP6 = 21, /* VAR_PREFER_IP6 */ + YYSYMBOL_VAR_DO_UDP = 22, /* VAR_DO_UDP */ + YYSYMBOL_VAR_DO_TCP = 23, /* VAR_DO_TCP */ + YYSYMBOL_VAR_TCP_MSS = 24, /* VAR_TCP_MSS */ + YYSYMBOL_VAR_OUTGOING_TCP_MSS = 25, /* VAR_OUTGOING_TCP_MSS */ + YYSYMBOL_VAR_TCP_IDLE_TIMEOUT = 26, /* VAR_TCP_IDLE_TIMEOUT */ + YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE = 27, /* VAR_EDNS_TCP_KEEPALIVE */ + YYSYMBOL_VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 28, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + YYSYMBOL_VAR_CHROOT = 29, /* VAR_CHROOT */ + YYSYMBOL_VAR_USERNAME = 30, /* VAR_USERNAME */ + YYSYMBOL_VAR_DIRECTORY = 31, /* VAR_DIRECTORY */ + YYSYMBOL_VAR_LOGFILE = 32, /* VAR_LOGFILE */ + YYSYMBOL_VAR_PIDFILE = 33, /* VAR_PIDFILE */ + YYSYMBOL_VAR_MSG_CACHE_SIZE = 34, /* VAR_MSG_CACHE_SIZE */ + YYSYMBOL_VAR_MSG_CACHE_SLABS = 35, /* VAR_MSG_CACHE_SLABS */ + YYSYMBOL_VAR_NUM_QUERIES_PER_THREAD = 36, /* VAR_NUM_QUERIES_PER_THREAD */ + YYSYMBOL_VAR_RRSET_CACHE_SIZE = 37, /* VAR_RRSET_CACHE_SIZE */ + YYSYMBOL_VAR_RRSET_CACHE_SLABS = 38, /* VAR_RRSET_CACHE_SLABS */ + YYSYMBOL_VAR_OUTGOING_NUM_TCP = 39, /* VAR_OUTGOING_NUM_TCP */ + YYSYMBOL_VAR_INFRA_HOST_TTL = 40, /* VAR_INFRA_HOST_TTL */ + YYSYMBOL_VAR_INFRA_LAME_TTL = 41, /* VAR_INFRA_LAME_TTL */ + YYSYMBOL_VAR_INFRA_CACHE_SLABS = 42, /* VAR_INFRA_CACHE_SLABS */ + YYSYMBOL_VAR_INFRA_CACHE_NUMHOSTS = 43, /* VAR_INFRA_CACHE_NUMHOSTS */ + YYSYMBOL_VAR_INFRA_CACHE_LAME_SIZE = 44, /* VAR_INFRA_CACHE_LAME_SIZE */ + YYSYMBOL_VAR_NAME = 45, /* VAR_NAME */ + YYSYMBOL_VAR_STUB_ZONE = 46, /* VAR_STUB_ZONE */ + YYSYMBOL_VAR_STUB_HOST = 47, /* VAR_STUB_HOST */ + YYSYMBOL_VAR_STUB_ADDR = 48, /* VAR_STUB_ADDR */ + YYSYMBOL_VAR_TARGET_FETCH_POLICY = 49, /* VAR_TARGET_FETCH_POLICY */ + YYSYMBOL_VAR_HARDEN_SHORT_BUFSIZE = 50, /* VAR_HARDEN_SHORT_BUFSIZE */ + YYSYMBOL_VAR_HARDEN_LARGE_QUERIES = 51, /* VAR_HARDEN_LARGE_QUERIES */ + YYSYMBOL_VAR_FORWARD_ZONE = 52, /* VAR_FORWARD_ZONE */ + YYSYMBOL_VAR_FORWARD_HOST = 53, /* VAR_FORWARD_HOST */ + YYSYMBOL_VAR_FORWARD_ADDR = 54, /* VAR_FORWARD_ADDR */ + YYSYMBOL_VAR_DO_NOT_QUERY_ADDRESS = 55, /* VAR_DO_NOT_QUERY_ADDRESS */ + YYSYMBOL_VAR_HIDE_IDENTITY = 56, /* VAR_HIDE_IDENTITY */ + YYSYMBOL_VAR_HIDE_VERSION = 57, /* VAR_HIDE_VERSION */ + YYSYMBOL_VAR_IDENTITY = 58, /* VAR_IDENTITY */ + YYSYMBOL_VAR_VERSION = 59, /* VAR_VERSION */ + YYSYMBOL_VAR_HARDEN_GLUE = 60, /* VAR_HARDEN_GLUE */ + YYSYMBOL_VAR_MODULE_CONF = 61, /* VAR_MODULE_CONF */ + YYSYMBOL_VAR_TRUST_ANCHOR_FILE = 62, /* VAR_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_TRUST_ANCHOR = 63, /* VAR_TRUST_ANCHOR */ + YYSYMBOL_VAR_VAL_OVERRIDE_DATE = 64, /* VAR_VAL_OVERRIDE_DATE */ + YYSYMBOL_VAR_BOGUS_TTL = 65, /* VAR_BOGUS_TTL */ + YYSYMBOL_VAR_VAL_CLEAN_ADDITIONAL = 66, /* VAR_VAL_CLEAN_ADDITIONAL */ + YYSYMBOL_VAR_VAL_PERMISSIVE_MODE = 67, /* VAR_VAL_PERMISSIVE_MODE */ + YYSYMBOL_VAR_INCOMING_NUM_TCP = 68, /* VAR_INCOMING_NUM_TCP */ + YYSYMBOL_VAR_MSG_BUFFER_SIZE = 69, /* VAR_MSG_BUFFER_SIZE */ + YYSYMBOL_VAR_KEY_CACHE_SIZE = 70, /* VAR_KEY_CACHE_SIZE */ + YYSYMBOL_VAR_KEY_CACHE_SLABS = 71, /* VAR_KEY_CACHE_SLABS */ + YYSYMBOL_VAR_TRUSTED_KEYS_FILE = 72, /* VAR_TRUSTED_KEYS_FILE */ + YYSYMBOL_VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 73, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + YYSYMBOL_VAR_USE_SYSLOG = 74, /* VAR_USE_SYSLOG */ + YYSYMBOL_VAR_OUTGOING_INTERFACE = 75, /* VAR_OUTGOING_INTERFACE */ + YYSYMBOL_VAR_ROOT_HINTS = 76, /* VAR_ROOT_HINTS */ + YYSYMBOL_VAR_DO_NOT_QUERY_LOCALHOST = 77, /* VAR_DO_NOT_QUERY_LOCALHOST */ + YYSYMBOL_VAR_CACHE_MAX_TTL = 78, /* VAR_CACHE_MAX_TTL */ + YYSYMBOL_VAR_HARDEN_DNSSEC_STRIPPED = 79, /* VAR_HARDEN_DNSSEC_STRIPPED */ + YYSYMBOL_VAR_ACCESS_CONTROL = 80, /* VAR_ACCESS_CONTROL */ + YYSYMBOL_VAR_LOCAL_ZONE = 81, /* VAR_LOCAL_ZONE */ + YYSYMBOL_VAR_LOCAL_DATA = 82, /* VAR_LOCAL_DATA */ + YYSYMBOL_VAR_INTERFACE_AUTOMATIC = 83, /* VAR_INTERFACE_AUTOMATIC */ + YYSYMBOL_VAR_STATISTICS_INTERVAL = 84, /* VAR_STATISTICS_INTERVAL */ + YYSYMBOL_VAR_DO_DAEMONIZE = 85, /* VAR_DO_DAEMONIZE */ + YYSYMBOL_VAR_USE_CAPS_FOR_ID = 86, /* VAR_USE_CAPS_FOR_ID */ + YYSYMBOL_VAR_STATISTICS_CUMULATIVE = 87, /* VAR_STATISTICS_CUMULATIVE */ + YYSYMBOL_VAR_OUTGOING_PORT_PERMIT = 88, /* VAR_OUTGOING_PORT_PERMIT */ + YYSYMBOL_VAR_OUTGOING_PORT_AVOID = 89, /* VAR_OUTGOING_PORT_AVOID */ + YYSYMBOL_VAR_DLV_ANCHOR_FILE = 90, /* VAR_DLV_ANCHOR_FILE */ + YYSYMBOL_VAR_DLV_ANCHOR = 91, /* VAR_DLV_ANCHOR */ + YYSYMBOL_VAR_NEG_CACHE_SIZE = 92, /* VAR_NEG_CACHE_SIZE */ + YYSYMBOL_VAR_HARDEN_REFERRAL_PATH = 93, /* VAR_HARDEN_REFERRAL_PATH */ + YYSYMBOL_VAR_PRIVATE_ADDRESS = 94, /* VAR_PRIVATE_ADDRESS */ + YYSYMBOL_VAR_PRIVATE_DOMAIN = 95, /* VAR_PRIVATE_DOMAIN */ + YYSYMBOL_VAR_REMOTE_CONTROL = 96, /* VAR_REMOTE_CONTROL */ + YYSYMBOL_VAR_CONTROL_ENABLE = 97, /* VAR_CONTROL_ENABLE */ + YYSYMBOL_VAR_CONTROL_INTERFACE = 98, /* VAR_CONTROL_INTERFACE */ + YYSYMBOL_VAR_CONTROL_PORT = 99, /* VAR_CONTROL_PORT */ + YYSYMBOL_VAR_SERVER_KEY_FILE = 100, /* VAR_SERVER_KEY_FILE */ + YYSYMBOL_VAR_SERVER_CERT_FILE = 101, /* VAR_SERVER_CERT_FILE */ + YYSYMBOL_VAR_CONTROL_KEY_FILE = 102, /* VAR_CONTROL_KEY_FILE */ + YYSYMBOL_VAR_CONTROL_CERT_FILE = 103, /* VAR_CONTROL_CERT_FILE */ + YYSYMBOL_VAR_CONTROL_USE_CERT = 104, /* VAR_CONTROL_USE_CERT */ + YYSYMBOL_VAR_EXTENDED_STATISTICS = 105, /* VAR_EXTENDED_STATISTICS */ + YYSYMBOL_VAR_LOCAL_DATA_PTR = 106, /* VAR_LOCAL_DATA_PTR */ + YYSYMBOL_VAR_JOSTLE_TIMEOUT = 107, /* VAR_JOSTLE_TIMEOUT */ + YYSYMBOL_VAR_STUB_PRIME = 108, /* VAR_STUB_PRIME */ + YYSYMBOL_VAR_UNWANTED_REPLY_THRESHOLD = 109, /* VAR_UNWANTED_REPLY_THRESHOLD */ + YYSYMBOL_VAR_LOG_TIME_ASCII = 110, /* VAR_LOG_TIME_ASCII */ + YYSYMBOL_VAR_DOMAIN_INSECURE = 111, /* VAR_DOMAIN_INSECURE */ + YYSYMBOL_VAR_PYTHON = 112, /* VAR_PYTHON */ + YYSYMBOL_VAR_PYTHON_SCRIPT = 113, /* VAR_PYTHON_SCRIPT */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MIN = 114, /* VAR_VAL_SIG_SKEW_MIN */ + YYSYMBOL_VAR_VAL_SIG_SKEW_MAX = 115, /* VAR_VAL_SIG_SKEW_MAX */ + YYSYMBOL_VAR_CACHE_MIN_TTL = 116, /* VAR_CACHE_MIN_TTL */ + YYSYMBOL_VAR_VAL_LOG_LEVEL = 117, /* VAR_VAL_LOG_LEVEL */ + YYSYMBOL_VAR_AUTO_TRUST_ANCHOR_FILE = 118, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + YYSYMBOL_VAR_KEEP_MISSING = 119, /* VAR_KEEP_MISSING */ + YYSYMBOL_VAR_ADD_HOLDDOWN = 120, /* VAR_ADD_HOLDDOWN */ + YYSYMBOL_VAR_DEL_HOLDDOWN = 121, /* VAR_DEL_HOLDDOWN */ + YYSYMBOL_VAR_SO_RCVBUF = 122, /* VAR_SO_RCVBUF */ + YYSYMBOL_VAR_EDNS_BUFFER_SIZE = 123, /* VAR_EDNS_BUFFER_SIZE */ + YYSYMBOL_VAR_PREFETCH = 124, /* VAR_PREFETCH */ + YYSYMBOL_VAR_PREFETCH_KEY = 125, /* VAR_PREFETCH_KEY */ + YYSYMBOL_VAR_SO_SNDBUF = 126, /* VAR_SO_SNDBUF */ + YYSYMBOL_VAR_SO_REUSEPORT = 127, /* VAR_SO_REUSEPORT */ + YYSYMBOL_VAR_HARDEN_BELOW_NXDOMAIN = 128, /* VAR_HARDEN_BELOW_NXDOMAIN */ + YYSYMBOL_VAR_IGNORE_CD_FLAG = 129, /* VAR_IGNORE_CD_FLAG */ + YYSYMBOL_VAR_LOG_QUERIES = 130, /* VAR_LOG_QUERIES */ + YYSYMBOL_VAR_LOG_REPLIES = 131, /* VAR_LOG_REPLIES */ + YYSYMBOL_VAR_LOG_LOCAL_ACTIONS = 132, /* VAR_LOG_LOCAL_ACTIONS */ + YYSYMBOL_VAR_TCP_UPSTREAM = 133, /* VAR_TCP_UPSTREAM */ + YYSYMBOL_VAR_SSL_UPSTREAM = 134, /* VAR_SSL_UPSTREAM */ + YYSYMBOL_VAR_SSL_SERVICE_KEY = 135, /* VAR_SSL_SERVICE_KEY */ + YYSYMBOL_VAR_SSL_SERVICE_PEM = 136, /* VAR_SSL_SERVICE_PEM */ + YYSYMBOL_VAR_SSL_PORT = 137, /* VAR_SSL_PORT */ + YYSYMBOL_VAR_FORWARD_FIRST = 138, /* VAR_FORWARD_FIRST */ + YYSYMBOL_VAR_STUB_SSL_UPSTREAM = 139, /* VAR_STUB_SSL_UPSTREAM */ + YYSYMBOL_VAR_FORWARD_SSL_UPSTREAM = 140, /* VAR_FORWARD_SSL_UPSTREAM */ + YYSYMBOL_VAR_TLS_CERT_BUNDLE = 141, /* VAR_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_HTTPS_PORT = 142, /* VAR_HTTPS_PORT */ + YYSYMBOL_VAR_HTTP_ENDPOINT = 143, /* VAR_HTTP_ENDPOINT */ + YYSYMBOL_VAR_HTTP_MAX_STREAMS = 144, /* VAR_HTTP_MAX_STREAMS */ + YYSYMBOL_VAR_HTTP_QUERY_BUFFER_SIZE = 145, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_RESPONSE_BUFFER_SIZE = 146, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + YYSYMBOL_VAR_HTTP_NODELAY = 147, /* VAR_HTTP_NODELAY */ + YYSYMBOL_VAR_HTTP_NOTLS_DOWNSTREAM = 148, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + YYSYMBOL_VAR_STUB_FIRST = 149, /* VAR_STUB_FIRST */ + YYSYMBOL_VAR_MINIMAL_RESPONSES = 150, /* VAR_MINIMAL_RESPONSES */ + YYSYMBOL_VAR_RRSET_ROUNDROBIN = 151, /* VAR_RRSET_ROUNDROBIN */ + YYSYMBOL_VAR_MAX_UDP_SIZE = 152, /* VAR_MAX_UDP_SIZE */ + YYSYMBOL_VAR_DELAY_CLOSE = 153, /* VAR_DELAY_CLOSE */ + YYSYMBOL_VAR_UDP_CONNECT = 154, /* VAR_UDP_CONNECT */ + YYSYMBOL_VAR_UNBLOCK_LAN_ZONES = 155, /* VAR_UNBLOCK_LAN_ZONES */ + YYSYMBOL_VAR_INSECURE_LAN_ZONES = 156, /* VAR_INSECURE_LAN_ZONES */ + YYSYMBOL_VAR_INFRA_CACHE_MIN_RTT = 157, /* VAR_INFRA_CACHE_MIN_RTT */ + YYSYMBOL_VAR_INFRA_KEEP_PROBING = 158, /* VAR_INFRA_KEEP_PROBING */ + YYSYMBOL_VAR_DNS64_PREFIX = 159, /* VAR_DNS64_PREFIX */ + YYSYMBOL_VAR_DNS64_SYNTHALL = 160, /* VAR_DNS64_SYNTHALL */ + YYSYMBOL_VAR_DNS64_IGNORE_AAAA = 161, /* VAR_DNS64_IGNORE_AAAA */ + YYSYMBOL_VAR_DNSTAP = 162, /* VAR_DNSTAP */ + YYSYMBOL_VAR_DNSTAP_ENABLE = 163, /* VAR_DNSTAP_ENABLE */ + YYSYMBOL_VAR_DNSTAP_SOCKET_PATH = 164, /* VAR_DNSTAP_SOCKET_PATH */ + YYSYMBOL_VAR_DNSTAP_IP = 165, /* VAR_DNSTAP_IP */ + YYSYMBOL_VAR_DNSTAP_TLS = 166, /* VAR_DNSTAP_TLS */ + YYSYMBOL_VAR_DNSTAP_TLS_SERVER_NAME = 167, /* VAR_DNSTAP_TLS_SERVER_NAME */ + YYSYMBOL_VAR_DNSTAP_TLS_CERT_BUNDLE = 168, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 169, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + YYSYMBOL_VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 170, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + YYSYMBOL_VAR_DNSTAP_SEND_IDENTITY = 171, /* VAR_DNSTAP_SEND_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_SEND_VERSION = 172, /* VAR_DNSTAP_SEND_VERSION */ + YYSYMBOL_VAR_DNSTAP_BIDIRECTIONAL = 173, /* VAR_DNSTAP_BIDIRECTIONAL */ + YYSYMBOL_VAR_DNSTAP_IDENTITY = 174, /* VAR_DNSTAP_IDENTITY */ + YYSYMBOL_VAR_DNSTAP_VERSION = 175, /* VAR_DNSTAP_VERSION */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 176, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 177, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 178, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 179, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 180, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + YYSYMBOL_VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 181, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + YYSYMBOL_VAR_RESPONSE_IP_TAG = 182, /* VAR_RESPONSE_IP_TAG */ + YYSYMBOL_VAR_RESPONSE_IP = 183, /* VAR_RESPONSE_IP */ + YYSYMBOL_VAR_RESPONSE_IP_DATA = 184, /* VAR_RESPONSE_IP_DATA */ + YYSYMBOL_VAR_HARDEN_ALGO_DOWNGRADE = 185, /* VAR_HARDEN_ALGO_DOWNGRADE */ + YYSYMBOL_VAR_IP_TRANSPARENT = 186, /* VAR_IP_TRANSPARENT */ + YYSYMBOL_VAR_IP_DSCP = 187, /* VAR_IP_DSCP */ + YYSYMBOL_VAR_DISABLE_DNSSEC_LAME_CHECK = 188, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + YYSYMBOL_VAR_IP_RATELIMIT = 189, /* VAR_IP_RATELIMIT */ + YYSYMBOL_VAR_IP_RATELIMIT_SLABS = 190, /* VAR_IP_RATELIMIT_SLABS */ + YYSYMBOL_VAR_IP_RATELIMIT_SIZE = 191, /* VAR_IP_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT = 192, /* VAR_RATELIMIT */ + YYSYMBOL_VAR_RATELIMIT_SLABS = 193, /* VAR_RATELIMIT_SLABS */ + YYSYMBOL_VAR_RATELIMIT_SIZE = 194, /* VAR_RATELIMIT_SIZE */ + YYSYMBOL_VAR_RATELIMIT_FOR_DOMAIN = 195, /* VAR_RATELIMIT_FOR_DOMAIN */ + YYSYMBOL_VAR_RATELIMIT_BELOW_DOMAIN = 196, /* VAR_RATELIMIT_BELOW_DOMAIN */ + YYSYMBOL_VAR_IP_RATELIMIT_FACTOR = 197, /* VAR_IP_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_RATELIMIT_FACTOR = 198, /* VAR_RATELIMIT_FACTOR */ + YYSYMBOL_VAR_SEND_CLIENT_SUBNET = 199, /* VAR_SEND_CLIENT_SUBNET */ + YYSYMBOL_VAR_CLIENT_SUBNET_ZONE = 200, /* VAR_CLIENT_SUBNET_ZONE */ + YYSYMBOL_VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 201, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + YYSYMBOL_VAR_CLIENT_SUBNET_OPCODE = 202, /* VAR_CLIENT_SUBNET_OPCODE */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV4 = 203, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MAX_CLIENT_SUBNET_IPV6 = 204, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV4 = 205, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + YYSYMBOL_VAR_MIN_CLIENT_SUBNET_IPV6 = 206, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV4 = 207, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + YYSYMBOL_VAR_MAX_ECS_TREE_SIZE_IPV6 = 208, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + YYSYMBOL_VAR_CAPS_WHITELIST = 209, /* VAR_CAPS_WHITELIST */ + YYSYMBOL_VAR_CACHE_MAX_NEGATIVE_TTL = 210, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + YYSYMBOL_VAR_PERMIT_SMALL_HOLDDOWN = 211, /* VAR_PERMIT_SMALL_HOLDDOWN */ + YYSYMBOL_VAR_QNAME_MINIMISATION = 212, /* VAR_QNAME_MINIMISATION */ + YYSYMBOL_VAR_QNAME_MINIMISATION_STRICT = 213, /* VAR_QNAME_MINIMISATION_STRICT */ + YYSYMBOL_VAR_IP_FREEBIND = 214, /* VAR_IP_FREEBIND */ + YYSYMBOL_VAR_DEFINE_TAG = 215, /* VAR_DEFINE_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_TAG = 216, /* VAR_LOCAL_ZONE_TAG */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG = 217, /* VAR_ACCESS_CONTROL_TAG */ + YYSYMBOL_VAR_LOCAL_ZONE_OVERRIDE = 218, /* VAR_LOCAL_ZONE_OVERRIDE */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_ACTION = 219, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + YYSYMBOL_VAR_ACCESS_CONTROL_TAG_DATA = 220, /* VAR_ACCESS_CONTROL_TAG_DATA */ + YYSYMBOL_VAR_VIEW = 221, /* VAR_VIEW */ + YYSYMBOL_VAR_ACCESS_CONTROL_VIEW = 222, /* VAR_ACCESS_CONTROL_VIEW */ + YYSYMBOL_VAR_VIEW_FIRST = 223, /* VAR_VIEW_FIRST */ + YYSYMBOL_VAR_SERVE_EXPIRED = 224, /* VAR_SERVE_EXPIRED */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL = 225, /* VAR_SERVE_EXPIRED_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_TTL_RESET = 226, /* VAR_SERVE_EXPIRED_TTL_RESET */ + YYSYMBOL_VAR_SERVE_EXPIRED_REPLY_TTL = 227, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + YYSYMBOL_VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 228, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + YYSYMBOL_VAR_SERVE_ORIGINAL_TTL = 229, /* VAR_SERVE_ORIGINAL_TTL */ + YYSYMBOL_VAR_FAKE_DSA = 230, /* VAR_FAKE_DSA */ + YYSYMBOL_VAR_FAKE_SHA1 = 231, /* VAR_FAKE_SHA1 */ + YYSYMBOL_VAR_LOG_IDENTITY = 232, /* VAR_LOG_IDENTITY */ + YYSYMBOL_VAR_HIDE_TRUSTANCHOR = 233, /* VAR_HIDE_TRUSTANCHOR */ + YYSYMBOL_VAR_TRUST_ANCHOR_SIGNALING = 234, /* VAR_TRUST_ANCHOR_SIGNALING */ + YYSYMBOL_VAR_AGGRESSIVE_NSEC = 235, /* VAR_AGGRESSIVE_NSEC */ + YYSYMBOL_VAR_USE_SYSTEMD = 236, /* VAR_USE_SYSTEMD */ + YYSYMBOL_VAR_SHM_ENABLE = 237, /* VAR_SHM_ENABLE */ + YYSYMBOL_VAR_SHM_KEY = 238, /* VAR_SHM_KEY */ + YYSYMBOL_VAR_ROOT_KEY_SENTINEL = 239, /* VAR_ROOT_KEY_SENTINEL */ + YYSYMBOL_VAR_DNSCRYPT = 240, /* VAR_DNSCRYPT */ + YYSYMBOL_VAR_DNSCRYPT_ENABLE = 241, /* VAR_DNSCRYPT_ENABLE */ + YYSYMBOL_VAR_DNSCRYPT_PORT = 242, /* VAR_DNSCRYPT_PORT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER = 243, /* VAR_DNSCRYPT_PROVIDER */ + YYSYMBOL_VAR_DNSCRYPT_SECRET_KEY = 244, /* VAR_DNSCRYPT_SECRET_KEY */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT = 245, /* VAR_DNSCRYPT_PROVIDER_CERT */ + YYSYMBOL_VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 246, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 247, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 248, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SIZE = 249, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + YYSYMBOL_VAR_DNSCRYPT_NONCE_CACHE_SLABS = 250, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + YYSYMBOL_VAR_PAD_RESPONSES = 251, /* VAR_PAD_RESPONSES */ + YYSYMBOL_VAR_PAD_RESPONSES_BLOCK_SIZE = 252, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + YYSYMBOL_VAR_PAD_QUERIES = 253, /* VAR_PAD_QUERIES */ + YYSYMBOL_VAR_PAD_QUERIES_BLOCK_SIZE = 254, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + YYSYMBOL_VAR_IPSECMOD_ENABLED = 255, /* VAR_IPSECMOD_ENABLED */ + YYSYMBOL_VAR_IPSECMOD_HOOK = 256, /* VAR_IPSECMOD_HOOK */ + YYSYMBOL_VAR_IPSECMOD_IGNORE_BOGUS = 257, /* VAR_IPSECMOD_IGNORE_BOGUS */ + YYSYMBOL_VAR_IPSECMOD_MAX_TTL = 258, /* VAR_IPSECMOD_MAX_TTL */ + YYSYMBOL_VAR_IPSECMOD_WHITELIST = 259, /* VAR_IPSECMOD_WHITELIST */ + YYSYMBOL_VAR_IPSECMOD_STRICT = 260, /* VAR_IPSECMOD_STRICT */ + YYSYMBOL_VAR_CACHEDB = 261, /* VAR_CACHEDB */ + YYSYMBOL_VAR_CACHEDB_BACKEND = 262, /* VAR_CACHEDB_BACKEND */ + YYSYMBOL_VAR_CACHEDB_SECRETSEED = 263, /* VAR_CACHEDB_SECRETSEED */ + YYSYMBOL_VAR_CACHEDB_REDISHOST = 264, /* VAR_CACHEDB_REDISHOST */ + YYSYMBOL_VAR_CACHEDB_REDISPORT = 265, /* VAR_CACHEDB_REDISPORT */ + YYSYMBOL_VAR_CACHEDB_REDISTIMEOUT = 266, /* VAR_CACHEDB_REDISTIMEOUT */ + YYSYMBOL_VAR_CACHEDB_REDISEXPIRERECORDS = 267, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + YYSYMBOL_VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 268, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + YYSYMBOL_VAR_FOR_UPSTREAM = 269, /* VAR_FOR_UPSTREAM */ + YYSYMBOL_VAR_AUTH_ZONE = 270, /* VAR_AUTH_ZONE */ + YYSYMBOL_VAR_ZONEFILE = 271, /* VAR_ZONEFILE */ + YYSYMBOL_VAR_MASTER = 272, /* VAR_MASTER */ + YYSYMBOL_VAR_URL = 273, /* VAR_URL */ + YYSYMBOL_VAR_FOR_DOWNSTREAM = 274, /* VAR_FOR_DOWNSTREAM */ + YYSYMBOL_VAR_FALLBACK_ENABLED = 275, /* VAR_FALLBACK_ENABLED */ + YYSYMBOL_VAR_TLS_ADDITIONAL_PORT = 276, /* VAR_TLS_ADDITIONAL_PORT */ + YYSYMBOL_VAR_LOW_RTT = 277, /* VAR_LOW_RTT */ + YYSYMBOL_VAR_LOW_RTT_PERMIL = 278, /* VAR_LOW_RTT_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_PERMIL = 279, /* VAR_FAST_SERVER_PERMIL */ + YYSYMBOL_VAR_FAST_SERVER_NUM = 280, /* VAR_FAST_SERVER_NUM */ + YYSYMBOL_VAR_ALLOW_NOTIFY = 281, /* VAR_ALLOW_NOTIFY */ + YYSYMBOL_VAR_TLS_WIN_CERT = 282, /* VAR_TLS_WIN_CERT */ + YYSYMBOL_VAR_TCP_CONNECTION_LIMIT = 283, /* VAR_TCP_CONNECTION_LIMIT */ + YYSYMBOL_VAR_FORWARD_NO_CACHE = 284, /* VAR_FORWARD_NO_CACHE */ + YYSYMBOL_VAR_STUB_NO_CACHE = 285, /* VAR_STUB_NO_CACHE */ + YYSYMBOL_VAR_LOG_SERVFAIL = 286, /* VAR_LOG_SERVFAIL */ + YYSYMBOL_VAR_DENY_ANY = 287, /* VAR_DENY_ANY */ + YYSYMBOL_VAR_UNKNOWN_SERVER_TIME_LIMIT = 288, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + YYSYMBOL_VAR_LOG_TAG_QUERYREPLY = 289, /* VAR_LOG_TAG_QUERYREPLY */ + YYSYMBOL_VAR_STREAM_WAIT_SIZE = 290, /* VAR_STREAM_WAIT_SIZE */ + YYSYMBOL_VAR_TLS_CIPHERS = 291, /* VAR_TLS_CIPHERS */ + YYSYMBOL_VAR_TLS_CIPHERSUITES = 292, /* VAR_TLS_CIPHERSUITES */ + YYSYMBOL_VAR_TLS_USE_SNI = 293, /* VAR_TLS_USE_SNI */ + YYSYMBOL_VAR_IPSET = 294, /* VAR_IPSET */ + YYSYMBOL_VAR_IPSET_NAME_V4 = 295, /* VAR_IPSET_NAME_V4 */ + YYSYMBOL_VAR_IPSET_NAME_V6 = 296, /* VAR_IPSET_NAME_V6 */ + YYSYMBOL_VAR_TLS_SESSION_TICKET_KEYS = 297, /* VAR_TLS_SESSION_TICKET_KEYS */ + YYSYMBOL_VAR_RPZ = 298, /* VAR_RPZ */ + YYSYMBOL_VAR_TAGS = 299, /* VAR_TAGS */ + YYSYMBOL_VAR_RPZ_ACTION_OVERRIDE = 300, /* VAR_RPZ_ACTION_OVERRIDE */ + YYSYMBOL_VAR_RPZ_CNAME_OVERRIDE = 301, /* VAR_RPZ_CNAME_OVERRIDE */ + YYSYMBOL_VAR_RPZ_LOG = 302, /* VAR_RPZ_LOG */ + YYSYMBOL_VAR_RPZ_LOG_NAME = 303, /* VAR_RPZ_LOG_NAME */ + YYSYMBOL_VAR_DYNLIB = 304, /* VAR_DYNLIB */ + YYSYMBOL_VAR_DYNLIB_FILE = 305, /* VAR_DYNLIB_FILE */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING = 306, /* VAR_EDNS_CLIENT_STRING */ + YYSYMBOL_VAR_EDNS_CLIENT_STRING_OPCODE = 307, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + YYSYMBOL_VAR_NSID = 308, /* VAR_NSID */ + YYSYMBOL_VAR_ZONEMD_PERMISSIVE_MODE = 309, /* VAR_ZONEMD_PERMISSIVE_MODE */ + YYSYMBOL_VAR_ZONEMD_REJECT_ABSENCE = 310, /* VAR_ZONEMD_REJECT_ABSENCE */ + YYSYMBOL_YYACCEPT = 311, /* $accept */ + YYSYMBOL_toplevelvars = 312, /* toplevelvars */ + YYSYMBOL_toplevelvar = 313, /* toplevelvar */ + YYSYMBOL_force_toplevel = 314, /* force_toplevel */ + YYSYMBOL_serverstart = 315, /* serverstart */ + YYSYMBOL_contents_server = 316, /* contents_server */ + YYSYMBOL_content_server = 317, /* content_server */ + YYSYMBOL_stubstart = 318, /* stubstart */ + YYSYMBOL_contents_stub = 319, /* contents_stub */ + YYSYMBOL_content_stub = 320, /* content_stub */ + YYSYMBOL_forwardstart = 321, /* forwardstart */ + YYSYMBOL_contents_forward = 322, /* contents_forward */ + YYSYMBOL_content_forward = 323, /* content_forward */ + YYSYMBOL_viewstart = 324, /* viewstart */ + YYSYMBOL_contents_view = 325, /* contents_view */ + YYSYMBOL_content_view = 326, /* content_view */ + YYSYMBOL_authstart = 327, /* authstart */ + YYSYMBOL_contents_auth = 328, /* contents_auth */ + YYSYMBOL_content_auth = 329, /* content_auth */ + YYSYMBOL_rpz_tag = 330, /* rpz_tag */ + YYSYMBOL_rpz_action_override = 331, /* rpz_action_override */ + YYSYMBOL_rpz_cname_override = 332, /* rpz_cname_override */ + YYSYMBOL_rpz_log = 333, /* rpz_log */ + YYSYMBOL_rpz_log_name = 334, /* rpz_log_name */ + YYSYMBOL_rpzstart = 335, /* rpzstart */ + YYSYMBOL_contents_rpz = 336, /* contents_rpz */ + YYSYMBOL_content_rpz = 337, /* content_rpz */ + YYSYMBOL_server_num_threads = 338, /* server_num_threads */ + YYSYMBOL_server_verbosity = 339, /* server_verbosity */ + YYSYMBOL_server_statistics_interval = 340, /* server_statistics_interval */ + YYSYMBOL_server_statistics_cumulative = 341, /* server_statistics_cumulative */ + YYSYMBOL_server_extended_statistics = 342, /* server_extended_statistics */ + YYSYMBOL_server_shm_enable = 343, /* server_shm_enable */ + YYSYMBOL_server_shm_key = 344, /* server_shm_key */ + YYSYMBOL_server_port = 345, /* server_port */ + YYSYMBOL_server_send_client_subnet = 346, /* server_send_client_subnet */ + YYSYMBOL_server_client_subnet_zone = 347, /* server_client_subnet_zone */ + YYSYMBOL_server_client_subnet_always_forward = 348, /* server_client_subnet_always_forward */ + YYSYMBOL_server_client_subnet_opcode = 349, /* server_client_subnet_opcode */ + YYSYMBOL_server_max_client_subnet_ipv4 = 350, /* server_max_client_subnet_ipv4 */ + YYSYMBOL_server_max_client_subnet_ipv6 = 351, /* server_max_client_subnet_ipv6 */ + YYSYMBOL_server_min_client_subnet_ipv4 = 352, /* server_min_client_subnet_ipv4 */ + YYSYMBOL_server_min_client_subnet_ipv6 = 353, /* server_min_client_subnet_ipv6 */ + YYSYMBOL_server_max_ecs_tree_size_ipv4 = 354, /* server_max_ecs_tree_size_ipv4 */ + YYSYMBOL_server_max_ecs_tree_size_ipv6 = 355, /* server_max_ecs_tree_size_ipv6 */ + YYSYMBOL_server_interface = 356, /* server_interface */ + YYSYMBOL_server_outgoing_interface = 357, /* server_outgoing_interface */ + YYSYMBOL_server_outgoing_range = 358, /* server_outgoing_range */ + YYSYMBOL_server_outgoing_port_permit = 359, /* server_outgoing_port_permit */ + YYSYMBOL_server_outgoing_port_avoid = 360, /* server_outgoing_port_avoid */ + YYSYMBOL_server_outgoing_num_tcp = 361, /* server_outgoing_num_tcp */ + YYSYMBOL_server_incoming_num_tcp = 362, /* server_incoming_num_tcp */ + YYSYMBOL_server_interface_automatic = 363, /* server_interface_automatic */ + YYSYMBOL_server_do_ip4 = 364, /* server_do_ip4 */ + YYSYMBOL_server_do_ip6 = 365, /* server_do_ip6 */ + YYSYMBOL_server_do_udp = 366, /* server_do_udp */ + YYSYMBOL_server_do_tcp = 367, /* server_do_tcp */ + YYSYMBOL_server_prefer_ip4 = 368, /* server_prefer_ip4 */ + YYSYMBOL_server_prefer_ip6 = 369, /* server_prefer_ip6 */ + YYSYMBOL_server_tcp_mss = 370, /* server_tcp_mss */ + YYSYMBOL_server_outgoing_tcp_mss = 371, /* server_outgoing_tcp_mss */ + YYSYMBOL_server_tcp_idle_timeout = 372, /* server_tcp_idle_timeout */ + YYSYMBOL_server_tcp_keepalive = 373, /* server_tcp_keepalive */ + YYSYMBOL_server_tcp_keepalive_timeout = 374, /* server_tcp_keepalive_timeout */ + YYSYMBOL_server_tcp_upstream = 375, /* server_tcp_upstream */ + YYSYMBOL_server_udp_upstream_without_downstream = 376, /* server_udp_upstream_without_downstream */ + YYSYMBOL_server_ssl_upstream = 377, /* server_ssl_upstream */ + YYSYMBOL_server_ssl_service_key = 378, /* server_ssl_service_key */ + YYSYMBOL_server_ssl_service_pem = 379, /* server_ssl_service_pem */ + YYSYMBOL_server_ssl_port = 380, /* server_ssl_port */ + YYSYMBOL_server_tls_cert_bundle = 381, /* server_tls_cert_bundle */ + YYSYMBOL_server_tls_win_cert = 382, /* server_tls_win_cert */ + YYSYMBOL_server_tls_additional_port = 383, /* server_tls_additional_port */ + YYSYMBOL_server_tls_ciphers = 384, /* server_tls_ciphers */ + YYSYMBOL_server_tls_ciphersuites = 385, /* server_tls_ciphersuites */ + YYSYMBOL_server_tls_session_ticket_keys = 386, /* server_tls_session_ticket_keys */ + YYSYMBOL_server_tls_use_sni = 387, /* server_tls_use_sni */ + YYSYMBOL_server_https_port = 388, /* server_https_port */ + YYSYMBOL_server_http_endpoint = 389, /* server_http_endpoint */ + YYSYMBOL_server_http_max_streams = 390, /* server_http_max_streams */ + YYSYMBOL_server_http_query_buffer_size = 391, /* server_http_query_buffer_size */ + YYSYMBOL_server_http_response_buffer_size = 392, /* server_http_response_buffer_size */ + YYSYMBOL_server_http_nodelay = 393, /* server_http_nodelay */ + YYSYMBOL_server_http_notls_downstream = 394, /* server_http_notls_downstream */ + YYSYMBOL_server_use_systemd = 395, /* server_use_systemd */ + YYSYMBOL_server_do_daemonize = 396, /* server_do_daemonize */ + YYSYMBOL_server_use_syslog = 397, /* server_use_syslog */ + YYSYMBOL_server_log_time_ascii = 398, /* server_log_time_ascii */ + YYSYMBOL_server_log_queries = 399, /* server_log_queries */ + YYSYMBOL_server_log_replies = 400, /* server_log_replies */ + YYSYMBOL_server_log_tag_queryreply = 401, /* server_log_tag_queryreply */ + YYSYMBOL_server_log_servfail = 402, /* server_log_servfail */ + YYSYMBOL_server_log_local_actions = 403, /* server_log_local_actions */ + YYSYMBOL_server_chroot = 404, /* server_chroot */ + YYSYMBOL_server_username = 405, /* server_username */ + YYSYMBOL_server_directory = 406, /* server_directory */ + YYSYMBOL_server_logfile = 407, /* server_logfile */ + YYSYMBOL_server_pidfile = 408, /* server_pidfile */ + YYSYMBOL_server_root_hints = 409, /* server_root_hints */ + YYSYMBOL_server_dlv_anchor_file = 410, /* server_dlv_anchor_file */ + YYSYMBOL_server_dlv_anchor = 411, /* server_dlv_anchor */ + YYSYMBOL_server_auto_trust_anchor_file = 412, /* server_auto_trust_anchor_file */ + YYSYMBOL_server_trust_anchor_file = 413, /* server_trust_anchor_file */ + YYSYMBOL_server_trusted_keys_file = 414, /* server_trusted_keys_file */ + YYSYMBOL_server_trust_anchor = 415, /* server_trust_anchor */ + YYSYMBOL_server_trust_anchor_signaling = 416, /* server_trust_anchor_signaling */ + YYSYMBOL_server_root_key_sentinel = 417, /* server_root_key_sentinel */ + YYSYMBOL_server_domain_insecure = 418, /* server_domain_insecure */ + YYSYMBOL_server_hide_identity = 419, /* server_hide_identity */ + YYSYMBOL_server_hide_version = 420, /* server_hide_version */ + YYSYMBOL_server_hide_trustanchor = 421, /* server_hide_trustanchor */ + YYSYMBOL_server_identity = 422, /* server_identity */ + YYSYMBOL_server_version = 423, /* server_version */ + YYSYMBOL_server_nsid = 424, /* server_nsid */ + YYSYMBOL_server_so_rcvbuf = 425, /* server_so_rcvbuf */ + YYSYMBOL_server_so_sndbuf = 426, /* server_so_sndbuf */ + YYSYMBOL_server_so_reuseport = 427, /* server_so_reuseport */ + YYSYMBOL_server_ip_transparent = 428, /* server_ip_transparent */ + YYSYMBOL_server_ip_freebind = 429, /* server_ip_freebind */ + YYSYMBOL_server_ip_dscp = 430, /* server_ip_dscp */ + YYSYMBOL_server_stream_wait_size = 431, /* server_stream_wait_size */ + YYSYMBOL_server_edns_buffer_size = 432, /* server_edns_buffer_size */ + YYSYMBOL_server_msg_buffer_size = 433, /* server_msg_buffer_size */ + YYSYMBOL_server_msg_cache_size = 434, /* server_msg_cache_size */ + YYSYMBOL_server_msg_cache_slabs = 435, /* server_msg_cache_slabs */ + YYSYMBOL_server_num_queries_per_thread = 436, /* server_num_queries_per_thread */ + YYSYMBOL_server_jostle_timeout = 437, /* server_jostle_timeout */ + YYSYMBOL_server_delay_close = 438, /* server_delay_close */ + YYSYMBOL_server_udp_connect = 439, /* server_udp_connect */ + YYSYMBOL_server_unblock_lan_zones = 440, /* server_unblock_lan_zones */ + YYSYMBOL_server_insecure_lan_zones = 441, /* server_insecure_lan_zones */ + YYSYMBOL_server_rrset_cache_size = 442, /* server_rrset_cache_size */ + YYSYMBOL_server_rrset_cache_slabs = 443, /* server_rrset_cache_slabs */ + YYSYMBOL_server_infra_host_ttl = 444, /* server_infra_host_ttl */ + YYSYMBOL_server_infra_lame_ttl = 445, /* server_infra_lame_ttl */ + YYSYMBOL_server_infra_cache_numhosts = 446, /* server_infra_cache_numhosts */ + YYSYMBOL_server_infra_cache_lame_size = 447, /* server_infra_cache_lame_size */ + YYSYMBOL_server_infra_cache_slabs = 448, /* server_infra_cache_slabs */ + YYSYMBOL_server_infra_cache_min_rtt = 449, /* server_infra_cache_min_rtt */ + YYSYMBOL_server_infra_keep_probing = 450, /* server_infra_keep_probing */ + YYSYMBOL_server_target_fetch_policy = 451, /* server_target_fetch_policy */ + YYSYMBOL_server_harden_short_bufsize = 452, /* server_harden_short_bufsize */ + YYSYMBOL_server_harden_large_queries = 453, /* server_harden_large_queries */ + YYSYMBOL_server_harden_glue = 454, /* server_harden_glue */ + YYSYMBOL_server_harden_dnssec_stripped = 455, /* server_harden_dnssec_stripped */ + YYSYMBOL_server_harden_below_nxdomain = 456, /* server_harden_below_nxdomain */ + YYSYMBOL_server_harden_referral_path = 457, /* server_harden_referral_path */ + YYSYMBOL_server_harden_algo_downgrade = 458, /* server_harden_algo_downgrade */ + YYSYMBOL_server_use_caps_for_id = 459, /* server_use_caps_for_id */ + YYSYMBOL_server_caps_whitelist = 460, /* server_caps_whitelist */ + YYSYMBOL_server_private_address = 461, /* server_private_address */ + YYSYMBOL_server_private_domain = 462, /* server_private_domain */ + YYSYMBOL_server_prefetch = 463, /* server_prefetch */ + YYSYMBOL_server_prefetch_key = 464, /* server_prefetch_key */ + YYSYMBOL_server_deny_any = 465, /* server_deny_any */ + YYSYMBOL_server_unwanted_reply_threshold = 466, /* server_unwanted_reply_threshold */ + YYSYMBOL_server_do_not_query_address = 467, /* server_do_not_query_address */ + YYSYMBOL_server_do_not_query_localhost = 468, /* server_do_not_query_localhost */ + YYSYMBOL_server_access_control = 469, /* server_access_control */ + YYSYMBOL_server_module_conf = 470, /* server_module_conf */ + YYSYMBOL_server_val_override_date = 471, /* server_val_override_date */ + YYSYMBOL_server_val_sig_skew_min = 472, /* server_val_sig_skew_min */ + YYSYMBOL_server_val_sig_skew_max = 473, /* server_val_sig_skew_max */ + YYSYMBOL_server_cache_max_ttl = 474, /* server_cache_max_ttl */ + YYSYMBOL_server_cache_max_negative_ttl = 475, /* server_cache_max_negative_ttl */ + YYSYMBOL_server_cache_min_ttl = 476, /* server_cache_min_ttl */ + YYSYMBOL_server_bogus_ttl = 477, /* server_bogus_ttl */ + YYSYMBOL_server_val_clean_additional = 478, /* server_val_clean_additional */ + YYSYMBOL_server_val_permissive_mode = 479, /* server_val_permissive_mode */ + YYSYMBOL_server_aggressive_nsec = 480, /* server_aggressive_nsec */ + YYSYMBOL_server_ignore_cd_flag = 481, /* server_ignore_cd_flag */ + YYSYMBOL_server_serve_expired = 482, /* server_serve_expired */ + YYSYMBOL_server_serve_expired_ttl = 483, /* server_serve_expired_ttl */ + YYSYMBOL_server_serve_expired_ttl_reset = 484, /* server_serve_expired_ttl_reset */ + YYSYMBOL_server_serve_expired_reply_ttl = 485, /* server_serve_expired_reply_ttl */ + YYSYMBOL_server_serve_expired_client_timeout = 486, /* server_serve_expired_client_timeout */ + YYSYMBOL_server_serve_original_ttl = 487, /* server_serve_original_ttl */ + YYSYMBOL_server_fake_dsa = 488, /* server_fake_dsa */ + YYSYMBOL_server_fake_sha1 = 489, /* server_fake_sha1 */ + YYSYMBOL_server_val_log_level = 490, /* server_val_log_level */ + YYSYMBOL_server_val_nsec3_keysize_iterations = 491, /* server_val_nsec3_keysize_iterations */ + YYSYMBOL_server_zonemd_permissive_mode = 492, /* server_zonemd_permissive_mode */ + YYSYMBOL_server_add_holddown = 493, /* server_add_holddown */ + YYSYMBOL_server_del_holddown = 494, /* server_del_holddown */ + YYSYMBOL_server_keep_missing = 495, /* server_keep_missing */ + YYSYMBOL_server_permit_small_holddown = 496, /* server_permit_small_holddown */ + YYSYMBOL_server_key_cache_size = 497, /* server_key_cache_size */ + YYSYMBOL_server_key_cache_slabs = 498, /* server_key_cache_slabs */ + YYSYMBOL_server_neg_cache_size = 499, /* server_neg_cache_size */ + YYSYMBOL_server_local_zone = 500, /* server_local_zone */ + YYSYMBOL_server_local_data = 501, /* server_local_data */ + YYSYMBOL_server_local_data_ptr = 502, /* server_local_data_ptr */ + YYSYMBOL_server_minimal_responses = 503, /* server_minimal_responses */ + YYSYMBOL_server_rrset_roundrobin = 504, /* server_rrset_roundrobin */ + YYSYMBOL_server_unknown_server_time_limit = 505, /* server_unknown_server_time_limit */ + YYSYMBOL_server_max_udp_size = 506, /* server_max_udp_size */ + YYSYMBOL_server_dns64_prefix = 507, /* server_dns64_prefix */ + YYSYMBOL_server_dns64_synthall = 508, /* server_dns64_synthall */ + YYSYMBOL_server_dns64_ignore_aaaa = 509, /* server_dns64_ignore_aaaa */ + YYSYMBOL_server_define_tag = 510, /* server_define_tag */ + YYSYMBOL_server_local_zone_tag = 511, /* server_local_zone_tag */ + YYSYMBOL_server_access_control_tag = 512, /* server_access_control_tag */ + YYSYMBOL_server_access_control_tag_action = 513, /* server_access_control_tag_action */ + YYSYMBOL_server_access_control_tag_data = 514, /* server_access_control_tag_data */ + YYSYMBOL_server_local_zone_override = 515, /* server_local_zone_override */ + YYSYMBOL_server_access_control_view = 516, /* server_access_control_view */ + YYSYMBOL_server_response_ip_tag = 517, /* server_response_ip_tag */ + YYSYMBOL_server_ip_ratelimit = 518, /* server_ip_ratelimit */ + YYSYMBOL_server_ratelimit = 519, /* server_ratelimit */ + YYSYMBOL_server_ip_ratelimit_size = 520, /* server_ip_ratelimit_size */ + YYSYMBOL_server_ratelimit_size = 521, /* server_ratelimit_size */ + YYSYMBOL_server_ip_ratelimit_slabs = 522, /* server_ip_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_slabs = 523, /* server_ratelimit_slabs */ + YYSYMBOL_server_ratelimit_for_domain = 524, /* server_ratelimit_for_domain */ + YYSYMBOL_server_ratelimit_below_domain = 525, /* server_ratelimit_below_domain */ + YYSYMBOL_server_ip_ratelimit_factor = 526, /* server_ip_ratelimit_factor */ + YYSYMBOL_server_ratelimit_factor = 527, /* server_ratelimit_factor */ + YYSYMBOL_server_low_rtt = 528, /* server_low_rtt */ + YYSYMBOL_server_fast_server_num = 529, /* server_fast_server_num */ + YYSYMBOL_server_fast_server_permil = 530, /* server_fast_server_permil */ + YYSYMBOL_server_qname_minimisation = 531, /* server_qname_minimisation */ + YYSYMBOL_server_qname_minimisation_strict = 532, /* server_qname_minimisation_strict */ + YYSYMBOL_server_pad_responses = 533, /* server_pad_responses */ + YYSYMBOL_server_pad_responses_block_size = 534, /* server_pad_responses_block_size */ + YYSYMBOL_server_pad_queries = 535, /* server_pad_queries */ + YYSYMBOL_server_pad_queries_block_size = 536, /* server_pad_queries_block_size */ + YYSYMBOL_server_ipsecmod_enabled = 537, /* server_ipsecmod_enabled */ + YYSYMBOL_server_ipsecmod_ignore_bogus = 538, /* server_ipsecmod_ignore_bogus */ + YYSYMBOL_server_ipsecmod_hook = 539, /* server_ipsecmod_hook */ + YYSYMBOL_server_ipsecmod_max_ttl = 540, /* server_ipsecmod_max_ttl */ + YYSYMBOL_server_ipsecmod_whitelist = 541, /* server_ipsecmod_whitelist */ + YYSYMBOL_server_ipsecmod_strict = 542, /* server_ipsecmod_strict */ + YYSYMBOL_server_edns_client_string = 543, /* server_edns_client_string */ + YYSYMBOL_server_edns_client_string_opcode = 544, /* server_edns_client_string_opcode */ + YYSYMBOL_stub_name = 545, /* stub_name */ + YYSYMBOL_stub_host = 546, /* stub_host */ + YYSYMBOL_stub_addr = 547, /* stub_addr */ + YYSYMBOL_stub_first = 548, /* stub_first */ + YYSYMBOL_stub_no_cache = 549, /* stub_no_cache */ + YYSYMBOL_stub_ssl_upstream = 550, /* stub_ssl_upstream */ + YYSYMBOL_stub_prime = 551, /* stub_prime */ + YYSYMBOL_forward_name = 552, /* forward_name */ + YYSYMBOL_forward_host = 553, /* forward_host */ + YYSYMBOL_forward_addr = 554, /* forward_addr */ + YYSYMBOL_forward_first = 555, /* forward_first */ + YYSYMBOL_forward_no_cache = 556, /* forward_no_cache */ + YYSYMBOL_forward_ssl_upstream = 557, /* forward_ssl_upstream */ + YYSYMBOL_auth_name = 558, /* auth_name */ + YYSYMBOL_auth_zonefile = 559, /* auth_zonefile */ + YYSYMBOL_auth_master = 560, /* auth_master */ + YYSYMBOL_auth_url = 561, /* auth_url */ + YYSYMBOL_auth_allow_notify = 562, /* auth_allow_notify */ + YYSYMBOL_auth_zonemd_reject_absence = 563, /* auth_zonemd_reject_absence */ + YYSYMBOL_auth_for_downstream = 564, /* auth_for_downstream */ + YYSYMBOL_auth_for_upstream = 565, /* auth_for_upstream */ + YYSYMBOL_auth_fallback_enabled = 566, /* auth_fallback_enabled */ + YYSYMBOL_view_name = 567, /* view_name */ + YYSYMBOL_view_local_zone = 568, /* view_local_zone */ + YYSYMBOL_view_response_ip = 569, /* view_response_ip */ + YYSYMBOL_view_response_ip_data = 570, /* view_response_ip_data */ + YYSYMBOL_view_local_data = 571, /* view_local_data */ + YYSYMBOL_view_local_data_ptr = 572, /* view_local_data_ptr */ + YYSYMBOL_view_first = 573, /* view_first */ + YYSYMBOL_rcstart = 574, /* rcstart */ + YYSYMBOL_contents_rc = 575, /* contents_rc */ + YYSYMBOL_content_rc = 576, /* content_rc */ + YYSYMBOL_rc_control_enable = 577, /* rc_control_enable */ + YYSYMBOL_rc_control_port = 578, /* rc_control_port */ + YYSYMBOL_rc_control_interface = 579, /* rc_control_interface */ + YYSYMBOL_rc_control_use_cert = 580, /* rc_control_use_cert */ + YYSYMBOL_rc_server_key_file = 581, /* rc_server_key_file */ + YYSYMBOL_rc_server_cert_file = 582, /* rc_server_cert_file */ + YYSYMBOL_rc_control_key_file = 583, /* rc_control_key_file */ + YYSYMBOL_rc_control_cert_file = 584, /* rc_control_cert_file */ + YYSYMBOL_dtstart = 585, /* dtstart */ + YYSYMBOL_contents_dt = 586, /* contents_dt */ + YYSYMBOL_content_dt = 587, /* content_dt */ + YYSYMBOL_dt_dnstap_enable = 588, /* dt_dnstap_enable */ + YYSYMBOL_dt_dnstap_bidirectional = 589, /* dt_dnstap_bidirectional */ + YYSYMBOL_dt_dnstap_socket_path = 590, /* dt_dnstap_socket_path */ + YYSYMBOL_dt_dnstap_ip = 591, /* dt_dnstap_ip */ + YYSYMBOL_dt_dnstap_tls = 592, /* dt_dnstap_tls */ + YYSYMBOL_dt_dnstap_tls_server_name = 593, /* dt_dnstap_tls_server_name */ + YYSYMBOL_dt_dnstap_tls_cert_bundle = 594, /* dt_dnstap_tls_cert_bundle */ + YYSYMBOL_dt_dnstap_tls_client_key_file = 595, /* dt_dnstap_tls_client_key_file */ + YYSYMBOL_dt_dnstap_tls_client_cert_file = 596, /* dt_dnstap_tls_client_cert_file */ + YYSYMBOL_dt_dnstap_send_identity = 597, /* dt_dnstap_send_identity */ + YYSYMBOL_dt_dnstap_send_version = 598, /* dt_dnstap_send_version */ + YYSYMBOL_dt_dnstap_identity = 599, /* dt_dnstap_identity */ + YYSYMBOL_dt_dnstap_version = 600, /* dt_dnstap_version */ + YYSYMBOL_dt_dnstap_log_resolver_query_messages = 601, /* dt_dnstap_log_resolver_query_messages */ + YYSYMBOL_dt_dnstap_log_resolver_response_messages = 602, /* dt_dnstap_log_resolver_response_messages */ + YYSYMBOL_dt_dnstap_log_client_query_messages = 603, /* dt_dnstap_log_client_query_messages */ + YYSYMBOL_dt_dnstap_log_client_response_messages = 604, /* dt_dnstap_log_client_response_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_query_messages = 605, /* dt_dnstap_log_forwarder_query_messages */ + YYSYMBOL_dt_dnstap_log_forwarder_response_messages = 606, /* dt_dnstap_log_forwarder_response_messages */ + YYSYMBOL_pythonstart = 607, /* pythonstart */ + YYSYMBOL_contents_py = 608, /* contents_py */ + YYSYMBOL_content_py = 609, /* content_py */ + YYSYMBOL_py_script = 610, /* py_script */ + YYSYMBOL_dynlibstart = 611, /* dynlibstart */ + YYSYMBOL_contents_dl = 612, /* contents_dl */ + YYSYMBOL_content_dl = 613, /* content_dl */ + YYSYMBOL_dl_file = 614, /* dl_file */ + YYSYMBOL_server_disable_dnssec_lame_check = 615, /* server_disable_dnssec_lame_check */ + YYSYMBOL_server_log_identity = 616, /* server_log_identity */ + YYSYMBOL_server_response_ip = 617, /* server_response_ip */ + YYSYMBOL_server_response_ip_data = 618, /* server_response_ip_data */ + YYSYMBOL_dnscstart = 619, /* dnscstart */ + YYSYMBOL_contents_dnsc = 620, /* contents_dnsc */ + YYSYMBOL_content_dnsc = 621, /* content_dnsc */ + YYSYMBOL_dnsc_dnscrypt_enable = 622, /* dnsc_dnscrypt_enable */ + YYSYMBOL_dnsc_dnscrypt_port = 623, /* dnsc_dnscrypt_port */ + YYSYMBOL_dnsc_dnscrypt_provider = 624, /* dnsc_dnscrypt_provider */ + YYSYMBOL_dnsc_dnscrypt_provider_cert = 625, /* dnsc_dnscrypt_provider_cert */ + YYSYMBOL_dnsc_dnscrypt_provider_cert_rotated = 626, /* dnsc_dnscrypt_provider_cert_rotated */ + YYSYMBOL_dnsc_dnscrypt_secret_key = 627, /* dnsc_dnscrypt_secret_key */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_size = 628, /* dnsc_dnscrypt_shared_secret_cache_size */ + YYSYMBOL_dnsc_dnscrypt_shared_secret_cache_slabs = 629, /* dnsc_dnscrypt_shared_secret_cache_slabs */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_size = 630, /* dnsc_dnscrypt_nonce_cache_size */ + YYSYMBOL_dnsc_dnscrypt_nonce_cache_slabs = 631, /* dnsc_dnscrypt_nonce_cache_slabs */ + YYSYMBOL_cachedbstart = 632, /* cachedbstart */ + YYSYMBOL_contents_cachedb = 633, /* contents_cachedb */ + YYSYMBOL_content_cachedb = 634, /* content_cachedb */ + YYSYMBOL_cachedb_backend_name = 635, /* cachedb_backend_name */ + YYSYMBOL_cachedb_secret_seed = 636, /* cachedb_secret_seed */ + YYSYMBOL_redis_server_host = 637, /* redis_server_host */ + YYSYMBOL_redis_server_port = 638, /* redis_server_port */ + YYSYMBOL_redis_timeout = 639, /* redis_timeout */ + YYSYMBOL_redis_expire_records = 640, /* redis_expire_records */ + YYSYMBOL_server_tcp_connection_limit = 641, /* server_tcp_connection_limit */ + YYSYMBOL_ipsetstart = 642, /* ipsetstart */ + YYSYMBOL_contents_ipset = 643, /* contents_ipset */ + YYSYMBOL_content_ipset = 644, /* content_ipset */ + YYSYMBOL_ipset_name_v4 = 645, /* ipset_name_v4 */ + YYSYMBOL_ipset_name_v6 = 646 /* ipset_name_v6 */ +}; +typedef enum yysymbol_kind_t yysymbol_kind_t; + @@ -767,36 +1447,83 @@ int yyparse (void); # undef short #endif -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; -#else -typedef unsigned char yytype_uint8; +/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure + and (if available) are included + so that the code can choose integer types of a good width. */ + +#ifndef __PTRDIFF_MAX__ +# include /* INFRINGES ON USER NAME SPACE */ +# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_STDINT_H +# endif #endif -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; +/* Narrow types that promote to a signed type and that can represent a + signed or unsigned integer of at least N bits. In tables they can + save space and decrease cache pressure. Promoting to a signed type + helps avoid bugs in integer arithmetic. */ + +#ifdef __INT_LEAST8_MAX__ +typedef __INT_LEAST8_TYPE__ yytype_int8; +#elif defined YY_STDINT_H +typedef int_least8_t yytype_int8; #else typedef signed char yytype_int8; #endif -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; -#else -typedef unsigned short yytype_uint16; -#endif - -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; +#ifdef __INT_LEAST16_MAX__ +typedef __INT_LEAST16_TYPE__ yytype_int16; +#elif defined YY_STDINT_H +typedef int_least16_t yytype_int16; #else typedef short yytype_int16; #endif +#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST8_TYPE__ yytype_uint8; +#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST8_MAX <= INT_MAX) +typedef uint_least8_t yytype_uint8; +#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX +typedef unsigned char yytype_uint8; +#else +typedef short yytype_uint8; +#endif + +#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST16_TYPE__ yytype_uint16; +#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST16_MAX <= INT_MAX) +typedef uint_least16_t yytype_uint16; +#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX +typedef unsigned short yytype_uint16; +#else +typedef int yytype_uint16; +#endif + +#ifndef YYPTRDIFF_T +# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ +# define YYPTRDIFF_T __PTRDIFF_TYPE__ +# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ +# elif defined PTRDIFF_MAX +# ifndef ptrdiff_t +# include /* INFRINGES ON USER NAME SPACE */ +# endif +# define YYPTRDIFF_T ptrdiff_t +# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX +# else +# define YYPTRDIFF_T long +# define YYPTRDIFF_MAXIMUM LONG_MAX +# endif +#endif + #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t -# elif ! defined YYSIZE_T +# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else @@ -804,7 +1531,20 @@ typedef short yytype_int16; # endif #endif -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) +#define YYSIZE_MAXIMUM \ + YY_CAST (YYPTRDIFF_T, \ + (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ + ? YYPTRDIFF_MAXIMUM \ + : YY_CAST (YYSIZE_T, -1))) + +#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) + + +/* Stored state numbers (used for stacks). */ +typedef yytype_int16 yy_state_t; + +/* State numbers in computations. */ +typedef int yy_state_fast_t; #ifndef YY_ # if defined YYENABLE_NLS && YYENABLE_NLS @@ -818,22 +1558,21 @@ typedef short yytype_int16; # endif #endif -#ifndef YY_ATTRIBUTE -# if (defined __GNUC__ \ - && (2 < __GNUC__ || (__GNUC__ == 2 && 96 <= __GNUC_MINOR__))) \ - || defined __SUNPRO_C && 0x5110 <= __SUNPRO_C -# define YY_ATTRIBUTE(Spec) __attribute__(Spec) + +#ifndef YY_ATTRIBUTE_PURE +# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) # else -# define YY_ATTRIBUTE(Spec) /* empty */ +# define YY_ATTRIBUTE_PURE # endif #endif -#ifndef YY_ATTRIBUTE_PURE -# define YY_ATTRIBUTE_PURE YY_ATTRIBUTE ((__pure__)) -#endif - #ifndef YY_ATTRIBUTE_UNUSED -# define YY_ATTRIBUTE_UNUSED YY_ATTRIBUTE ((__unused__)) +# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +# else +# define YY_ATTRIBUTE_UNUSED +# endif #endif /* Suppress unused-variable warnings by "using" E. */ @@ -845,11 +1584,11 @@ typedef short yytype_int16; #if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ - _Pragma ("GCC diagnostic push") \ - _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"")\ +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") -# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ +# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ _Pragma ("GCC diagnostic pop") #else # define YY_INITIAL_VALUE(Value) Value @@ -862,10 +1601,22 @@ typedef short yytype_int16; # define YY_INITIAL_VALUE(Value) /* Nothing. */ #endif +#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ +# define YY_IGNORE_USELESS_CAST_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") +# define YY_IGNORE_USELESS_CAST_END \ + _Pragma ("GCC diagnostic pop") +#endif +#ifndef YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_END +#endif + #define YY_ASSERT(E) ((void) (0 && (E))) -#if ! defined yyoverflow || YYERROR_VERBOSE +#if !defined yyoverflow /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -930,8 +1681,7 @@ void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - +#endif /* !defined yyoverflow */ #if (! defined yyoverflow \ && (! defined __cplusplus \ @@ -940,17 +1690,17 @@ void free (void *); /* INFRINGES ON USER NAME SPACE */ /* A type that is properly aligned for any stack member. */ union yyalloc { - yytype_int16 yyss_alloc; + yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) +# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) # define YYCOPY_NEEDED 1 @@ -963,11 +1713,11 @@ union yyalloc # define YYSTACK_RELOCATE(Stack_alloc, Stack) \ do \ { \ - YYSIZE_T yynewbytes; \ + YYPTRDIFF_T yynewbytes; \ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ + yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / YYSIZEOF (*yyptr); \ } \ while (0) @@ -979,12 +1729,12 @@ union yyalloc # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(Dst, Src, Count) \ - __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) + __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) # else # define YYCOPY(Dst, Src, Count) \ do \ { \ - YYSIZE_T yyi; \ + YYPTRDIFF_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (Dst)[yyi] = (Src)[yyi]; \ } \ @@ -996,28 +1746,30 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 641 +#define YYLAST 657 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 303 +#define YYNTOKENS 311 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 328 +#define YYNNTS 336 /* YYNRULES -- Number of rules. */ -#define YYNRULES 632 +#define YYNRULES 648 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 939 +#define YYNSTATES 963 + +#define YYMAXUTOK 565 -#define YYUNDEFTOK 2 -#define YYMAXUTOK 557 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM as returned by yylex, with out-of-bounds checking. */ -#define YYTRANSLATE(YYX) \ - ((unsigned) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) +#define YYTRANSLATE(YYX) \ + (0 <= (YYX) && (YYX) <= YYMAXUTOK \ + ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ + : YYSYMBOL_YYUNDEF) /* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM as returned by yylex. */ -static const yytype_uint16 yytranslate[] = +static const yytype_int16 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1074,90 +1826,99 @@ static const yytype_uint16 yytranslate[] = 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302 + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 307, 308, 309, 310 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ -static const yytype_uint16 yyrline[] = +static const yytype_int16 yyrline[] = { - 0, 185, 185, 185, 186, 186, 187, 187, 188, 188, - 188, 189, 189, 190, 190, 191, 191, 192, 194, 200, - 205, 206, 207, 207, 207, 208, 208, 209, 209, 209, - 210, 210, 211, 211, 211, 212, 212, 213, 213, 213, - 214, 214, 214, 215, 215, 216, 216, 217, 217, 218, - 218, 219, 219, 220, 220, 221, 221, 222, 222, 223, - 223, 223, 224, 224, 224, 225, 225, 225, 226, 226, - 227, 227, 228, 228, 229, 229, 230, 230, 230, 231, - 231, 232, 232, 233, 233, 233, 234, 234, 235, 235, - 236, 236, 237, 237, 237, 238, 238, 239, 239, 240, - 240, 241, 241, 242, 242, 243, 243, 243, 244, 244, - 245, 245, 245, 246, 246, 246, 247, 247, 247, 248, - 248, 248, 248, 249, 250, 250, 250, 251, 251, 251, - 252, 252, 253, 253, 254, 254, 254, 255, 255, 255, - 256, 256, 257, 257, 257, 258, 258, 259, 259, 259, - 260, 260, 261, 261, 262, 262, 263, 264, 264, 265, - 265, 266, 266, 267, 268, 268, 269, 269, 270, 270, - 271, 271, 272, 272, 273, 273, 273, 274, 274, 275, - 275, 276, 276, 277, 277, 278, 278, 279, 279, 280, - 280, 280, 281, 281, 281, 282, 282, 282, 283, 283, - 284, 285, 285, 286, 286, 287, 287, 288, 288, 289, - 289, 289, 290, 290, 290, 291, 291, 291, 292, 292, - 293, 293, 294, 294, 295, 295, 296, 298, 310, 311, - 312, 312, 312, 312, 312, 313, 313, 315, 327, 328, - 329, 329, 329, 329, 330, 330, 332, 346, 347, 348, - 348, 348, 348, 349, 349, 349, 351, 368, 369, 370, - 370, 370, 370, 371, 371, 371, 372, 375, 394, 411, - 419, 429, 437, 454, 455, 456, 456, 456, 456, 456, - 457, 457, 457, 458, 458, 460, 469, 478, 489, 498, - 507, 516, 527, 536, 548, 562, 577, 588, 605, 622, - 639, 656, 671, 686, 699, 714, 723, 732, 741, 750, - 759, 768, 777, 786, 795, 804, 813, 822, 831, 840, - 853, 862, 875, 884, 893, 902, 909, 916, 925, 932, - 941, 949, 956, 963, 971, 980, 988, 1004, 1012, 1020, - 1028, 1036, 1044, 1053, 1062, 1076, 1085, 1094, 1103, 1112, - 1121, 1130, 1137, 1144, 1170, 1178, 1185, 1192, 1199, 1206, - 1214, 1222, 1230, 1237, 1248, 1259, 1266, 1275, 1284, 1293, - 1300, 1307, 1315, 1323, 1333, 1343, 1353, 1367, 1375, 1388, - 1399, 1407, 1420, 1429, 1438, 1447, 1456, 1466, 1476, 1484, - 1497, 1506, 1514, 1523, 1531, 1544, 1553, 1563, 1570, 1580, - 1590, 1600, 1610, 1620, 1630, 1640, 1650, 1657, 1664, 1671, - 1680, 1689, 1698, 1707, 1714, 1724, 1744, 1751, 1769, 1782, - 1795, 1804, 1813, 1822, 1831, 1841, 1851, 1862, 1871, 1880, - 1889, 1898, 1907, 1916, 1929, 1942, 1951, 1958, 1967, 1976, - 1985, 1994, 2002, 2015, 2023, 2068, 2075, 2090, 2100, 2110, - 2117, 2124, 2131, 2140, 2148, 2162, 2183, 2204, 2216, 2228, - 2240, 2249, 2270, 2280, 2289, 2297, 2305, 2318, 2331, 2346, - 2361, 2370, 2379, 2385, 2394, 2403, 2413, 2423, 2436, 2449, - 2461, 2475, 2487, 2501, 2510, 2522, 2532, 2539, 2546, 2555, - 2564, 2574, 2584, 2594, 2601, 2608, 2617, 2626, 2636, 2646, - 2653, 2660, 2667, 2675, 2685, 2695, 2705, 2715, 2754, 2764, - 2772, 2780, 2795, 2804, 2809, 2810, 2811, 2811, 2811, 2812, - 2812, 2812, 2813, 2813, 2815, 2825, 2834, 2841, 2848, 2855, - 2862, 2869, 2876, 2881, 2882, 2883, 2883, 2883, 2884, 2884, - 2884, 2885, 2886, 2886, 2887, 2887, 2888, 2888, 2889, 2890, - 2891, 2892, 2893, 2894, 2896, 2905, 2915, 2922, 2929, 2938, - 2945, 2952, 2959, 2966, 2975, 2984, 2991, 2998, 3008, 3018, - 3028, 3038, 3048, 3058, 3063, 3064, 3065, 3067, 3073, 3078, - 3079, 3080, 3082, 3088, 3098, 3105, 3114, 3122, 3127, 3128, - 3130, 3130, 3130, 3131, 3131, 3132, 3133, 3134, 3135, 3136, - 3138, 3148, 3157, 3164, 3173, 3180, 3189, 3197, 3210, 3218, - 3231, 3236, 3237, 3238, 3238, 3239, 3239, 3239, 3240, 3242, - 3254, 3266, 3278, 3293, 3306, 3319, 3330, 3335, 3336, 3337, - 3337, 3339, 3354 + 0, 188, 188, 188, 189, 189, 190, 190, 191, 191, + 191, 192, 192, 193, 193, 194, 194, 195, 197, 203, + 208, 209, 210, 210, 210, 211, 211, 212, 212, 212, + 213, 213, 214, 214, 214, 215, 215, 216, 216, 216, + 217, 217, 217, 218, 218, 219, 219, 220, 220, 221, + 221, 222, 222, 223, 223, 224, 224, 225, 225, 226, + 226, 226, 227, 227, 227, 228, 228, 228, 229, 229, + 230, 230, 231, 231, 232, 232, 233, 233, 233, 234, + 234, 235, 235, 236, 236, 236, 237, 237, 238, 238, + 239, 239, 240, 240, 240, 241, 241, 242, 242, 243, + 243, 244, 244, 245, 245, 246, 246, 246, 247, 247, + 248, 248, 248, 249, 249, 249, 250, 250, 250, 251, + 251, 251, 251, 252, 253, 253, 253, 254, 254, 254, + 255, 255, 256, 256, 257, 257, 257, 258, 258, 258, + 259, 259, 260, 260, 260, 261, 261, 262, 262, 262, + 263, 263, 264, 264, 265, 265, 266, 267, 267, 268, + 268, 269, 269, 270, 271, 271, 272, 272, 273, 273, + 274, 274, 275, 275, 276, 276, 276, 277, 277, 278, + 278, 279, 279, 280, 281, 281, 282, 282, 283, 284, + 284, 285, 285, 286, 286, 287, 287, 288, 288, 288, + 289, 289, 289, 290, 290, 291, 292, 292, 293, 293, + 294, 294, 295, 295, 296, 296, 296, 297, 297, 297, + 298, 298, 298, 299, 299, 300, 300, 301, 301, 302, + 302, 303, 303, 304, 306, 318, 319, 320, 320, 320, + 320, 320, 321, 321, 323, 335, 336, 337, 337, 337, + 337, 338, 338, 340, 354, 355, 356, 356, 356, 356, + 357, 357, 357, 359, 377, 378, 379, 379, 379, 379, + 380, 380, 380, 381, 381, 384, 403, 420, 428, 438, + 446, 463, 464, 465, 465, 465, 465, 465, 466, 466, + 466, 467, 467, 469, 478, 487, 498, 507, 516, 525, + 536, 545, 557, 571, 586, 597, 614, 631, 648, 665, + 680, 695, 708, 723, 732, 741, 750, 759, 768, 777, + 786, 795, 804, 813, 822, 831, 840, 849, 862, 871, + 884, 893, 902, 911, 918, 925, 934, 941, 950, 958, + 965, 972, 980, 989, 997, 1013, 1021, 1029, 1037, 1045, + 1053, 1062, 1071, 1085, 1094, 1103, 1112, 1121, 1130, 1139, + 1146, 1153, 1179, 1187, 1194, 1201, 1208, 1215, 1223, 1231, + 1239, 1246, 1257, 1268, 1275, 1284, 1293, 1302, 1309, 1316, + 1332, 1340, 1348, 1358, 1368, 1378, 1392, 1400, 1413, 1424, + 1432, 1445, 1454, 1463, 1472, 1481, 1491, 1501, 1509, 1522, + 1531, 1539, 1548, 1556, 1569, 1578, 1588, 1595, 1605, 1615, + 1625, 1635, 1645, 1655, 1665, 1675, 1682, 1689, 1696, 1705, + 1714, 1723, 1732, 1739, 1749, 1769, 1776, 1794, 1807, 1820, + 1829, 1838, 1847, 1856, 1866, 1876, 1887, 1896, 1905, 1914, + 1923, 1932, 1941, 1950, 1963, 1976, 1985, 1992, 2001, 2010, + 2019, 2028, 2037, 2045, 2058, 2066, 2111, 2118, 2133, 2143, + 2153, 2160, 2167, 2174, 2183, 2191, 2205, 2226, 2247, 2259, + 2271, 2283, 2292, 2313, 2323, 2332, 2340, 2348, 2361, 2374, + 2389, 2404, 2413, 2422, 2428, 2437, 2446, 2456, 2466, 2476, + 2485, 2495, 2504, 2517, 2530, 2542, 2556, 2568, 2582, 2591, + 2603, 2613, 2620, 2627, 2636, 2645, 2655, 2665, 2675, 2682, + 2689, 2698, 2707, 2717, 2727, 2734, 2741, 2748, 2756, 2766, + 2776, 2786, 2796, 2806, 2845, 2855, 2863, 2871, 2886, 2895, + 2900, 2901, 2902, 2902, 2902, 2903, 2903, 2903, 2904, 2904, + 2906, 2916, 2925, 2932, 2939, 2946, 2953, 2960, 2967, 2972, + 2973, 2974, 2974, 2974, 2975, 2975, 2975, 2976, 2977, 2977, + 2978, 2978, 2979, 2979, 2980, 2981, 2982, 2983, 2984, 2985, + 2987, 2996, 3006, 3013, 3020, 3029, 3036, 3043, 3050, 3057, + 3066, 3075, 3082, 3089, 3099, 3109, 3119, 3129, 3139, 3149, + 3154, 3155, 3156, 3158, 3164, 3169, 3170, 3171, 3173, 3179, + 3189, 3196, 3205, 3213, 3218, 3219, 3221, 3221, 3221, 3222, + 3222, 3223, 3224, 3225, 3226, 3227, 3229, 3239, 3248, 3255, + 3264, 3271, 3280, 3288, 3301, 3309, 3322, 3327, 3328, 3329, + 3329, 3330, 3330, 3330, 3331, 3333, 3345, 3357, 3369, 3384, + 3397, 3410, 3421, 3426, 3427, 3428, 3428, 3430, 3445 }; #endif -#if YYDEBUG || YYERROR_VERBOSE || 0 +/** Accessing symbol of state STATE. */ +#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) + +#if YYDEBUG || 0 +/* The user-facing name of the symbol whose (internal) number is + YYSYMBOL. No bounds checking. */ +static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; + /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "SPACE", "LETTER", "NEWLINE", "COMMENT", - "COLON", "ANY", "ZONESTR", "STRING_ARG", "VAR_FORCE_TOPLEVEL", - "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", "VAR_PORT", - "VAR_OUTGOING_RANGE", "VAR_INTERFACE", "VAR_PREFER_IP4", "VAR_DO_IP4", - "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", + "\"end of file\"", "error", "\"invalid token\"", "SPACE", "LETTER", + "NEWLINE", "COMMENT", "COLON", "ANY", "ZONESTR", "STRING_ARG", + "VAR_FORCE_TOPLEVEL", "VAR_SERVER", "VAR_VERBOSITY", "VAR_NUM_THREADS", + "VAR_PORT", "VAR_OUTGOING_RANGE", "VAR_INTERFACE", "VAR_PREFER_IP4", + "VAR_DO_IP4", "VAR_DO_IP6", "VAR_PREFER_IP6", "VAR_DO_UDP", "VAR_DO_TCP", "VAR_TCP_MSS", "VAR_OUTGOING_TCP_MSS", "VAR_TCP_IDLE_TIMEOUT", "VAR_EDNS_TCP_KEEPALIVE", "VAR_EDNS_TCP_KEEPALIVE_TIMEOUT", "VAR_CHROOT", "VAR_USERNAME", "VAR_DIRECTORY", "VAR_LOGFILE", "VAR_PIDFILE", @@ -1237,8 +1998,9 @@ static const char *const yytname[] = "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_SERVE_EXPIRED_TTL", "VAR_SERVE_EXPIRED_TTL_RESET", "VAR_SERVE_EXPIRED_REPLY_TTL", - "VAR_SERVE_EXPIRED_CLIENT_TIMEOUT", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", - "VAR_LOG_IDENTITY", "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING", + "VAR_SERVE_EXPIRED_CLIENT_TIMEOUT", "VAR_SERVE_ORIGINAL_TTL", + "VAR_FAKE_DSA", "VAR_FAKE_SHA1", "VAR_LOG_IDENTITY", + "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING", "VAR_AGGRESSIVE_NSEC", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", "VAR_SHM_KEY", "VAR_ROOT_KEY_SENTINEL", "VAR_DNSCRYPT", "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", @@ -1247,35 +2009,37 @@ static const char *const yytname[] = "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE", "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS", "VAR_DNSCRYPT_NONCE_CACHE_SIZE", "VAR_DNSCRYPT_NONCE_CACHE_SLABS", - "VAR_IPSECMOD_ENABLED", "VAR_IPSECMOD_HOOK", "VAR_IPSECMOD_IGNORE_BOGUS", - "VAR_IPSECMOD_MAX_TTL", "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", - "VAR_CACHEDB", "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", - "VAR_CACHEDB_REDISHOST", "VAR_CACHEDB_REDISPORT", - "VAR_CACHEDB_REDISTIMEOUT", "VAR_CACHEDB_REDISEXPIRERECORDS", - "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", "VAR_FOR_UPSTREAM", - "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", "VAR_URL", - "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", "VAR_TLS_ADDITIONAL_PORT", - "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", "VAR_FAST_SERVER_PERMIL", - "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", - "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", "VAR_STUB_NO_CACHE", - "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", "VAR_UNKNOWN_SERVER_TIME_LIMIT", - "VAR_LOG_TAG_QUERYREPLY", "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", - "VAR_TLS_CIPHERSUITES", "VAR_TLS_USE_SNI", "VAR_IPSET", - "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", "VAR_TLS_SESSION_TICKET_KEYS", - "VAR_RPZ", "VAR_TAGS", "VAR_RPZ_ACTION_OVERRIDE", - "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", "VAR_RPZ_LOG_NAME", - "VAR_DYNLIB", "VAR_DYNLIB_FILE", "VAR_EDNS_CLIENT_STRING", - "VAR_EDNS_CLIENT_STRING_OPCODE", "$accept", "toplevelvars", - "toplevelvar", "force_toplevel", "serverstart", "contents_server", - "content_server", "stubstart", "contents_stub", "content_stub", - "forwardstart", "contents_forward", "content_forward", "viewstart", - "contents_view", "content_view", "authstart", "contents_auth", - "content_auth", "rpz_tag", "rpz_action_override", "rpz_cname_override", - "rpz_log", "rpz_log_name", "rpzstart", "contents_rpz", "content_rpz", - "server_num_threads", "server_verbosity", "server_statistics_interval", - "server_statistics_cumulative", "server_extended_statistics", - "server_shm_enable", "server_shm_key", "server_port", - "server_send_client_subnet", "server_client_subnet_zone", + "VAR_PAD_RESPONSES", "VAR_PAD_RESPONSES_BLOCK_SIZE", "VAR_PAD_QUERIES", + "VAR_PAD_QUERIES_BLOCK_SIZE", "VAR_IPSECMOD_ENABLED", + "VAR_IPSECMOD_HOOK", "VAR_IPSECMOD_IGNORE_BOGUS", "VAR_IPSECMOD_MAX_TTL", + "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", "VAR_CACHEDB", + "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", "VAR_CACHEDB_REDISHOST", + "VAR_CACHEDB_REDISPORT", "VAR_CACHEDB_REDISTIMEOUT", + "VAR_CACHEDB_REDISEXPIRERECORDS", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", + "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", + "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", + "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL", + "VAR_FAST_SERVER_PERMIL", "VAR_FAST_SERVER_NUM", "VAR_ALLOW_NOTIFY", + "VAR_TLS_WIN_CERT", "VAR_TCP_CONNECTION_LIMIT", "VAR_FORWARD_NO_CACHE", + "VAR_STUB_NO_CACHE", "VAR_LOG_SERVFAIL", "VAR_DENY_ANY", + "VAR_UNKNOWN_SERVER_TIME_LIMIT", "VAR_LOG_TAG_QUERYREPLY", + "VAR_STREAM_WAIT_SIZE", "VAR_TLS_CIPHERS", "VAR_TLS_CIPHERSUITES", + "VAR_TLS_USE_SNI", "VAR_IPSET", "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", + "VAR_TLS_SESSION_TICKET_KEYS", "VAR_RPZ", "VAR_TAGS", + "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", + "VAR_RPZ_LOG_NAME", "VAR_DYNLIB", "VAR_DYNLIB_FILE", + "VAR_EDNS_CLIENT_STRING", "VAR_EDNS_CLIENT_STRING_OPCODE", "VAR_NSID", + "VAR_ZONEMD_PERMISSIVE_MODE", "VAR_ZONEMD_REJECT_ABSENCE", "$accept", + "toplevelvars", "toplevelvar", "force_toplevel", "serverstart", + "contents_server", "content_server", "stubstart", "contents_stub", + "content_stub", "forwardstart", "contents_forward", "content_forward", + "viewstart", "contents_view", "content_view", "authstart", + "contents_auth", "content_auth", "rpz_tag", "rpz_action_override", + "rpz_cname_override", "rpz_log", "rpz_log_name", "rpzstart", + "contents_rpz", "content_rpz", "server_num_threads", "server_verbosity", + "server_statistics_interval", "server_statistics_cumulative", + "server_extended_statistics", "server_shm_enable", "server_shm_key", + "server_port", "server_send_client_subnet", "server_client_subnet_zone", "server_client_subnet_always_forward", "server_client_subnet_opcode", "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6", "server_min_client_subnet_ipv4", "server_min_client_subnet_ipv6", @@ -1307,7 +2071,7 @@ static const char *const yytname[] = "server_trust_anchor", "server_trust_anchor_signaling", "server_root_key_sentinel", "server_domain_insecure", "server_hide_identity", "server_hide_version", "server_hide_trustanchor", - "server_identity", "server_version", "server_so_rcvbuf", + "server_identity", "server_version", "server_nsid", "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size", "server_edns_buffer_size", "server_msg_buffer_size", @@ -1336,10 +2100,10 @@ static const char *const yytname[] = "server_aggressive_nsec", "server_ignore_cd_flag", "server_serve_expired", "server_serve_expired_ttl", "server_serve_expired_ttl_reset", "server_serve_expired_reply_ttl", - "server_serve_expired_client_timeout", "server_fake_dsa", - "server_fake_sha1", "server_val_log_level", - "server_val_nsec3_keysize_iterations", "server_add_holddown", - "server_del_holddown", "server_keep_missing", + "server_serve_expired_client_timeout", "server_serve_original_ttl", + "server_fake_dsa", "server_fake_sha1", "server_val_log_level", + "server_val_nsec3_keysize_iterations", "server_zonemd_permissive_mode", + "server_add_holddown", "server_del_holddown", "server_keep_missing", "server_permit_small_holddown", "server_key_cache_size", "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", "server_local_data", "server_local_data_ptr", "server_minimal_responses", @@ -1355,7 +2119,9 @@ static const char *const yytname[] = "server_ratelimit_below_domain", "server_ip_ratelimit_factor", "server_ratelimit_factor", "server_low_rtt", "server_fast_server_num", "server_fast_server_permil", "server_qname_minimisation", - "server_qname_minimisation_strict", "server_ipsecmod_enabled", + "server_qname_minimisation_strict", "server_pad_responses", + "server_pad_responses_block_size", "server_pad_queries", + "server_pad_queries_block_size", "server_ipsecmod_enabled", "server_ipsecmod_ignore_bogus", "server_ipsecmod_hook", "server_ipsecmod_max_ttl", "server_ipsecmod_whitelist", "server_ipsecmod_strict", "server_edns_client_string", @@ -1364,19 +2130,19 @@ static const char *const yytname[] = "stub_prime", "forward_name", "forward_host", "forward_addr", "forward_first", "forward_no_cache", "forward_ssl_upstream", "auth_name", "auth_zonefile", "auth_master", "auth_url", "auth_allow_notify", - "auth_for_downstream", "auth_for_upstream", "auth_fallback_enabled", - "view_name", "view_local_zone", "view_response_ip", - "view_response_ip_data", "view_local_data", "view_local_data_ptr", - "view_first", "rcstart", "contents_rc", "content_rc", - "rc_control_enable", "rc_control_port", "rc_control_interface", - "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", - "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", - "content_dt", "dt_dnstap_enable", "dt_dnstap_bidirectional", - "dt_dnstap_socket_path", "dt_dnstap_ip", "dt_dnstap_tls", - "dt_dnstap_tls_server_name", "dt_dnstap_tls_cert_bundle", - "dt_dnstap_tls_client_key_file", "dt_dnstap_tls_client_cert_file", - "dt_dnstap_send_identity", "dt_dnstap_send_version", - "dt_dnstap_identity", "dt_dnstap_version", + "auth_zonemd_reject_absence", "auth_for_downstream", "auth_for_upstream", + "auth_fallback_enabled", "view_name", "view_local_zone", + "view_response_ip", "view_response_ip_data", "view_local_data", + "view_local_data_ptr", "view_first", "rcstart", "contents_rc", + "content_rc", "rc_control_enable", "rc_control_port", + "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", + "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", + "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", + "dt_dnstap_bidirectional", "dt_dnstap_socket_path", "dt_dnstap_ip", + "dt_dnstap_tls", "dt_dnstap_tls_server_name", + "dt_dnstap_tls_cert_bundle", "dt_dnstap_tls_client_key_file", + "dt_dnstap_tls_client_cert_file", "dt_dnstap_send_identity", + "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", "dt_dnstap_log_resolver_query_messages", "dt_dnstap_log_resolver_response_messages", "dt_dnstap_log_client_query_messages", @@ -1398,12 +2164,18 @@ static const char *const yytname[] = "server_tcp_connection_limit", "ipsetstart", "contents_ipset", "content_ipset", "ipset_name_v4", "ipset_name_v6", YY_NULLPTR }; + +static const char * +yysymbol_name (yysymbol_kind_t yysymbol) +{ + return yytname[yysymbol]; +} #endif -# ifdef YYPRINT +#ifdef YYPRINT /* YYTOKNUM[NUM] -- (External) token number corresponding to the (internal) symbol number NUM (which must be that of a token). */ -static const yytype_uint16 yytoknum[] = +static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, @@ -1435,33 +2207,34 @@ static const yytype_uint16 yytoknum[] = 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557 + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565 }; -# endif +#endif -#define YYPACT_NINF -291 +#define YYPACT_NINF (-299) -#define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-291))) +#define yypact_value_is_default(Yyn) \ + ((Yyn) == YYPACT_NINF) -#define YYTABLE_NINF -1 +#define YYTABLE_NINF (-1) -#define yytable_value_is_error(Yytable_value) \ +#define yytable_value_is_error(Yyn) \ 0 /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ static const yytype_int16 yypact[] = { - -291, 0, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, 287, -42, -38, -43, -21, -44, -11, -96, - -109, -290, -215, -240, -282, 3, 4, 13, 25, 26, - 27, 30, 31, 32, 33, 34, 35, 37, 38, 39, - 40, 41, 43, 44, 45, 46, 47, 48, 49, 50, - 51, 52, 54, 55, 84, 85, 88, 89, 91, 93, - 94, 95, 96, 98, 99, 100, 101, 103, 104, 105, + -299, 0, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, 292, -39, -35, -43, -44, -28, -67, -93, + -108, -298, -221, -222, -292, 3, 4, 5, 6, 37, + 38, 39, 40, 41, 43, 44, 45, 46, 47, 48, + 49, 50, 51, 52, 54, 55, 56, 57, 58, 79, + 80, 81, 82, 83, 84, 85, 87, 88, 89, 91, + 92, 94, 96, 97, 98, 99, 101, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 132, 133, 134, 135, 136, 137, @@ -1472,92 +2245,95 @@ static const yytype_int16 yypact[] = 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 215, 216, 217, 218, 219, 220, 221, 223, 224, - 225, 226, 227, 230, 232, 234, 247, 248, 249, 250, - 251, 252, 253, 254, 256, 257, 258, 259, 260, 261, - 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 280, 281, 282, - 284, 285, 286, 288, 322, 323, 324, 325, 329, 330, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, 331, 373, 374, 375, - 376, 377, 378, -291, -291, -291, -291, -291, -291, -291, - -291, 379, 380, 381, 385, 389, 390, -291, -291, -291, - -291, -291, -291, -291, 415, 416, 417, 426, 439, 440, - 441, -291, -291, -291, -291, -291, -291, -291, -291, 442, - 443, 444, 445, 446, 447, 448, 449, -291, -291, -291, - -291, -291, -291, -291, -291, -291, 450, 451, 452, 453, - 454, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, 455, 456, 457, 458, 498, 500, 516, 517, - -291, -291, -291, -291, -291, -291, -291, -291, -291, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 533, 534, - 535, 536, 537, 538, 539, 541, 542, 543, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, 544, -291, - -291, 545, -291, -291, 546, 547, 550, 553, 556, 557, - 566, 567, 568, 570, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, 571, 572, 573, 574, 575, - 576, -291, -291, -291, -291, -291, -291, -291, 577, 580, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, 581, 582, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, 583, - 584, 585, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, 586, 587, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, 588, 589, 590, 591, 592, 593, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, 594, -291, -291, -291, - -291, -291, -291, -291, -291, -291, 595, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, 596, -291, -291, 597, 598, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, 599, 600, 601, - -291, -291, -291, -291, -291, -291, -291, -291, -291 + 210, 212, 213, 214, 216, 222, 223, 224, 225, 226, + 228, 229, 231, 232, 237, 238, 240, 241, 242, 244, + 245, 246, 247, 248, 249, 250, 252, 253, 254, 255, + 257, 258, 259, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, + 283, 285, 286, 287, 289, 290, 291, 293, 327, 328, + 329, 330, 334, 335, 336, 378, 379, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + 380, 381, 382, 383, 384, 385, 386, -299, -299, -299, + -299, -299, -299, -299, -299, 390, 394, 395, 420, 421, + 422, -299, -299, -299, -299, -299, -299, -299, 431, 444, + 445, 446, 447, 448, 449, -299, -299, -299, -299, -299, + -299, -299, -299, 450, 451, 452, 453, 454, 455, 456, + 457, 458, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, 459, 460, 461, 462, 463, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, 503, 505, + 522, 523, 524, 525, 526, 527, -299, -299, -299, -299, + -299, -299, -299, -299, -299, 528, 529, 530, 531, 532, + 543, 544, 545, 546, 547, 548, 549, 551, 552, 553, + 554, 555, 556, 557, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, 560, -299, -299, 563, -299, -299, + 566, 567, 576, 577, 578, 580, 581, 582, 583, 584, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, 585, 586, 587, 592, 593, 594, -299, -299, -299, + -299, -299, -299, -299, 595, 596, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, 597, + 598, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, 599, 600, 601, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, 602, 603, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, 604, + 605, 606, 607, 608, 609, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, 610, -299, -299, + -299, -299, -299, -299, -299, -299, -299, 611, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, 612, -299, -299, 613, 614, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, 615, 616, 617, -299, -299, -299, -299, -299, -299, + -299, -299, -299 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. Performed when YYTABLE does not specify something else to do. Zero means the default is an error. */ -static const yytype_uint16 yydefact[] = +static const yytype_int16 yydefact[] = { - 2, 0, 1, 18, 19, 227, 237, 513, 573, 532, - 246, 587, 610, 256, 626, 272, 578, 3, 17, 21, - 229, 239, 248, 258, 274, 515, 534, 575, 580, 589, - 612, 628, 4, 5, 6, 10, 14, 15, 8, 9, + 2, 0, 1, 18, 19, 234, 244, 529, 589, 548, + 253, 603, 626, 263, 642, 280, 594, 3, 17, 21, + 236, 246, 255, 265, 282, 531, 550, 591, 596, 605, + 628, 644, 4, 5, 6, 10, 14, 15, 8, 9, 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1579,239 +2355,245 @@ static const yytype_uint16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 20, 22, 23, 86, 89, 98, 195, 196, 24, 160, - 161, 162, 163, 164, 165, 166, 167, 168, 169, 37, - 77, 25, 90, 91, 48, 70, 85, 26, 27, 30, - 31, 28, 29, 32, 33, 34, 35, 36, 121, 207, - 122, 124, 125, 126, 209, 214, 210, 221, 222, 223, - 224, 127, 128, 129, 130, 131, 132, 133, 191, 87, - 76, 102, 119, 120, 219, 216, 123, 38, 39, 40, - 41, 42, 78, 92, 93, 108, 64, 74, 65, 199, - 200, 103, 58, 59, 198, 60, 61, 112, 116, 137, - 147, 174, 150, 220, 113, 71, 43, 44, 45, 100, - 138, 139, 140, 141, 46, 47, 49, 50, 52, 53, - 51, 145, 151, 54, 55, 56, 62, 81, 117, 95, - 146, 88, 170, 96, 97, 114, 115, 217, 101, 57, - 79, 82, 63, 66, 104, 105, 80, 171, 106, 67, - 68, 69, 208, 118, 184, 185, 186, 187, 188, 189, - 197, 107, 75, 109, 110, 111, 172, 72, 73, 94, - 83, 84, 99, 134, 135, 218, 136, 142, 143, 144, - 175, 176, 178, 180, 181, 179, 182, 192, 148, 149, - 154, 155, 152, 153, 156, 157, 159, 158, 211, 213, - 212, 173, 183, 201, 203, 202, 204, 205, 206, 225, - 226, 177, 190, 193, 194, 215, 0, 0, 0, 0, - 0, 0, 0, 228, 230, 231, 232, 234, 235, 236, - 233, 0, 0, 0, 0, 0, 0, 238, 240, 241, - 242, 243, 244, 245, 0, 0, 0, 0, 0, 0, - 0, 247, 249, 250, 253, 254, 251, 255, 252, 0, - 0, 0, 0, 0, 0, 0, 0, 257, 259, 260, - 261, 262, 266, 263, 264, 265, 0, 0, 0, 0, - 0, 277, 281, 282, 283, 284, 273, 275, 276, 278, - 279, 280, 0, 0, 0, 0, 0, 0, 0, 0, - 514, 516, 518, 517, 523, 519, 520, 521, 522, 0, + 0, 0, 0, 0, 0, 0, 0, 20, 22, 23, + 86, 89, 98, 200, 201, 24, 160, 161, 162, 163, + 164, 165, 166, 167, 168, 169, 37, 77, 25, 90, + 91, 48, 70, 85, 26, 27, 30, 31, 28, 29, + 32, 33, 34, 35, 36, 121, 212, 122, 124, 125, + 126, 214, 219, 215, 226, 227, 228, 229, 127, 128, + 129, 130, 131, 132, 133, 196, 87, 76, 102, 119, + 120, 224, 221, 123, 38, 39, 40, 41, 42, 78, + 92, 93, 108, 64, 74, 65, 204, 205, 103, 58, + 59, 203, 60, 61, 232, 112, 116, 137, 147, 174, + 150, 225, 113, 71, 43, 44, 45, 100, 138, 139, + 140, 141, 46, 47, 49, 50, 52, 53, 51, 145, + 151, 54, 55, 56, 62, 81, 117, 95, 146, 88, + 170, 96, 97, 114, 115, 222, 101, 57, 79, 82, + 63, 66, 104, 105, 80, 171, 106, 67, 68, 69, + 213, 118, 188, 189, 190, 191, 192, 193, 194, 202, + 107, 75, 233, 109, 110, 111, 172, 72, 73, 94, + 83, 84, 99, 134, 135, 223, 136, 142, 143, 144, + 175, 176, 178, 180, 181, 179, 182, 197, 148, 149, + 154, 155, 152, 153, 156, 157, 159, 158, 216, 218, + 217, 173, 183, 184, 185, 186, 187, 206, 208, 207, + 209, 210, 211, 230, 231, 177, 195, 198, 199, 220, + 0, 0, 0, 0, 0, 0, 0, 235, 237, 238, + 239, 241, 242, 243, 240, 0, 0, 0, 0, 0, + 0, 245, 247, 248, 249, 250, 251, 252, 0, 0, + 0, 0, 0, 0, 0, 254, 256, 257, 260, 261, + 258, 262, 259, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 264, 266, 267, 268, 269, 273, 274, 270, + 271, 272, 0, 0, 0, 0, 0, 285, 289, 290, + 291, 292, 281, 283, 284, 286, 287, 288, 0, 0, + 0, 0, 0, 0, 0, 0, 530, 532, 534, 533, + 539, 535, 536, 537, 538, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 533, 535, - 537, 536, 538, 539, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 552, 553, 0, 574, - 576, 0, 579, 581, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 588, 590, 591, 592, 594, 595, - 593, 596, 597, 598, 599, 0, 0, 0, 0, 0, - 0, 611, 613, 614, 615, 616, 617, 618, 0, 0, - 627, 629, 630, 286, 285, 292, 305, 303, 315, 311, - 312, 316, 313, 314, 317, 318, 319, 320, 321, 351, - 352, 353, 354, 355, 380, 381, 382, 388, 389, 308, - 390, 391, 394, 392, 393, 397, 398, 399, 413, 366, - 367, 369, 370, 400, 416, 360, 362, 417, 423, 424, - 425, 309, 379, 441, 442, 361, 436, 344, 304, 356, - 414, 420, 401, 0, 0, 445, 310, 287, 343, 405, - 288, 306, 307, 357, 358, 443, 403, 407, 408, 289, - 446, 383, 412, 345, 365, 418, 419, 422, 435, 359, - 439, 437, 438, 371, 378, 409, 410, 372, 373, 402, - 427, 346, 347, 350, 322, 324, 325, 326, 327, 328, - 335, 336, 337, 338, 339, 340, 341, 447, 448, 450, - 384, 385, 386, 387, 395, 396, 451, 452, 453, 0, - 0, 0, 404, 374, 376, 583, 462, 466, 464, 463, - 467, 465, 0, 0, 470, 471, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 406, 421, 440, 475, - 476, 375, 454, 0, 0, 0, 0, 0, 0, 428, - 429, 430, 431, 432, 433, 434, 584, 368, 363, 426, - 342, 290, 291, 364, 477, 479, 478, 480, 481, 482, - 323, 330, 472, 474, 473, 329, 0, 349, 411, 449, - 348, 377, 331, 332, 334, 333, 0, 484, 485, 486, - 487, 491, 490, 488, 489, 492, 493, 494, 495, 497, - 496, 506, 0, 510, 511, 0, 0, 512, 498, 504, - 499, 500, 501, 503, 505, 502, 267, 268, 269, 270, - 271, 524, 526, 525, 528, 529, 530, 531, 527, 554, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 555, - 565, 566, 567, 568, 569, 570, 571, 572, 577, 582, - 600, 601, 602, 605, 603, 604, 606, 607, 608, 609, - 619, 620, 621, 622, 623, 624, 631, 632, 415, 444, - 461, 585, 586, 468, 469, 455, 456, 0, 0, 0, - 460, 625, 483, 507, 508, 509, 459, 457, 458 + 0, 0, 0, 0, 549, 551, 553, 552, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 0, 590, 592, 0, 595, 597, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 604, 606, 607, 608, 610, 611, 609, 612, 613, 614, + 615, 0, 0, 0, 0, 0, 0, 627, 629, 630, + 631, 632, 633, 634, 0, 0, 643, 645, 646, 294, + 293, 300, 313, 311, 323, 319, 320, 324, 321, 322, + 325, 326, 327, 328, 329, 359, 360, 361, 362, 363, + 389, 390, 391, 397, 398, 316, 399, 400, 403, 401, + 402, 406, 407, 408, 422, 374, 375, 377, 378, 409, + 425, 368, 370, 426, 432, 433, 434, 317, 388, 452, + 453, 369, 446, 352, 312, 364, 423, 429, 410, 0, + 0, 456, 318, 295, 351, 414, 296, 314, 315, 365, + 366, 454, 412, 416, 417, 297, 457, 392, 421, 353, + 373, 427, 428, 431, 445, 367, 450, 448, 449, 380, + 387, 418, 419, 381, 382, 411, 436, 354, 355, 358, + 330, 332, 333, 334, 335, 336, 343, 344, 345, 346, + 347, 348, 349, 458, 459, 461, 393, 394, 395, 396, + 404, 405, 462, 463, 464, 0, 0, 0, 413, 383, + 385, 599, 473, 477, 475, 474, 478, 476, 0, 0, + 481, 482, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 415, 430, 451, 486, 487, 384, 465, 0, + 0, 0, 0, 0, 0, 437, 438, 439, 440, 441, + 442, 443, 444, 600, 376, 371, 435, 350, 298, 299, + 372, 488, 489, 490, 491, 492, 494, 493, 495, 496, + 497, 331, 338, 483, 485, 484, 337, 0, 357, 420, + 460, 356, 386, 339, 340, 342, 341, 0, 499, 379, + 447, 500, 501, 502, 506, 505, 503, 504, 507, 508, + 509, 510, 512, 511, 522, 0, 526, 527, 0, 0, + 528, 513, 520, 514, 515, 516, 519, 521, 517, 518, + 275, 276, 277, 278, 279, 540, 542, 541, 544, 545, + 546, 547, 543, 570, 572, 573, 574, 575, 576, 577, + 578, 579, 580, 571, 581, 582, 583, 584, 585, 586, + 587, 588, 593, 598, 616, 617, 618, 621, 619, 620, + 622, 623, 624, 625, 635, 636, 637, 638, 639, 640, + 647, 648, 424, 455, 472, 601, 602, 479, 480, 466, + 467, 0, 0, 0, 471, 641, 498, 523, 524, 525, + 470, 468, 469 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - 578, 579, 602, 603, 604, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291, -291, -291, - -291, -291, -291, -291, -291, -291, -291, -291 + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, 265, 591, 618, + 619, 620, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299, -299, -299, -299, -299, + -299, -299, -299, -299, -299, -299 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 17, 18, 19, 32, 250, 20, 33, 463, - 21, 34, 477, 22, 35, 491, 23, 36, 507, 521, - 522, 523, 524, 525, 24, 37, 526, 251, 252, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, - 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, - 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, - 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 464, 465, 466, - 467, 468, 469, 470, 478, 479, 480, 481, 482, 483, - 508, 509, 510, 511, 512, 513, 514, 515, 492, 493, - 494, 495, 496, 497, 498, 25, 38, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 26, 39, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 27, 40, - 589, 590, 28, 41, 592, 593, 451, 452, 453, 454, - 29, 42, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 30, 43, 621, 622, 623, 624, 625, - 626, 627, 455, 31, 44, 630, 631, 632 + -1, 1, 17, 18, 19, 32, 257, 20, 33, 477, + 21, 34, 491, 22, 35, 505, 23, 36, 522, 537, + 538, 539, 540, 541, 24, 37, 542, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, + 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, + 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, 463, 464, 478, 479, 480, 481, 482, 483, + 484, 492, 493, 494, 495, 496, 497, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 506, 507, 508, 509, + 510, 511, 512, 25, 38, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 26, 39, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 27, 40, 605, 606, + 28, 41, 608, 609, 465, 466, 467, 468, 29, 42, + 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 30, 43, 637, 638, 639, 640, 641, 642, 643, + 469, 31, 44, 646, 647, 648 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule whose number is the opposite. If YYTABLE_NINF, syntax error. */ -static const yytype_uint16 yytable[] = +static const yytype_int16 yytable[] = { - 2, 499, 484, 456, 588, 457, 458, 471, 628, 629, - 591, 3, 4, 633, 634, 472, 473, 615, 616, 617, - 618, 619, 620, 635, 499, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 636, 637, 638, 485, 486, - 639, 640, 641, 642, 643, 644, 5, 645, 646, 647, - 648, 649, 6, 650, 651, 652, 653, 654, 655, 656, - 657, 658, 659, 487, 660, 661, 459, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 532, 533, 534, 535, - 536, 537, 538, 539, 662, 663, 7, 460, 664, 665, - 474, 666, 475, 667, 668, 669, 670, 461, 671, 672, - 673, 674, 8, 675, 676, 677, 678, 679, 680, 681, - 682, 683, 684, 685, 686, 687, 688, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 488, 489, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 9, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 490, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, 763, 764, 765, 766, 767, - 768, 769, 770, 771, 772, 773, 774, 775, 776, 777, - 778, 10, 501, 502, 503, 779, 780, 781, 782, 783, - 784, 785, 506, 786, 787, 788, 789, 790, 462, 11, - 791, 476, 792, 500, 793, 501, 502, 503, 504, 505, - 516, 517, 518, 519, 520, 506, 12, 794, 795, 796, - 797, 798, 799, 800, 801, 13, 802, 803, 804, 805, - 806, 807, 808, 809, 810, 811, 812, 813, 814, 815, - 816, 817, 818, 819, 820, 821, 822, 823, 824, 14, - 825, 826, 827, 15, 828, 829, 830, 0, 831, 16, - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, - 75, 76, 832, 833, 834, 835, 77, 78, 79, 836, - 837, 838, 80, 81, 82, 83, 84, 85, 86, 87, - 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, - 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, - 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, - 118, 119, 120, 839, 840, 841, 842, 843, 844, 845, - 846, 847, 121, 122, 123, 848, 124, 125, 126, 849, - 850, 127, 128, 129, 130, 131, 132, 133, 134, 135, - 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, - 146, 147, 148, 149, 150, 851, 852, 853, 151, 152, - 153, 154, 155, 156, 157, 158, 854, 159, 160, 161, - 162, 163, 164, 165, 166, 167, 168, 169, 170, 855, - 856, 857, 858, 859, 860, 861, 862, 863, 864, 865, - 866, 867, 868, 869, 870, 871, 872, 873, 874, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, - 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, - 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 875, 210, - 876, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 220, 221, 222, 223, 224, 225, 877, 878, 879, 880, - 881, 882, 883, 884, 885, 886, 887, 226, 227, 228, - 229, 230, 231, 888, 889, 890, 891, 892, 893, 894, - 232, 895, 896, 897, 898, 899, 900, 901, 233, 234, - 902, 235, 236, 903, 237, 238, 904, 905, 239, 240, - 241, 242, 243, 244, 245, 246, 906, 907, 908, 247, - 909, 910, 911, 912, 913, 914, 915, 916, 248, 249, - 917, 918, 919, 920, 921, 922, 923, 924, 925, 926, - 927, 928, 929, 930, 931, 932, 933, 934, 935, 936, - 937, 938, 0, 0, 0, 527, 528, 0, 0, 0, + 2, 513, 498, 644, 645, 604, 470, 607, 471, 472, + 485, 3, 4, 649, 650, 651, 652, 513, 486, 487, + 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, + 548, 549, 550, 551, 552, 553, 554, 555, 499, 500, + 631, 632, 633, 634, 635, 636, 5, 653, 654, 655, + 656, 657, 6, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 501, 668, 669, 670, 671, 672, 473, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, 581, 582, 583, 673, + 674, 675, 676, 677, 678, 679, 7, 680, 681, 682, + 474, 683, 684, 488, 685, 489, 686, 687, 688, 689, + 475, 690, 8, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 502, 503, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 9, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 504, 755, 756, 757, 758, 759, 760, 761, 762, 763, + 764, 765, 766, 767, 768, 769, 770, 771, 772, 773, + 774, 775, 776, 777, 778, 779, 780, 781, 782, 783, + 784, 785, 786, 787, 788, 789, 790, 791, 792, 793, + 794, 10, 795, 796, 797, 514, 798, 515, 516, 517, + 518, 519, 799, 800, 801, 802, 803, 520, 804, 805, + 11, 806, 807, 515, 516, 517, 476, 808, 809, 490, + 810, 811, 812, 520, 813, 814, 815, 816, 817, 818, + 819, 12, 820, 821, 822, 823, 521, 824, 825, 826, + 13, 532, 533, 534, 535, 536, 827, 828, 829, 830, + 831, 832, 833, 834, 835, 836, 837, 838, 839, 840, + 841, 842, 843, 844, 14, 845, 846, 847, 15, 848, + 849, 850, 543, 851, 16, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, + 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, + 70, 71, 72, 73, 74, 75, 76, 852, 853, 854, + 855, 77, 78, 79, 856, 857, 858, 80, 81, 82, + 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, + 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, + 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 115, 116, 117, 118, 119, 120, 859, 860, + 861, 862, 863, 864, 865, 866, 867, 121, 122, 123, + 868, 124, 125, 126, 869, 870, 127, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, + 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, + 871, 872, 873, 151, 152, 153, 154, 155, 156, 157, + 158, 874, 159, 160, 161, 162, 163, 164, 165, 166, + 167, 168, 169, 170, 875, 876, 877, 878, 879, 880, + 881, 882, 883, 884, 885, 886, 887, 888, 889, 890, + 891, 892, 893, 894, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, + 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, + 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, + 207, 208, 209, 895, 210, 896, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, + 225, 226, 897, 898, 899, 900, 901, 902, 903, 904, + 905, 906, 907, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 908, 909, 910, 911, 912, 913, 914, + 237, 915, 916, 917, 918, 919, 920, 921, 238, 239, + 922, 240, 241, 923, 242, 243, 924, 925, 244, 245, + 246, 247, 248, 249, 250, 251, 926, 927, 928, 252, + 929, 930, 931, 932, 933, 934, 935, 936, 253, 254, + 255, 256, 937, 938, 939, 940, 941, 942, 943, 944, + 945, 946, 947, 948, 949, 950, 951, 952, 953, 954, + 955, 956, 957, 958, 959, 960, 961, 962, 544, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 529, - 530, 531 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 545, 546, 547 }; static const yytype_int16 yycheck[] = { - 0, 45, 45, 45, 113, 47, 48, 45, 290, 291, - 300, 11, 12, 10, 10, 53, 54, 257, 258, 259, - 260, 261, 262, 10, 45, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 10, 10, 10, 81, 82, - 10, 10, 10, 10, 10, 10, 46, 10, 10, 10, + 0, 45, 45, 295, 296, 113, 45, 305, 47, 48, + 45, 11, 12, 10, 10, 10, 10, 45, 53, 54, + 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, + 97, 98, 99, 100, 101, 102, 103, 104, 81, 82, + 262, 263, 264, 265, 266, 267, 46, 10, 10, 10, 10, 10, 52, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 106, 10, 10, 108, 163, 164, 165, - 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 180, 181, 97, 98, 99, 100, - 101, 102, 103, 104, 10, 10, 96, 139, 10, 10, - 138, 10, 140, 10, 10, 10, 10, 149, 10, 10, - 10, 10, 112, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 106, 10, 10, 10, 10, 10, 108, + 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, + 173, 174, 175, 176, 177, 178, 179, 180, 181, 10, + 10, 10, 10, 10, 10, 10, 96, 10, 10, 10, + 139, 10, 10, 138, 10, 140, 10, 10, 10, 10, + 149, 10, 112, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 183, 184, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1822,60 +2604,61 @@ static const yytype_int16 yycheck[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 221, 266, 267, 268, 10, 10, 10, 10, 10, - 10, 10, 276, 10, 10, 10, 10, 10, 280, 239, - 10, 279, 10, 264, 10, 266, 267, 268, 269, 270, - 294, 295, 296, 297, 298, 276, 256, 10, 10, 10, - 10, 10, 10, 10, 10, 265, 10, 10, 10, 10, + 10, 221, 10, 10, 10, 269, 10, 271, 272, 273, + 274, 275, 10, 10, 10, 10, 10, 281, 10, 10, + 240, 10, 10, 271, 272, 273, 285, 10, 10, 284, + 10, 10, 10, 281, 10, 10, 10, 10, 10, 10, + 10, 261, 10, 10, 10, 10, 310, 10, 10, 10, + 270, 299, 300, 301, 302, 303, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 289, - 10, 10, 10, 293, 10, 10, 10, -1, 10, 299, - 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, - 43, 44, 10, 10, 10, 10, 49, 50, 51, 10, - 10, 10, 55, 56, 57, 58, 59, 60, 61, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, - 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, - 93, 94, 95, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 105, 106, 107, 10, 109, 110, 111, 10, - 10, 114, 115, 116, 117, 118, 119, 120, 121, 122, - 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 10, 10, 10, 141, 142, - 143, 144, 145, 146, 147, 148, 10, 150, 151, 152, - 153, 154, 155, 156, 157, 158, 159, 160, 161, 10, + 10, 10, 10, 10, 294, 10, 10, 10, 298, 10, + 10, 10, 37, 10, 304, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 40, 41, 42, 43, 44, 10, 10, 10, + 10, 49, 50, 51, 10, 10, 10, 55, 56, 57, + 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, + 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, + 88, 89, 90, 91, 92, 93, 94, 95, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 105, 106, 107, + 10, 109, 110, 111, 10, 10, 114, 115, 116, 117, + 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, + 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, + 10, 10, 10, 141, 142, 143, 144, 145, 146, 147, + 148, 10, 150, 151, 152, 153, 154, 155, 156, 157, + 158, 159, 160, 161, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 182, - 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, - 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 219, 220, 10, 222, - 10, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 233, 234, 235, 236, 237, 238, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 250, 251, 252, - 253, 254, 255, 10, 10, 10, 10, 10, 10, 10, - 263, 10, 10, 10, 10, 10, 10, 10, 271, 272, - 10, 274, 275, 10, 277, 278, 10, 10, 281, 282, - 283, 284, 285, 286, 287, 288, 10, 10, 10, 292, - 10, 10, 10, 10, 10, 10, 10, 10, 301, 302, + 10, 10, 10, 10, 182, 183, 184, 185, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, + 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, + 218, 219, 220, 10, 222, 10, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 251, 252, 253, 254, 255, 256, 257, + 258, 259, 260, 10, 10, 10, 10, 10, 10, 10, + 268, 10, 10, 10, 10, 10, 10, 10, 276, 277, + 10, 279, 280, 10, 282, 283, 10, 10, 286, 287, + 288, 289, 290, 291, 292, 293, 10, 10, 10, 297, + 10, 10, 10, 10, 10, 10, 10, 10, 306, 307, + 308, 309, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, -1, -1, -1, 37, 37, -1, -1, -1, + 10, 10, 10, 10, 10, 10, 10, 10, 37, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 37, - 37, 37 + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 37, 37, 37 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ -static const yytype_uint16 yystos[] = +static const yytype_int16 yystos[] = { - 0, 304, 0, 11, 12, 46, 52, 96, 112, 162, - 221, 239, 256, 265, 289, 293, 299, 305, 306, 307, - 310, 313, 316, 319, 327, 558, 569, 591, 595, 603, - 616, 626, 308, 311, 314, 317, 320, 328, 559, 570, - 592, 596, 604, 617, 627, 13, 14, 15, 16, 17, + 0, 312, 0, 11, 12, 46, 52, 96, 112, 162, + 221, 240, 261, 270, 294, 298, 304, 313, 314, 315, + 318, 321, 324, 327, 335, 574, 585, 607, 611, 619, + 632, 642, 316, 319, 322, 325, 328, 336, 575, 586, + 608, 612, 620, 633, 643, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, @@ -1893,48 +2676,49 @@ static const yytype_uint16 yystos[] = 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 222, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 233, 234, 235, 236, 237, 238, 250, 251, 252, 253, - 254, 255, 263, 271, 272, 274, 275, 277, 278, 281, - 282, 283, 284, 285, 286, 287, 288, 292, 301, 302, - 309, 330, 331, 332, 333, 334, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 599, 600, 601, 602, 625, 45, 47, 48, 108, - 139, 149, 280, 312, 530, 531, 532, 533, 534, 535, - 536, 45, 53, 54, 138, 140, 279, 315, 537, 538, - 539, 540, 541, 542, 45, 81, 82, 106, 183, 184, - 223, 318, 551, 552, 553, 554, 555, 556, 557, 45, - 264, 266, 267, 268, 269, 270, 276, 321, 543, 544, - 545, 546, 547, 548, 549, 550, 294, 295, 296, 297, - 298, 322, 323, 324, 325, 326, 329, 543, 544, 545, - 546, 547, 97, 98, 99, 100, 101, 102, 103, 104, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 163, - 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 181, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 113, 593, - 594, 300, 597, 598, 240, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 614, 615, 257, 258, 259, 260, 261, - 262, 618, 619, 620, 621, 622, 623, 624, 290, 291, - 628, 629, 630, 10, 10, 10, 10, 10, 10, 10, + 233, 234, 235, 236, 237, 238, 239, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 268, 276, 277, + 279, 280, 282, 283, 286, 287, 288, 289, 290, 291, + 292, 293, 297, 306, 307, 308, 309, 317, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, + 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, + 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, + 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, + 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, + 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, + 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, + 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, + 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, + 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, + 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, + 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, + 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, + 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, + 540, 541, 542, 543, 544, 615, 616, 617, 618, 641, + 45, 47, 48, 108, 139, 149, 285, 320, 545, 546, + 547, 548, 549, 550, 551, 45, 53, 54, 138, 140, + 284, 323, 552, 553, 554, 555, 556, 557, 45, 81, + 82, 106, 183, 184, 223, 326, 567, 568, 569, 570, + 571, 572, 573, 45, 269, 271, 272, 273, 274, 275, + 281, 310, 329, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 299, 300, 301, 302, 303, 330, 331, 332, + 333, 334, 337, 558, 559, 560, 561, 562, 97, 98, + 99, 100, 101, 102, 103, 104, 576, 577, 578, 579, + 580, 581, 582, 583, 584, 163, 164, 165, 166, 167, + 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 181, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 113, 609, 610, 305, 613, 614, + 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 262, 263, 264, 265, 266, 267, 634, 635, 636, + 637, 638, 639, 640, 295, 296, 644, 645, 646, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1964,42 +2748,44 @@ static const yytype_uint16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10 + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint16 yyr1[] = +static const yytype_int16 yyr1[] = { - 0, 303, 304, 304, 305, 305, 305, 305, 305, 305, - 305, 305, 305, 305, 305, 305, 305, 305, 306, 307, - 308, 308, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 309, 309, 309, - 309, 309, 309, 309, 309, 309, 309, 310, 311, 311, - 312, 312, 312, 312, 312, 312, 312, 313, 314, 314, - 315, 315, 315, 315, 315, 315, 316, 317, 317, 318, - 318, 318, 318, 318, 318, 318, 319, 320, 320, 321, - 321, 321, 321, 321, 321, 321, 321, 322, 323, 324, - 325, 326, 327, 328, 328, 329, 329, 329, 329, 329, + 0, 311, 312, 312, 313, 313, 313, 313, 313, 313, + 313, 313, 313, 313, 313, 313, 313, 313, 314, 315, + 316, 316, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 317, 317, 317, 317, 317, 317, + 317, 317, 317, 317, 318, 319, 319, 320, 320, 320, + 320, 320, 320, 320, 321, 322, 322, 323, 323, 323, + 323, 323, 323, 324, 325, 325, 326, 326, 326, 326, + 326, 326, 326, 327, 328, 328, 329, 329, 329, 329, 329, 329, 329, 329, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 335, 336, 336, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, @@ -2021,23 +2807,24 @@ static const yytype_uint16 yyr1[] = 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 559, 560, 560, 560, 560, - 560, 560, 560, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 570, 571, 571, 571, 571, 571, - 571, 571, 571, 571, 571, 571, 571, 571, 571, 571, - 571, 571, 571, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 592, 593, 594, 595, 596, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 604, - 605, 605, 605, 605, 605, 605, 605, 605, 605, 605, - 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, - 616, 617, 617, 618, 618, 618, 618, 618, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 627, 628, - 628, 629, 630 + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 575, 576, 576, 576, 576, 576, 576, 576, 576, + 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, + 586, 587, 587, 587, 587, 587, 587, 587, 587, 587, + 587, 587, 587, 587, 587, 587, 587, 587, 587, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 608, 609, 610, 611, 612, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 620, 621, 621, 621, 621, + 621, 621, 621, 621, 621, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 633, 634, + 634, 634, 634, 634, 634, 635, 636, 637, 638, 639, + 640, 641, 642, 643, 643, 644, 644, 645, 646 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = +static const yytype_int8 yyr2[] = { 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, @@ -2061,13 +2848,14 @@ static const yytype_uint8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, + 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -2080,36 +2868,36 @@ static const yytype_uint8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 3, 3, 4, 4, 4, - 3, 3, 2, 2, 2, 2, 2, 2, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, - 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 3, 3, 4, 4, + 4, 3, 3, 2, 2, 2, 2, 2, 2, 3, + 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 2, 1, 2, - 0, 1, 2, 2, 2, 3, 3, 1, 2, 0, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 3, 3, 3, 2, 2, 2, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 2, - 2, 2, 2, 2, 2, 3, 1, 2, 0, 1, - 1, 2, 2 + 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, + 2, 0, 1, 2, 1, 2, 0, 1, 2, 2, + 2, 3, 3, 1, 2, 0, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, + 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, + 2, 3, 1, 2, 0, 1, 1, 2, 2 }; +enum { YYENOMEM = -2 }; + #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab @@ -2135,10 +2923,9 @@ static const yytype_uint8 yyr2[] = } \ while (0) -/* Error token number */ -#define YYTERROR 1 -#define YYERRCODE 256 - +/* Backward compatibility with an undocumented macro. + Use YYerror or YYUNDEF. */ +#define YYERRCODE YYUNDEF /* Enable debugging if requested. */ @@ -2156,18 +2943,18 @@ do { \ } while (0) /* This macro is provided for backward compatibility. */ -#ifndef YY_LOCATION_PRINT -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -#endif +# ifndef YY_LOCATION_PRINT +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ - Type, Value); \ + Kind, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (0) @@ -2178,17 +2965,20 @@ do { \ `-----------------------------------*/ static void -yy_symbol_value_print (FILE *yyo, int yytype, YYSTYPE const * const yyvaluep) +yy_symbol_value_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { FILE *yyoutput = yyo; YYUSE (yyoutput); if (!yyvaluep) return; # ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyo, yytoknum[yytype], *yyvaluep); + if (yykind < YYNTOKENS) + YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif - YYUSE (yytype); + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } @@ -2197,12 +2987,13 @@ yy_symbol_value_print (FILE *yyo, int yytype, YYSTYPE const * const yyvaluep) `---------------------------*/ static void -yy_symbol_print (FILE *yyo, int yytype, YYSTYPE const * const yyvaluep) +yy_symbol_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { YYFPRINTF (yyo, "%s %s (", - yytype < YYNTOKENS ? "token" : "nterm", yytname[yytype]); + yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); - yy_symbol_value_print (yyo, yytype, yyvaluep); + yy_symbol_value_print (yyo, yykind, yyvaluep); YYFPRINTF (yyo, ")"); } @@ -2212,7 +3003,7 @@ yy_symbol_print (FILE *yyo, int yytype, YYSTYPE const * const yyvaluep) `------------------------------------------------------------------*/ static void -yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) +yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) @@ -2235,21 +3026,21 @@ do { \ `------------------------------------------------*/ static void -yy_reduce_print (yytype_int16 *yyssp, YYSTYPE *yyvsp, int yyrule) +yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, + int yyrule) { - unsigned long yylno = yyrline[yyrule]; + int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", + YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, - yystos[yyssp[yyi + 1 - yynrhs]], - &yyvsp[(yyi + 1) - (yynrhs)] - ); + YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), + &yyvsp[(yyi + 1) - (yynrhs)]); YYFPRINTF (stderr, "\n"); } } @@ -2264,8 +3055,8 @@ do { \ multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YYDPRINTF(Args) ((void) 0) +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ @@ -2288,253 +3079,29 @@ int yydebug; #endif -#if YYERROR_VERBOSE -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else -/* Return the length of YYSTR. */ -static YYSIZE_T -yystrlen (const char *yystr) -{ - YYSIZE_T yylen; - for (yylen = 0; yystr[yylen]; yylen++) - continue; - return yylen; -} -# endif -# endif -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else -/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - YYDEST. */ -static char * -yystpcpy (char *yydest, const char *yysrc) -{ - char *yyd = yydest; - const char *yys = yysrc; - while ((*yyd++ = *yys++) != '\0') - continue; - - return yyd - 1; -} -# endif -# endif - -# ifndef yytnamerr -/* Copy to YYRES the contents of YYSTR after stripping away unnecessary - quotes and backslashes, so that it's suitable for yyerror. The - heuristic is that double-quoting is unnecessary unless the string - contains an apostrophe, a comma, or backslash (other than - backslash-backslash). YYSTR is taken from yytname. If YYRES is - null, do not copy; instead, return the length of what the result - would have been. */ -static YYSIZE_T -yytnamerr (char *yyres, const char *yystr) -{ - if (*yystr == '"') - { - YYSIZE_T yyn = 0; - char const *yyp = yystr; - - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - else - goto append; - - append: - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } - do_not_strip_quotes: ; - } - - if (! yyres) - return yystrlen (yystr); - - return (YYSIZE_T) (yystpcpy (yyres, yystr) - yyres); -} -# endif - -/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message - about the unexpected token YYTOKEN for the state stack whose top is - YYSSP. - - Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is - not large enough to hold the message. In that case, also set - *YYMSG_ALLOC to the required number of bytes. Return 2 if the - required number of bytes is too large to store. */ -static int -yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, - yytype_int16 *yyssp, int yytoken) -{ - YYSIZE_T yysize0 = yytnamerr (YY_NULLPTR, yytname[yytoken]); - YYSIZE_T yysize = yysize0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - /* Internationalized format string. */ - const char *yyformat = YY_NULLPTR; - /* Arguments of yyformat. */ - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - /* Number of reported tokens (one for the "unexpected", one per - "expected"). */ - int yycount = 0; - - /* There are many possibilities here to consider: - - If this state is a consistent state with a default action, then - the only way this function was invoked is if the default action - is an error action. In that case, don't check for expected - tokens because there are none. - - The only way there can be no lookahead present (in yychar) is if - this state is a consistent state with a default action. Thus, - detecting the absence of a lookahead is sufficient to determine - that there is no unexpected or expected token to report. In that - case, just report a simple "syntax error". - - Don't assume there isn't a lookahead just because this state is a - consistent state with a default action. There might have been a - previous inconsistent state, consistent state with a non-default - action, or user semantic action that manipulated yychar. - - Of course, the expected token list depends on states to have - correct lookahead information, and it depends on the parser not - to perform extra reductions after fetching a lookahead from the - scanner and before detecting a syntax error. Thus, state merging - (from LALR or IELR) and default reductions corrupt the expected - token list. However, the list is correct for canonical LR with - one exception: it will still contain any token that will not be - accepted due to an error action in a later state. - */ - if (yytoken != YYEMPTY) - { - int yyn = yypact[*yyssp]; - yyarg[yycount++] = yytname[yytoken]; - if (!yypact_value_is_default (yyn)) - { - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. In other words, skip the first -YYN actions for - this state because they are default actions. */ - int yyxbegin = yyn < 0 ? -yyn : 0; - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yyx; - - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR - && !yytable_value_is_error (yytable[yyx + yyn])) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - break; - } - yyarg[yycount++] = yytname[yyx]; - { - YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]); - if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) - yysize = yysize1; - else - return 2; - } - } - } - } - - switch (yycount) - { -# define YYCASE_(N, S) \ - case N: \ - yyformat = S; \ - break - default: /* Avoid compiler warnings. */ - YYCASE_(0, YY_("syntax error")); - YYCASE_(1, YY_("syntax error, unexpected %s")); - YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); - YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); - YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); - YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); -# undef YYCASE_ - } - - { - YYSIZE_T yysize1 = yysize + yystrlen (yyformat); - if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) - yysize = yysize1; - else - return 2; - } - - if (*yymsg_alloc < yysize) - { - *yymsg_alloc = 2 * yysize; - if (! (yysize <= *yymsg_alloc - && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) - *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; - return 1; - } - - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - { - char *yyp = *yymsg; - int yyi = 0; - while ((*yyp = *yyformat) != '\0') - if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyformat += 2; - } - else - { - yyp++; - yyformat++; - } - } - return 0; -} -#endif /* YYERROR_VERBOSE */ /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) +yydestruct (const char *yymsg, + yysymbol_kind_t yykind, YYSTYPE *yyvaluep) { YYUSE (yyvaluep); if (!yymsg) yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - YYUSE (yytype); + YYUSE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END } - - /* The lookahead symbol. */ int yychar; @@ -2544,6 +3111,8 @@ YYSTYPE yylval; int yynerrs; + + /*----------. | yyparse. | `----------*/ @@ -2551,7 +3120,7 @@ int yynerrs; int yyparse (void) { - int yystate; + yy_state_fast_t yystate; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; @@ -2562,32 +3131,29 @@ yyparse (void) Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ + /* Their size. */ + YYPTRDIFF_T yystacksize; + /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss; - yytype_int16 *yyssp; + yy_state_t yyssa[YYINITDEPTH]; + yy_state_t *yyss; + yy_state_t *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs; YYSTYPE *yyvsp; - YYSIZE_T yystacksize; - int yyn; + /* The return value of yyparse. */ int yyresult; /* Lookahead token as an internal (translated) token number. */ - int yytoken = 0; + yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; -#if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; - char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif + #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) @@ -2595,15 +3161,17 @@ yyparse (void) Keep to zero when no symbol should be popped. */ int yylen = 0; + yynerrs = 0; + yystate = 0; + yyerrstatus = 0; + + yystacksize = YYINITDEPTH; yyssp = yyss = yyssa; yyvsp = yyvs = yyvsa; - yystacksize = YYINITDEPTH; + YYDPRINTF ((stderr, "Starting parse\n")); - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ goto yysetstate; @@ -2618,12 +3186,15 @@ yynewstate: /*--------------------------------------------------------------------. -| yynewstate -- set current state (the top of the stack) to yystate. | +| yysetstate -- set current state (the top of the stack) to yystate. | `--------------------------------------------------------------------*/ yysetstate: YYDPRINTF ((stderr, "Entering state %d\n", yystate)); YY_ASSERT (0 <= yystate && yystate < YYNSTATES); - *yyssp = (yytype_int16) yystate; + YY_IGNORE_USELESS_CAST_BEGIN + *yyssp = YY_CAST (yy_state_t, yystate); + YY_IGNORE_USELESS_CAST_END + YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) #if !defined yyoverflow && !defined YYSTACK_RELOCATE @@ -2631,23 +3202,23 @@ yysetstate: #else { /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = (YYSIZE_T) (yyssp - yyss + 1); + YYPTRDIFF_T yysize = yyssp - yyss + 1; # if defined yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ + yy_state_t *yyss1 = yyss; YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), + &yyss1, yysize * YYSIZEOF (*yyssp), + &yyvs1, yysize * YYSIZEOF (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; @@ -2661,14 +3232,15 @@ yysetstate: yystacksize = YYMAXDEPTH; { - yytype_int16 *yyss1 = yyss; + yy_state_t *yyss1 = yyss; union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + YY_CAST (union yyalloc *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); -# undef YYSTACK_RELOCATE +# undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } @@ -2677,8 +3249,10 @@ yysetstate: yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long) yystacksize)); + YY_IGNORE_USELESS_CAST_BEGIN + YYDPRINTF ((stderr, "Stack size increased to %ld\n", + YY_CAST (long, yystacksize))); + YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) YYABORT; @@ -2705,18 +3279,29 @@ yybackup: /* Not known => get a lookahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { - YYDPRINTF ((stderr, "Reading a token: ")); + YYDPRINTF ((stderr, "Reading a token\n")); yychar = yylex (); } if (yychar <= YYEOF) { - yychar = yytoken = YYEOF; + yychar = YYEOF; + yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } + else if (yychar == YYerror) + { + /* The scanner already issued an error message, process directly + to error recovery. But do not keep the error token as + lookahead, it is too special and may lead us to an endless + loop in error recovery. */ + yychar = YYUNDEF; + yytoken = YYSYMBOL_YYerror; + goto yyerrlab1; + } else { yytoken = YYTRANSLATE (yychar); @@ -2744,14 +3329,13 @@ yybackup: /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token. */ - yychar = YYEMPTY; - yystate = yyn; YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; YY_IGNORE_MAYBE_UNINITIALIZED_END + + /* Discard the shifted token. */ + yychar = YYEMPTY; goto yynewstate; @@ -2787,24 +3371,24 @@ yyreduce: switch (yyn) { case 18: -#line 195 "./util/configparser.y" - { +#line 198 "./util/configparser.y" + { OUTYY(("\nP(force-toplevel)\n")); } -#line 2795 "util/configparser.c" +#line 3379 "util/configparser.c" break; case 19: -#line 201 "./util/configparser.y" - { +#line 204 "./util/configparser.y" + { OUTYY(("\nP(server:)\n")); } -#line 2803 "util/configparser.c" +#line 3387 "util/configparser.c" break; - case 227: -#line 299 "./util/configparser.y" - { + case 234: +#line 307 "./util/configparser.y" + { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); @@ -2814,12 +3398,12 @@ yyreduce: } else yyerror("out of memory"); } -#line 2818 "util/configparser.c" +#line 3402 "util/configparser.c" break; - case 237: -#line 316 "./util/configparser.y" - { + case 244: +#line 324 "./util/configparser.y" + { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); s = (struct config_stub*)calloc(1, sizeof(struct config_stub)); @@ -2829,12 +3413,12 @@ yyreduce: } else yyerror("out of memory"); } -#line 2833 "util/configparser.c" +#line 3417 "util/configparser.c" break; - case 246: -#line 333 "./util/configparser.y" - { + case 253: +#line 341 "./util/configparser.y" + { struct config_view* s; OUTYY(("\nP(view:)\n")); s = (struct config_view*)calloc(1, sizeof(struct config_view)); @@ -2846,12 +3430,12 @@ yyreduce: } else yyerror("out of memory"); } -#line 2850 "util/configparser.c" +#line 3434 "util/configparser.c" break; - case 256: -#line 352 "./util/configparser.y" - { + case 263: +#line 360 "./util/configparser.y" + { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); @@ -2862,16 +3446,17 @@ yyreduce: s->for_downstream = 1; s->for_upstream = 1; s->fallback_enabled = 0; + s->zonemd_reject_absence = 0; s->isrpz = 0; } else yyerror("out of memory"); } -#line 2870 "util/configparser.c" +#line 3455 "util/configparser.c" break; - case 267: -#line 376 "./util/configparser.y" - { + case 275: +#line 385 "./util/configparser.y" + { uint8_t* bitlist; size_t len = 0; OUTYY(("P(server_local_zone_tag:%s)\n", (yyvsp[0].str))); @@ -2887,12 +3472,12 @@ yyreduce: } } -#line 2891 "util/configparser.c" +#line 3476 "util/configparser.c" break; - case 268: -#line 395 "./util/configparser.y" - { + case 276: +#line 404 "./util/configparser.y" + { OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && strcmp((yyvsp[0].str), "passthru")!=0 && strcmp((yyvsp[0].str), "drop")!=0 && @@ -2906,44 +3491,44 @@ yyreduce: cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); } } -#line 2910 "util/configparser.c" +#line 3495 "util/configparser.c" break; - case 269: -#line 412 "./util/configparser.y" - { + case 277: +#line 421 "./util/configparser.y" + { OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_cname); cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); } -#line 2920 "util/configparser.c" +#line 3505 "util/configparser.c" break; - case 270: -#line 420 "./util/configparser.y" - { + case 278: +#line 429 "./util/configparser.y" + { OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2932 "util/configparser.c" +#line 3517 "util/configparser.c" break; - case 271: -#line 430 "./util/configparser.y" - { + case 279: +#line 439 "./util/configparser.y" + { OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_log_name); cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); } -#line 2942 "util/configparser.c" +#line 3527 "util/configparser.c" break; - case 272: -#line 438 "./util/configparser.y" - { + case 280: +#line 447 "./util/configparser.y" + { struct config_auth* s; OUTYY(("\nP(rpz:)\n")); s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); @@ -2958,36 +3543,36 @@ yyreduce: } else yyerror("out of memory"); } -#line 2962 "util/configparser.c" +#line 3547 "util/configparser.c" break; - case 285: -#line 461 "./util/configparser.y" - { + case 293: +#line 470 "./util/configparser.y" + { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2974 "util/configparser.c" +#line 3559 "util/configparser.c" break; - case 286: -#line 470 "./util/configparser.y" - { + case 294: +#line 479 "./util/configparser.y" + { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2986 "util/configparser.c" +#line 3571 "util/configparser.c" break; - case 287: -#line 479 "./util/configparser.y" - { + case 295: +#line 488 "./util/configparser.y" + { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) cfg_parser->cfg->stat_interval = 0; @@ -2996,48 +3581,48 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3000 "util/configparser.c" +#line 3585 "util/configparser.c" break; - case 288: -#line 490 "./util/configparser.y" - { + case 296: +#line 499 "./util/configparser.y" + { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3012 "util/configparser.c" +#line 3597 "util/configparser.c" break; - case 289: -#line 499 "./util/configparser.y" - { + case 297: +#line 508 "./util/configparser.y" + { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3024 "util/configparser.c" +#line 3609 "util/configparser.c" break; - case 290: -#line 508 "./util/configparser.y" - { + case 298: +#line 517 "./util/configparser.y" + { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3036 "util/configparser.c" +#line 3621 "util/configparser.c" break; - case 291: -#line 517 "./util/configparser.y" - { + case 299: +#line 526 "./util/configparser.y" + { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) cfg_parser->cfg->shm_key = 0; @@ -3046,24 +3631,24 @@ yyreduce: else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3050 "util/configparser.c" +#line 3635 "util/configparser.c" break; - case 292: -#line 528 "./util/configparser.y" - { + case 300: +#line 537 "./util/configparser.y" + { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("port number expected"); else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3062 "util/configparser.c" +#line 3647 "util/configparser.c" break; - case 293: -#line 537 "./util/configparser.y" - { + case 301: +#line 546 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet, (yyvsp[0].str))) @@ -3073,12 +3658,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 3077 "util/configparser.c" +#line 3662 "util/configparser.c" break; - case 294: -#line 549 "./util/configparser.y" - { + case 302: +#line 558 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->client_subnet_zone, @@ -3089,12 +3674,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 3093 "util/configparser.c" +#line 3678 "util/configparser.c" break; - case 295: -#line 563 "./util/configparser.y" - { + case 303: +#line 572 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3107,12 +3692,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3111 "util/configparser.c" +#line 3696 "util/configparser.c" break; - case 296: -#line 578 "./util/configparser.y" - { + case 304: +#line 587 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); OUTYY(("P(Deprecated option, ignoring)\n")); @@ -3121,12 +3706,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3125 "util/configparser.c" +#line 3710 "util/configparser.c" break; - case 297: -#line 589 "./util/configparser.y" - { + case 305: +#line 598 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3141,12 +3726,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3145 "util/configparser.c" +#line 3730 "util/configparser.c" break; - case 298: -#line 606 "./util/configparser.y" - { + case 306: +#line 615 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3161,12 +3746,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3165 "util/configparser.c" +#line 3750 "util/configparser.c" break; - case 299: -#line 623 "./util/configparser.y" - { + case 307: +#line 632 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3181,12 +3766,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3185 "util/configparser.c" +#line 3770 "util/configparser.c" break; - case 300: -#line 640 "./util/configparser.y" - { + case 308: +#line 649 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3201,12 +3786,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3205 "util/configparser.c" +#line 3790 "util/configparser.c" break; - case 301: -#line 657 "./util/configparser.y" - { + case 309: +#line 666 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3219,12 +3804,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3223 "util/configparser.c" +#line 3808 "util/configparser.c" break; - case 302: -#line 672 "./util/configparser.y" - { + case 310: +#line 681 "./util/configparser.y" + { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3237,12 +3822,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3241 "util/configparser.c" +#line 3826 "util/configparser.c" break; - case 303: -#line 687 "./util/configparser.y" - { + case 311: +#line 696 "./util/configparser.y" + { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) cfg_parser->cfg->ifs = calloc(1, sizeof(char*)); @@ -3253,12 +3838,12 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 3257 "util/configparser.c" +#line 3842 "util/configparser.c" break; - case 304: -#line 700 "./util/configparser.y" - { + case 312: +#line 709 "./util/configparser.y" + { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) cfg_parser->cfg->out_ifs = calloc(1, sizeof(char*)); @@ -3271,180 +3856,180 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 3275 "util/configparser.c" +#line 3860 "util/configparser.c" break; - case 305: -#line 715 "./util/configparser.y" - { + case 313: +#line 724 "./util/configparser.y" + { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3287 "util/configparser.c" +#line 3872 "util/configparser.c" break; - case 306: -#line 724 "./util/configparser.y" - { + case 314: +#line 733 "./util/configparser.y" + { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, cfg_parser->cfg->outgoing_avail_ports, 65536)) yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3299 "util/configparser.c" +#line 3884 "util/configparser.c" break; - case 307: -#line 733 "./util/configparser.y" - { + case 315: +#line 742 "./util/configparser.y" + { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, cfg_parser->cfg->outgoing_avail_ports, 65536)) yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3311 "util/configparser.c" +#line 3896 "util/configparser.c" break; - case 308: -#line 742 "./util/configparser.y" - { + case 316: +#line 751 "./util/configparser.y" + { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3323 "util/configparser.c" +#line 3908 "util/configparser.c" break; - case 309: -#line 751 "./util/configparser.y" - { + case 317: +#line 760 "./util/configparser.y" + { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3335 "util/configparser.c" +#line 3920 "util/configparser.c" break; - case 310: -#line 760 "./util/configparser.y" - { + case 318: +#line 769 "./util/configparser.y" + { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3347 "util/configparser.c" +#line 3932 "util/configparser.c" break; - case 311: -#line 769 "./util/configparser.y" - { + case 319: +#line 778 "./util/configparser.y" + { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3359 "util/configparser.c" +#line 3944 "util/configparser.c" break; - case 312: -#line 778 "./util/configparser.y" - { + case 320: +#line 787 "./util/configparser.y" + { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3371 "util/configparser.c" +#line 3956 "util/configparser.c" break; - case 313: -#line 787 "./util/configparser.y" - { + case 321: +#line 796 "./util/configparser.y" + { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3383 "util/configparser.c" +#line 3968 "util/configparser.c" break; - case 314: -#line 796 "./util/configparser.y" - { + case 322: +#line 805 "./util/configparser.y" + { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3395 "util/configparser.c" +#line 3980 "util/configparser.c" break; - case 315: -#line 805 "./util/configparser.y" - { + case 323: +#line 814 "./util/configparser.y" + { OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3407 "util/configparser.c" +#line 3992 "util/configparser.c" break; - case 316: -#line 814 "./util/configparser.y" - { + case 324: +#line 823 "./util/configparser.y" + { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3419 "util/configparser.c" +#line 4004 "util/configparser.c" break; - case 317: -#line 823 "./util/configparser.y" - { + case 325: +#line 832 "./util/configparser.y" + { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3431 "util/configparser.c" +#line 4016 "util/configparser.c" break; - case 318: -#line 832 "./util/configparser.y" - { + case 326: +#line 841 "./util/configparser.y" + { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3443 "util/configparser.c" +#line 4028 "util/configparser.c" break; - case 319: -#line 841 "./util/configparser.y" - { + case 327: +#line 850 "./util/configparser.y" + { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); @@ -3455,24 +4040,24 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3459 "util/configparser.c" +#line 4044 "util/configparser.c" break; - case 320: -#line 854 "./util/configparser.y" - { + case 328: +#line 863 "./util/configparser.y" + { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3471 "util/configparser.c" +#line 4056 "util/configparser.c" break; - case 321: -#line 863 "./util/configparser.y" - { + case 329: +#line 872 "./util/configparser.y" + { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); @@ -3483,168 +4068,168 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3487 "util/configparser.c" +#line 4072 "util/configparser.c" break; - case 322: -#line 876 "./util/configparser.y" - { + case 330: +#line 885 "./util/configparser.y" + { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3499 "util/configparser.c" +#line 4084 "util/configparser.c" break; - case 323: -#line 885 "./util/configparser.y" - { + case 331: +#line 894 "./util/configparser.y" + { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3511 "util/configparser.c" +#line 4096 "util/configparser.c" break; - case 324: -#line 894 "./util/configparser.y" - { + case 332: +#line 903 "./util/configparser.y" + { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3523 "util/configparser.c" +#line 4108 "util/configparser.c" break; - case 325: -#line 903 "./util/configparser.y" - { + case 333: +#line 912 "./util/configparser.y" + { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3533 "util/configparser.c" +#line 4118 "util/configparser.c" break; - case 326: -#line 910 "./util/configparser.y" - { + case 334: +#line 919 "./util/configparser.y" + { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3543 "util/configparser.c" +#line 4128 "util/configparser.c" break; - case 327: -#line 917 "./util/configparser.y" - { + case 335: +#line 926 "./util/configparser.y" + { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("port number expected"); else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3555 "util/configparser.c" +#line 4140 "util/configparser.c" break; - case 328: -#line 926 "./util/configparser.y" - { + case 336: +#line 935 "./util/configparser.y" + { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3565 "util/configparser.c" +#line 4150 "util/configparser.c" break; - case 329: -#line 933 "./util/configparser.y" - { + case 337: +#line 942 "./util/configparser.y" + { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3577 "util/configparser.c" +#line 4162 "util/configparser.c" break; - case 330: -#line 942 "./util/configparser.y" - { + case 338: +#line 951 "./util/configparser.y" + { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3588 "util/configparser.c" +#line 4173 "util/configparser.c" break; - case 331: -#line 950 "./util/configparser.y" - { + case 339: +#line 959 "./util/configparser.y" + { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3598 "util/configparser.c" +#line 4183 "util/configparser.c" break; - case 332: -#line 957 "./util/configparser.y" - { + case 340: +#line 966 "./util/configparser.y" + { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3608 "util/configparser.c" +#line 4193 "util/configparser.c" break; - case 333: -#line 964 "./util/configparser.y" - { + case 341: +#line 973 "./util/configparser.y" + { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3619 "util/configparser.c" +#line 4204 "util/configparser.c" break; - case 334: -#line 972 "./util/configparser.y" - { + case 342: +#line 981 "./util/configparser.y" + { OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3631 "util/configparser.c" +#line 4216 "util/configparser.c" break; - case 335: -#line 981 "./util/configparser.y" - { + case 343: +#line 990 "./util/configparser.y" + { OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("port number expected"); else cfg_parser->cfg->https_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3643 "util/configparser.c" +#line 4228 "util/configparser.c" break; - case 336: -#line 989 "./util/configparser.y" - { + case 344: +#line 998 "./util/configparser.y" + { OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->http_endpoint); if((yyvsp[0].str) && (yyvsp[0].str)[0] != '/') { @@ -3659,96 +4244,96 @@ yyreduce: cfg_parser->cfg->http_endpoint = (yyvsp[0].str); } } -#line 3663 "util/configparser.c" +#line 4248 "util/configparser.c" break; - case 337: -#line 1005 "./util/configparser.y" - { + case 345: +#line 1014 "./util/configparser.y" + { OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3675 "util/configparser.c" +#line 4260 "util/configparser.c" break; - case 338: -#line 1013 "./util/configparser.y" - { + case 346: +#line 1022 "./util/configparser.y" + { OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->http_query_buffer_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3687 "util/configparser.c" +#line 4272 "util/configparser.c" break; - case 339: -#line 1021 "./util/configparser.y" - { + case 347: +#line 1030 "./util/configparser.y" + { OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->http_response_buffer_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3699 "util/configparser.c" +#line 4284 "util/configparser.c" break; - case 340: -#line 1029 "./util/configparser.y" - { + case 348: +#line 1038 "./util/configparser.y" + { OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3711 "util/configparser.c" +#line 4296 "util/configparser.c" break; - case 341: -#line 1037 "./util/configparser.y" - { + case 349: +#line 1046 "./util/configparser.y" + { OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3723 "util/configparser.c" +#line 4308 "util/configparser.c" break; - case 342: -#line 1045 "./util/configparser.y" - { + case 350: +#line 1054 "./util/configparser.y" + { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3735 "util/configparser.c" +#line 4320 "util/configparser.c" break; - case 343: -#line 1054 "./util/configparser.y" - { + case 351: +#line 1063 "./util/configparser.y" + { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3747 "util/configparser.c" +#line 4332 "util/configparser.c" break; - case 344: -#line 1063 "./util/configparser.y" - { + case 352: +#line 1072 "./util/configparser.y" + { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -3760,104 +4345,104 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3764 "util/configparser.c" +#line 4349 "util/configparser.c" break; - case 345: -#line 1077 "./util/configparser.y" - { + case 353: +#line 1086 "./util/configparser.y" + { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3776 "util/configparser.c" +#line 4361 "util/configparser.c" break; - case 346: -#line 1086 "./util/configparser.y" - { + case 354: +#line 1095 "./util/configparser.y" + { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3788 "util/configparser.c" +#line 4373 "util/configparser.c" break; - case 347: -#line 1095 "./util/configparser.y" - { + case 355: +#line 1104 "./util/configparser.y" + { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3800 "util/configparser.c" +#line 4385 "util/configparser.c" break; - case 348: -#line 1104 "./util/configparser.y" - { + case 356: +#line 1113 "./util/configparser.y" + { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3812 "util/configparser.c" +#line 4397 "util/configparser.c" break; - case 349: -#line 1113 "./util/configparser.y" - { + case 357: +#line 1122 "./util/configparser.y" + { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3824 "util/configparser.c" +#line 4409 "util/configparser.c" break; - case 350: -#line 1122 "./util/configparser.y" - { + case 358: +#line 1131 "./util/configparser.y" + { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3836 "util/configparser.c" +#line 4421 "util/configparser.c" break; - case 351: -#line 1131 "./util/configparser.y" - { + case 359: +#line 1140 "./util/configparser.y" + { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3846 "util/configparser.c" +#line 4431 "util/configparser.c" break; - case 352: -#line 1138 "./util/configparser.y" - { + case 360: +#line 1147 "./util/configparser.y" + { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 3856 "util/configparser.c" +#line 4441 "util/configparser.c" break; - case 353: -#line 1145 "./util/configparser.y" - { + case 361: +#line 1154 "./util/configparser.y" + { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); cfg_parser->cfg->directory = (yyvsp[0].str); @@ -3881,106 +4466,106 @@ yyreduce: } } } -#line 3885 "util/configparser.c" +#line 4470 "util/configparser.c" break; - case 354: -#line 1171 "./util/configparser.y" - { + case 362: +#line 1180 "./util/configparser.y" + { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3896 "util/configparser.c" +#line 4481 "util/configparser.c" break; - case 355: -#line 1179 "./util/configparser.y" - { + case 363: +#line 1188 "./util/configparser.y" + { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3906 "util/configparser.c" +#line 4491 "util/configparser.c" break; - case 356: -#line 1186 "./util/configparser.y" - { + case 364: +#line 1195 "./util/configparser.y" + { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3916 "util/configparser.c" +#line 4501 "util/configparser.c" break; - case 357: -#line 1193 "./util/configparser.y" - { + case 365: +#line 1202 "./util/configparser.y" + { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); free((yyvsp[0].str)); } -#line 3926 "util/configparser.c" +#line 4511 "util/configparser.c" break; - case 358: -#line 1200 "./util/configparser.y" - { + case 366: +#line 1209 "./util/configparser.y" + { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); log_warn("option dlv-anchor ignored: DLV is decommissioned"); free((yyvsp[0].str)); } -#line 3936 "util/configparser.c" +#line 4521 "util/configparser.c" break; - case 359: -#line 1207 "./util/configparser.y" - { + case 367: +#line 1216 "./util/configparser.y" + { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3947 "util/configparser.c" +#line 4532 "util/configparser.c" break; - case 360: -#line 1215 "./util/configparser.y" - { + case 368: +#line 1224 "./util/configparser.y" + { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3958 "util/configparser.c" +#line 4543 "util/configparser.c" break; - case 361: -#line 1223 "./util/configparser.y" - { + case 369: +#line 1232 "./util/configparser.y" + { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3969 "util/configparser.c" +#line 4554 "util/configparser.c" break; - case 362: -#line 1231 "./util/configparser.y" - { + case 370: +#line 1240 "./util/configparser.y" + { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3979 "util/configparser.c" +#line 4564 "util/configparser.c" break; - case 363: -#line 1238 "./util/configparser.y" - { + case 371: +#line 1247 "./util/configparser.y" + { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -3989,12 +4574,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3993 "util/configparser.c" +#line 4578 "util/configparser.c" break; - case 364: -#line 1249 "./util/configparser.y" - { + case 372: +#line 1258 "./util/configparser.y" + { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4003,99 +4588,118 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4007 "util/configparser.c" +#line 4592 "util/configparser.c" break; - case 365: -#line 1260 "./util/configparser.y" - { + case 373: +#line 1269 "./util/configparser.y" + { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4017 "util/configparser.c" +#line 4602 "util/configparser.c" break; - case 366: -#line 1267 "./util/configparser.y" - { + case 374: +#line 1276 "./util/configparser.y" + { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4029 "util/configparser.c" +#line 4614 "util/configparser.c" break; - case 367: -#line 1276 "./util/configparser.y" - { + case 375: +#line 1285 "./util/configparser.y" + { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4041 "util/configparser.c" +#line 4626 "util/configparser.c" break; - case 368: -#line 1285 "./util/configparser.y" - { + case 376: +#line 1294 "./util/configparser.y" + { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4053 "util/configparser.c" +#line 4638 "util/configparser.c" break; - case 369: -#line 1294 "./util/configparser.y" - { + case 377: +#line 1303 "./util/configparser.y" + { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 4063 "util/configparser.c" +#line 4648 "util/configparser.c" break; - case 370: -#line 1301 "./util/configparser.y" - { + case 378: +#line 1310 "./util/configparser.y" + { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 4073 "util/configparser.c" +#line 4658 "util/configparser.c" break; - case 371: -#line 1308 "./util/configparser.y" - { + case 379: +#line 1317 "./util/configparser.y" + { + OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->nsid_cfg_str); + cfg_parser->cfg->nsid_cfg_str = (yyvsp[0].str); + free(cfg_parser->cfg->nsid); + cfg_parser->cfg->nsid = NULL; + cfg_parser->cfg->nsid_len = 0; + if (*(yyvsp[0].str) == 0) + ; /* pass; empty string is not setting nsid */ + else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( + (yyvsp[0].str), &cfg_parser->cfg->nsid_len))) + yyerror("the NSID must be either a hex string or an " + "ascii character string prepended with ascii_."); + } +#line 4677 "util/configparser.c" + break; + + case 380: +#line 1333 "./util/configparser.y" + { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 4084 "util/configparser.c" +#line 4688 "util/configparser.c" break; - case 372: -#line 1316 "./util/configparser.y" - { + case 381: +#line 1341 "./util/configparser.y" + { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 4095 "util/configparser.c" +#line 4699 "util/configparser.c" break; - case 373: -#line 1324 "./util/configparser.y" + case 382: +#line 1349 "./util/configparser.y" { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4104,11 +4708,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4108 "util/configparser.c" +#line 4712 "util/configparser.c" break; - case 374: -#line 1334 "./util/configparser.y" + case 383: +#line 1359 "./util/configparser.y" { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4117,11 +4721,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4121 "util/configparser.c" +#line 4725 "util/configparser.c" break; - case 375: -#line 1344 "./util/configparser.y" + case 384: +#line 1369 "./util/configparser.y" { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4130,12 +4734,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4134 "util/configparser.c" +#line 4738 "util/configparser.c" break; - case 376: -#line 1354 "./util/configparser.y" - { + case 385: +#line 1379 "./util/configparser.y" + { OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); @@ -4147,23 +4751,23 @@ yyreduce: cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4151 "util/configparser.c" +#line 4755 "util/configparser.c" break; - case 377: -#line 1368 "./util/configparser.y" - { + case 386: +#line 1393 "./util/configparser.y" + { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4162 "util/configparser.c" +#line 4766 "util/configparser.c" break; - case 378: -#line 1376 "./util/configparser.y" - { + case 387: +#line 1401 "./util/configparser.y" + { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -4174,12 +4778,12 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4178 "util/configparser.c" +#line 4782 "util/configparser.c" break; - case 379: -#line 1389 "./util/configparser.y" - { + case 388: +#line 1414 "./util/configparser.y" + { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -4188,23 +4792,23 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4192 "util/configparser.c" +#line 4796 "util/configparser.c" break; - case 380: -#line 1400 "./util/configparser.y" - { + case 389: +#line 1425 "./util/configparser.y" + { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4203 "util/configparser.c" +#line 4807 "util/configparser.c" break; - case 381: -#line 1408 "./util/configparser.y" - { + case 390: +#line 1433 "./util/configparser.y" + { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -4215,60 +4819,60 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4219 "util/configparser.c" +#line 4823 "util/configparser.c" break; - case 382: -#line 1421 "./util/configparser.y" - { + case 391: +#line 1446 "./util/configparser.y" + { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4231 "util/configparser.c" +#line 4835 "util/configparser.c" break; - case 383: -#line 1430 "./util/configparser.y" - { + case 392: +#line 1455 "./util/configparser.y" + { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4243 "util/configparser.c" +#line 4847 "util/configparser.c" break; - case 384: -#line 1439 "./util/configparser.y" - { + case 393: +#line 1464 "./util/configparser.y" + { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4255 "util/configparser.c" +#line 4859 "util/configparser.c" break; - case 385: -#line 1448 "./util/configparser.y" - { + case 394: +#line 1473 "./util/configparser.y" + { OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4267 "util/configparser.c" +#line 4871 "util/configparser.c" break; - case 386: -#line 1457 "./util/configparser.y" - { + case 395: +#line 1482 "./util/configparser.y" + { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4276,12 +4880,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4280 "util/configparser.c" +#line 4884 "util/configparser.c" break; - case 387: -#line 1467 "./util/configparser.y" - { + case 396: +#line 1492 "./util/configparser.y" + { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4289,23 +4893,23 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4293 "util/configparser.c" +#line 4897 "util/configparser.c" break; - case 388: -#line 1477 "./util/configparser.y" - { + case 397: +#line 1502 "./util/configparser.y" + { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4304 "util/configparser.c" +#line 4908 "util/configparser.c" break; - case 389: -#line 1485 "./util/configparser.y" - { + case 398: +#line 1510 "./util/configparser.y" + { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -4316,58 +4920,58 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4320 "util/configparser.c" +#line 4924 "util/configparser.c" break; - case 390: -#line 1498 "./util/configparser.y" - { + case 399: +#line 1523 "./util/configparser.y" + { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4332 "util/configparser.c" +#line 4936 "util/configparser.c" break; - case 391: -#line 1507 "./util/configparser.y" - { + case 400: +#line 1532 "./util/configparser.y" + { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4343 "util/configparser.c" +#line 4947 "util/configparser.c" break; - case 392: -#line 1515 "./util/configparser.y" - { + case 401: +#line 1540 "./util/configparser.y" + { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4355 "util/configparser.c" +#line 4959 "util/configparser.c" break; - case 393: -#line 1524 "./util/configparser.y" - { + case 402: +#line 1549 "./util/configparser.y" + { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4366 "util/configparser.c" +#line 4970 "util/configparser.c" break; - case 394: -#line 1532 "./util/configparser.y" - { + case 403: +#line 1557 "./util/configparser.y" + { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -4378,24 +4982,24 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4382 "util/configparser.c" +#line 4986 "util/configparser.c" break; - case 395: -#line 1545 "./util/configparser.y" - { + case 404: +#line 1570 "./util/configparser.y" + { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4394 "util/configparser.c" +#line 4998 "util/configparser.c" break; - case 396: -#line 1554 "./util/configparser.y" - { + case 405: +#line 1579 "./util/configparser.y" + { OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4403,22 +5007,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4407 "util/configparser.c" +#line 5011 "util/configparser.c" break; - case 397: -#line 1564 "./util/configparser.y" - { + case 406: +#line 1589 "./util/configparser.y" + { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 4417 "util/configparser.c" +#line 5021 "util/configparser.c" break; - case 398: -#line 1571 "./util/configparser.y" - { + case 407: +#line 1596 "./util/configparser.y" + { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4426,12 +5030,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4430 "util/configparser.c" +#line 5034 "util/configparser.c" break; - case 399: -#line 1581 "./util/configparser.y" - { + case 408: +#line 1606 "./util/configparser.y" + { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4439,12 +5043,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4443 "util/configparser.c" +#line 5047 "util/configparser.c" break; - case 400: -#line 1591 "./util/configparser.y" - { + case 409: +#line 1616 "./util/configparser.y" + { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4452,12 +5056,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4456 "util/configparser.c" +#line 5060 "util/configparser.c" break; - case 401: -#line 1601 "./util/configparser.y" - { + case 410: +#line 1626 "./util/configparser.y" + { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4465,12 +5069,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4469 "util/configparser.c" +#line 5073 "util/configparser.c" break; - case 402: -#line 1611 "./util/configparser.y" - { + case 411: +#line 1636 "./util/configparser.y" + { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4478,12 +5082,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4482 "util/configparser.c" +#line 5086 "util/configparser.c" break; - case 403: -#line 1621 "./util/configparser.y" - { + case 412: +#line 1646 "./util/configparser.y" + { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4491,12 +5095,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4495 "util/configparser.c" +#line 5099 "util/configparser.c" break; - case 404: -#line 1631 "./util/configparser.y" - { + case 413: +#line 1656 "./util/configparser.y" + { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4504,12 +5108,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4508 "util/configparser.c" +#line 5112 "util/configparser.c" break; - case 405: -#line 1641 "./util/configparser.y" - { + case 414: +#line 1666 "./util/configparser.y" + { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4517,100 +5121,100 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4521 "util/configparser.c" +#line 5125 "util/configparser.c" break; - case 406: -#line 1651 "./util/configparser.y" - { + case 415: +#line 1676 "./util/configparser.y" + { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4531 "util/configparser.c" +#line 5135 "util/configparser.c" break; - case 407: -#line 1658 "./util/configparser.y" - { + case 416: +#line 1683 "./util/configparser.y" + { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4541 "util/configparser.c" +#line 5145 "util/configparser.c" break; - case 408: -#line 1665 "./util/configparser.y" - { + case 417: +#line 1690 "./util/configparser.y" + { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4551 "util/configparser.c" +#line 5155 "util/configparser.c" break; - case 409: -#line 1672 "./util/configparser.y" - { + case 418: +#line 1697 "./util/configparser.y" + { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4563 "util/configparser.c" +#line 5167 "util/configparser.c" break; - case 410: -#line 1681 "./util/configparser.y" - { + case 419: +#line 1706 "./util/configparser.y" + { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4575 "util/configparser.c" +#line 5179 "util/configparser.c" break; - case 411: -#line 1690 "./util/configparser.y" - { + case 420: +#line 1715 "./util/configparser.y" + { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4587 "util/configparser.c" +#line 5191 "util/configparser.c" break; - case 412: -#line 1699 "./util/configparser.y" - { + case 421: +#line 1724 "./util/configparser.y" + { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4599 "util/configparser.c" +#line 5203 "util/configparser.c" break; - case 413: -#line 1708 "./util/configparser.y" - { + case 422: +#line 1733 "./util/configparser.y" + { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4609 "util/configparser.c" +#line 5213 "util/configparser.c" break; - case 414: -#line 1715 "./util/configparser.y" - { + case 423: +#line 1740 "./util/configparser.y" + { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4618,12 +5222,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4622 "util/configparser.c" +#line 5226 "util/configparser.c" break; - case 415: -#line 1725 "./util/configparser.y" - { + case 424: +#line 1750 "./util/configparser.y" + { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "deny_non_local")!=0 && @@ -4641,22 +5245,22 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 4645 "util/configparser.c" +#line 5249 "util/configparser.c" break; - case 416: -#line 1745 "./util/configparser.y" - { + case 425: +#line 1770 "./util/configparser.y" + { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4655 "util/configparser.c" +#line 5259 "util/configparser.c" break; - case 417: -#line 1752 "./util/configparser.y" - { + case 426: +#line 1777 "./util/configparser.y" + { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { cfg_parser->cfg->val_date_override = 0; @@ -4672,12 +5276,12 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4676 "util/configparser.c" +#line 5280 "util/configparser.c" break; - case 418: -#line 1770 "./util/configparser.y" - { + case 427: +#line 1795 "./util/configparser.y" + { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { cfg_parser->cfg->val_sig_skew_min = 0; @@ -4688,12 +5292,12 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4692 "util/configparser.c" +#line 5296 "util/configparser.c" break; - case 419: -#line 1783 "./util/configparser.y" - { + case 428: +#line 1808 "./util/configparser.y" + { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { cfg_parser->cfg->val_sig_skew_max = 0; @@ -4704,60 +5308,60 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4708 "util/configparser.c" +#line 5312 "util/configparser.c" break; - case 420: -#line 1796 "./util/configparser.y" - { + case 429: +#line 1821 "./util/configparser.y" + { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4720 "util/configparser.c" +#line 5324 "util/configparser.c" break; - case 421: -#line 1805 "./util/configparser.y" - { + case 430: +#line 1830 "./util/configparser.y" + { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4732 "util/configparser.c" +#line 5336 "util/configparser.c" break; - case 422: -#line 1814 "./util/configparser.y" - { + case 431: +#line 1839 "./util/configparser.y" + { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4744 "util/configparser.c" +#line 5348 "util/configparser.c" break; - case 423: -#line 1823 "./util/configparser.y" - { + case 432: +#line 1848 "./util/configparser.y" + { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4756 "util/configparser.c" +#line 5360 "util/configparser.c" break; - case 424: -#line 1832 "./util/configparser.y" - { + case 433: +#line 1857 "./util/configparser.y" + { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4765,12 +5369,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4769 "util/configparser.c" +#line 5373 "util/configparser.c" break; - case 425: -#line 1842 "./util/configparser.y" - { + case 434: +#line 1867 "./util/configparser.y" + { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4778,12 +5382,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4782 "util/configparser.c" +#line 5386 "util/configparser.c" break; - case 426: -#line 1852 "./util/configparser.y" - { + case 435: +#line 1877 "./util/configparser.y" + { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4792,84 +5396,96 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4796 "util/configparser.c" +#line 5400 "util/configparser.c" break; - case 427: -#line 1863 "./util/configparser.y" - { + case 436: +#line 1888 "./util/configparser.y" + { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4808 "util/configparser.c" +#line 5412 "util/configparser.c" break; - case 428: -#line 1872 "./util/configparser.y" - { + case 437: +#line 1897 "./util/configparser.y" + { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4820 "util/configparser.c" +#line 5424 "util/configparser.c" break; - case 429: -#line 1881 "./util/configparser.y" - { + case 438: +#line 1906 "./util/configparser.y" + { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4832 "util/configparser.c" +#line 5436 "util/configparser.c" break; - case 430: -#line 1890 "./util/configparser.y" - { + case 439: +#line 1915 "./util/configparser.y" + { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4844 "util/configparser.c" +#line 5448 "util/configparser.c" break; - case 431: -#line 1899 "./util/configparser.y" - { + case 440: +#line 1924 "./util/configparser.y" + { OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4856 "util/configparser.c" +#line 5460 "util/configparser.c" break; - case 432: -#line 1908 "./util/configparser.y" - { + case 441: +#line 1933 "./util/configparser.y" + { OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4868 "util/configparser.c" +#line 5472 "util/configparser.c" break; - case 433: -#line 1917 "./util/configparser.y" - { + case 442: +#line 1942 "./util/configparser.y" + { + OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5484 "util/configparser.c" + break; + + case 443: +#line 1951 "./util/configparser.y" + { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4880,12 +5496,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4884 "util/configparser.c" +#line 5500 "util/configparser.c" break; - case 434: -#line 1930 "./util/configparser.y" - { + case 444: +#line 1964 "./util/configparser.y" + { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4896,70 +5512,82 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4900 "util/configparser.c" +#line 5516 "util/configparser.c" break; - case 435: -#line 1943 "./util/configparser.y" - { + case 445: +#line 1977 "./util/configparser.y" + { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4912 "util/configparser.c" +#line 5528 "util/configparser.c" break; - case 436: -#line 1952 "./util/configparser.y" - { + case 446: +#line 1986 "./util/configparser.y" + { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 4922 "util/configparser.c" +#line 5538 "util/configparser.c" break; - case 437: -#line 1959 "./util/configparser.y" - { + case 447: +#line 1993 "./util/configparser.y" + { + OUTYY(("P(server_zonemd_permissive_mode:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->zonemd_permissive_mode = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 5550 "util/configparser.c" + break; + + case 448: +#line 2002 "./util/configparser.y" + { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4934 "util/configparser.c" +#line 5562 "util/configparser.c" break; - case 438: -#line 1968 "./util/configparser.y" - { + case 449: +#line 2011 "./util/configparser.y" + { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4946 "util/configparser.c" +#line 5574 "util/configparser.c" break; - case 439: -#line 1977 "./util/configparser.y" - { + case 450: +#line 2020 "./util/configparser.y" + { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4958 "util/configparser.c" +#line 5586 "util/configparser.c" break; - case 440: -#line 1986 "./util/configparser.y" - { + case 451: +#line 2029 "./util/configparser.y" + { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -4967,23 +5595,23 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4971 "util/configparser.c" +#line 5599 "util/configparser.c" break; - case 441: -#line 1995 "./util/configparser.y" - { + case 452: +#line 2038 "./util/configparser.y" + { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4982 "util/configparser.c" +#line 5610 "util/configparser.c" break; - case 442: -#line 2003 "./util/configparser.y" - { + case 453: +#line 2046 "./util/configparser.y" + { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -4994,23 +5622,23 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4998 "util/configparser.c" +#line 5626 "util/configparser.c" break; - case 443: -#line 2016 "./util/configparser.y" - { + case 454: +#line 2059 "./util/configparser.y" + { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5009 "util/configparser.c" +#line 5637 "util/configparser.c" break; - case 444: -#line 2024 "./util/configparser.y" - { + case 455: +#line 2067 "./util/configparser.y" + { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && @@ -5053,22 +5681,22 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5057 "util/configparser.c" +#line 5685 "util/configparser.c" break; - case 445: -#line 2069 "./util/configparser.y" - { + case 456: +#line 2112 "./util/configparser.y" + { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 5067 "util/configparser.c" +#line 5695 "util/configparser.c" break; - case 446: -#line 2076 "./util/configparser.y" - { + case 457: +#line 2119 "./util/configparser.y" + { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); ptr = cfg_ptr_reverse((yyvsp[0].str)); @@ -5081,12 +5709,12 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5085 "util/configparser.c" +#line 5713 "util/configparser.c" break; - case 447: -#line 2091 "./util/configparser.y" - { + case 458: +#line 2134 "./util/configparser.y" + { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5094,12 +5722,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5098 "util/configparser.c" +#line 5726 "util/configparser.c" break; - case 448: -#line 2101 "./util/configparser.y" - { + case 459: +#line 2144 "./util/configparser.y" + { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5107,65 +5735,65 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5111 "util/configparser.c" +#line 5739 "util/configparser.c" break; - case 449: -#line 2111 "./util/configparser.y" - { + case 460: +#line 2154 "./util/configparser.y" + { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5121 "util/configparser.c" +#line 5749 "util/configparser.c" break; - case 450: -#line 2118 "./util/configparser.y" - { + case 461: +#line 2161 "./util/configparser.y" + { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5131 "util/configparser.c" +#line 5759 "util/configparser.c" break; - case 451: -#line 2125 "./util/configparser.y" - { + case 462: +#line 2168 "./util/configparser.y" + { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 5141 "util/configparser.c" +#line 5769 "util/configparser.c" break; - case 452: -#line 2132 "./util/configparser.y" - { + case 463: +#line 2175 "./util/configparser.y" + { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5153 "util/configparser.c" +#line 5781 "util/configparser.c" break; - case 453: -#line 2141 "./util/configparser.y" - { + case 464: +#line 2184 "./util/configparser.y" + { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 5164 "util/configparser.c" +#line 5792 "util/configparser.c" break; - case 454: -#line 2149 "./util/configparser.y" - { + case 465: +#line 2192 "./util/configparser.y" + { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); while((p=strsep(&s, " \t\n")) != NULL) { @@ -5177,12 +5805,12 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5181 "util/configparser.c" +#line 5809 "util/configparser.c" break; - case 455: -#line 2163 "./util/configparser.y" - { + case 466: +#line 2206 "./util/configparser.y" + { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), &len); @@ -5201,12 +5829,12 @@ yyreduce: } } } -#line 5205 "util/configparser.c" +#line 5833 "util/configparser.c" break; - case 456: -#line 2184 "./util/configparser.y" - { + case 467: +#line 2227 "./util/configparser.y" + { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), &len); @@ -5225,12 +5853,12 @@ yyreduce: } } } -#line 5229 "util/configparser.c" +#line 5857 "util/configparser.c" break; - case 457: -#line 2205 "./util/configparser.y" - { + case 468: +#line 2248 "./util/configparser.y" + { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { @@ -5240,12 +5868,12 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5244 "util/configparser.c" +#line 5872 "util/configparser.c" break; - case 458: -#line 2217 "./util/configparser.y" - { + case 469: +#line 2260 "./util/configparser.y" + { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { @@ -5255,12 +5883,12 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5259 "util/configparser.c" +#line 5887 "util/configparser.c" break; - case 459: -#line 2229 "./util/configparser.y" - { + case 470: +#line 2272 "./util/configparser.y" + { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))) { @@ -5270,24 +5898,24 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5274 "util/configparser.c" +#line 5902 "util/configparser.c" break; - case 460: -#line 2241 "./util/configparser.y" - { + case 471: +#line 2284 "./util/configparser.y" + { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, (yyvsp[-1].str), (yyvsp[0].str))) { yyerror("out of memory"); } } -#line 5286 "util/configparser.c" +#line 5914 "util/configparser.c" break; - case 461: -#line 2250 "./util/configparser.y" - { + case 472: +#line 2293 "./util/configparser.y" + { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), &len); @@ -5306,58 +5934,58 @@ yyreduce: } } } -#line 5310 "util/configparser.c" +#line 5938 "util/configparser.c" break; - case 462: -#line 2271 "./util/configparser.y" - { + case 473: +#line 2314 "./util/configparser.y" + { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5322 "util/configparser.c" +#line 5950 "util/configparser.c" break; - case 463: -#line 2281 "./util/configparser.y" - { + case 474: +#line 2324 "./util/configparser.y" + { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5334 "util/configparser.c" +#line 5962 "util/configparser.c" break; - case 464: -#line 2290 "./util/configparser.y" - { + case 475: +#line 2333 "./util/configparser.y" + { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5345 "util/configparser.c" +#line 5973 "util/configparser.c" break; - case 465: -#line 2298 "./util/configparser.y" - { + case 476: +#line 2341 "./util/configparser.y" + { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5356 "util/configparser.c" +#line 5984 "util/configparser.c" break; - case 466: -#line 2306 "./util/configparser.y" - { + case 477: +#line 2349 "./util/configparser.y" + { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -5368,12 +5996,12 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5372 "util/configparser.c" +#line 6000 "util/configparser.c" break; - case 467: -#line 2319 "./util/configparser.y" - { + case 478: +#line 2362 "./util/configparser.y" + { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -5384,12 +6012,12 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5388 "util/configparser.c" +#line 6016 "util/configparser.c" break; - case 468: -#line 2332 "./util/configparser.y" - { + case 479: +#line 2375 "./util/configparser.y" + { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { yyerror("number expected"); @@ -5402,12 +6030,12 @@ yyreduce: "ratelimit-for-domain"); } } -#line 5406 "util/configparser.c" +#line 6034 "util/configparser.c" break; - case 469: -#line 2347 "./util/configparser.y" - { + case 480: +#line 2390 "./util/configparser.y" + { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { yyerror("number expected"); @@ -5420,69 +6048,69 @@ yyreduce: "ratelimit-below-domain"); } } -#line 5424 "util/configparser.c" +#line 6052 "util/configparser.c" break; - case 470: -#line 2362 "./util/configparser.y" - { + case 481: +#line 2405 "./util/configparser.y" + { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5436 "util/configparser.c" +#line 6064 "util/configparser.c" break; - case 471: -#line 2371 "./util/configparser.y" - { + case 482: +#line 2414 "./util/configparser.y" + { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5448 "util/configparser.c" +#line 6076 "util/configparser.c" break; - case 472: -#line 2380 "./util/configparser.y" - { + case 483: +#line 2423 "./util/configparser.y" + { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 5457 "util/configparser.c" +#line 6085 "util/configparser.c" break; - case 473: -#line 2386 "./util/configparser.y" - { + case 484: +#line 2429 "./util/configparser.y" + { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) yyerror("number expected"); else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5469 "util/configparser.c" +#line 6097 "util/configparser.c" break; - case 474: -#line 2395 "./util/configparser.y" - { + case 485: +#line 2438 "./util/configparser.y" + { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("number expected"); else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5481 "util/configparser.c" +#line 6109 "util/configparser.c" break; - case 475: -#line 2404 "./util/configparser.y" - { + case 486: +#line 2447 "./util/configparser.y" + { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5490,12 +6118,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5494 "util/configparser.c" +#line 6122 "util/configparser.c" break; - case 476: -#line 2414 "./util/configparser.y" - { + case 487: +#line 2457 "./util/configparser.y" + { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5503,12 +6131,62 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5507 "util/configparser.c" +#line 6135 "util/configparser.c" break; - case 477: -#line 2424 "./util/configparser.y" - { + case 488: +#line 2467 "./util/configparser.y" + { + OUTYY(("P(server_pad_responses:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->pad_responses = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6148 "util/configparser.c" + break; + + case 489: +#line 2477 "./util/configparser.y" + { + OUTYY(("P(server_pad_responses_block_size:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->pad_responses_block_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 6160 "util/configparser.c" + break; + + case 490: +#line 2486 "./util/configparser.y" + { + OUTYY(("P(server_pad_queries:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->pad_queries = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6173 "util/configparser.c" + break; + + case 491: +#line 2496 "./util/configparser.y" + { + OUTYY(("P(server_pad_queries_block_size:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("number expected"); + else cfg_parser->cfg->pad_queries_block_size = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 6185 "util/configparser.c" + break; + + case 492: +#line 2505 "./util/configparser.y" + { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5519,12 +6197,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5523 "util/configparser.c" +#line 6201 "util/configparser.c" break; - case 478: -#line 2437 "./util/configparser.y" - { + case 493: +#line 2518 "./util/configparser.y" + { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5535,12 +6213,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5539 "util/configparser.c" +#line 6217 "util/configparser.c" break; - case 479: -#line 2450 "./util/configparser.y" - { + case 494: +#line 2531 "./util/configparser.y" + { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ipsecmod_hook); @@ -5550,12 +6228,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5554 "util/configparser.c" +#line 6232 "util/configparser.c" break; - case 480: -#line 2462 "./util/configparser.y" - { + case 495: +#line 2543 "./util/configparser.y" + { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5567,12 +6245,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5571 "util/configparser.c" +#line 6249 "util/configparser.c" break; - case 481: -#line 2476 "./util/configparser.y" - { + case 496: +#line 2557 "./util/configparser.y" + { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->ipsecmod_whitelist, (yyvsp[0].str))) @@ -5582,12 +6260,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5586 "util/configparser.c" +#line 6264 "util/configparser.c" break; - case 482: -#line 2488 "./util/configparser.y" - { + case 497: +#line 2569 "./util/configparser.y" + { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5599,24 +6277,24 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5603 "util/configparser.c" +#line 6281 "util/configparser.c" break; - case 483: -#line 2502 "./util/configparser.y" - { + case 498: +#line 2583 "./util/configparser.y" + { OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->edns_client_strings, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding " "edns-client-string"); } -#line 5615 "util/configparser.c" +#line 6293 "util/configparser.c" break; - case 484: -#line 2511 "./util/configparser.y" - { + case 499: +#line 2592 "./util/configparser.y" + { OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) yyerror("option code expected"); @@ -5626,12 +6304,12 @@ yyreduce: free((yyvsp[0].str)); } -#line 5630 "util/configparser.c" +#line 6308 "util/configparser.c" break; - case 485: -#line 2523 "./util/configparser.y" - { + case 500: +#line 2604 "./util/configparser.y" + { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) yyerror("stub name override, there must be one name " @@ -5639,56 +6317,56 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5643 "util/configparser.c" +#line 6321 "util/configparser.c" break; - case 486: -#line 2533 "./util/configparser.y" - { + case 501: +#line 2614 "./util/configparser.y" + { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5653 "util/configparser.c" +#line 6331 "util/configparser.c" break; - case 487: -#line 2540 "./util/configparser.y" - { + case 502: +#line 2621 "./util/configparser.y" + { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5663 "util/configparser.c" +#line 6341 "util/configparser.c" break; - case 488: -#line 2547 "./util/configparser.y" - { + case 503: +#line 2628 "./util/configparser.y" + { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5675 "util/configparser.c" +#line 6353 "util/configparser.c" break; - case 489: -#line 2556 "./util/configparser.y" - { + case 504: +#line 2637 "./util/configparser.y" + { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5687 "util/configparser.c" +#line 6365 "util/configparser.c" break; - case 490: -#line 2565 "./util/configparser.y" - { + case 505: +#line 2646 "./util/configparser.y" + { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5696,12 +6374,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5700 "util/configparser.c" +#line 6378 "util/configparser.c" break; - case 491: -#line 2575 "./util/configparser.y" - { + case 506: +#line 2656 "./util/configparser.y" + { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5709,12 +6387,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5713 "util/configparser.c" +#line 6391 "util/configparser.c" break; - case 492: -#line 2585 "./util/configparser.y" - { + case 507: +#line 2666 "./util/configparser.y" + { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) yyerror("forward name override, there must be one " @@ -5722,56 +6400,56 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5726 "util/configparser.c" +#line 6404 "util/configparser.c" break; - case 493: -#line 2595 "./util/configparser.y" - { + case 508: +#line 2676 "./util/configparser.y" + { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5736 "util/configparser.c" +#line 6414 "util/configparser.c" break; - case 494: -#line 2602 "./util/configparser.y" - { + case 509: +#line 2683 "./util/configparser.y" + { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5746 "util/configparser.c" +#line 6424 "util/configparser.c" break; - case 495: -#line 2609 "./util/configparser.y" - { + case 510: +#line 2690 "./util/configparser.y" + { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5758 "util/configparser.c" +#line 6436 "util/configparser.c" break; - case 496: -#line 2618 "./util/configparser.y" - { + case 511: +#line 2699 "./util/configparser.y" + { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5770 "util/configparser.c" +#line 6448 "util/configparser.c" break; - case 497: -#line 2627 "./util/configparser.y" - { + case 512: +#line 2708 "./util/configparser.y" + { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5779,12 +6457,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5783 "util/configparser.c" +#line 6461 "util/configparser.c" break; - case 498: -#line 2637 "./util/configparser.y" - { + case 513: +#line 2718 "./util/configparser.y" + { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) yyerror("auth name override, there must be one name " @@ -5792,53 +6470,66 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5796 "util/configparser.c" +#line 6474 "util/configparser.c" break; - case 499: -#line 2647 "./util/configparser.y" - { + case 514: +#line 2728 "./util/configparser.y" + { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5806 "util/configparser.c" +#line 6484 "util/configparser.c" break; - case 500: -#line 2654 "./util/configparser.y" - { + case 515: +#line 2735 "./util/configparser.y" + { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5816 "util/configparser.c" +#line 6494 "util/configparser.c" break; - case 501: -#line 2661 "./util/configparser.y" - { + case 516: +#line 2742 "./util/configparser.y" + { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5826 "util/configparser.c" +#line 6504 "util/configparser.c" break; - case 502: -#line 2668 "./util/configparser.y" - { + case 517: +#line 2749 "./util/configparser.y" + { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5837 "util/configparser.c" +#line 6515 "util/configparser.c" break; - case 503: -#line 2676 "./util/configparser.y" - { + case 518: +#line 2757 "./util/configparser.y" + { + OUTYY(("P(zonemd-reject-absence:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_reject_absence = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 6528 "util/configparser.c" + break; + + case 519: +#line 2767 "./util/configparser.y" + { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5846,12 +6537,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5850 "util/configparser.c" +#line 6541 "util/configparser.c" break; - case 504: -#line 2686 "./util/configparser.y" - { + case 520: +#line 2777 "./util/configparser.y" + { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5859,12 +6550,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5863 "util/configparser.c" +#line 6554 "util/configparser.c" break; - case 505: -#line 2696 "./util/configparser.y" - { + case 521: +#line 2787 "./util/configparser.y" + { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -5872,12 +6563,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5876 "util/configparser.c" +#line 6567 "util/configparser.c" break; - case 506: -#line 2706 "./util/configparser.y" - { + case 522: +#line 2797 "./util/configparser.y" + { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) yyerror("view name override, there must be one " @@ -5885,12 +6576,12 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5889 "util/configparser.c" +#line 6580 "util/configparser.c" break; - case 507: -#line 2716 "./util/configparser.y" - { + case 523: +#line 2807 "./util/configparser.y" + { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && strcmp((yyvsp[0].str), "redirect")!=0 && @@ -5927,12 +6618,12 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5931 "util/configparser.c" +#line 6622 "util/configparser.c" break; - case 508: -#line 2755 "./util/configparser.y" - { + case 524: +#line 2846 "./util/configparser.y" + { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); if(!cfg_str2list_insert( @@ -5940,34 +6631,34 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5944 "util/configparser.c" +#line 6635 "util/configparser.c" break; - case 509: -#line 2765 "./util/configparser.y" - { + case 525: +#line 2856 "./util/configparser.y" + { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5955 "util/configparser.c" +#line 6646 "util/configparser.c" break; - case 510: -#line 2773 "./util/configparser.y" - { + case 526: +#line 2864 "./util/configparser.y" + { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5966 "util/configparser.c" +#line 6657 "util/configparser.c" break; - case 511: -#line 2781 "./util/configparser.y" - { + case 527: +#line 2872 "./util/configparser.y" + { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); ptr = cfg_ptr_reverse((yyvsp[0].str)); @@ -5980,32 +6671,32 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5984 "util/configparser.c" +#line 6675 "util/configparser.c" break; - case 512: -#line 2796 "./util/configparser.y" - { + case 528: +#line 2887 "./util/configparser.y" + { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5996 "util/configparser.c" +#line 6687 "util/configparser.c" break; - case 513: -#line 2805 "./util/configparser.y" - { + case 529: +#line 2896 "./util/configparser.y" + { OUTYY(("\nP(remote-control:)\n")); } -#line 6004 "util/configparser.c" +#line 6695 "util/configparser.c" break; - case 524: -#line 2816 "./util/configparser.y" - { + case 540: +#line 2907 "./util/configparser.y" + { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6013,104 +6704,104 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6017 "util/configparser.c" +#line 6708 "util/configparser.c" break; - case 525: -#line 2826 "./util/configparser.y" - { + case 541: +#line 2917 "./util/configparser.y" + { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("control port number expected"); else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6029 "util/configparser.c" +#line 6720 "util/configparser.c" break; - case 526: -#line 2835 "./util/configparser.y" - { + case 542: +#line 2926 "./util/configparser.y" + { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6039 "util/configparser.c" +#line 6730 "util/configparser.c" break; - case 527: -#line 2842 "./util/configparser.y" - { + case 543: +#line 2933 "./util/configparser.y" + { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6049 "util/configparser.c" +#line 6740 "util/configparser.c" break; - case 528: -#line 2849 "./util/configparser.y" - { + case 544: +#line 2940 "./util/configparser.y" + { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 6059 "util/configparser.c" +#line 6750 "util/configparser.c" break; - case 529: -#line 2856 "./util/configparser.y" - { + case 545: +#line 2947 "./util/configparser.y" + { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 6069 "util/configparser.c" +#line 6760 "util/configparser.c" break; - case 530: -#line 2863 "./util/configparser.y" - { + case 546: +#line 2954 "./util/configparser.y" + { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 6079 "util/configparser.c" +#line 6770 "util/configparser.c" break; - case 531: -#line 2870 "./util/configparser.y" - { + case 547: +#line 2961 "./util/configparser.y" + { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 6089 "util/configparser.c" +#line 6780 "util/configparser.c" break; - case 532: -#line 2877 "./util/configparser.y" - { + case 548: +#line 2968 "./util/configparser.y" + { OUTYY(("\nP(dnstap:)\n")); } -#line 6097 "util/configparser.c" +#line 6788 "util/configparser.c" break; - case 554: -#line 2897 "./util/configparser.y" - { + case 570: +#line 2988 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6109 "util/configparser.c" +#line 6800 "util/configparser.c" break; - case 555: -#line 2906 "./util/configparser.y" - { + case 571: +#line 2997 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6118,128 +6809,128 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6122 "util/configparser.c" +#line 6813 "util/configparser.c" break; - case 556: -#line 2916 "./util/configparser.y" - { + case 572: +#line 3007 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 6132 "util/configparser.c" +#line 6823 "util/configparser.c" break; - case 557: -#line 2923 "./util/configparser.y" - { + case 573: +#line 3014 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_ip); cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); } -#line 6142 "util/configparser.c" +#line 6833 "util/configparser.c" break; - case 558: -#line 2930 "./util/configparser.y" - { + case 574: +#line 3021 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6154 "util/configparser.c" +#line 6845 "util/configparser.c" break; - case 559: -#line 2939 "./util/configparser.y" - { + case 575: +#line 3030 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_server_name); cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); } -#line 6164 "util/configparser.c" +#line 6855 "util/configparser.c" break; - case 560: -#line 2946 "./util/configparser.y" - { + case 576: +#line 3037 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_cert_bundle); cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); } -#line 6174 "util/configparser.c" +#line 6865 "util/configparser.c" break; - case 561: -#line 2953 "./util/configparser.y" - { + case 577: +#line 3044 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_key_file); cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); } -#line 6184 "util/configparser.c" +#line 6875 "util/configparser.c" break; - case 562: -#line 2960 "./util/configparser.y" - { + case 578: +#line 3051 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_cert_file); cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); } -#line 6194 "util/configparser.c" +#line 6885 "util/configparser.c" break; - case 563: -#line 2967 "./util/configparser.y" - { + case 579: +#line 3058 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6206 "util/configparser.c" +#line 6897 "util/configparser.c" break; - case 564: -#line 2976 "./util/configparser.y" - { + case 580: +#line 3067 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6218 "util/configparser.c" +#line 6909 "util/configparser.c" break; - case 565: -#line 2985 "./util/configparser.y" - { + case 581: +#line 3076 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 6228 "util/configparser.c" +#line 6919 "util/configparser.c" break; - case 566: -#line 2992 "./util/configparser.y" - { + case 582: +#line 3083 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 6238 "util/configparser.c" +#line 6929 "util/configparser.c" break; - case 567: -#line 2999 "./util/configparser.y" - { + case 583: +#line 3090 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6247,12 +6938,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6251 "util/configparser.c" +#line 6942 "util/configparser.c" break; - case 568: -#line 3009 "./util/configparser.y" - { + case 584: +#line 3100 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6260,12 +6951,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6264 "util/configparser.c" +#line 6955 "util/configparser.c" break; - case 569: -#line 3019 "./util/configparser.y" - { + case 585: +#line 3110 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6273,12 +6964,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6277 "util/configparser.c" +#line 6968 "util/configparser.c" break; - case 570: -#line 3029 "./util/configparser.y" - { + case 586: +#line 3120 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6286,12 +6977,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6290 "util/configparser.c" +#line 6981 "util/configparser.c" break; - case 571: -#line 3039 "./util/configparser.y" - { + case 587: +#line 3130 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6299,12 +6990,12 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6303 "util/configparser.c" +#line 6994 "util/configparser.c" break; - case 572: -#line 3049 "./util/configparser.y" - { + case 588: +#line 3140 "./util/configparser.y" + { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6312,48 +7003,48 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6316 "util/configparser.c" +#line 7007 "util/configparser.c" break; - case 573: -#line 3059 "./util/configparser.y" - { + case 589: +#line 3150 "./util/configparser.y" + { OUTYY(("\nP(python:)\n")); } -#line 6324 "util/configparser.c" +#line 7015 "util/configparser.c" break; - case 577: -#line 3068 "./util/configparser.y" - { + case 593: +#line 3159 "./util/configparser.y" + { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6334 "util/configparser.c" +#line 7025 "util/configparser.c" break; - case 578: -#line 3074 "./util/configparser.y" - { + case 594: +#line 3165 "./util/configparser.y" + { OUTYY(("\nP(dynlib:)\n")); } -#line 6342 "util/configparser.c" +#line 7033 "util/configparser.c" break; - case 582: -#line 3083 "./util/configparser.y" - { + case 598: +#line 3174 "./util/configparser.y" + { OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6352 "util/configparser.c" +#line 7043 "util/configparser.c" break; - case 583: -#line 3089 "./util/configparser.y" - { + case 599: +#line 3180 "./util/configparser.y" + { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); @@ -6361,132 +7052,132 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6365 "util/configparser.c" +#line 7056 "util/configparser.c" break; - case 584: -#line 3099 "./util/configparser.y" - { + case 600: +#line 3190 "./util/configparser.y" + { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 6375 "util/configparser.c" +#line 7066 "util/configparser.c" break; - case 585: -#line 3106 "./util/configparser.y" - { + case 601: +#line 3197 "./util/configparser.y" + { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_actions, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 6387 "util/configparser.c" +#line 7078 "util/configparser.c" break; - case 586: -#line 3115 "./util/configparser.y" - { + case 602: +#line 3206 "./util/configparser.y" + { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 6398 "util/configparser.c" +#line 7089 "util/configparser.c" break; - case 587: -#line 3123 "./util/configparser.y" - { + case 603: +#line 3214 "./util/configparser.y" + { OUTYY(("\nP(dnscrypt:)\n")); } -#line 6406 "util/configparser.c" +#line 7097 "util/configparser.c" break; - case 600: -#line 3139 "./util/configparser.y" - { + case 616: +#line 3230 "./util/configparser.y" + { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6418 "util/configparser.c" +#line 7109 "util/configparser.c" break; - case 601: -#line 3149 "./util/configparser.y" - { + case 617: +#line 3240 "./util/configparser.y" + { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("port number expected"); else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6430 "util/configparser.c" +#line 7121 "util/configparser.c" break; - case 602: -#line 3158 "./util/configparser.y" - { + case 618: +#line 3249 "./util/configparser.y" + { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 6440 "util/configparser.c" +#line 7131 "util/configparser.c" break; - case 603: -#line 3165 "./util/configparser.y" - { + case 619: +#line 3256 "./util/configparser.y" + { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) log_warn("dnscrypt-provider-cert %s is a duplicate", (yyvsp[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 6452 "util/configparser.c" +#line 7143 "util/configparser.c" break; - case 604: -#line 3174 "./util/configparser.y" - { + case 620: +#line 3265 "./util/configparser.y" + { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 6462 "util/configparser.c" +#line 7153 "util/configparser.c" break; - case 605: -#line 3181 "./util/configparser.y" - { + case 621: +#line 3272 "./util/configparser.y" + { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) log_warn("dnscrypt-secret-key: %s is a duplicate", (yyvsp[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 6474 "util/configparser.c" +#line 7165 "util/configparser.c" break; - case 606: -#line 3190 "./util/configparser.y" - { + case 622: +#line 3281 "./util/configparser.y" + { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6485 "util/configparser.c" +#line 7176 "util/configparser.c" break; - case 607: -#line 3198 "./util/configparser.y" - { + case 623: +#line 3289 "./util/configparser.y" + { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -6497,23 +7188,23 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6501 "util/configparser.c" +#line 7192 "util/configparser.c" break; - case 608: -#line 3211 "./util/configparser.y" - { + case 624: +#line 3302 "./util/configparser.y" + { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6512 "util/configparser.c" +#line 7203 "util/configparser.c" break; - case 609: -#line 3219 "./util/configparser.y" - { + case 625: +#line 3310 "./util/configparser.y" + { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) yyerror("number expected"); @@ -6524,20 +7215,20 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6528 "util/configparser.c" +#line 7219 "util/configparser.c" break; - case 610: -#line 3232 "./util/configparser.y" - { + case 626: +#line 3323 "./util/configparser.y" + { OUTYY(("\nP(cachedb:)\n")); } -#line 6536 "util/configparser.c" +#line 7227 "util/configparser.c" break; - case 619: -#line 3243 "./util/configparser.y" - { + case 635: +#line 3334 "./util/configparser.y" + { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->cachedb_backend); @@ -6547,12 +7238,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6551 "util/configparser.c" +#line 7242 "util/configparser.c" break; - case 620: -#line 3255 "./util/configparser.y" - { + case 636: +#line 3346 "./util/configparser.y" + { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->cachedb_secret); @@ -6562,12 +7253,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6566 "util/configparser.c" +#line 7257 "util/configparser.c" break; - case 621: -#line 3267 "./util/configparser.y" - { + case 637: +#line 3358 "./util/configparser.y" + { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->redis_server_host); @@ -6577,12 +7268,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6581 "util/configparser.c" +#line 7272 "util/configparser.c" break; - case 622: -#line 3279 "./util/configparser.y" - { + case 638: +#line 3370 "./util/configparser.y" + { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; OUTYY(("P(redis_server_port:%s)\n", (yyvsp[0].str))); @@ -6595,12 +7286,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6599 "util/configparser.c" +#line 7290 "util/configparser.c" break; - case 623: -#line 3294 "./util/configparser.y" - { + case 639: +#line 3385 "./util/configparser.y" + { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6611,12 +7302,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6615 "util/configparser.c" +#line 7306 "util/configparser.c" break; - case 624: -#line 3307 "./util/configparser.y" - { + case 640: +#line 3398 "./util/configparser.y" + { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6627,12 +7318,12 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6631 "util/configparser.c" +#line 7322 "util/configparser.c" break; - case 625: -#line 3320 "./util/configparser.y" - { + case 641: +#line 3411 "./util/configparser.y" + { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) yyerror("positive number expected"); @@ -6641,20 +7332,20 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6645 "util/configparser.c" +#line 7336 "util/configparser.c" break; - case 626: -#line 3331 "./util/configparser.y" - { + case 642: +#line 3422 "./util/configparser.y" + { OUTYY(("\nP(ipset:)\n")); } -#line 6653 "util/configparser.c" +#line 7344 "util/configparser.c" break; - case 631: -#line 3340 "./util/configparser.y" - { + case 647: +#line 3431 "./util/configparser.y" + { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->ipset_name_v4) @@ -6667,12 +7358,12 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6671 "util/configparser.c" +#line 7362 "util/configparser.c" break; - case 632: -#line 3355 "./util/configparser.y" - { + case 648: +#line 3446 "./util/configparser.y" + { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->ipset_name_v6) @@ -6685,11 +7376,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6689 "util/configparser.c" +#line 7380 "util/configparser.c" break; -#line 6693 "util/configparser.c" +#line 7384 "util/configparser.c" default: break; } @@ -6704,11 +7395,10 @@ yyreduce: case of YYERROR or YYBACKUP, subsequent parser actions might lead to an incorrect destructor call or verbose syntax error message before the lookahead is translated. */ - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; - YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; @@ -6732,50 +7422,14 @@ yyreduce: yyerrlab: /* Make sure we have latest lookahead translation. See comments at user semantic actions for why this is necessary. */ - yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); - + yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; -#if ! YYERROR_VERBOSE yyerror (YY_("syntax error")); -#else -# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ - yyssp, yytoken) - { - char const *yymsgp = YY_("syntax error"); - int yysyntax_error_status; - yysyntax_error_status = YYSYNTAX_ERROR; - if (yysyntax_error_status == 0) - yymsgp = yymsg; - else if (yysyntax_error_status == 1) - { - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); - if (!yymsg) - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - yysyntax_error_status = 2; - } - else - { - yysyntax_error_status = YYSYNTAX_ERROR; - yymsgp = yymsg; - } - } - yyerror (yymsgp); - if (yysyntax_error_status == 2) - goto yyexhaustedlab; - } -# undef YYSYNTAX_ERROR -#endif } - - if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an @@ -6824,13 +7478,14 @@ yyerrorlab: yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ + /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; if (!yypact_value_is_default (yyn)) { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + yyn += YYSYMBOL_YYerror; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) { yyn = yytable[yyn]; if (0 < yyn) @@ -6844,7 +7499,7 @@ yyerrlab1: yydestruct ("Error: popping", - yystos[yystate], yyvsp); + YY_ACCESSING_SYMBOL (yystate), yyvsp); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); @@ -6856,7 +7511,7 @@ yyerrlab1: /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; @@ -6878,7 +7533,7 @@ yyabortlab: goto yyreturn; -#if !defined yyoverflow || YYERROR_VERBOSE +#if !defined yyoverflow /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ @@ -6908,20 +7563,18 @@ yyreturn: while (yyssp != yyss) { yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); + YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif -#if YYERROR_VERBOSE - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); -#endif + return yyresult; } -#line 3369 "./util/configparser.y" + +#line 3460 "./util/configparser.y" /* parse helper routines could be here */ diff --git a/util/configparser.h b/util/configparser.h index 323d587dd..fcbb51ec4 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.4.1. */ +/* A Bison parser, made by GNU Bison 3.6.4. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2019 Free Software Foundation, + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify @@ -31,8 +31,9 @@ This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ -/* Undocumented macros, especially those whose name start with YY_, - are private implementation details. Do not rely on them. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ #ifndef YY_YY_UTIL_CONFIGPARSER_H_INCLUDED # define YY_YY_UTIL_CONFIGPARSER_H_INCLUDED @@ -44,314 +45,330 @@ extern int yydebug; #endif -/* Token type. */ +/* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE enum yytokentype { - SPACE = 258, - LETTER = 259, - NEWLINE = 260, - COMMENT = 261, - COLON = 262, - ANY = 263, - ZONESTR = 264, - STRING_ARG = 265, - VAR_FORCE_TOPLEVEL = 266, - VAR_SERVER = 267, - VAR_VERBOSITY = 268, - VAR_NUM_THREADS = 269, - VAR_PORT = 270, - VAR_OUTGOING_RANGE = 271, - VAR_INTERFACE = 272, - VAR_PREFER_IP4 = 273, - VAR_DO_IP4 = 274, - VAR_DO_IP6 = 275, - VAR_PREFER_IP6 = 276, - VAR_DO_UDP = 277, - VAR_DO_TCP = 278, - VAR_TCP_MSS = 279, - VAR_OUTGOING_TCP_MSS = 280, - VAR_TCP_IDLE_TIMEOUT = 281, - VAR_EDNS_TCP_KEEPALIVE = 282, - VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, - VAR_CHROOT = 284, - VAR_USERNAME = 285, - VAR_DIRECTORY = 286, - VAR_LOGFILE = 287, - VAR_PIDFILE = 288, - VAR_MSG_CACHE_SIZE = 289, - VAR_MSG_CACHE_SLABS = 290, - VAR_NUM_QUERIES_PER_THREAD = 291, - VAR_RRSET_CACHE_SIZE = 292, - VAR_RRSET_CACHE_SLABS = 293, - VAR_OUTGOING_NUM_TCP = 294, - VAR_INFRA_HOST_TTL = 295, - VAR_INFRA_LAME_TTL = 296, - VAR_INFRA_CACHE_SLABS = 297, - VAR_INFRA_CACHE_NUMHOSTS = 298, - VAR_INFRA_CACHE_LAME_SIZE = 299, - VAR_NAME = 300, - VAR_STUB_ZONE = 301, - VAR_STUB_HOST = 302, - VAR_STUB_ADDR = 303, - VAR_TARGET_FETCH_POLICY = 304, - VAR_HARDEN_SHORT_BUFSIZE = 305, - VAR_HARDEN_LARGE_QUERIES = 306, - VAR_FORWARD_ZONE = 307, - VAR_FORWARD_HOST = 308, - VAR_FORWARD_ADDR = 309, - VAR_DO_NOT_QUERY_ADDRESS = 310, - VAR_HIDE_IDENTITY = 311, - VAR_HIDE_VERSION = 312, - VAR_IDENTITY = 313, - VAR_VERSION = 314, - VAR_HARDEN_GLUE = 315, - VAR_MODULE_CONF = 316, - VAR_TRUST_ANCHOR_FILE = 317, - VAR_TRUST_ANCHOR = 318, - VAR_VAL_OVERRIDE_DATE = 319, - VAR_BOGUS_TTL = 320, - VAR_VAL_CLEAN_ADDITIONAL = 321, - VAR_VAL_PERMISSIVE_MODE = 322, - VAR_INCOMING_NUM_TCP = 323, - VAR_MSG_BUFFER_SIZE = 324, - VAR_KEY_CACHE_SIZE = 325, - VAR_KEY_CACHE_SLABS = 326, - VAR_TRUSTED_KEYS_FILE = 327, - VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, - VAR_USE_SYSLOG = 329, - VAR_OUTGOING_INTERFACE = 330, - VAR_ROOT_HINTS = 331, - VAR_DO_NOT_QUERY_LOCALHOST = 332, - VAR_CACHE_MAX_TTL = 333, - VAR_HARDEN_DNSSEC_STRIPPED = 334, - VAR_ACCESS_CONTROL = 335, - VAR_LOCAL_ZONE = 336, - VAR_LOCAL_DATA = 337, - VAR_INTERFACE_AUTOMATIC = 338, - VAR_STATISTICS_INTERVAL = 339, - VAR_DO_DAEMONIZE = 340, - VAR_USE_CAPS_FOR_ID = 341, - VAR_STATISTICS_CUMULATIVE = 342, - VAR_OUTGOING_PORT_PERMIT = 343, - VAR_OUTGOING_PORT_AVOID = 344, - VAR_DLV_ANCHOR_FILE = 345, - VAR_DLV_ANCHOR = 346, - VAR_NEG_CACHE_SIZE = 347, - VAR_HARDEN_REFERRAL_PATH = 348, - VAR_PRIVATE_ADDRESS = 349, - VAR_PRIVATE_DOMAIN = 350, - VAR_REMOTE_CONTROL = 351, - VAR_CONTROL_ENABLE = 352, - VAR_CONTROL_INTERFACE = 353, - VAR_CONTROL_PORT = 354, - VAR_SERVER_KEY_FILE = 355, - VAR_SERVER_CERT_FILE = 356, - VAR_CONTROL_KEY_FILE = 357, - VAR_CONTROL_CERT_FILE = 358, - VAR_CONTROL_USE_CERT = 359, - VAR_EXTENDED_STATISTICS = 360, - VAR_LOCAL_DATA_PTR = 361, - VAR_JOSTLE_TIMEOUT = 362, - VAR_STUB_PRIME = 363, - VAR_UNWANTED_REPLY_THRESHOLD = 364, - VAR_LOG_TIME_ASCII = 365, - VAR_DOMAIN_INSECURE = 366, - VAR_PYTHON = 367, - VAR_PYTHON_SCRIPT = 368, - VAR_VAL_SIG_SKEW_MIN = 369, - VAR_VAL_SIG_SKEW_MAX = 370, - VAR_CACHE_MIN_TTL = 371, - VAR_VAL_LOG_LEVEL = 372, - VAR_AUTO_TRUST_ANCHOR_FILE = 373, - VAR_KEEP_MISSING = 374, - VAR_ADD_HOLDDOWN = 375, - VAR_DEL_HOLDDOWN = 376, - VAR_SO_RCVBUF = 377, - VAR_EDNS_BUFFER_SIZE = 378, - VAR_PREFETCH = 379, - VAR_PREFETCH_KEY = 380, - VAR_SO_SNDBUF = 381, - VAR_SO_REUSEPORT = 382, - VAR_HARDEN_BELOW_NXDOMAIN = 383, - VAR_IGNORE_CD_FLAG = 384, - VAR_LOG_QUERIES = 385, - VAR_LOG_REPLIES = 386, - VAR_LOG_LOCAL_ACTIONS = 387, - VAR_TCP_UPSTREAM = 388, - VAR_SSL_UPSTREAM = 389, - VAR_SSL_SERVICE_KEY = 390, - VAR_SSL_SERVICE_PEM = 391, - VAR_SSL_PORT = 392, - VAR_FORWARD_FIRST = 393, - VAR_STUB_SSL_UPSTREAM = 394, - VAR_FORWARD_SSL_UPSTREAM = 395, - VAR_TLS_CERT_BUNDLE = 396, - VAR_HTTPS_PORT = 397, - VAR_HTTP_ENDPOINT = 398, - VAR_HTTP_MAX_STREAMS = 399, - VAR_HTTP_QUERY_BUFFER_SIZE = 400, - VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, - VAR_HTTP_NODELAY = 402, - VAR_HTTP_NOTLS_DOWNSTREAM = 403, - VAR_STUB_FIRST = 404, - VAR_MINIMAL_RESPONSES = 405, - VAR_RRSET_ROUNDROBIN = 406, - VAR_MAX_UDP_SIZE = 407, - VAR_DELAY_CLOSE = 408, - VAR_UDP_CONNECT = 409, - VAR_UNBLOCK_LAN_ZONES = 410, - VAR_INSECURE_LAN_ZONES = 411, - VAR_INFRA_CACHE_MIN_RTT = 412, - VAR_INFRA_KEEP_PROBING = 413, - VAR_DNS64_PREFIX = 414, - VAR_DNS64_SYNTHALL = 415, - VAR_DNS64_IGNORE_AAAA = 416, - VAR_DNSTAP = 417, - VAR_DNSTAP_ENABLE = 418, - VAR_DNSTAP_SOCKET_PATH = 419, - VAR_DNSTAP_IP = 420, - VAR_DNSTAP_TLS = 421, - VAR_DNSTAP_TLS_SERVER_NAME = 422, - VAR_DNSTAP_TLS_CERT_BUNDLE = 423, - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, - VAR_DNSTAP_SEND_IDENTITY = 426, - VAR_DNSTAP_SEND_VERSION = 427, - VAR_DNSTAP_BIDIRECTIONAL = 428, - VAR_DNSTAP_IDENTITY = 429, - VAR_DNSTAP_VERSION = 430, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, - VAR_RESPONSE_IP_TAG = 437, - VAR_RESPONSE_IP = 438, - VAR_RESPONSE_IP_DATA = 439, - VAR_HARDEN_ALGO_DOWNGRADE = 440, - VAR_IP_TRANSPARENT = 441, - VAR_IP_DSCP = 442, - VAR_DISABLE_DNSSEC_LAME_CHECK = 443, - VAR_IP_RATELIMIT = 444, - VAR_IP_RATELIMIT_SLABS = 445, - VAR_IP_RATELIMIT_SIZE = 446, - VAR_RATELIMIT = 447, - VAR_RATELIMIT_SLABS = 448, - VAR_RATELIMIT_SIZE = 449, - VAR_RATELIMIT_FOR_DOMAIN = 450, - VAR_RATELIMIT_BELOW_DOMAIN = 451, - VAR_IP_RATELIMIT_FACTOR = 452, - VAR_RATELIMIT_FACTOR = 453, - VAR_SEND_CLIENT_SUBNET = 454, - VAR_CLIENT_SUBNET_ZONE = 455, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, - VAR_CLIENT_SUBNET_OPCODE = 457, - VAR_MAX_CLIENT_SUBNET_IPV4 = 458, - VAR_MAX_CLIENT_SUBNET_IPV6 = 459, - VAR_MIN_CLIENT_SUBNET_IPV4 = 460, - VAR_MIN_CLIENT_SUBNET_IPV6 = 461, - VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, - VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, - VAR_CAPS_WHITELIST = 464, - VAR_CACHE_MAX_NEGATIVE_TTL = 465, - VAR_PERMIT_SMALL_HOLDDOWN = 466, - VAR_QNAME_MINIMISATION = 467, - VAR_QNAME_MINIMISATION_STRICT = 468, - VAR_IP_FREEBIND = 469, - VAR_DEFINE_TAG = 470, - VAR_LOCAL_ZONE_TAG = 471, - VAR_ACCESS_CONTROL_TAG = 472, - VAR_LOCAL_ZONE_OVERRIDE = 473, - VAR_ACCESS_CONTROL_TAG_ACTION = 474, - VAR_ACCESS_CONTROL_TAG_DATA = 475, - VAR_VIEW = 476, - VAR_ACCESS_CONTROL_VIEW = 477, - VAR_VIEW_FIRST = 478, - VAR_SERVE_EXPIRED = 479, - VAR_SERVE_EXPIRED_TTL = 480, - VAR_SERVE_EXPIRED_TTL_RESET = 481, - VAR_SERVE_EXPIRED_REPLY_TTL = 482, - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, - VAR_FAKE_DSA = 484, - VAR_FAKE_SHA1 = 485, - VAR_LOG_IDENTITY = 486, - VAR_HIDE_TRUSTANCHOR = 487, - VAR_TRUST_ANCHOR_SIGNALING = 488, - VAR_AGGRESSIVE_NSEC = 489, - VAR_USE_SYSTEMD = 490, - VAR_SHM_ENABLE = 491, - VAR_SHM_KEY = 492, - VAR_ROOT_KEY_SENTINEL = 493, - VAR_DNSCRYPT = 494, - VAR_DNSCRYPT_ENABLE = 495, - VAR_DNSCRYPT_PORT = 496, - VAR_DNSCRYPT_PROVIDER = 497, - VAR_DNSCRYPT_SECRET_KEY = 498, - VAR_DNSCRYPT_PROVIDER_CERT = 499, - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 500, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 501, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 502, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 503, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 504, - VAR_IPSECMOD_ENABLED = 505, - VAR_IPSECMOD_HOOK = 506, - VAR_IPSECMOD_IGNORE_BOGUS = 507, - VAR_IPSECMOD_MAX_TTL = 508, - VAR_IPSECMOD_WHITELIST = 509, - VAR_IPSECMOD_STRICT = 510, - VAR_CACHEDB = 511, - VAR_CACHEDB_BACKEND = 512, - VAR_CACHEDB_SECRETSEED = 513, - VAR_CACHEDB_REDISHOST = 514, - VAR_CACHEDB_REDISPORT = 515, - VAR_CACHEDB_REDISTIMEOUT = 516, - VAR_CACHEDB_REDISEXPIRERECORDS = 517, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 518, - VAR_FOR_UPSTREAM = 519, - VAR_AUTH_ZONE = 520, - VAR_ZONEFILE = 521, - VAR_MASTER = 522, - VAR_URL = 523, - VAR_FOR_DOWNSTREAM = 524, - VAR_FALLBACK_ENABLED = 525, - VAR_TLS_ADDITIONAL_PORT = 526, - VAR_LOW_RTT = 527, - VAR_LOW_RTT_PERMIL = 528, - VAR_FAST_SERVER_PERMIL = 529, - VAR_FAST_SERVER_NUM = 530, - VAR_ALLOW_NOTIFY = 531, - VAR_TLS_WIN_CERT = 532, - VAR_TCP_CONNECTION_LIMIT = 533, - VAR_FORWARD_NO_CACHE = 534, - VAR_STUB_NO_CACHE = 535, - VAR_LOG_SERVFAIL = 536, - VAR_DENY_ANY = 537, - VAR_UNKNOWN_SERVER_TIME_LIMIT = 538, - VAR_LOG_TAG_QUERYREPLY = 539, - VAR_STREAM_WAIT_SIZE = 540, - VAR_TLS_CIPHERS = 541, - VAR_TLS_CIPHERSUITES = 542, - VAR_TLS_USE_SNI = 543, - VAR_IPSET = 544, - VAR_IPSET_NAME_V4 = 545, - VAR_IPSET_NAME_V6 = 546, - VAR_TLS_SESSION_TICKET_KEYS = 547, - VAR_RPZ = 548, - VAR_TAGS = 549, - VAR_RPZ_ACTION_OVERRIDE = 550, - VAR_RPZ_CNAME_OVERRIDE = 551, - VAR_RPZ_LOG = 552, - VAR_RPZ_LOG_NAME = 553, - VAR_DYNLIB = 554, - VAR_DYNLIB_FILE = 555, - VAR_EDNS_CLIENT_STRING = 556, - VAR_EDNS_CLIENT_STRING_OPCODE = 557 + YYEMPTY = -2, + YYEOF = 0, /* "end of file" */ + YYerror = 256, /* error */ + YYUNDEF = 257, /* "invalid token" */ + SPACE = 258, /* SPACE */ + LETTER = 259, /* LETTER */ + NEWLINE = 260, /* NEWLINE */ + COMMENT = 261, /* COMMENT */ + COLON = 262, /* COLON */ + ANY = 263, /* ANY */ + ZONESTR = 264, /* ZONESTR */ + STRING_ARG = 265, /* STRING_ARG */ + VAR_FORCE_TOPLEVEL = 266, /* VAR_FORCE_TOPLEVEL */ + VAR_SERVER = 267, /* VAR_SERVER */ + VAR_VERBOSITY = 268, /* VAR_VERBOSITY */ + VAR_NUM_THREADS = 269, /* VAR_NUM_THREADS */ + VAR_PORT = 270, /* VAR_PORT */ + VAR_OUTGOING_RANGE = 271, /* VAR_OUTGOING_RANGE */ + VAR_INTERFACE = 272, /* VAR_INTERFACE */ + VAR_PREFER_IP4 = 273, /* VAR_PREFER_IP4 */ + VAR_DO_IP4 = 274, /* VAR_DO_IP4 */ + VAR_DO_IP6 = 275, /* VAR_DO_IP6 */ + VAR_PREFER_IP6 = 276, /* VAR_PREFER_IP6 */ + VAR_DO_UDP = 277, /* VAR_DO_UDP */ + VAR_DO_TCP = 278, /* VAR_DO_TCP */ + VAR_TCP_MSS = 279, /* VAR_TCP_MSS */ + VAR_OUTGOING_TCP_MSS = 280, /* VAR_OUTGOING_TCP_MSS */ + VAR_TCP_IDLE_TIMEOUT = 281, /* VAR_TCP_IDLE_TIMEOUT */ + VAR_EDNS_TCP_KEEPALIVE = 282, /* VAR_EDNS_TCP_KEEPALIVE */ + VAR_EDNS_TCP_KEEPALIVE_TIMEOUT = 283, /* VAR_EDNS_TCP_KEEPALIVE_TIMEOUT */ + VAR_CHROOT = 284, /* VAR_CHROOT */ + VAR_USERNAME = 285, /* VAR_USERNAME */ + VAR_DIRECTORY = 286, /* VAR_DIRECTORY */ + VAR_LOGFILE = 287, /* VAR_LOGFILE */ + VAR_PIDFILE = 288, /* VAR_PIDFILE */ + VAR_MSG_CACHE_SIZE = 289, /* VAR_MSG_CACHE_SIZE */ + VAR_MSG_CACHE_SLABS = 290, /* VAR_MSG_CACHE_SLABS */ + VAR_NUM_QUERIES_PER_THREAD = 291, /* VAR_NUM_QUERIES_PER_THREAD */ + VAR_RRSET_CACHE_SIZE = 292, /* VAR_RRSET_CACHE_SIZE */ + VAR_RRSET_CACHE_SLABS = 293, /* VAR_RRSET_CACHE_SLABS */ + VAR_OUTGOING_NUM_TCP = 294, /* VAR_OUTGOING_NUM_TCP */ + VAR_INFRA_HOST_TTL = 295, /* VAR_INFRA_HOST_TTL */ + VAR_INFRA_LAME_TTL = 296, /* VAR_INFRA_LAME_TTL */ + VAR_INFRA_CACHE_SLABS = 297, /* VAR_INFRA_CACHE_SLABS */ + VAR_INFRA_CACHE_NUMHOSTS = 298, /* VAR_INFRA_CACHE_NUMHOSTS */ + VAR_INFRA_CACHE_LAME_SIZE = 299, /* VAR_INFRA_CACHE_LAME_SIZE */ + VAR_NAME = 300, /* VAR_NAME */ + VAR_STUB_ZONE = 301, /* VAR_STUB_ZONE */ + VAR_STUB_HOST = 302, /* VAR_STUB_HOST */ + VAR_STUB_ADDR = 303, /* VAR_STUB_ADDR */ + VAR_TARGET_FETCH_POLICY = 304, /* VAR_TARGET_FETCH_POLICY */ + VAR_HARDEN_SHORT_BUFSIZE = 305, /* VAR_HARDEN_SHORT_BUFSIZE */ + VAR_HARDEN_LARGE_QUERIES = 306, /* VAR_HARDEN_LARGE_QUERIES */ + VAR_FORWARD_ZONE = 307, /* VAR_FORWARD_ZONE */ + VAR_FORWARD_HOST = 308, /* VAR_FORWARD_HOST */ + VAR_FORWARD_ADDR = 309, /* VAR_FORWARD_ADDR */ + VAR_DO_NOT_QUERY_ADDRESS = 310, /* VAR_DO_NOT_QUERY_ADDRESS */ + VAR_HIDE_IDENTITY = 311, /* VAR_HIDE_IDENTITY */ + VAR_HIDE_VERSION = 312, /* VAR_HIDE_VERSION */ + VAR_IDENTITY = 313, /* VAR_IDENTITY */ + VAR_VERSION = 314, /* VAR_VERSION */ + VAR_HARDEN_GLUE = 315, /* VAR_HARDEN_GLUE */ + VAR_MODULE_CONF = 316, /* VAR_MODULE_CONF */ + VAR_TRUST_ANCHOR_FILE = 317, /* VAR_TRUST_ANCHOR_FILE */ + VAR_TRUST_ANCHOR = 318, /* VAR_TRUST_ANCHOR */ + VAR_VAL_OVERRIDE_DATE = 319, /* VAR_VAL_OVERRIDE_DATE */ + VAR_BOGUS_TTL = 320, /* VAR_BOGUS_TTL */ + VAR_VAL_CLEAN_ADDITIONAL = 321, /* VAR_VAL_CLEAN_ADDITIONAL */ + VAR_VAL_PERMISSIVE_MODE = 322, /* VAR_VAL_PERMISSIVE_MODE */ + VAR_INCOMING_NUM_TCP = 323, /* VAR_INCOMING_NUM_TCP */ + VAR_MSG_BUFFER_SIZE = 324, /* VAR_MSG_BUFFER_SIZE */ + VAR_KEY_CACHE_SIZE = 325, /* VAR_KEY_CACHE_SIZE */ + VAR_KEY_CACHE_SLABS = 326, /* VAR_KEY_CACHE_SLABS */ + VAR_TRUSTED_KEYS_FILE = 327, /* VAR_TRUSTED_KEYS_FILE */ + VAR_VAL_NSEC3_KEYSIZE_ITERATIONS = 328, /* VAR_VAL_NSEC3_KEYSIZE_ITERATIONS */ + VAR_USE_SYSLOG = 329, /* VAR_USE_SYSLOG */ + VAR_OUTGOING_INTERFACE = 330, /* VAR_OUTGOING_INTERFACE */ + VAR_ROOT_HINTS = 331, /* VAR_ROOT_HINTS */ + VAR_DO_NOT_QUERY_LOCALHOST = 332, /* VAR_DO_NOT_QUERY_LOCALHOST */ + VAR_CACHE_MAX_TTL = 333, /* VAR_CACHE_MAX_TTL */ + VAR_HARDEN_DNSSEC_STRIPPED = 334, /* VAR_HARDEN_DNSSEC_STRIPPED */ + VAR_ACCESS_CONTROL = 335, /* VAR_ACCESS_CONTROL */ + VAR_LOCAL_ZONE = 336, /* VAR_LOCAL_ZONE */ + VAR_LOCAL_DATA = 337, /* VAR_LOCAL_DATA */ + VAR_INTERFACE_AUTOMATIC = 338, /* VAR_INTERFACE_AUTOMATIC */ + VAR_STATISTICS_INTERVAL = 339, /* VAR_STATISTICS_INTERVAL */ + VAR_DO_DAEMONIZE = 340, /* VAR_DO_DAEMONIZE */ + VAR_USE_CAPS_FOR_ID = 341, /* VAR_USE_CAPS_FOR_ID */ + VAR_STATISTICS_CUMULATIVE = 342, /* VAR_STATISTICS_CUMULATIVE */ + VAR_OUTGOING_PORT_PERMIT = 343, /* VAR_OUTGOING_PORT_PERMIT */ + VAR_OUTGOING_PORT_AVOID = 344, /* VAR_OUTGOING_PORT_AVOID */ + VAR_DLV_ANCHOR_FILE = 345, /* VAR_DLV_ANCHOR_FILE */ + VAR_DLV_ANCHOR = 346, /* VAR_DLV_ANCHOR */ + VAR_NEG_CACHE_SIZE = 347, /* VAR_NEG_CACHE_SIZE */ + VAR_HARDEN_REFERRAL_PATH = 348, /* VAR_HARDEN_REFERRAL_PATH */ + VAR_PRIVATE_ADDRESS = 349, /* VAR_PRIVATE_ADDRESS */ + VAR_PRIVATE_DOMAIN = 350, /* VAR_PRIVATE_DOMAIN */ + VAR_REMOTE_CONTROL = 351, /* VAR_REMOTE_CONTROL */ + VAR_CONTROL_ENABLE = 352, /* VAR_CONTROL_ENABLE */ + VAR_CONTROL_INTERFACE = 353, /* VAR_CONTROL_INTERFACE */ + VAR_CONTROL_PORT = 354, /* VAR_CONTROL_PORT */ + VAR_SERVER_KEY_FILE = 355, /* VAR_SERVER_KEY_FILE */ + VAR_SERVER_CERT_FILE = 356, /* VAR_SERVER_CERT_FILE */ + VAR_CONTROL_KEY_FILE = 357, /* VAR_CONTROL_KEY_FILE */ + VAR_CONTROL_CERT_FILE = 358, /* VAR_CONTROL_CERT_FILE */ + VAR_CONTROL_USE_CERT = 359, /* VAR_CONTROL_USE_CERT */ + VAR_EXTENDED_STATISTICS = 360, /* VAR_EXTENDED_STATISTICS */ + VAR_LOCAL_DATA_PTR = 361, /* VAR_LOCAL_DATA_PTR */ + VAR_JOSTLE_TIMEOUT = 362, /* VAR_JOSTLE_TIMEOUT */ + VAR_STUB_PRIME = 363, /* VAR_STUB_PRIME */ + VAR_UNWANTED_REPLY_THRESHOLD = 364, /* VAR_UNWANTED_REPLY_THRESHOLD */ + VAR_LOG_TIME_ASCII = 365, /* VAR_LOG_TIME_ASCII */ + VAR_DOMAIN_INSECURE = 366, /* VAR_DOMAIN_INSECURE */ + VAR_PYTHON = 367, /* VAR_PYTHON */ + VAR_PYTHON_SCRIPT = 368, /* VAR_PYTHON_SCRIPT */ + VAR_VAL_SIG_SKEW_MIN = 369, /* VAR_VAL_SIG_SKEW_MIN */ + VAR_VAL_SIG_SKEW_MAX = 370, /* VAR_VAL_SIG_SKEW_MAX */ + VAR_CACHE_MIN_TTL = 371, /* VAR_CACHE_MIN_TTL */ + VAR_VAL_LOG_LEVEL = 372, /* VAR_VAL_LOG_LEVEL */ + VAR_AUTO_TRUST_ANCHOR_FILE = 373, /* VAR_AUTO_TRUST_ANCHOR_FILE */ + VAR_KEEP_MISSING = 374, /* VAR_KEEP_MISSING */ + VAR_ADD_HOLDDOWN = 375, /* VAR_ADD_HOLDDOWN */ + VAR_DEL_HOLDDOWN = 376, /* VAR_DEL_HOLDDOWN */ + VAR_SO_RCVBUF = 377, /* VAR_SO_RCVBUF */ + VAR_EDNS_BUFFER_SIZE = 378, /* VAR_EDNS_BUFFER_SIZE */ + VAR_PREFETCH = 379, /* VAR_PREFETCH */ + VAR_PREFETCH_KEY = 380, /* VAR_PREFETCH_KEY */ + VAR_SO_SNDBUF = 381, /* VAR_SO_SNDBUF */ + VAR_SO_REUSEPORT = 382, /* VAR_SO_REUSEPORT */ + VAR_HARDEN_BELOW_NXDOMAIN = 383, /* VAR_HARDEN_BELOW_NXDOMAIN */ + VAR_IGNORE_CD_FLAG = 384, /* VAR_IGNORE_CD_FLAG */ + VAR_LOG_QUERIES = 385, /* VAR_LOG_QUERIES */ + VAR_LOG_REPLIES = 386, /* VAR_LOG_REPLIES */ + VAR_LOG_LOCAL_ACTIONS = 387, /* VAR_LOG_LOCAL_ACTIONS */ + VAR_TCP_UPSTREAM = 388, /* VAR_TCP_UPSTREAM */ + VAR_SSL_UPSTREAM = 389, /* VAR_SSL_UPSTREAM */ + VAR_SSL_SERVICE_KEY = 390, /* VAR_SSL_SERVICE_KEY */ + VAR_SSL_SERVICE_PEM = 391, /* VAR_SSL_SERVICE_PEM */ + VAR_SSL_PORT = 392, /* VAR_SSL_PORT */ + VAR_FORWARD_FIRST = 393, /* VAR_FORWARD_FIRST */ + VAR_STUB_SSL_UPSTREAM = 394, /* VAR_STUB_SSL_UPSTREAM */ + VAR_FORWARD_SSL_UPSTREAM = 395, /* VAR_FORWARD_SSL_UPSTREAM */ + VAR_TLS_CERT_BUNDLE = 396, /* VAR_TLS_CERT_BUNDLE */ + VAR_HTTPS_PORT = 397, /* VAR_HTTPS_PORT */ + VAR_HTTP_ENDPOINT = 398, /* VAR_HTTP_ENDPOINT */ + VAR_HTTP_MAX_STREAMS = 399, /* VAR_HTTP_MAX_STREAMS */ + VAR_HTTP_QUERY_BUFFER_SIZE = 400, /* VAR_HTTP_QUERY_BUFFER_SIZE */ + VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, /* VAR_HTTP_RESPONSE_BUFFER_SIZE */ + VAR_HTTP_NODELAY = 402, /* VAR_HTTP_NODELAY */ + VAR_HTTP_NOTLS_DOWNSTREAM = 403, /* VAR_HTTP_NOTLS_DOWNSTREAM */ + VAR_STUB_FIRST = 404, /* VAR_STUB_FIRST */ + VAR_MINIMAL_RESPONSES = 405, /* VAR_MINIMAL_RESPONSES */ + VAR_RRSET_ROUNDROBIN = 406, /* VAR_RRSET_ROUNDROBIN */ + VAR_MAX_UDP_SIZE = 407, /* VAR_MAX_UDP_SIZE */ + VAR_DELAY_CLOSE = 408, /* VAR_DELAY_CLOSE */ + VAR_UDP_CONNECT = 409, /* VAR_UDP_CONNECT */ + VAR_UNBLOCK_LAN_ZONES = 410, /* VAR_UNBLOCK_LAN_ZONES */ + VAR_INSECURE_LAN_ZONES = 411, /* VAR_INSECURE_LAN_ZONES */ + VAR_INFRA_CACHE_MIN_RTT = 412, /* VAR_INFRA_CACHE_MIN_RTT */ + VAR_INFRA_KEEP_PROBING = 413, /* VAR_INFRA_KEEP_PROBING */ + VAR_DNS64_PREFIX = 414, /* VAR_DNS64_PREFIX */ + VAR_DNS64_SYNTHALL = 415, /* VAR_DNS64_SYNTHALL */ + VAR_DNS64_IGNORE_AAAA = 416, /* VAR_DNS64_IGNORE_AAAA */ + VAR_DNSTAP = 417, /* VAR_DNSTAP */ + VAR_DNSTAP_ENABLE = 418, /* VAR_DNSTAP_ENABLE */ + VAR_DNSTAP_SOCKET_PATH = 419, /* VAR_DNSTAP_SOCKET_PATH */ + VAR_DNSTAP_IP = 420, /* VAR_DNSTAP_IP */ + VAR_DNSTAP_TLS = 421, /* VAR_DNSTAP_TLS */ + VAR_DNSTAP_TLS_SERVER_NAME = 422, /* VAR_DNSTAP_TLS_SERVER_NAME */ + VAR_DNSTAP_TLS_CERT_BUNDLE = 423, /* VAR_DNSTAP_TLS_CERT_BUNDLE */ + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, /* VAR_DNSTAP_TLS_CLIENT_KEY_FILE */ + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, /* VAR_DNSTAP_TLS_CLIENT_CERT_FILE */ + VAR_DNSTAP_SEND_IDENTITY = 426, /* VAR_DNSTAP_SEND_IDENTITY */ + VAR_DNSTAP_SEND_VERSION = 427, /* VAR_DNSTAP_SEND_VERSION */ + VAR_DNSTAP_BIDIRECTIONAL = 428, /* VAR_DNSTAP_BIDIRECTIONAL */ + VAR_DNSTAP_IDENTITY = 429, /* VAR_DNSTAP_IDENTITY */ + VAR_DNSTAP_VERSION = 430, /* VAR_DNSTAP_VERSION */ + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, /* VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, /* VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, /* VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, /* VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, /* VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES */ + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, /* VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES */ + VAR_RESPONSE_IP_TAG = 437, /* VAR_RESPONSE_IP_TAG */ + VAR_RESPONSE_IP = 438, /* VAR_RESPONSE_IP */ + VAR_RESPONSE_IP_DATA = 439, /* VAR_RESPONSE_IP_DATA */ + VAR_HARDEN_ALGO_DOWNGRADE = 440, /* VAR_HARDEN_ALGO_DOWNGRADE */ + VAR_IP_TRANSPARENT = 441, /* VAR_IP_TRANSPARENT */ + VAR_IP_DSCP = 442, /* VAR_IP_DSCP */ + VAR_DISABLE_DNSSEC_LAME_CHECK = 443, /* VAR_DISABLE_DNSSEC_LAME_CHECK */ + VAR_IP_RATELIMIT = 444, /* VAR_IP_RATELIMIT */ + VAR_IP_RATELIMIT_SLABS = 445, /* VAR_IP_RATELIMIT_SLABS */ + VAR_IP_RATELIMIT_SIZE = 446, /* VAR_IP_RATELIMIT_SIZE */ + VAR_RATELIMIT = 447, /* VAR_RATELIMIT */ + VAR_RATELIMIT_SLABS = 448, /* VAR_RATELIMIT_SLABS */ + VAR_RATELIMIT_SIZE = 449, /* VAR_RATELIMIT_SIZE */ + VAR_RATELIMIT_FOR_DOMAIN = 450, /* VAR_RATELIMIT_FOR_DOMAIN */ + VAR_RATELIMIT_BELOW_DOMAIN = 451, /* VAR_RATELIMIT_BELOW_DOMAIN */ + VAR_IP_RATELIMIT_FACTOR = 452, /* VAR_IP_RATELIMIT_FACTOR */ + VAR_RATELIMIT_FACTOR = 453, /* VAR_RATELIMIT_FACTOR */ + VAR_SEND_CLIENT_SUBNET = 454, /* VAR_SEND_CLIENT_SUBNET */ + VAR_CLIENT_SUBNET_ZONE = 455, /* VAR_CLIENT_SUBNET_ZONE */ + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, /* VAR_CLIENT_SUBNET_ALWAYS_FORWARD */ + VAR_CLIENT_SUBNET_OPCODE = 457, /* VAR_CLIENT_SUBNET_OPCODE */ + VAR_MAX_CLIENT_SUBNET_IPV4 = 458, /* VAR_MAX_CLIENT_SUBNET_IPV4 */ + VAR_MAX_CLIENT_SUBNET_IPV6 = 459, /* VAR_MAX_CLIENT_SUBNET_IPV6 */ + VAR_MIN_CLIENT_SUBNET_IPV4 = 460, /* VAR_MIN_CLIENT_SUBNET_IPV4 */ + VAR_MIN_CLIENT_SUBNET_IPV6 = 461, /* VAR_MIN_CLIENT_SUBNET_IPV6 */ + VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, /* VAR_MAX_ECS_TREE_SIZE_IPV4 */ + VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, /* VAR_MAX_ECS_TREE_SIZE_IPV6 */ + VAR_CAPS_WHITELIST = 464, /* VAR_CAPS_WHITELIST */ + VAR_CACHE_MAX_NEGATIVE_TTL = 465, /* VAR_CACHE_MAX_NEGATIVE_TTL */ + VAR_PERMIT_SMALL_HOLDDOWN = 466, /* VAR_PERMIT_SMALL_HOLDDOWN */ + VAR_QNAME_MINIMISATION = 467, /* VAR_QNAME_MINIMISATION */ + VAR_QNAME_MINIMISATION_STRICT = 468, /* VAR_QNAME_MINIMISATION_STRICT */ + VAR_IP_FREEBIND = 469, /* VAR_IP_FREEBIND */ + VAR_DEFINE_TAG = 470, /* VAR_DEFINE_TAG */ + VAR_LOCAL_ZONE_TAG = 471, /* VAR_LOCAL_ZONE_TAG */ + VAR_ACCESS_CONTROL_TAG = 472, /* VAR_ACCESS_CONTROL_TAG */ + VAR_LOCAL_ZONE_OVERRIDE = 473, /* VAR_LOCAL_ZONE_OVERRIDE */ + VAR_ACCESS_CONTROL_TAG_ACTION = 474, /* VAR_ACCESS_CONTROL_TAG_ACTION */ + VAR_ACCESS_CONTROL_TAG_DATA = 475, /* VAR_ACCESS_CONTROL_TAG_DATA */ + VAR_VIEW = 476, /* VAR_VIEW */ + VAR_ACCESS_CONTROL_VIEW = 477, /* VAR_ACCESS_CONTROL_VIEW */ + VAR_VIEW_FIRST = 478, /* VAR_VIEW_FIRST */ + VAR_SERVE_EXPIRED = 479, /* VAR_SERVE_EXPIRED */ + VAR_SERVE_EXPIRED_TTL = 480, /* VAR_SERVE_EXPIRED_TTL */ + VAR_SERVE_EXPIRED_TTL_RESET = 481, /* VAR_SERVE_EXPIRED_TTL_RESET */ + VAR_SERVE_EXPIRED_REPLY_TTL = 482, /* VAR_SERVE_EXPIRED_REPLY_TTL */ + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, /* VAR_SERVE_EXPIRED_CLIENT_TIMEOUT */ + VAR_SERVE_ORIGINAL_TTL = 484, /* VAR_SERVE_ORIGINAL_TTL */ + VAR_FAKE_DSA = 485, /* VAR_FAKE_DSA */ + VAR_FAKE_SHA1 = 486, /* VAR_FAKE_SHA1 */ + VAR_LOG_IDENTITY = 487, /* VAR_LOG_IDENTITY */ + VAR_HIDE_TRUSTANCHOR = 488, /* VAR_HIDE_TRUSTANCHOR */ + VAR_TRUST_ANCHOR_SIGNALING = 489, /* VAR_TRUST_ANCHOR_SIGNALING */ + VAR_AGGRESSIVE_NSEC = 490, /* VAR_AGGRESSIVE_NSEC */ + VAR_USE_SYSTEMD = 491, /* VAR_USE_SYSTEMD */ + VAR_SHM_ENABLE = 492, /* VAR_SHM_ENABLE */ + VAR_SHM_KEY = 493, /* VAR_SHM_KEY */ + VAR_ROOT_KEY_SENTINEL = 494, /* VAR_ROOT_KEY_SENTINEL */ + VAR_DNSCRYPT = 495, /* VAR_DNSCRYPT */ + VAR_DNSCRYPT_ENABLE = 496, /* VAR_DNSCRYPT_ENABLE */ + VAR_DNSCRYPT_PORT = 497, /* VAR_DNSCRYPT_PORT */ + VAR_DNSCRYPT_PROVIDER = 498, /* VAR_DNSCRYPT_PROVIDER */ + VAR_DNSCRYPT_SECRET_KEY = 499, /* VAR_DNSCRYPT_SECRET_KEY */ + VAR_DNSCRYPT_PROVIDER_CERT = 500, /* VAR_DNSCRYPT_PROVIDER_CERT */ + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, /* VAR_DNSCRYPT_PROVIDER_CERT_ROTATED */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE */ + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, /* VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS */ + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, /* VAR_DNSCRYPT_NONCE_CACHE_SIZE */ + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, /* VAR_DNSCRYPT_NONCE_CACHE_SLABS */ + VAR_PAD_RESPONSES = 506, /* VAR_PAD_RESPONSES */ + VAR_PAD_RESPONSES_BLOCK_SIZE = 507, /* VAR_PAD_RESPONSES_BLOCK_SIZE */ + VAR_PAD_QUERIES = 508, /* VAR_PAD_QUERIES */ + VAR_PAD_QUERIES_BLOCK_SIZE = 509, /* VAR_PAD_QUERIES_BLOCK_SIZE */ + VAR_IPSECMOD_ENABLED = 510, /* VAR_IPSECMOD_ENABLED */ + VAR_IPSECMOD_HOOK = 511, /* VAR_IPSECMOD_HOOK */ + VAR_IPSECMOD_IGNORE_BOGUS = 512, /* VAR_IPSECMOD_IGNORE_BOGUS */ + VAR_IPSECMOD_MAX_TTL = 513, /* VAR_IPSECMOD_MAX_TTL */ + VAR_IPSECMOD_WHITELIST = 514, /* VAR_IPSECMOD_WHITELIST */ + VAR_IPSECMOD_STRICT = 515, /* VAR_IPSECMOD_STRICT */ + VAR_CACHEDB = 516, /* VAR_CACHEDB */ + VAR_CACHEDB_BACKEND = 517, /* VAR_CACHEDB_BACKEND */ + VAR_CACHEDB_SECRETSEED = 518, /* VAR_CACHEDB_SECRETSEED */ + VAR_CACHEDB_REDISHOST = 519, /* VAR_CACHEDB_REDISHOST */ + VAR_CACHEDB_REDISPORT = 520, /* VAR_CACHEDB_REDISPORT */ + VAR_CACHEDB_REDISTIMEOUT = 521, /* VAR_CACHEDB_REDISTIMEOUT */ + VAR_CACHEDB_REDISEXPIRERECORDS = 522, /* VAR_CACHEDB_REDISEXPIRERECORDS */ + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 523, /* VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM */ + VAR_FOR_UPSTREAM = 524, /* VAR_FOR_UPSTREAM */ + VAR_AUTH_ZONE = 525, /* VAR_AUTH_ZONE */ + VAR_ZONEFILE = 526, /* VAR_ZONEFILE */ + VAR_MASTER = 527, /* VAR_MASTER */ + VAR_URL = 528, /* VAR_URL */ + VAR_FOR_DOWNSTREAM = 529, /* VAR_FOR_DOWNSTREAM */ + VAR_FALLBACK_ENABLED = 530, /* VAR_FALLBACK_ENABLED */ + VAR_TLS_ADDITIONAL_PORT = 531, /* VAR_TLS_ADDITIONAL_PORT */ + VAR_LOW_RTT = 532, /* VAR_LOW_RTT */ + VAR_LOW_RTT_PERMIL = 533, /* VAR_LOW_RTT_PERMIL */ + VAR_FAST_SERVER_PERMIL = 534, /* VAR_FAST_SERVER_PERMIL */ + VAR_FAST_SERVER_NUM = 535, /* VAR_FAST_SERVER_NUM */ + VAR_ALLOW_NOTIFY = 536, /* VAR_ALLOW_NOTIFY */ + VAR_TLS_WIN_CERT = 537, /* VAR_TLS_WIN_CERT */ + VAR_TCP_CONNECTION_LIMIT = 538, /* VAR_TCP_CONNECTION_LIMIT */ + VAR_FORWARD_NO_CACHE = 539, /* VAR_FORWARD_NO_CACHE */ + VAR_STUB_NO_CACHE = 540, /* VAR_STUB_NO_CACHE */ + VAR_LOG_SERVFAIL = 541, /* VAR_LOG_SERVFAIL */ + VAR_DENY_ANY = 542, /* VAR_DENY_ANY */ + VAR_UNKNOWN_SERVER_TIME_LIMIT = 543, /* VAR_UNKNOWN_SERVER_TIME_LIMIT */ + VAR_LOG_TAG_QUERYREPLY = 544, /* VAR_LOG_TAG_QUERYREPLY */ + VAR_STREAM_WAIT_SIZE = 545, /* VAR_STREAM_WAIT_SIZE */ + VAR_TLS_CIPHERS = 546, /* VAR_TLS_CIPHERS */ + VAR_TLS_CIPHERSUITES = 547, /* VAR_TLS_CIPHERSUITES */ + VAR_TLS_USE_SNI = 548, /* VAR_TLS_USE_SNI */ + VAR_IPSET = 549, /* VAR_IPSET */ + VAR_IPSET_NAME_V4 = 550, /* VAR_IPSET_NAME_V4 */ + VAR_IPSET_NAME_V6 = 551, /* VAR_IPSET_NAME_V6 */ + VAR_TLS_SESSION_TICKET_KEYS = 552, /* VAR_TLS_SESSION_TICKET_KEYS */ + VAR_RPZ = 553, /* VAR_RPZ */ + VAR_TAGS = 554, /* VAR_TAGS */ + VAR_RPZ_ACTION_OVERRIDE = 555, /* VAR_RPZ_ACTION_OVERRIDE */ + VAR_RPZ_CNAME_OVERRIDE = 556, /* VAR_RPZ_CNAME_OVERRIDE */ + VAR_RPZ_LOG = 557, /* VAR_RPZ_LOG */ + VAR_RPZ_LOG_NAME = 558, /* VAR_RPZ_LOG_NAME */ + VAR_DYNLIB = 559, /* VAR_DYNLIB */ + VAR_DYNLIB_FILE = 560, /* VAR_DYNLIB_FILE */ + VAR_EDNS_CLIENT_STRING = 561, /* VAR_EDNS_CLIENT_STRING */ + VAR_EDNS_CLIENT_STRING_OPCODE = 562, /* VAR_EDNS_CLIENT_STRING_OPCODE */ + VAR_NSID = 563, /* VAR_NSID */ + VAR_ZONEMD_PERMISSIVE_MODE = 564, /* VAR_ZONEMD_PERMISSIVE_MODE */ + VAR_ZONEMD_REJECT_ABSENCE = 565 /* VAR_ZONEMD_REJECT_ABSENCE */ }; + typedef enum yytokentype yytoken_kind_t; #endif -/* Tokens. */ +/* Token kinds. */ +#define YYEOF 0 +#define YYerror 256 +#define YYUNDEF 257 #define SPACE 258 #define LETTER 259 #define NEWLINE 260 @@ -578,80 +595,88 @@ extern int yydebug; #define VAR_SERVE_EXPIRED_TTL_RESET 481 #define VAR_SERVE_EXPIRED_REPLY_TTL 482 #define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 -#define VAR_FAKE_DSA 484 -#define VAR_FAKE_SHA1 485 -#define VAR_LOG_IDENTITY 486 -#define VAR_HIDE_TRUSTANCHOR 487 -#define VAR_TRUST_ANCHOR_SIGNALING 488 -#define VAR_AGGRESSIVE_NSEC 489 -#define VAR_USE_SYSTEMD 490 -#define VAR_SHM_ENABLE 491 -#define VAR_SHM_KEY 492 -#define VAR_ROOT_KEY_SENTINEL 493 -#define VAR_DNSCRYPT 494 -#define VAR_DNSCRYPT_ENABLE 495 -#define VAR_DNSCRYPT_PORT 496 -#define VAR_DNSCRYPT_PROVIDER 497 -#define VAR_DNSCRYPT_SECRET_KEY 498 -#define VAR_DNSCRYPT_PROVIDER_CERT 499 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 500 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 501 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 502 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 503 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 504 -#define VAR_IPSECMOD_ENABLED 505 -#define VAR_IPSECMOD_HOOK 506 -#define VAR_IPSECMOD_IGNORE_BOGUS 507 -#define VAR_IPSECMOD_MAX_TTL 508 -#define VAR_IPSECMOD_WHITELIST 509 -#define VAR_IPSECMOD_STRICT 510 -#define VAR_CACHEDB 511 -#define VAR_CACHEDB_BACKEND 512 -#define VAR_CACHEDB_SECRETSEED 513 -#define VAR_CACHEDB_REDISHOST 514 -#define VAR_CACHEDB_REDISPORT 515 -#define VAR_CACHEDB_REDISTIMEOUT 516 -#define VAR_CACHEDB_REDISEXPIRERECORDS 517 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 518 -#define VAR_FOR_UPSTREAM 519 -#define VAR_AUTH_ZONE 520 -#define VAR_ZONEFILE 521 -#define VAR_MASTER 522 -#define VAR_URL 523 -#define VAR_FOR_DOWNSTREAM 524 -#define VAR_FALLBACK_ENABLED 525 -#define VAR_TLS_ADDITIONAL_PORT 526 -#define VAR_LOW_RTT 527 -#define VAR_LOW_RTT_PERMIL 528 -#define VAR_FAST_SERVER_PERMIL 529 -#define VAR_FAST_SERVER_NUM 530 -#define VAR_ALLOW_NOTIFY 531 -#define VAR_TLS_WIN_CERT 532 -#define VAR_TCP_CONNECTION_LIMIT 533 -#define VAR_FORWARD_NO_CACHE 534 -#define VAR_STUB_NO_CACHE 535 -#define VAR_LOG_SERVFAIL 536 -#define VAR_DENY_ANY 537 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 538 -#define VAR_LOG_TAG_QUERYREPLY 539 -#define VAR_STREAM_WAIT_SIZE 540 -#define VAR_TLS_CIPHERS 541 -#define VAR_TLS_CIPHERSUITES 542 -#define VAR_TLS_USE_SNI 543 -#define VAR_IPSET 544 -#define VAR_IPSET_NAME_V4 545 -#define VAR_IPSET_NAME_V6 546 -#define VAR_TLS_SESSION_TICKET_KEYS 547 -#define VAR_RPZ 548 -#define VAR_TAGS 549 -#define VAR_RPZ_ACTION_OVERRIDE 550 -#define VAR_RPZ_CNAME_OVERRIDE 551 -#define VAR_RPZ_LOG 552 -#define VAR_RPZ_LOG_NAME 553 -#define VAR_DYNLIB 554 -#define VAR_DYNLIB_FILE 555 -#define VAR_EDNS_CLIENT_STRING 556 -#define VAR_EDNS_CLIENT_STRING_OPCODE 557 +#define VAR_SERVE_ORIGINAL_TTL 484 +#define VAR_FAKE_DSA 485 +#define VAR_FAKE_SHA1 486 +#define VAR_LOG_IDENTITY 487 +#define VAR_HIDE_TRUSTANCHOR 488 +#define VAR_TRUST_ANCHOR_SIGNALING 489 +#define VAR_AGGRESSIVE_NSEC 490 +#define VAR_USE_SYSTEMD 491 +#define VAR_SHM_ENABLE 492 +#define VAR_SHM_KEY 493 +#define VAR_ROOT_KEY_SENTINEL 494 +#define VAR_DNSCRYPT 495 +#define VAR_DNSCRYPT_ENABLE 496 +#define VAR_DNSCRYPT_PORT 497 +#define VAR_DNSCRYPT_PROVIDER 498 +#define VAR_DNSCRYPT_SECRET_KEY 499 +#define VAR_DNSCRYPT_PROVIDER_CERT 500 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505 +#define VAR_PAD_RESPONSES 506 +#define VAR_PAD_RESPONSES_BLOCK_SIZE 507 +#define VAR_PAD_QUERIES 508 +#define VAR_PAD_QUERIES_BLOCK_SIZE 509 +#define VAR_IPSECMOD_ENABLED 510 +#define VAR_IPSECMOD_HOOK 511 +#define VAR_IPSECMOD_IGNORE_BOGUS 512 +#define VAR_IPSECMOD_MAX_TTL 513 +#define VAR_IPSECMOD_WHITELIST 514 +#define VAR_IPSECMOD_STRICT 515 +#define VAR_CACHEDB 516 +#define VAR_CACHEDB_BACKEND 517 +#define VAR_CACHEDB_SECRETSEED 518 +#define VAR_CACHEDB_REDISHOST 519 +#define VAR_CACHEDB_REDISPORT 520 +#define VAR_CACHEDB_REDISTIMEOUT 521 +#define VAR_CACHEDB_REDISEXPIRERECORDS 522 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 523 +#define VAR_FOR_UPSTREAM 524 +#define VAR_AUTH_ZONE 525 +#define VAR_ZONEFILE 526 +#define VAR_MASTER 527 +#define VAR_URL 528 +#define VAR_FOR_DOWNSTREAM 529 +#define VAR_FALLBACK_ENABLED 530 +#define VAR_TLS_ADDITIONAL_PORT 531 +#define VAR_LOW_RTT 532 +#define VAR_LOW_RTT_PERMIL 533 +#define VAR_FAST_SERVER_PERMIL 534 +#define VAR_FAST_SERVER_NUM 535 +#define VAR_ALLOW_NOTIFY 536 +#define VAR_TLS_WIN_CERT 537 +#define VAR_TCP_CONNECTION_LIMIT 538 +#define VAR_FORWARD_NO_CACHE 539 +#define VAR_STUB_NO_CACHE 540 +#define VAR_LOG_SERVFAIL 541 +#define VAR_DENY_ANY 542 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 543 +#define VAR_LOG_TAG_QUERYREPLY 544 +#define VAR_STREAM_WAIT_SIZE 545 +#define VAR_TLS_CIPHERS 546 +#define VAR_TLS_CIPHERSUITES 547 +#define VAR_TLS_USE_SNI 548 +#define VAR_IPSET 549 +#define VAR_IPSET_NAME_V4 550 +#define VAR_IPSET_NAME_V6 551 +#define VAR_TLS_SESSION_TICKET_KEYS 552 +#define VAR_RPZ 553 +#define VAR_TAGS 554 +#define VAR_RPZ_ACTION_OVERRIDE 555 +#define VAR_RPZ_CNAME_OVERRIDE 556 +#define VAR_RPZ_LOG 557 +#define VAR_RPZ_LOG_NAME 558 +#define VAR_DYNLIB 559 +#define VAR_DYNLIB_FILE 560 +#define VAR_EDNS_CLIENT_STRING 561 +#define VAR_EDNS_CLIENT_STRING_OPCODE 562 +#define VAR_NSID 563 +#define VAR_ZONEMD_PERMISSIVE_MODE 564 +#define VAR_ZONEMD_REJECT_ABSENCE 565 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -661,7 +686,7 @@ union YYSTYPE char* str; -#line 665 "util/configparser.h" +#line 690 "util/configparser.h" }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index 32419593a..10f5ac1c4 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -151,7 +151,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_SERVE_EXPIRED_TTL %token VAR_SERVE_EXPIRED_TTL_RESET VAR_SERVE_EXPIRED_REPLY_TTL -%token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_FAKE_DSA +%token VAR_SERVE_EXPIRED_CLIENT_TIMEOUT VAR_SERVE_ORIGINAL_TTL VAR_FAKE_DSA %token VAR_FAKE_SHA1 VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR %token VAR_TRUST_ANCHOR_SIGNALING VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD %token VAR_SHM_ENABLE VAR_SHM_KEY VAR_ROOT_KEY_SENTINEL @@ -162,6 +162,8 @@ extern struct config_parser_state* cfg_parser; %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS %token VAR_DNSCRYPT_NONCE_CACHE_SIZE %token VAR_DNSCRYPT_NONCE_CACHE_SLABS +%token VAR_PAD_RESPONSES VAR_PAD_RESPONSES_BLOCK_SIZE +%token VAR_PAD_QUERIES VAR_PAD_QUERIES_BLOCK_SIZE %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED @@ -179,7 +181,8 @@ extern struct config_parser_state* cfg_parser; %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME %token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING -%token VAR_EDNS_CLIENT_STRING_OPCODE +%token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID +%token VAR_ZONEMD_PERMISSIVE_MODE VAR_ZONEMD_REJECT_ABSENCE %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -274,10 +277,14 @@ content_server: server_num_threads | server_verbosity | server_port | server_disable_dnssec_lame_check | server_access_control_tag | server_local_zone_override | server_access_control_tag_action | server_access_control_tag_data | server_access_control_view | - server_qname_minimisation_strict | server_serve_expired | + server_qname_minimisation_strict | + server_pad_responses | server_pad_responses_block_size | + server_pad_queries | server_pad_queries_block_size | + server_serve_expired | server_serve_expired_ttl | server_serve_expired_ttl_reset | server_serve_expired_reply_ttl | server_serve_expired_client_timeout | - server_fake_dsa | server_log_identity | server_use_systemd | + server_serve_original_ttl | server_fake_dsa | + server_log_identity | server_use_systemd | server_response_ip_tag | server_response_ip | server_response_ip_data | server_shm_enable | server_shm_key | server_fake_sha1 | server_hide_trustanchor | server_trust_anchor_signaling | @@ -293,7 +300,8 @@ content_server: server_num_threads | server_verbosity | server_port | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys | server_tls_use_sni | server_edns_client_string | - server_edns_client_string_opcode + server_edns_client_string_opcode | server_nsid | + server_zonemd_permissive_mode ; stubstart: VAR_STUB_ZONE { @@ -360,6 +368,7 @@ authstart: VAR_AUTH_ZONE s->for_downstream = 1; s->for_upstream = 1; s->fallback_enabled = 0; + s->zonemd_reject_absence = 0; s->isrpz = 0; } else yyerror("out of memory"); @@ -369,7 +378,7 @@ contents_auth: contents_auth content_auth | ; content_auth: auth_name | auth_zonefile | auth_master | auth_url | auth_for_downstream | auth_for_upstream | auth_fallback_enabled | - auth_allow_notify + auth_allow_notify | auth_zonemd_reject_absence ; rpz_tag: VAR_TAGS STRING_ARG @@ -1304,6 +1313,22 @@ server_version: VAR_VERSION STRING_ARG cfg_parser->cfg->version = $2; } ; +server_nsid: VAR_NSID STRING_ARG + { + OUTYY(("P(server_nsid:%s)\n", $2)); + free(cfg_parser->cfg->nsid_cfg_str); + cfg_parser->cfg->nsid_cfg_str = $2; + free(cfg_parser->cfg->nsid); + cfg_parser->cfg->nsid = NULL; + cfg_parser->cfg->nsid_len = 0; + if (*$2 == 0) + ; /* pass; empty string is not setting nsid */ + else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( + $2, &cfg_parser->cfg->nsid_len))) + yyerror("the NSID must be either a hex string or an " + "ascii character string prepended with ascii_."); + } + ; server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG { OUTYY(("P(server_so_rcvbuf:%s)\n", $2)); @@ -1913,6 +1938,15 @@ server_serve_expired_client_timeout: VAR_SERVE_EXPIRED_CLIENT_TIMEOUT STRING_ARG free($2); } ; +server_serve_original_ttl: VAR_SERVE_ORIGINAL_TTL STRING_ARG + { + OUTYY(("P(server_serve_original_ttl:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->serve_original_ttl = (strcmp($2, "yes")==0); + free($2); + } + ; server_fake_dsa: VAR_FAKE_DSA STRING_ARG { OUTYY(("P(server_fake_dsa:%s)\n", $2)); @@ -1955,6 +1989,15 @@ server_val_nsec3_keysize_iterations: VAR_VAL_NSEC3_KEYSIZE_ITERATIONS STRING_ARG cfg_parser->cfg->val_nsec3_key_iterations = $2; } ; +server_zonemd_permissive_mode: VAR_ZONEMD_PERMISSIVE_MODE STRING_ARG + { + OUTYY(("P(server_zonemd_permissive_mode:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->zonemd_permissive_mode = (strcmp($2, "yes")==0); + free($2); + } + ; server_add_holddown: VAR_ADD_HOLDDOWN STRING_ARG { OUTYY(("P(server_add_holddown:%s)\n", $2)); @@ -2420,6 +2463,44 @@ server_qname_minimisation_strict: VAR_QNAME_MINIMISATION_STRICT STRING_ARG free($2); } ; +server_pad_responses: VAR_PAD_RESPONSES STRING_ARG + { + OUTYY(("P(server_pad_responses:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->pad_responses = + (strcmp($2, "yes")==0); + free($2); + } + ; +server_pad_responses_block_size: VAR_PAD_RESPONSES_BLOCK_SIZE STRING_ARG + { + OUTYY(("P(server_pad_responses_block_size:%s)\n", $2)); + if(atoi($2) == 0) + yyerror("number expected"); + else cfg_parser->cfg->pad_responses_block_size = atoi($2); + free($2); + } + ; +server_pad_queries: VAR_PAD_QUERIES STRING_ARG + { + OUTYY(("P(server_pad_queries:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->pad_queries = + (strcmp($2, "yes")==0); + free($2); + } + ; +server_pad_queries_block_size: VAR_PAD_QUERIES_BLOCK_SIZE STRING_ARG + { + OUTYY(("P(server_pad_queries_block_size:%s)\n", $2)); + if(atoi($2) == 0) + yyerror("number expected"); + else cfg_parser->cfg->pad_queries_block_size = atoi($2); + free($2); + } + ; server_ipsecmod_enabled: VAR_IPSECMOD_ENABLED STRING_ARG { #ifdef USE_IPSECMOD @@ -2672,6 +2753,16 @@ auth_allow_notify: VAR_ALLOW_NOTIFY STRING_ARG yyerror("out of memory"); } ; +auth_zonemd_reject_absence: VAR_ZONEMD_REJECT_ABSENCE STRING_ARG + { + OUTYY(("P(zonemd-reject-absence:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->zonemd_reject_absence = + (strcmp($2, "yes")==0); + free($2); + } + ; auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG { OUTYY(("P(for-downstream:%s)\n", $2)); diff --git a/util/configyyrename.h b/util/configyyrename.h index f529be577..8c7ff5b5c 100644 --- a/util/configyyrename.h +++ b/util/configyyrename.h @@ -84,5 +84,11 @@ #define yyget_leng ub_c_get_leng #define yylineno ub_c_lineno #define yyget_text ub_c_get_text +#define yyss ub_c_ss +#define yysslim ub_c_sslim +#define yyssp ub_c_ssp +#define yystacksize ub_c_stacksize +#define yyvs ub_c_vs +#define yyvsp ub_c_vsp #endif /* UTIL_CONFIGYYRENAME_H */ diff --git a/util/data/dname.h b/util/data/dname.h index e37c11822..cb0f6735d 100644 --- a/util/data/dname.h +++ b/util/data/dname.h @@ -261,7 +261,7 @@ int dname_is_root(uint8_t* dname); * Snip off first label from a dname, returning the parent zone. * @param dname: from what to strip off. uncompressed wireformat. * @param len: length, adjusted to become less. - * @return stripped off, or "." if input was ".". + * return stripped off, or "." if input was ".". */ void dname_remove_label(uint8_t** dname, size_t* len); @@ -271,7 +271,7 @@ void dname_remove_label(uint8_t** dname, size_t* len); * @param len: length, adjusted to become less. * @param n: number of labels to strip off (from the left). * if 0, nothing happens. - * @return stripped off, or "." if input was ".". + * return stripped off, or "." if input was ".". */ void dname_remove_labels(uint8_t** dname, size_t* len, int n); diff --git a/util/data/msgencode.c b/util/data/msgencode.c index 1746cfbb8..5f297b551 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -454,6 +454,7 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, size_t i, j, owner_pos; int r, owner_labs; uint16_t owner_ptr = 0; + time_t adjust = 0; struct packed_rrset_data* data = (struct packed_rrset_data*) key->entry.data; @@ -464,9 +465,12 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, owner_labs = dname_count_labels(key->rk.dname); owner_pos = sldns_buffer_position(pkt); - /* For an rrset with a fixed TTL, use the rrset's TTL as given */ + /** Determine relative time adjustment for TTL values. + * For an rrset with a fixed TTL, use the rrset's TTL as given. */ if((key->rk.flags & PACKED_RRSET_FIXEDTTL) != 0) - timenow = 0; + adjust = 0; + else + adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : timenow; if(do_data) { const sldns_rr_descriptor* c = type_rdata_compressable(key); @@ -479,11 +483,10 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, return r; sldns_buffer_write(pkt, &key->rk.type, 2); sldns_buffer_write(pkt, &key->rk.rrset_class, 2); - if(data->rr_ttl[j] < timenow) + if(data->rr_ttl[j] < adjust) sldns_buffer_write_u32(pkt, SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0); - else sldns_buffer_write_u32(pkt, - data->rr_ttl[j]-timenow); + else sldns_buffer_write_u32(pkt, data->rr_ttl[j]-adjust); if(c) { if((r=compress_rdata(pkt, data->rr_data[j], data->rr_len[j], region, tree, c)) @@ -517,11 +520,10 @@ packed_rrset_encode(struct ub_packed_rrset_key* key, sldns_buffer* pkt, } sldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG); sldns_buffer_write(pkt, &key->rk.rrset_class, 2); - if(data->rr_ttl[i] < timenow) + if(data->rr_ttl[i] < adjust) sldns_buffer_write_u32(pkt, SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0); - else sldns_buffer_write_u32(pkt, - data->rr_ttl[i]-timenow); + else sldns_buffer_write_u32(pkt, data->rr_ttl[i]-adjust); /* rrsig rdata cannot be compressed, perform 100+ byte * memcopy. */ sldns_buffer_write(pkt, data->rr_data[i], @@ -801,14 +803,14 @@ calc_edns_field_size(struct edns_data* edns) return 1 + 2 + 2 + 4 + 2 + rdatalen; } -void -attach_edns_record(sldns_buffer* pkt, struct edns_data* edns) +static void +attach_edns_record_max_msg_sz(sldns_buffer* pkt, struct edns_data* edns, + uint16_t max_msg_sz) { size_t len; size_t rdatapos; struct edns_option* opt; - if(!edns || !edns->edns_present) - return; + struct edns_option* padding_option = NULL; /* inc additional count */ sldns_buffer_write_u16_at(pkt, 10, sldns_buffer_read_u16_at(pkt, 10) + 1); @@ -826,17 +828,52 @@ attach_edns_record(sldns_buffer* pkt, struct edns_data* edns) sldns_buffer_write_u16(pkt, 0); /* rdatalen */ /* write rdata */ for(opt=edns->opt_list; opt; opt=opt->next) { + if (opt->opt_code == LDNS_EDNS_PADDING) { + padding_option = opt; + continue; + } sldns_buffer_write_u16(pkt, opt->opt_code); sldns_buffer_write_u16(pkt, opt->opt_len); if(opt->opt_len != 0) sldns_buffer_write(pkt, opt->opt_data, opt->opt_len); } + if (padding_option && edns->padding_block_size ) { + size_t pad_pos = sldns_buffer_position(pkt); + size_t msg_sz = ((pad_pos + 3) / edns->padding_block_size + 1) + * edns->padding_block_size; + size_t pad_sz; + + if (msg_sz > max_msg_sz) + msg_sz = max_msg_sz; + + /* By use of calc_edns_field_size, calling functions should + * have made sure that there is enough space for at least a + * zero sized padding option. + */ + log_assert(pad_pos + 4 <= msg_sz); + + pad_sz = msg_sz - pad_pos - 4; + sldns_buffer_write_u16(pkt, LDNS_EDNS_PADDING); + sldns_buffer_write_u16(pkt, pad_sz); + if (pad_sz) { + memset(sldns_buffer_current(pkt), 0, pad_sz); + sldns_buffer_skip(pkt, pad_sz); + } + } if(edns->opt_list) sldns_buffer_write_u16_at(pkt, rdatapos, sldns_buffer_position(pkt)-rdatapos-2); sldns_buffer_flip(pkt); } +void +attach_edns_record(sldns_buffer* pkt, struct edns_data* edns) +{ + if(!edns || !edns->edns_present) + return; + attach_edns_record_max_msg_sz(pkt, edns, edns->udp_size); +} + int reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, uint16_t id, uint16_t qflags, sldns_buffer* pkt, time_t timenow, @@ -885,7 +922,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, } if(attach_edns && sldns_buffer_capacity(pkt) >= sldns_buffer_limit(pkt)+attach_edns) - attach_edns_record(pkt, edns); + attach_edns_record_max_msg_sz(pkt, edns, udpsize+attach_edns); return 1; } diff --git a/util/data/msgparse.c b/util/data/msgparse.c index 7c32618a3..6ee5559db 100644 --- a/util/data/msgparse.c +++ b/util/data/msgparse.c @@ -1020,6 +1020,7 @@ parse_extract_edns(struct msg_parse* msg, struct edns_data* edns, edns->bits = sldns_read_uint16(&found->rr_last->ttl_data[2]); edns->udp_size = ntohs(found->rrset_class); edns->opt_list = NULL; + edns->padding_block_size = 0; /* take the options */ rdata_len = found->rr_first->size-2; @@ -1093,6 +1094,7 @@ parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns, edns->edns_version = sldns_buffer_read_u8(pkt); edns->bits = sldns_buffer_read_u16(pkt); edns->opt_list = NULL; + edns->padding_block_size = 0; /* take the options */ rdata_len = sldns_buffer_read_u16(pkt); diff --git a/util/data/msgparse.h b/util/data/msgparse.h index fd04f9f6f..d2fd9c806 100644 --- a/util/data/msgparse.h +++ b/util/data/msgparse.h @@ -87,6 +87,8 @@ extern time_t SERVE_EXPIRED_TTL; extern time_t SERVE_EXPIRED_REPLY_TTL; /** Negative cache time (for entries without any RRs.) */ #define NORR_TTL 5 /* seconds */ +/** If we serve the original TTL or decrementing TTLs */ +extern int SERVE_ORIGINAL_TTL; /** * Data stored in scratch pad memory during parsing. @@ -225,6 +227,8 @@ struct edns_data { uint16_t udp_size; /** rdata element list, or NULL if none */ struct edns_option* opt_list; + /** block size to pad */ + uint16_t padding_block_size; }; /** diff --git a/util/data/msgreply.c b/util/data/msgreply.c index c06dcf8a7..7242ed0b5 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -67,6 +67,8 @@ int SERVE_EXPIRED = 0; time_t SERVE_EXPIRED_TTL = 0; /** TTL to use for expired records */ time_t SERVE_EXPIRED_REPLY_TTL = 30; +/** If we serve the original TTL or decrementing TTLs */ +int SERVE_ORIGINAL_TTL = 0; /** allocate qinfo, return 0 on error */ static int @@ -223,9 +225,9 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, if(*rr_ttl > MAX_NEG_TTL) *rr_ttl = MAX_NEG_TTL; } - if(*rr_ttl < MIN_TTL) + if(!SERVE_ORIGINAL_TTL && (*rr_ttl < MIN_TTL)) *rr_ttl = MIN_TTL; - if(*rr_ttl > MAX_TTL) + if(!SERVE_ORIGINAL_TTL && (*rr_ttl > MAX_TTL)) *rr_ttl = MAX_TTL; if(*rr_ttl < data->ttl) data->ttl = *rr_ttl; @@ -347,8 +349,8 @@ parse_create_rrset(sldns_buffer* pkt, struct rrset_parse* pset, (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)) + pset->size; if(region) - *data = regional_alloc(region, s); - else *data = malloc(s); + *data = regional_alloc_zero(region, s); + else *data = calloc(1, s); if(!*data) return 0; /* copy & decompress */ @@ -552,6 +554,7 @@ reply_info_set_ttls(struct reply_info* rep, time_t timenow) for(j=0; jcount + data->rrsig_count; j++) { data->rr_ttl[j] += timenow; } + data->ttl_add = timenow; } } diff --git a/util/data/packed_rrset.c b/util/data/packed_rrset.c index 4b0294f97..e1a0833a2 100644 --- a/util/data/packed_rrset.c +++ b/util/data/packed_rrset.c @@ -220,6 +220,7 @@ packed_rrset_ttl_add(struct packed_rrset_data* data, time_t add) { size_t i; size_t total = data->count + data->rrsig_count; + data->ttl_add = add; data->ttl += add; for(i=0; irr_ttl[i] += add; @@ -275,6 +276,7 @@ int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i, entry.data; uint8_t rr[65535]; size_t rlen = rrset->rk.dname_len + 2 + 2 + 4 + d->rr_len[i]; + time_t adjust = 0; log_assert(dest_len > 0 && dest); if(rlen > dest_len) { dest[0] = 0; @@ -285,8 +287,10 @@ int packed_rr_to_string(struct ub_packed_rrset_key* rrset, size_t i, memmove(rr+rrset->rk.dname_len, &rrset->rk.type, 2); else sldns_write_uint16(rr+rrset->rk.dname_len, LDNS_RR_TYPE_RRSIG); memmove(rr+rrset->rk.dname_len+2, &rrset->rk.rrset_class, 2); + adjust = SERVE_ORIGINAL_TTL ? d->ttl_add : now; + if (d->rr_ttl[i] < adjust) adjust = d->rr_ttl[i]; /* Prevent negative TTL overflow */ sldns_write_uint32(rr+rrset->rk.dname_len+4, - (uint32_t)(d->rr_ttl[i]-now)); + (uint32_t)(d->rr_ttl[i]-adjust)); memmove(rr+rrset->rk.dname_len+8, d->rr_data[i], d->rr_len[i]); if(sldns_wire2str_rr_buf(rr, rlen, dest, dest_len) == -1) { log_info("rrbuf failure %d %s", (int)d->rr_len[i], dest); @@ -332,6 +336,7 @@ packed_rrset_copy_region(struct ub_packed_rrset_key* key, struct packed_rrset_data* data = (struct packed_rrset_data*) key->entry.data; size_t dsize, i; + time_t adjust = 0; if(!ck) return NULL; ck->id = key->id; @@ -350,14 +355,16 @@ packed_rrset_copy_region(struct ub_packed_rrset_key* key, ck->entry.data = d; packed_rrset_ptr_fixup(d); /* make TTLs relative - once per rrset */ + adjust = SERVE_ORIGINAL_TTL ? data->ttl_add : now; for(i=0; icount + d->rrsig_count; i++) { - if(d->rr_ttl[i] < now) + if(d->rr_ttl[i] < adjust) d->rr_ttl[i] = SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0; - else d->rr_ttl[i] -= now; + else d->rr_ttl[i] -= adjust; } - if(d->ttl < now) + if(d->ttl < adjust) d->ttl = SERVE_EXPIRED?SERVE_EXPIRED_REPLY_TTL:0; - else d->ttl -= now; + else d->ttl -= adjust; + d->ttl_add = 0; /* TTLs have been made relative */ return ck; } diff --git a/util/data/packed_rrset.h b/util/data/packed_rrset.h index 729877bab..ff95c0af0 100644 --- a/util/data/packed_rrset.h +++ b/util/data/packed_rrset.h @@ -233,6 +233,9 @@ enum sec_status { * the ttl value to send changes due to time. */ struct packed_rrset_data { + /** Timestamp added to TTLs in the packed data. + * Needed to support serving original TTLs. */ + time_t ttl_add; /** TTL (in seconds like time()) of the rrset. * Same for all RRs see rfc2181(5.2). */ time_t ttl; diff --git a/util/edns.c b/util/edns.c index ddbb46e89..84308449c 100644 --- a/util/edns.c +++ b/util/edns.c @@ -160,5 +160,21 @@ int apply_edns_options(struct edns_data* edns_out, struct edns_data* edns_in, !edns_keepalive(edns_out, edns_in, c, region)) return 0; + if (cfg->nsid && edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_NSID) + && !edns_opt_list_append(&edns_out->opt_list, + LDNS_EDNS_NSID, cfg->nsid_len, cfg->nsid, region)) + return 0; + + if(!cfg->pad_responses || c->type != comm_tcp || !c->ssl + || !edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_PADDING)) { + ; /* pass */ + } + + else if(!edns_opt_list_append(&edns_out->opt_list, LDNS_EDNS_PADDING + , 0, NULL, region)) + return 0; + else + edns_out->padding_block_size = cfg->pad_responses_block_size; + return 1; } diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index a9e9d3a03..2b01e533c 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -583,6 +583,7 @@ int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr) else if(fptr == &probe_answer_cb) return 1; else if(fptr == &auth_xfer_probe_lookup_callback) return 1; else if(fptr == &auth_xfer_transfer_lookup_callback) return 1; + else if(fptr == &auth_zonemd_dnskey_lookup_callback) return 1; return 0; } diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 875851e6a..82bbc867b 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -118,7 +118,6 @@ 140, 141, 142, -143, 144, 145, 146, @@ -679,7 +678,6 @@ 990, 991, 992, -993, 995, 996, 997, diff --git a/util/net_help.c b/util/net_help.c index c5216bc2d..bcc8d34bd 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -321,7 +321,7 @@ static int ipdnametoaddr(uint8_t* dname, size_t dnamelen, struct sockaddr_storage* addr, socklen_t* addrlen, int* af) { uint8_t* ia; - size_t dnamelabs = dname_count_labels(dname); + int dnamelabs = dname_count_labels(dname); uint8_t lablen; char* e = NULL; int z = 0; @@ -1609,5 +1609,4 @@ sock_close(int socket) { closesocket(socket); } - # endif /* USE_WINSOCK */ diff --git a/util/netevent.c b/util/netevent.c index a2c0e6073..6ef84133b 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -51,6 +51,16 @@ #include "dnstap/dnstap.h" #include "dnscrypt/dnscrypt.h" #include "services/listen_dnsport.h" +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + #ifdef HAVE_OPENSSL_SSL_H #include #endif @@ -152,7 +162,7 @@ struct internal_signal { static struct comm_point* comm_point_create_tcp_handler( struct comm_base *base, struct comm_point* parent, size_t bufsize, struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, - void* callback_arg); + void* callback_arg, struct unbound_socket* socket); /* -------- End of local definitions -------- */ @@ -302,7 +312,7 @@ udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) /* 'Cannot assign requested address' also when disconnected */ || (errno == EADDRNOTAVAIL) # endif - ) && verbosity < VERB_DETAIL) + ) && verbosity < VERB_ALGO) return 0; # ifdef EADDRINUSE /* If SO_REUSEADDR is set, we could try to connect to the same server @@ -408,7 +418,9 @@ static void p_ancil(const char* str, struct comm_reply* r) log_info("%s: unknown srctype %d", str, r->srctype); return; } + if(r->srctype == 6) { +#ifdef IPV6_PKTINFO char buf[1024]; if(inet_ntop(AF_INET6, &r->pktinfo.v6info.ipi6_addr, buf, (socklen_t)sizeof(buf)) == 0) { @@ -416,6 +428,7 @@ static void p_ancil(const char* str, struct comm_reply* r) } buf[sizeof(buf)-1]=0; log_info("%s: %s %d", str, buf, r->pktinfo.v6info.ipi6_ifindex); +#endif } else if(r->srctype == 4) { #ifdef IP_PKTINFO char buf1[1024], buf2[1024]; @@ -2197,6 +2210,8 @@ ssl_http_read_more(struct comm_point* c) log_crypto_err("could not SSL_read"); return 0; } + verbose(VERB_ALGO, "ssl http read more skip to %d + %d", + (int)sldns_buffer_position(c->buffer), (int)r); sldns_buffer_skip(c->buffer, (ssize_t)r); return 1; #else @@ -2233,6 +2248,8 @@ http_read_more(int fd, struct comm_point* c) &c->repinfo.addr, c->repinfo.addrlen); return 0; } + verbose(VERB_ALGO, "http read more skip to %d + %d", + (int)sldns_buffer_position(c->buffer), (int)r); sldns_buffer_skip(c->buffer, r); return 1; } @@ -2393,8 +2410,8 @@ http_nonchunk_segment(struct comm_point* c) * read more data collected into the buffer */ remainbufferlen = sldns_buffer_capacity(c->buffer) - sldns_buffer_limit(c->buffer); - if(remainbufferlen >= c->tcp_byte_count || - remainbufferlen >= 2048) { + if(remainbufferlen+got_now >= c->tcp_byte_count || + remainbufferlen >= (c->ssl?16384:2048)) { size_t total = sldns_buffer_limit(c->buffer); sldns_buffer_clear(c->buffer); sldns_buffer_set_position(c->buffer, total); @@ -2762,6 +2779,11 @@ comm_point_http_handle_read(int fd, struct comm_point* c) return 0; } + if(c->http_stored >= sldns_buffer_position(c->buffer)) { + /* read did not work but we wanted more data, there is + * no bytes to process now. */ + return 1; + } sldns_buffer_flip(c->buffer); /* if we are partway in a segment of data, position us at the point * where we left off previously */ @@ -3184,7 +3206,7 @@ void comm_point_raw_handle_callback(int ATTR_UNUSED(fd), struct comm_point* comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3223,6 +3245,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, c->inuse = 0; c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, @@ -3244,7 +3267,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, struct comm_point* comm_point_create_udp_ancil(struct comm_base *base, int fd, sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3283,6 +3306,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, #endif c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, @@ -3305,7 +3329,7 @@ static struct comm_point* comm_point_create_tcp_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, - void* callback_arg) + void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3361,6 +3385,7 @@ comm_point_create_tcp_handler(struct comm_base *base, c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; if(spoolbuf) { c->tcp_req_info = tcp_req_info_create(spoolbuf); if(!c->tcp_req_info) { @@ -3400,7 +3425,8 @@ static struct comm_point* comm_point_create_http_handler(struct comm_base *base, struct comm_point* parent, size_t bufsize, int harden_large_queries, uint32_t http_max_streams, char* http_endpoint, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, + struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3454,6 +3480,7 @@ comm_point_create_http_handler(struct comm_base *base, c->repinfo.c = c; c->callback = callback; c->cb_arg = callback_arg; + c->socket = socket; c->http_min_version = http_version_2; c->http2_stream_max_qbuffer_size = bufsize; @@ -3518,7 +3545,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, uint32_t http_max_streams, char* http_endpoint, struct tcl_list* tcp_conn_limit, size_t bufsize, struct sldns_buffer* spoolbuf, enum listen_type port_type, - comm_point_callback_type* callback, void* callback_arg) + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -3568,6 +3595,7 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, #endif c->callback = NULL; c->cb_arg = NULL; + c->socket = socket; evbits = UB_EV_READ | UB_EV_PERSIST; /* ub_event stuff */ c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, @@ -3589,12 +3617,12 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, port_type == listen_type_ssl || port_type == listen_type_tcp_dnscrypt) { c->tcp_handlers[i] = comm_point_create_tcp_handler(base, - c, bufsize, spoolbuf, callback, callback_arg); + c, bufsize, spoolbuf, callback, callback_arg, socket); } else if(port_type == listen_type_http) { c->tcp_handlers[i] = comm_point_create_http_handler( base, c, bufsize, harden_large_queries, http_max_streams, http_endpoint, - callback, callback_arg); + callback, callback_arg, socket); } else { log_err("could not create tcp handler, unknown listen " @@ -3970,20 +3998,26 @@ comm_point_send_reply(struct comm_reply *repinfo) comm_point_send_udp_msg(repinfo->c, buffer, (struct sockaddr*)&repinfo->addr, repinfo->addrlen, 0); #ifdef USE_DNSTAP - if(repinfo->c->dtenv != NULL && - repinfo->c->dtenv->log_client_response_messages) - dt_msg_send_client_response(repinfo->c->dtenv, - &repinfo->addr, repinfo->c->type, repinfo->c->buffer); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from udp callback + */ + if(repinfo->c->dtenv != NULL && repinfo->c->dtenv->log_client_response_messages) { + log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); + dt_msg_send_client_response(repinfo->c->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->type, repinfo->c->buffer); + } #endif } else { #ifdef USE_DNSTAP - if(repinfo->c->tcp_parent->dtenv != NULL && - repinfo->c->tcp_parent->dtenv->log_client_response_messages) - dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, - &repinfo->addr, repinfo->c->type, - ( repinfo->c->tcp_req_info - ? repinfo->c->tcp_req_info->spool_buffer - : repinfo->c->buffer )); + /* + * sending src (client)/dst (local service) addresses over DNSTAP from TCP callback + */ + if(repinfo->c->tcp_parent->dtenv != NULL && repinfo->c->tcp_parent->dtenv->log_client_response_messages) { + log_addr(VERB_ALGO, "from local addr", (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->socket->addr->ai_addrlen); + log_addr(VERB_ALGO, "response to client", &repinfo->addr, repinfo->addrlen); + dt_msg_send_client_response(repinfo->c->tcp_parent->dtenv, &repinfo->addr, (void*)repinfo->c->socket->addr->ai_addr, repinfo->c->type, + ( repinfo->c->tcp_req_info? repinfo->c->tcp_req_info->spool_buffer: repinfo->c->buffer )); + } #endif if(repinfo->c->tcp_req_info) { tcp_req_info_send_reply(repinfo->c->tcp_req_info); @@ -3994,6 +4028,7 @@ comm_point_send_reply(struct comm_reply *repinfo) } repinfo->c->h2_stream = NULL; repinfo->c->tcp_is_reading = 0; + sldns_buffer_clear(repinfo->c->buffer); comm_point_stop_listening(repinfo->c); comm_point_start_listening(repinfo->c, -1, adjusted_tcp_timeout(repinfo->c)); diff --git a/util/netevent.h b/util/netevent.h index 4a2aa1677..c79f99b3e 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -70,6 +70,7 @@ struct comm_point; struct comm_reply; struct tcl_list; struct ub_event_base; +struct unbound_socket; struct mesh_state; struct mesh_area; @@ -169,6 +170,8 @@ struct comm_point { /** if the event is added or not */ int event_added; + struct unbound_socket* socket; + /** file descriptor for communication point */ int fd; @@ -495,12 +498,13 @@ struct ub_event_base* comm_base_internal(struct comm_base* b); * @param buffer: shared buffer by UDP sockets from this thread. * @param callback: callback function pointer. * @param callback_arg: will be passed to your callback function. + * @param socket: and opened socket properties will be passed to your callback function. * @return: returns the allocated communication point. NULL on error. * Sets timeout to NULL. Turns off TCP options. */ struct comm_point* comm_point_create_udp(struct comm_base* base, int fd, struct sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg); + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket); /** * Create an UDP with ancillary data comm point. Calls malloc. @@ -511,12 +515,13 @@ struct comm_point* comm_point_create_udp(struct comm_base* base, * @param buffer: shared buffer by UDP sockets from this thread. * @param callback: callback function pointer. * @param callback_arg: will be passed to your callback function. + * @param socket: and opened socket properties will be passed to your callback function. * @return: returns the allocated communication point. NULL on error. * Sets timeout to NULL. Turns off TCP options. */ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, int fd, struct sldns_buffer* buffer, - comm_point_callback_type* callback, void* callback_arg); + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket); /** * Create a TCP listener comm point. Calls malloc. @@ -539,6 +544,7 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, * to select handler type to use. * @param callback: callback function pointer for TCP handlers. * @param callback_arg: will be passed to your callback function. + * @param socket: and opened socket properties will be passed to your callback function. * @return: returns the TCP listener commpoint. You can find the * TCP handlers in the array inside the listener commpoint. * returns NULL on error. @@ -550,7 +556,7 @@ struct comm_point* comm_point_create_tcp(struct comm_base* base, struct tcl_list* tcp_conn_limit, size_t bufsize, struct sldns_buffer* spoolbuf, enum listen_type port_type, - comm_point_callback_type* callback, void* callback_arg); + comm_point_callback_type* callback, void* callback_arg, struct unbound_socket* socket); /** * Create an outgoing TCP commpoint. No file descriptor is opened, left at -1. diff --git a/validator/autotrust.c b/validator/autotrust.c index fd9fb3cf1..7ce07e0d8 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -2365,6 +2365,7 @@ probe_anchor(struct module_env* env, struct trust_anchor* tp) edns.edns_version = 0; edns.bits = EDNS_DO; edns.opt_list = NULL; + edns.padding_block_size = 0; if(sldns_buffer_capacity(buf) < 65535) edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); else edns.udp_size = 65535; diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 15cccf017..a4d020143 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -141,6 +141,69 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) #endif } +/** hash structure for keeping track of running hashes */ +struct secalgo_hash { + /** the openssl message digest context */ + EVP_MD_CTX* ctx; +}; + +/** create secalgo hash with hash type */ +static struct secalgo_hash* secalgo_hash_create_md(const EVP_MD* md) +{ + struct secalgo_hash* h; + if(!md) + return NULL; + h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->ctx = EVP_MD_CTX_create(); + if(!h->ctx) { + free(h); + return NULL; + } + if(!EVP_DigestInit_ex(h->ctx, md, NULL)) { + EVP_MD_CTX_destroy(h->ctx); + free(h); + return NULL; + } + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + return secalgo_hash_create_md(EVP_sha384()); +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + return secalgo_hash_create_md(EVP_sha512()); +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + return EVP_DigestUpdate(hash->ctx, (unsigned char*)data, + (unsigned int)len); +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + if(EVP_MD_CTX_size(hash->ctx) > (int)maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = EVP_MD_CTX_size(hash->ctx); + return EVP_DigestFinal_ex(hash->ctx, result, NULL); +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + EVP_MD_CTX_destroy(hash->ctx); + free(hash); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. @@ -823,6 +886,64 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) (void)HASH_HashBuf(HASH_AlgSHA256, res, buf, (unsigned long)len); } +/** the secalgo hash structure */ +struct secalgo_hash { + /** hash context */ + HASHContext* ctx; +}; + +/** create hash struct of type */ +static struct secalgo_hash* secalgo_hash_create_type(HASH_HashType tp) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->ctx = HASH_Create(tp); + if(!h->ctx) { + free(h); + return NULL; + } + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + return secalgo_hash_create_type(HASH_AlgSHA384); +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + return secalgo_hash_create_type(HASH_AlgSHA512); +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + HASH_Update(hash->ctx, (unsigned char*)data, (unsigned int)len); + return 1; +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + unsigned int reslen = 0; + if(HASH_ResultLenContext(hash->ctx) > (unsigned int)maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + HASH_End(hash->ctx, (unsigned char*)result, &reslen, + (unsigned int)maxlen); + *resultlen = (size_t)reslen; + return 1; +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + HASH_Destroy(hash->ctx); + free(hash); +} + size_t ds_digest_size_supported(int algo) { @@ -1451,6 +1572,82 @@ secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res) _digest_nettle(SHA256_DIGEST_SIZE, (uint8_t*)buf, len, res); } +/** secalgo hash structure */ +struct secalgo_hash { + /** if it is 384 or 512 */ + int active; + /** context for sha384 */ + struct sha384_ctx ctx384; + /** context for sha512 */ + struct sha512_ctx ctx512; +}; + +struct secalgo_hash* secalgo_hash_create_sha384(void) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->active = 384; + sha384_init(&h->ctx384); + return h; +} + +struct secalgo_hash* secalgo_hash_create_sha512(void) +{ + struct secalgo_hash* h = calloc(1, sizeof(*h)); + if(!h) + return NULL; + h->active = 512; + sha512_init(&h->ctx512); + return h; +} + +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len) +{ + if(hash->active == 384) { + sha384_update(&hash->ctx384, len, data); + } else if(hash->active == 512) { + sha512_update(&hash->ctx512, len, data); + } else { + return 0; + } + return 1; +} + +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen) +{ + if(hash->active == 384) { + if(SHA384_DIGEST_SIZE > maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = SHA384_DIGEST_SIZE; + sha384_digest(&hash->ctx384, SHA384_DIGEST_SIZE, + (unsigned char*)result); + } else if(hash->active == 512) { + if(SHA512_DIGEST_SIZE > maxlen) { + *resultlen = 0; + log_err("secalgo_hash_final: hash buffer too small"); + return 0; + } + *resultlen = SHA512_DIGEST_SIZE; + sha512_digest(&hash->ctx512, SHA512_DIGEST_SIZE, + (unsigned char*)result); + } else { + *resultlen = 0; + return 0; + } + return 1; +} + +void secalgo_hash_delete(struct secalgo_hash* hash) +{ + if(!hash) return; + free(hash); +} + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/validator/val_secalgo.h b/validator/val_secalgo.h index 52aaeb9f6..8b6080dc2 100644 --- a/validator/val_secalgo.h +++ b/validator/val_secalgo.h @@ -43,6 +43,7 @@ #ifndef VALIDATOR_VAL_SECALGO_H #define VALIDATOR_VAL_SECALGO_H struct sldns_buffer; +struct secalgo_hash; /** Return size of nsec3 hash algorithm, 0 if not supported */ size_t nsec3_hash_algo_size_supported(int id); @@ -67,6 +68,48 @@ int secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, */ void secalgo_hash_sha256(unsigned char* buf, size_t len, unsigned char* res); +/** + * Start a hash of type sha384. Allocates structure, then inits it, + * so that a series of updates can be performed, before the final result. + * @return hash structure. NULL on malloc failure or no support. + */ +struct secalgo_hash* secalgo_hash_create_sha384(void); + +/** + * Start a hash of type sha512. Allocates structure, then inits it, + * so that a series of updates can be performed, before the final result. + * @return hash structure. NULL on malloc failure or no support. + */ +struct secalgo_hash* secalgo_hash_create_sha512(void); + +/** + * Update a hash with more information to add to it. + * @param hash: the hash that is updated. + * @param data: data to add. + * @param len: length of data. + * @return false on failure. + */ +int secalgo_hash_update(struct secalgo_hash* hash, uint8_t* data, size_t len); + +/** + * Get the final result of the hash. + * @param hash: the hash that has had updates to it. + * @param result: where to store the result. + * @param maxlen: length of the result buffer, eg. size of the allocation. + * If not large enough the routine fails. + * @param resultlen: the length of the result, returned to the caller. + * How much of maxlen is used. + * @return false on failure. + */ +int secalgo_hash_final(struct secalgo_hash* hash, uint8_t* result, + size_t maxlen, size_t* resultlen); + +/** + * Delete the hash structure. + * @param hash: the hash to delete. + */ +void secalgo_hash_delete(struct secalgo_hash* hash); + /** * Return size of DS digest according to its hash algorithm. * @param algo: DS digest algo. diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index de730f681..14e13da06 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -1187,7 +1187,7 @@ rrset_canonical(struct regional* region, sldns_buffer* buf, * section, to prevent that a wildcard synthesized NSEC can be used in * the non-existence proves. */ if(ntohs(k->rk.type) == LDNS_RR_TYPE_NSEC && - section == LDNS_SECTION_AUTHORITY) { + section == LDNS_SECTION_AUTHORITY && qstate) { k->rk.dname = regional_alloc_init(qstate->region, can_owner, can_owner_len); if(!k->rk.dname) @@ -1199,6 +1199,59 @@ rrset_canonical(struct regional* region, sldns_buffer* buf, return 1; } +int +rrset_canonicalize_to_buffer(struct regional* region, sldns_buffer* buf, + struct ub_packed_rrset_key* k) +{ + struct rbtree_type* sortree = NULL; + struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; + uint8_t* can_owner = NULL; + size_t can_owner_len = 0; + struct canon_rr* walk; + struct canon_rr* rrs; + + sortree = (struct rbtree_type*)regional_alloc(region, + sizeof(rbtree_type)); + if(!sortree) + return 0; + if(d->count > RR_COUNT_MAX) + return 0; /* integer overflow protection */ + rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count); + if(!rrs) { + return 0; + } + rbtree_init(sortree, &canonical_tree_compare); + canonical_sort(k, d, sortree, rrs); + + sldns_buffer_clear(buf); + RBTREE_FOR(walk, struct canon_rr*, sortree) { + /* see if there is enough space left in the buffer */ + if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4 + + d->rr_len[walk->rr_idx]) { + log_err("verify: failed to canonicalize, " + "rrset too big"); + return 0; + } + /* determine canonical owner name */ + if(can_owner) + sldns_buffer_write(buf, can_owner, can_owner_len); + else { + can_owner = sldns_buffer_current(buf); + sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len); + query_dname_tolower(can_owner); + can_owner_len = k->rk.dname_len; + } + sldns_buffer_write(buf, &k->rk.type, 2); + sldns_buffer_write(buf, &k->rk.rrset_class, 2); + sldns_buffer_write_u32(buf, d->rr_ttl[walk->rr_idx]); + sldns_buffer_write(buf, d->rr_data[walk->rr_idx], + d->rr_len[walk->rr_idx]); + canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]); + } + sldns_buffer_flip(buf); + return 1; +} + /** pretty print rrsig error with dates */ static void sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) diff --git a/validator/val_sigcrypt.h b/validator/val_sigcrypt.h index 755a1d6e1..23ca1d91b 100644 --- a/validator/val_sigcrypt.h +++ b/validator/val_sigcrypt.h @@ -334,4 +334,16 @@ int canonical_tree_compare(const void* k1, const void* k2); int rrset_canonical_equal(struct regional* region, struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2); +/** + * Canonicalize an rrset into the buffer. For an auth zone record, so + * this does not use a signature, or the RRSIG TTL or the wildcard label + * count from the RRSIG. + * @param region: temporary region. + * @param buf: the buffer to use. + * @param k: the rrset to insert. + * @return false on alloc error. + */ +int rrset_canonicalize_to_buffer(struct regional* region, + struct sldns_buffer* buf, struct ub_packed_rrset_key* k); + #endif /* VALIDATOR_VAL_SIGCRYPT_H */