diff --git a/.gitignore b/.gitignore index 43ab4c6fb..084116535 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ *.o cscope.out /.libs/ +/.source /Makefile /autom4te.cache/ /config.h diff --git a/Makefile.in b/Makefile.in index 19ff02330..e81131468 100644 --- a/Makefile.in +++ b/Makefile.in @@ -149,7 +149,7 @@ COMMON_OBJ_ALL_SYMBOLS=@COMMON_OBJ_ALL_SYMBOLS@ COMPAT_SRC=compat/ctime_r.c compat/fake-rfc2553.c compat/gmtime_r.c \ compat/inet_aton.c compat/inet_ntop.c compat/inet_pton.c compat/malloc.c \ compat/memcmp.c compat/memmove.c compat/snprintf.c compat/strlcat.c \ -compat/strlcpy.c compat/strptime.c compat/getentropy_linux.c \ +compat/strlcpy.c compat/strptime.c compat/getentropy_freebsd.c compat/getentropy_linux.c \ compat/getentropy_osx.c compat/getentropy_solaris.c compat/getentropy_win.c \ compat/explicit_bzero.c compat/arc4random.c compat/arc4random_uniform.c \ compat/arc4_lock.c compat/sha512.c compat/reallocarray.c compat/isblank.c \ @@ -161,6 +161,7 @@ SLDNS_SRC=sldns/keyraw.c sldns/sbuffer.c sldns/wire2str.c sldns/parse.c \ sldns/parseutil.c sldns/rrdef.c sldns/str2wire.c SLDNS_OBJ=keyraw.lo sbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \ str2wire.lo +SLDNS_ALLOCCHECK_EXTRA_OBJ=@SLDNS_ALLOCCHECK_EXTRA_OBJ@ UNITTEST_SRC=testcode/unitanchor.c testcode/unitdname.c \ testcode/unitlruhash.c testcode/unitmain.c testcode/unitmsgparse.c \ testcode/unitneg.c testcode/unitregional.c testcode/unitslabhash.c \ @@ -188,11 +189,11 @@ CONTROL_OBJ_LINK=$(CONTROL_OBJ) worker_cb.lo $(COMMON_OBJ_ALL_SYMBOLS) \ $(SLDNS_OBJ) $(COMPAT_OBJ) @WIN_CONTROL_OBJ_LINK@ HOST_SRC=smallapp/unbound-host.c HOST_OBJ=unbound-host.lo -HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) @WIN_HOST_OBJ_LINK@ +HOST_OBJ_LINK=$(HOST_OBJ) $(SLDNS_OBJ) $(COMPAT_OBJ_WITHOUT_CTIMEARC4) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_HOST_OBJ_LINK@ UBANCHOR_SRC=smallapp/unbound-anchor.c UBANCHOR_OBJ=unbound-anchor.lo UBANCHOR_OBJ_LINK=$(UBANCHOR_OBJ) parseutil.lo \ -$(COMPAT_OBJ_WITHOUT_CTIME) @WIN_UBANCHOR_OBJ_LINK@ +$(COMPAT_OBJ_WITHOUT_CTIME) $(SLDNS_ALLOCCHECK_EXTRA_OBJ) @WIN_UBANCHOR_OBJ_LINK@ TESTBOUND_SRC=testcode/testbound.c testcode/testpkts.c \ daemon/worker.c daemon/acl_list.c \ daemon/daemon.c daemon/stats.c \ @@ -218,7 +219,7 @@ MEMSTATS_OBJ_LINK=$(MEMSTATS_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) ASYNCLOOK_SRC=testcode/asynclook.c ASYNCLOOK_OBJ=asynclook.lo -ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) +ASYNCLOOK_OBJ_LINK=$(ASYNCLOOK_OBJ) log.lo locks.lo $(COMPAT_OBJ) @ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ@ STREAMTCP_SRC=testcode/streamtcp.c STREAMTCP_OBJ=streamtcp.lo STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ @@ -456,14 +457,19 @@ clean: rm -f _unbound.la libunbound/python/libunbound_wrap.c libunbound/python/unbound.py pythonmod/interface.h pythonmod/unboundmodule.py rm -rf autom4te.cache .libs build doc/html doc/xml -realclean: clean - rm -f config.status config.log config.h.in config.h - rm -f configure config.sub config.guess ltmain.sh aclocal.m4 libtool - rm -f util/configlexer.c util/configparser.c util/configparser.h - rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 +distclean: clean + rm -f config.status config.log config.h + rm -f doc/example.conf doc/libunbound.3 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound-control.8 doc/unbound.8 doc/unbound.conf.5 doc/unbound-host.1 + rm -f smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service rm -f $(TEST_BIN) rm -f Makefile +maintainer-clean: distclean + rm -f util/configlexer.c util/configparser.c util/configparser.h + +realclean: maintainer-clean + rm -f configure config.h.in config.sub config.guess ltmain.sh aclocal.m4 libtool + .SUFFIXES: .lint .c.lint: $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $< @@ -680,7 +686,10 @@ msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/d $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ @@ -696,7 +705,8 @@ iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterato $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ @@ -743,9 +753,11 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/sldns/str2wire.h listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ @@ -753,7 +765,10 @@ listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -766,25 +781,24 @@ mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(s $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/util/edns.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h \ $(srcdir)/services/listen_dnsport.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/ipset/ipset.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -796,7 +810,8 @@ rpz.lo rpz.o: $(srcdir)/services/rpz.c config.h $(srcdir)/services/rpz.h $(srcdi $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ @@ -811,13 +826,19 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/dnstap/dnstap.h alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -825,10 +846,11 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/util/iana_ports.inc + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -841,17 +863,19 @@ shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/ut $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h + $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ @@ -862,23 +886,29 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \ - $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h @@ -888,8 +918,10 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/listen_dnsport.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -901,7 +933,10 @@ rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcd $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ @@ -921,7 +956,10 @@ lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/s $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h tcp_conn_limit.lo tcp_conn_limit.o: $(srcdir)/util/tcp_conn_limit.c config.h $(srcdir)/util/regional.h \ @@ -936,19 +974,23 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h \ - + $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h \ - + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -957,9 +999,11 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/keyraw.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \ @@ -977,7 +1021,10 @@ validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/val $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ @@ -1033,67 +1080,33 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/data/dname.h \ - $(srcdir)/sldns/str2wire.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/testcode/checklocks.h -dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnstap/dnstap.h \ - dnstap/dnstap.pb-c.h -dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ - -ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ - $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ - $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -1141,19 +1154,15 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/testcode/unitmain.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/wire2str.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ @@ -1187,8 +1196,8 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/respip/respip.h + $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/keyraw.h remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ @@ -1199,9 +1208,9 @@ remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/services/rpz.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ @@ -1214,14 +1223,13 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/tube.h \ + $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ @@ -1230,7 +1238,10 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -1244,10 +1255,10 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -1259,7 +1270,9 @@ testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/test $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h + $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1276,10 +1289,10 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ + $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ @@ -1299,8 +1312,8 @@ daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/respip/respip.h + $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/keyraw.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1308,14 +1321,13 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/tube.h \ + $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/authzone.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ @@ -1329,13 +1341,18 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \ @@ -1347,7 +1364,10 @@ memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/lo $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ @@ -1357,9 +1377,8 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h \ - $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) \ - $(srcdir)/edns-subnet/subnet-whitelist.h + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1367,7 +1386,9 @@ worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libu $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h + $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1377,7 +1398,8 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ @@ -1389,7 +1411,7 @@ libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbou $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/rpz.h + $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ @@ -1397,13 +1419,14 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/li $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/services/authzone.h \ - $(srcdir)/services/rpz.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ @@ -1424,7 +1447,12 @@ delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_h unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/pkthdr.h + $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h petal.lo petal.o: $(srcdir)/testcode/petal.c config.h @@ -1455,7 +1483,8 @@ keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $ sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h + $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h @@ -1476,7 +1505,7 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h -getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h +getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h diff --git a/README.md b/README.md index b3d3424c9..7120d486f 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,13 @@ [![Travis Build Status](https://travis-ci.org/NLnetLabs/unbound.svg?branch=master)](https://travis-ci.org/NLnetLabs/unbound) [![Packaging status](https://repology.org/badge/tiny-repos/unbound.svg)](https://repology.org/project/unbound/versions) +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unbound.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unbound) Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Don’t hesitate to [create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) -or post a message on the [Unbound mailing list](https://nlnetlabs.nl/mailman/listinfo/unbound-users). +or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users). You can lean more about Unbound by reading our [documentation](https://nlnetlabs.nl/documentation/unbound/). diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index 08389a432..d5cd8dc55 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -244,6 +244,8 @@ cachedb_init(struct module_env* env, int id) env->modinfo[id] = (void*)cachedb_env; if(!cachedb_apply_cfg(cachedb_env, env->cfg)) { log_err("cachedb: could not apply configuration settings."); + free(cachedb_env); + env->modinfo[id] = NULL; return 0; } /* see if a backend is selected */ @@ -252,6 +254,8 @@ cachedb_init(struct module_env* env, int id) if(!(*cachedb_env->backend->init)(env, cachedb_env)) { log_err("cachedb: could not init %s backend", cachedb_env->backend->name); + free(cachedb_env); + env->modinfo[id] = NULL; return 0; } cachedb_env->enabled = 1; @@ -349,7 +353,11 @@ calc_hash(struct module_qstate* qstate, char* buf, size_t len) /* hash the buffer */ secalgo_hash_sha256(clear, clen, hash); +#ifdef HAVE_EXPLICIT_BZERO + explicit_bzero(clear, clen); +#else memset(clear, 0, clen); +#endif /* hex encode output for portability (some online dbs need * no nulls, no control characters, and so on) */ diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c new file mode 100644 index 000000000..30cd68e97 --- /dev/null +++ b/compat/getentropy_freebsd.c @@ -0,0 +1,62 @@ +/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek + * Copyright (c) 2014 Brent Cook + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include + +#include +#include + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && getentropy_sysctl(buf, len) == len) + return (0); + + errno = EIO; + return (-1); +} diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c index b86c0fba2..82cdb78b8 100644 --- a/compat/getentropy_linux.c +++ b/compat/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.20 2014/07/12 15:43:49 beck Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.46 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,20 +15,23 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" +#include "config.h" /* -#define _POSIX_C_SOURCE 199309L -#define _GNU_SOURCE 1 +#define _POSIX_C_SOURCE 199309L +#define _GNU_SOURCE 1 */ #include #include #include #include #include -#ifdef HAVE_SYS_SYSCTL_H -#include +#ifdef SYS__sysctl +#include #endif #include #include @@ -39,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -46,16 +50,18 @@ #include #include #include - -#if defined(HAVE_SSL) +#ifndef HAVE_NETTLE #include -#elif defined(HAVE_NETTLE) +#else #include +#define SHA512_CTX struct sha512_ctx +#define SHA512_Init(x) sha512_init(x) +#define SHA512_Update(x, b, s) sha512_update(x, s, b) +#define SHA512_Final(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) #endif #include #include -#include #ifdef HAVE_GETAUXVAL #include #endif @@ -75,29 +81,13 @@ HD(b); \ } while (0) -#if defined(HAVE_SSL) -#define CRYPTO_SHA512_CTX SHA512_CTX -#define CRYPTO_SHA512_INIT(x) SHA512_Init(x) -#define CRYPTO_SHA512_FINAL(r, c) SHA512_Final(r, c) #define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) #define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) #define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) -#elif defined(HAVE_NETTLE) -#define CRYPTO_SHA512_CTX struct sha512_ctx -#define CRYPTO_SHA512_INIT(x) sha512_init(x) -#define CRYPTO_SHA512_FINAL(r, c) sha512_digest(c, SHA512_DIGEST_SIZE, r) -#define HR(x, l) (sha512_update(&ctx, (l), (uint8_t *)(x))) -#define HD(x) (sha512_update(&ctx, sizeof (x), (uint8_t *)&(x))) -#define HF(x) (sha512_update(&ctx, sizeof (void*), (uint8_t *)&(x))) -#endif int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len); #endif static int getentropy_urandom(void *buf, size_t len); @@ -105,6 +95,7 @@ static int getentropy_urandom(void *buf, size_t len); static int getentropy_sysctl(void *buf, size_t len); #endif static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); int getentropy(void *buf, size_t len) @@ -113,18 +104,21 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) /* - * Try descriptor-less getrandom() + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 */ ret = getentropy_getrandom(buf, len); if (ret != -1) return (ret); - if (errno != ENOSYS) - return (-1); #endif /* @@ -178,7 +172,7 @@ getentropy(void *buf, size_t len) * - Do the best under the circumstances.... * * This code path exists to bring light to the issue that Linux - * does not provide a failsafe API for entropy collection. + * still does not provide a failsafe API for entropy collection. * * We hope this demonstrates that Linux should either retain their * sysctl ABI, or consider providing a new failsafe API which @@ -196,23 +190,7 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - -#if defined(SYS_getrandom) && defined(__NR_getrandom) +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) static int getentropy_getrandom(void *buf, size_t len) { @@ -221,7 +199,7 @@ getentropy_getrandom(void *buf, size_t len) if (len > 256) return (-1); do { - ret = syscall(SYS_getrandom, buf, len, 0); + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); } while (ret == -1 && errno == EINTR); if (ret != (int)len) @@ -269,7 +247,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -280,13 +258,11 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } #ifdef SYS__sysctl @@ -311,17 +287,15 @@ getentropy_sysctl(void *buf, size_t len) goto sysctlfailed; i += chunk; } - if (gotdata(buf, len) == 0) { - errno = save_errno; - return (0); /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ sysctlfailed: errno = EIO; - return -1; + return (-1); } #endif /* SYS__sysctl */ -static int cl[] = { +static const int cl[] = { CLOCK_REALTIME, #ifdef CLOCK_MONOTONIC CLOCK_MONOTONIC, @@ -346,6 +320,15 @@ static int cl[] = { #endif }; +static int +getentropy_phdr(struct dl_phdr_info *info, size_t ATTR_UNUSED(size), void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + static int getentropy_fallback(void *buf, size_t len) { @@ -357,7 +340,7 @@ getentropy_fallback(void *buf, size_t len) struct rusage ru; sigset_t sigset; struct stat st; - CRYPTO_SHA512_CTX ctx; + SHA512_CTX ctx; static pid_t lastpid; pid_t pid; size_t i, ii, m; @@ -374,7 +357,7 @@ getentropy_fallback(void *buf, size_t len) } for (i = 0; i < len; ) { int j; - CRYPTO_SHA512_INIT(&ctx); + SHA512_Init(&ctx); for (j = 0; j < repeat; j++) { HX((e = gettimeofday(&tv, NULL)) == -1, tv); if (e != -1) { @@ -382,6 +365,8 @@ getentropy_fallback(void *buf, size_t len) cnt += (int)tv.tv_usec; } + dl_iterate_phdr(getentropy_phdr, &ctx); + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) HX(clock_gettime(cl[ii], &ts) == -1, ts); @@ -401,9 +386,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -528,33 +510,30 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } #ifdef HAVE_GETAUXVAL -# ifdef AT_RANDOM +#ifdef AT_RANDOM /* Not as random as you think but we take what we are given */ p = (char *) getauxval(AT_RANDOM); if (p) HR(p, 16); -# endif -# ifdef AT_SYSINFO_EHDR +#endif +#ifdef AT_SYSINFO_EHDR p = (char *) getauxval(AT_SYSINFO_EHDR); if (p) HR(p, pgs); -# endif -# ifdef AT_BASE +#endif +#ifdef AT_BASE p = (char *) getauxval(AT_BASE); if (p) HD(p); -# endif -#endif /* HAVE_GETAUXVAL */ +#endif +#endif - CRYPTO_SHA512_FINAL(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/compat/getentropy_osx.c b/compat/getentropy_osx.c index d5a64ab36..26dcc824d 100644 --- a/compat/getentropy_osx.c +++ b/compat/getentropy_osx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_osx.c,v 1.3 2014/07/12 14:48:00 deraadt Exp $ */ +/* $OpenBSD: getentropy_osx.c,v 1.12 2018/11/20 08:04:28 deraadt Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -15,9 +15,12 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ -#include "config.h" +#include #include #include #include @@ -43,14 +46,18 @@ #include #include #include +#if TARGET_OS_OSX #include #include +#endif #include #include +#if TARGET_OS_OSX #include #include #include #include +#endif #include #define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) #define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) @@ -75,10 +82,6 @@ int getentropy(void *buf, size_t len); -#ifdef CAN_REFERENCE_MAIN -extern int main(int, char *argv[]); -#endif -static int gotdata(char *buf, size_t len); static int getentropy_urandom(void *buf, size_t len); static int getentropy_fallback(void *buf, size_t len); @@ -89,7 +92,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } /* @@ -138,22 +141,6 @@ getentropy(void *buf, size_t len) return (ret); } -/* - * Basic sanity checking; wish we could do better. - */ -static int -gotdata(char *buf, size_t len) -{ - char any_set = 0; - size_t i; - - for (i = 0; i < len; ++i) - any_set |= buf[i]; - if (any_set == 0) - return -1; - return 0; -} - static int getentropy_urandom(void *buf, size_t len) { @@ -188,7 +175,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -199,18 +186,18 @@ start: i += ret; } close(fd); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } + errno = save_errno; + return (0); /* satisfied */ nodevrandom: errno = EIO; - return -1; + return (-1); } +#if TARGET_OS_OSX static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; +#endif static int kmib[] = { CTL_KERN, KERN_USRSTACK }; static int hwmib[] = { CTL_HW, HW_USERMEM }; @@ -230,9 +217,11 @@ getentropy_fallback(void *buf, size_t len) pid_t pid; size_t i, ii, m; char *p; +#if TARGET_OS_OSX struct tcpstat tcpstat; struct udpstat udpstat; struct ipstat ipstat; +#endif u_int64_t mach_time; unsigned int idata; void *addr; @@ -267,6 +256,7 @@ getentropy_fallback(void *buf, size_t len) HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), &idata, &ii, NULL, 0) == -1, idata); +#if TARGET_OS_OSX ii = sizeof(tcpstat); HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), &tcpstat, &ii, NULL, 0) == -1, tcpstat); @@ -278,6 +268,7 @@ getentropy_fallback(void *buf, size_t len) ii = sizeof(ipstat); HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), &ipstat, &ii, NULL, 0) == -1, ipstat); +#endif HX((pid = getpid()) == -1, pid); HX((pid = getsid(pid)) == -1, pid); @@ -295,9 +286,6 @@ getentropy_fallback(void *buf, size_t len) HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, sigset); -#ifdef CAN_REFERENCE_MAIN - HF(main); /* an addr in program */ -#endif HF(getentropy); /* an addr in this library */ HF(printf); /* an addr in libc */ p = (char *)&p; @@ -419,14 +407,11 @@ getentropy_fallback(void *buf, size_t len) } SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } - memset(results, 0, sizeof results); - if (gotdata(buf, len) == 0) { - errno = save_errno; - return 0; /* satisfied */ - } - errno = EIO; - return -1; + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ } diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c index 810098a8d..5e3b1cbbb 100644 --- a/compat/getentropy_solaris.c +++ b/compat/getentropy_solaris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_solaris.c,v 1.3 2014/07/12 14:46:31 deraadt Exp $ */ +/* $OpenBSD: getentropy_solaris.c,v 1.4 2014/07/12 20:41:47 wouter Exp $ */ /* * Copyright (c) 2014 Theo de Raadt @@ -204,7 +204,7 @@ start: } for (i = 0; i < len; ) { size_t wanted = len - i; - ssize_t ret = read(fd, (char*)buf + i, wanted); + ssize_t ret = read(fd, (char *)buf + i, wanted); if (ret == -1) { if (errno == EAGAIN || errno == EINTR) @@ -428,7 +428,7 @@ getentropy_fallback(void *buf, size_t len) HD(cnt); } SHA512_Final(results, &ctx); - memcpy((char*)buf + i, results, min(sizeof(results), len - i)); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); i += min(sizeof(results), len - i); } memset(results, 0, sizeof results); diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c index 71fb955e7..2abeb27bc 100644 --- a/compat/getentropy_win.c +++ b/compat/getentropy_win.c @@ -1,4 +1,4 @@ -/* $OpenBSD$ */ +/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ /* * Copyright (c) 2014, Theo de Raadt @@ -15,6 +15,9 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 */ #include @@ -37,7 +40,7 @@ getentropy(void *buf, size_t len) if (len > 256) { errno = EIO; - return -1; + return (-1); } if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, diff --git a/compat/malloc.c b/compat/malloc.c index 559aa100d..d8097b13e 100644 --- a/compat/malloc.c +++ b/compat/malloc.c @@ -5,7 +5,12 @@ #undef malloc #include +#ifndef USE_WINSOCK void *malloc (); +#else +/* provide a prototype */ +void *malloc (size_t n); +#endif /* Allocate an N-byte block of memory from the heap. If N is zero, allocate a 1-byte block. */ diff --git a/compat/snprintf.c b/compat/snprintf.c index 97cd7061f..bab873e30 100644 --- a/compat/snprintf.c +++ b/compat/snprintf.c @@ -658,7 +658,7 @@ int vsnprintf(char* str, size_t size, const char* format, va_list arg) * are not their own functions. */ /* printout designation: - * conversion specifier: x, d, u, s, c, n, m, p + * conversion specifier: x, d, u, s, c, m, p * flags: # not supported * 0 zeropad (on the left) * - left adjust (right by default) @@ -798,7 +798,10 @@ int vsnprintf(char* str, size_t size, const char* format, va_list arg) minw, minus); break; case 'n': - *va_arg(arg, int*) = ret; + /* unsupported to harden against format string + * exploitation, + * handled like an unknown format specifier. */ + /* *va_arg(arg, int*) = ret; */ break; case 'm': print_str(&at, &left, &ret, strerror(errno), diff --git a/config.h.in b/config.h.in index 1e092fd5b..8c2aa3b94 100644 --- a/config.h.in +++ b/config.h.in @@ -620,6 +620,9 @@ /* Define to 1 if you have the `_beginthreadex' function. */ #undef HAVE__BEGINTHREADEX +/* If HMAC_Init_ex() returns void */ +#undef HMAC_INIT_EX_RETURNS_VOID + /* if lex has yylex_destroy */ #undef LEX_HAS_YYLEX_DESTROY @@ -712,6 +715,9 @@ /* Shared data */ #undef SHARE_DIR +/* The size of `size_t', as computed by sizeof. */ +#undef SIZEOF_SIZE_T + /* The size of `time_t', as computed by sizeof. */ #undef SIZEOF_TIME_T @@ -1221,6 +1227,10 @@ struct tm; char *strptime(const char *s, const char *format, struct tm *tm); #endif +#if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); @@ -1234,9 +1244,6 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM int getentropy(void* buf, size_t len); diff --git a/configure b/configure index cbbc177f2..eb855554d 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.9.4. +# Generated by GNU Autoconf 2.69 for unbound 1.9.7. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.9.4' -PACKAGE_STRING='unbound 1.9.4' +PACKAGE_VERSION='1.9.7' +PACKAGE_STRING='unbound 1.9.7' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -702,6 +702,8 @@ PTHREAD_CFLAGS PTHREAD_LIBS PTHREAD_CC ax_pthread_config +ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ +SLDNS_ALLOCCHECK_EXTRA_OBJ USE_SYSTEMD_FALSE USE_SYSTEMD_TRUE SYSTEMD_DAEMON_LIBS @@ -872,6 +874,7 @@ with_libevent with_libexpat with_libhiredis enable_static_exe +enable_fully_static enable_lock_checks enable_allsymbols enable_dnstap @@ -1446,7 +1449,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.9.4 to adapt to many kinds of systems. +\`configure' configures unbound 1.9.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1511,7 +1514,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.9.4:";; + short | recursive ) echo "Configuration of unbound 1.9.7:";; esac cat <<\_ACEOF @@ -1559,7 +1562,8 @@ Optional Features: --enable-tfo-client Enable TCP Fast Open for client mode --enable-tfo-server Enable TCP Fast Open for server mode --enable-static-exe enable to compile executables statically against - (event) libs, for debug purposes + (event) uninstalled libs, for debug purposes + --enable-fully-static enable to compile fully static --enable-lock-checks enable to check lock and unlock calls, for debug purposes --enable-allsymbols export all symbols from libunbound and link binaries @@ -1732,7 +1736,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.9.4 +unbound configure 1.9.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2441,7 +2445,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.9.4, which was +It was created by unbound $as_me 1.9.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2793,11 +2797,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=9 -UNBOUND_VERSION_MICRO=4 +UNBOUND_VERSION_MICRO=7 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=3 +LIBUNBOUND_REVISION=7 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2869,6 +2873,9 @@ LIBUNBOUND_AGE=1 # 1.9.2 had 9:2:1 # 1.9.3 had 9:3:1 # 1.9.4 had 9:4:1 +# 1.9.5 had 9:5:1 +# 1.9.6 had 9:6:1 +# 1.9.7 had 9:7:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -15065,6 +15072,39 @@ cat >>confdefs.h <<_ACEOF _ACEOF +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 +$as_echo_n "checking size of size_t... " >&6; } +if ${ac_cv_sizeof_size_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_size_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (size_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_size_t=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 +$as_echo "$ac_cv_sizeof_size_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t +_ACEOF + + # add option to disable the evil rpath @@ -16113,7 +16153,7 @@ done # check if we can use SO_REUSEPORT -if echo "$host" | grep -i -e linux -e dragonfly >/dev/null; then +if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then $as_echo "#define REUSEPORT_DEFAULT 1" >>confdefs.h @@ -16339,6 +16379,10 @@ if test x_$enable_alloc_checks = x_yes; then $as_echo "#define UNBOUND_ALLOC_STATS 1" >>confdefs.h + SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo" + + ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo" + else if test x_$enable_alloc_lite = x_yes; then @@ -18198,16 +18242,6 @@ fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_ARC4RANDOM_UNIFORM $ac_have_decl _ACEOF -ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" -if test "x$ac_cv_have_decl_reallocarray" = xyes; then : - ac_have_decl=1 -else - ac_have_decl=0 -fi - -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_REALLOCARRAY $ac_have_decl -_ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 @@ -18348,6 +18382,63 @@ cat >>confdefs.h <<_ACEOF #define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO $ac_have_decl _ACEOF + +if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then +# check function return type. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the return type of HMAC_Init_ex" >&5 +$as_echo_n "checking the return type of HMAC_Init_ex... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif +#include +#include + +int +main () +{ + + HMAC_CTX* hmac_ctx = NULL; + void* hmac_key = NULL; + const EVP_MD* digest = NULL; + int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL); + (void)x; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5 +$as_echo "int" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: void" >&5 +$as_echo "void" >&6; } + +$as_echo "#define HMAC_INIT_EX_RETURNS_VOID 1" >>confdefs.h + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi + fi @@ -19403,7 +19494,7 @@ _ACEOF fi -# set static linking if requested +# set static linking for uninstalled libraries if requested staticexe="" # Check whether --enable-static-exe was given. @@ -19425,6 +19516,25 @@ if test x_$enable_static_exe = x_yes; then fi fi +# set full static linking if requested +# Check whether --enable-fully-static was given. +if test "${enable_fully_static+set}" = set; then : + enableval=$enable_fully_static; +fi + +if test x_$enable_fully_static = x_yes; then + staticexe="-all-static" + if test "$on_mingw" = yes; then + # for static compile, include gdi32 and zlib here. + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" + fi +fi + # set lock checking if requested # Check whether --enable-lock_checks was given. if test "${enable_lock_checks+set}" = set; then : @@ -20222,6 +20332,17 @@ esac fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext +ac_fn_c_check_decl "$LINENO" "reallocarray" "ac_cv_have_decl_reallocarray" "$ac_includes_default" +if test "x$ac_cv_have_decl_reallocarray" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_REALLOCARRAY $ac_have_decl +_ACEOF + if test "$USE_NSS" = "no"; then ac_fn_c_check_func "$LINENO" "arc4random" "ac_cv_func_arc4random" if test "x$ac_cv_func_arc4random" = xyes; then : @@ -20388,6 +20509,14 @@ if test "$ac_res" != no; then : fi + ;; + *freebsd*|*FreeBSD) + case " $LIBOBJS " in + *" getentropy_freebsd.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS getentropy_freebsd.$ac_objext" + ;; +esac + ;; *linux*|Linux|*) case " $LIBOBJS " in @@ -21297,7 +21426,7 @@ _ACEOF -version=1.9.4 +version=1.9.7 date=`date +'%b %e, %Y'` @@ -21816,7 +21945,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.9.4, which was +This file was extended by unbound $as_me 1.9.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21882,7 +22011,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.9.4 +unbound config.status 1.9.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index daa521ceb..4ed9bb872 100644 --- a/configure.ac +++ b/configure.ac @@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[9]) -m4_define([VERSION_MICRO],[4]) +m4_define([VERSION_MICRO],[7]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=3 +LIBUNBOUND_REVISION=7 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -90,6 +90,9 @@ LIBUNBOUND_AGE=1 # 1.9.2 had 9:2:1 # 1.9.3 had 9:3:1 # 1.9.4 had 9:4:1 +# 1.9.5 had 9:5:1 +# 1.9.6 had 9:6:1 +# 1.9.7 had 9:7:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -430,6 +433,7 @@ AC_INCLUDES_DEFAULT # endif #endif ]) +AC_CHECK_SIZEOF(size_t) # add option to disable the evil rpath ACX_ARG_RPATH @@ -475,7 +479,7 @@ ACX_MKDIR_ONE_ARG AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])]) # check if we can use SO_REUSEPORT -if echo "$host" | grep -i -e linux -e dragonfly >/dev/null; then +if echo "$host" | $GREP -i -e linux -e dragonfly >/dev/null; then AC_DEFINE(REUSEPORT_DEFAULT, 1, [if REUSEPORT is enabled by default]) else AC_DEFINE(REUSEPORT_DEFAULT, 0, [if REUSEPORT is enabled by default]) @@ -500,6 +504,10 @@ if test x_$enable_alloc_nonregional = x_yes; then fi if test x_$enable_alloc_checks = x_yes; then AC_DEFINE(UNBOUND_ALLOC_STATS, 1, [use statistics for allocs and frees, for debug use]) + SLDNS_ALLOCCHECK_EXTRA_OBJ="alloc.lo log.lo" + AC_SUBST(SLDNS_ALLOCCHECK_EXTRA_OBJ) + ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ="alloc.lo" + AC_SUBST(ASYNCLOOK_ALLOCCHECK_EXTRA_OBJ) else if test x_$enable_alloc_lite = x_yes; then AC_DEFINE(UNBOUND_ALLOC_LITE, 1, [use to enable lightweight alloc assertions, for debug use]) @@ -801,7 +809,7 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) # libressl provides these compat functions, but they may also be # declared by the OS in libc. See if they have been declared. - AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform,reallocarray]) + AC_CHECK_DECLS([strlcpy,strlcat,arc4random,arc4random_uniform]) else AC_MSG_RESULT([no]) fi @@ -834,6 +842,42 @@ AC_INCLUDES_DEFAULT #include #include ]) + +if test "$ac_cv_func_HMAC_Init_ex" = "yes"; then +# check function return type. +AC_MSG_CHECKING(the return type of HMAC_Init_ex) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif +#include +#include +], [ + HMAC_CTX* hmac_ctx = NULL; + void* hmac_key = NULL; + const EVP_MD* digest = NULL; + int x = HMAC_Init_ex(hmac_ctx, hmac_key, 32, digest, NULL); + (void)x; +])], [ + AC_MSG_RESULT(int) +], [ + AC_MSG_RESULT(void) + AC_DEFINE([HMAC_INIT_EX_RETURNS_VOID], 1, [If HMAC_Init_ex() returns void]) +]) +fi + fi AC_SUBST(SSLLIB) @@ -1298,11 +1342,11 @@ if test x_$withval = x_yes -o x_$withval != x_no; then ]) fi -# set static linking if requested +# set static linking for uninstalled libraries if requested AC_SUBST(staticexe) staticexe="" AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe], - [ enable to compile executables statically against (event) libs, for debug purposes ]), + [ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), , ) if test x_$enable_static_exe = x_yes; then staticexe="-static" @@ -1318,6 +1362,23 @@ if test x_$enable_static_exe = x_yes; then fi fi +# set full static linking if requested +AC_ARG_ENABLE(fully-static, AC_HELP_STRING([--enable-fully-static], + [ enable to compile fully static ]), + , ) +if test x_$enable_fully_static = x_yes; then + staticexe="-all-static" + if test "$on_mingw" = yes; then + # for static compile, include gdi32 and zlib here. + if echo $LIBS | grep 'lgdi32' >/dev/null; then + : + else + LIBS="$LIBS -lgdi32" + fi + LIBS="$LIBS -lz" + fi +fi + # set lock checking if requested AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], [ enable to check lock and unlock calls, for debug purposes ]), @@ -1483,6 +1544,7 @@ int main(void) { AC_MSG_RESULT(no) AC_LIBOBJ(reallocarray) ]) +AC_CHECK_DECLS([reallocarray]) if test "$USE_NSS" = "no"; then AC_REPLACE_FUNCS(arc4random) AC_REPLACE_FUNCS(arc4random_uniform) @@ -1509,6 +1571,9 @@ if test "$USE_NSS" = "no"; then fi AC_SEARCH_LIBS([clock_gettime], [rt]) ;; + *freebsd*|*FreeBSD) + AC_LIBOBJ(getentropy_freebsd) + ;; *linux*|Linux|*) AC_LIBOBJ(getentropy_linux) AC_CHECK_FUNCS([SHA512_Update],,[ @@ -1877,6 +1942,10 @@ struct tm; char *strptime(const char *s, const char *format, struct tm *tm); #endif +#if !HAVE_DECL_REALLOCARRAY +void *reallocarray(void *ptr, size_t nmemb, size_t size); +#endif + #ifdef HAVE_LIBRESSL # if !HAVE_DECL_STRLCPY size_t strlcpy(char *dst, const char *src, size_t siz); @@ -1890,9 +1959,6 @@ uint32_t arc4random(void); # if !HAVE_DECL_ARC4RANDOM_UNIFORM && defined(HAVE_ARC4RANDOM_UNIFORM) uint32_t arc4random_uniform(uint32_t upper_bound); # endif -# if !HAVE_DECL_REALLOCARRAY -void *reallocarray(void *ptr, size_t nmemb, size_t size); -# endif #endif /* HAVE_LIBRESSL */ #ifndef HAVE_ARC4RANDOM int getentropy(void* buf, size_t len); diff --git a/contrib/README b/contrib/README index 262ccc7db..f12e52f25 100644 --- a/contrib/README +++ b/contrib/README @@ -40,3 +40,12 @@ distribution but may be helpful. redis backend) redis Python modules. * unbound-fuzzme.patch: adds unbound-fuzzme program that parses a packet from stdin. Used with fuzzers, patch from Jacob Hoffman-Andrews. +* unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 + replacements for unbound-fuzzme.c that gets created after applying + the contrib/unbound-fuzzme.patch. They are contributed by + Eric Sesterhenn from X41 D-Sec. +* drop-tld.diff: adds option drop-tld: yesno that drops 2 label queries, + to stop random floods. Apply with patch -p1 < contrib/drop-tld.diff and + compile. From Saksham Manchanda (Secure64). Please note that we think + this will drop DNSKEY and DS lookups for tlds and hence break DNSSEC + lookups for downstream clients. diff --git a/contrib/create_unbound_ad_servers.sh b/contrib/create_unbound_ad_servers.sh index d31f078b3..49fdbffed 100644 --- a/contrib/create_unbound_ad_servers.sh +++ b/contrib/create_unbound_ad_servers.sh @@ -9,12 +9,13 @@ # Variables dst_dir="/etc/opt/csw/unbound" work_dir="/tmp" -list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" +list_addr="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=" # OS commands CAT=`which cat` ECHO=`which echo` WGET=`which wget` +TR=`which tr` # Check Wget installed if [ ! -f $WGET ]; then @@ -22,8 +23,10 @@ if [ ! -f $WGET ]; then exit 1 fi +# remove special characters with tr to protect unbound.conf $WGET -O $work_dir/yoyo_ad_servers "$list_addr" && \ $CAT $work_dir/yoyo_ad_servers | \ +$TR -d '";$\\' | \ while read line ; \ do \ $ECHO "local-zone: \"$line\" redirect" ;\ @@ -36,4 +39,4 @@ echo "Done." # the unbound_ad_servers file: # # include: $dst_dir/unbound_ad_servers -# \ No newline at end of file +# diff --git a/contrib/drop-tld.diff b/contrib/drop-tld.diff new file mode 100644 index 000000000..173825b37 --- /dev/null +++ b/contrib/drop-tld.diff @@ -0,0 +1,82 @@ +diff --git a/daemon/worker.c b/daemon/worker.c +index 263fcdd..f787b70 100644 +--- a/daemon/worker.c ++++ b/daemon/worker.c +@@ -1213,6 +1213,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, + addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); + log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); + } ++ ++ if(worker->env.cfg->drop_tld) { ++ int lab = dname_count_labels(qinfo.qname); ++ if (lab == 2) { ++ comm_point_drop_reply(repinfo); ++ verbose(VERB_ALGO, "Dropping one label query."); ++ return 0; ++ } ++ } + if(qinfo.qtype == LDNS_RR_TYPE_AXFR || + qinfo.qtype == LDNS_RR_TYPE_IXFR) { + verbose(VERB_ALGO, "worker request: refused zone transfer."); +diff --git a/util/config_file.h b/util/config_file.h +index b3ef930..2791541 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -274,6 +274,8 @@ struct config_file { + int prefetch_key; + /** deny queries of type ANY with an empty answer */ + int deny_any; ++ /** Drop TLD queries from clients **/ ++ int drop_tld; + + /** chrootdir, if not "" or chroot will be done */ + char* chrootdir; +diff --git a/util/configlexer.lex b/util/configlexer.lex +index a86ddf5..9bbedbb 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -299,6 +299,7 @@ private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } + prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } + prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } + deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } ++drop-tld{COLON} { YDVAR(1, VAR_DROP_TLD) } + stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } + name{COLON} { YDVAR(1, VAR_NAME) } + stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } +diff --git a/util/configparser.y b/util/configparser.y +index 10227a2..567d68e 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -164,6 +164,7 @@ extern struct config_parser_state* cfg_parser; + %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM + %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT + %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY ++%token VAR_DROP_TLD + %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY + %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES + %token VAR_TLS_SESSION_TICKET_KEYS +@@ -266,6 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port | + server_tls_cert_bundle | server_tls_additional_port | server_low_rtt | + server_fast_server_permil | server_fast_server_num | server_tls_win_cert | + server_tcp_connection_limit | server_log_servfail | server_deny_any | ++ server_drop_tld | + server_unknown_server_time_limit | server_log_tag_queryreply | + server_stream_wait_size | server_tls_ciphers | + server_tls_ciphersuites | server_tls_session_ticket_keys +@@ -1466,6 +1468,16 @@ server_deny_any: VAR_DENY_ANY STRING_ARG + free($2); + } + ; ++ ++server_drop_tld: VAR_DROP_TLD STRING_ARG ++ { ++ OUTYY(("P(server_drop_tld:%s)\n", $2)); ++ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) ++ yyerror("expected yes or no."); ++ else cfg_parser->cfg->drop_tld = (strcmp($2, "yes")==0); ++ free($2); ++ } ++ ; + server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG + { + OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2)); diff --git a/contrib/fastrpz.patch b/contrib/fastrpz.patch index 3b1b07885..c38ac22b9 100644 --- a/contrib/fastrpz.patch +++ b/contrib/fastrpz.patch @@ -2,7 +2,7 @@ Description: based on the included patch contrib/fastrpz.patch Author: fastrpz@farsightsecurity.com --- diff --git a/Makefile.in b/Makefile.in -index e9042712..870d503b 100644 +index 721c01b6..56bfb560 100644 --- a/Makefile.in +++ b/Makefile.in @@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c @@ -32,7 +32,7 @@ index e9042712..870d503b 100644 COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo -@@ -408,6 +410,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ +@@ -409,6 +411,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -45,10 +45,10 @@ index e9042712..870d503b 100644 pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ diff --git a/config.h.in b/config.h.in -index 1bfe4426..0136421d 100644 +index 8c2aa3b9..efaf6450 100644 --- a/config.h.in +++ b/config.h.in -@@ -1315,4 +1315,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, +@@ -1325,4 +1325,11 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -62,7 +62,7 @@ index 1bfe4426..0136421d 100644 +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ diff --git a/configure.ac b/configure.ac -index 811ad007..a8346f11 100644 +index 5276d441..9d74592e 100644 --- a/configure.ac +++ b/configure.ac @@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) @@ -73,7 +73,7 @@ index 811ad007..a8346f11 100644 sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1649,6 +1650,9 @@ case "$enable_ipset" in +@@ -1726,6 +1727,9 @@ case "$enable_ipset" in ;; esac @@ -84,7 +84,7 @@ index 811ad007..a8346f11 100644 # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). diff --git a/daemon/daemon.c b/daemon/daemon.c -index 96cc443e..d08b2e56 100644 +index 0b1200a2..5857c18b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -91,6 +91,9 @@ @@ -97,7 +97,7 @@ index 96cc443e..d08b2e56 100644 #ifdef HAVE_SYSTEMD #include -@@ -460,6 +463,14 @@ daemon_create_workers(struct daemon* daemon) +@@ -458,6 +461,14 @@ daemon_create_workers(struct daemon* daemon) dt_apply_cfg(daemon->dtenv, daemon->cfg); #else fatal_exit("dnstap enabled in config but not built with dnstap support"); @@ -112,7 +112,7 @@ index 96cc443e..d08b2e56 100644 #endif } for(i=0; inum; i++) { -@@ -726,6 +737,9 @@ daemon_cleanup(struct daemon* daemon) +@@ -724,6 +735,9 @@ daemon_cleanup(struct daemon* daemon) #ifdef USE_DNSCRYPT dnsc_delete(daemon->dnscenv); daemon->dnscenv = NULL; @@ -139,7 +139,7 @@ index 5749dbef..64ce230f 100644 /** diff --git a/daemon/worker.c b/daemon/worker.c -index 263fcddf..e6bc84bd 100644 +index e2ce0e87..f031c656 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -75,6 +75,9 @@ @@ -267,7 +267,7 @@ index 263fcddf..e6bc84bd 100644 } verbose(VERB_ALGO, "answer norec from cache -- " diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in -index b1d8c790..10c0aa58 100644 +index 4bdfcd56..69e70627 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1801,6 +1801,81 @@ List domain for which the AAAA records are ignored and the A record is @@ -2888,7 +2888,7 @@ index 00000000..21235355 + fi +]) diff --git a/iterator/iterator.c b/iterator/iterator.c -index c906c271..55bf2180 100644 +index 1e0113a8..2fcbf547 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -68,6 +68,9 @@ @@ -2901,7 +2901,7 @@ index c906c271..55bf2180 100644 /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; -@@ -551,6 +554,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -555,6 +558,23 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2925,7 +2925,7 @@ index c906c271..55bf2180 100644 /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -559,6 +579,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -563,6 +583,9 @@ handle_cname_response(struct module_qstate* qstate, struct iter_qstate* iq, /* Other rrsets in the section are ignored. */ } @@ -2935,7 +2935,7 @@ index c906c271..55bf2180 100644 /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; irep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -1195,6 +1218,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1199,6 +1222,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2943,7 +2943,7 @@ index c906c271..55bf2180 100644 log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1281,8 +1305,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1285,8 +1309,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, } if(msg) { /* handle positive cache response */ @@ -2953,7 +2953,7 @@ index c906c271..55bf2180 100644 if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1290,7 +1313,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -1294,7 +1317,22 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2976,7 +2976,7 @@ index c906c271..55bf2180 100644 if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2714,6 +2752,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -2718,6 +2756,62 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3039,7 +3039,7 @@ index c906c271..55bf2180 100644 if(iq->minimisation_state != DONOT_MINIMISE_STATE && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != -@@ -3467,12 +3561,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, +@@ -3471,12 +3565,44 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3125,7 +3125,7 @@ index aa4efec7..5dd3412e 100644 rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) diff --git a/services/mesh.c b/services/mesh.c -index 27f91940..f1bd4e90 100644 +index d4f814d5..624a9d95 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -60,6 +60,9 @@ @@ -3201,10 +3201,10 @@ index b3ef930a..56173b80 100644 int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ diff --git a/util/configlexer.lex b/util/configlexer.lex -index 7a972908..2d03ffc7 100644 +index a86ddf55..b56bcfb4 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex -@@ -439,6 +439,10 @@ dnstap-log-forwarder-query-messages{COLON} { +@@ -438,6 +438,10 @@ dnstap-log-forwarder-query-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } @@ -3216,7 +3216,7 @@ index 7a972908..2d03ffc7 100644 ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } diff --git a/util/configparser.y b/util/configparser.y -index 10227a2f..a519fcc7 100644 +index 10227a2f..cdbcf7cd 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -125,6 +125,7 @@ extern struct config_parser_state* cfg_parser; @@ -3384,7 +3384,7 @@ index 3a5335dd..20113217 100644 /** diff --git a/util/netevent.c b/util/netevent.c -index 9e2ba92b..06ede4e6 100644 +index 980bb8be..d537d288 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -57,6 +57,9 @@ @@ -3427,7 +3427,7 @@ index 9e2ba92b..06ede4e6 100644 if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; -@@ -3152,6 +3164,9 @@ comm_point_send_reply(struct comm_reply *repinfo) +@@ -3184,6 +3196,9 @@ comm_point_send_reply(struct comm_reply *repinfo) repinfo->c->tcp_timeout_msec); } } @@ -3437,9 +3437,9 @@ index 9e2ba92b..06ede4e6 100644 } void -@@ -3161,6 +3176,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) +@@ -3193,6 +3208,9 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; - log_assert(repinfo && repinfo->c); + log_assert(repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); +#ifdef ENABLE_FASTRPZ + rpz_end(repinfo); @@ -3447,7 +3447,7 @@ index 9e2ba92b..06ede4e6 100644 if(repinfo->c->type == comm_udp) return; if(repinfo->c->tcp_req_info) -@@ -3182,6 +3200,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) +@@ -3214,6 +3232,9 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) { verbose(VERB_ALGO, "comm point start listening %d (%d msec)", c->fd==-1?newfd:c->fd, msec); @@ -3473,7 +3473,7 @@ index d80c72b3..0233292f 100644 uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES]; diff --git a/validator/validator.c b/validator/validator.c -index fa8d5419..5628ef0b 100644 +index 4c560a8e..71de3760 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -2755,6 +2755,12 @@ ds_response_to_ke(struct module_qstate* qstate, struct val_qstate* vq, diff --git a/contrib/unbound-fuzzers.tar.bz2 b/contrib/unbound-fuzzers.tar.bz2 new file mode 100644 index 000000000..562aa15d8 Binary files /dev/null and b/contrib/unbound-fuzzers.tar.bz2 differ diff --git a/contrib/unbound.init b/contrib/unbound.init index cccadeccf..c5bb52bb4 100644 --- a/contrib/unbound.init +++ b/contrib/unbound.init @@ -54,10 +54,10 @@ start() { [ -e ${rootdir}/dev/log ] || touch ${rootdir}/dev/log mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; fi; - if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then + if ! egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/urandom' /proc/mounts; then [ -d ${rootdir}/dev ] || mkdir -p ${rootdir}/dev ; - [ -e ${rootdir}/dev/random ] || touch ${rootdir}/dev/random - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; + [ -e ${rootdir}/dev/urandom ] || touch ${rootdir}/dev/urandom + mount --bind -n /dev/urandom ${rootdir}/dev/urandom >/dev/null 2>&1; fi; # if not running, start it up here @@ -78,8 +78,8 @@ stop() { if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/log' /proc/mounts; then umount ${rootdir}/dev/log >/dev/null 2>&1 fi; - if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/random' /proc/mounts; then - umount ${rootdir}/dev/random >/dev/null 2>&1 + if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}'/dev/urandom' /proc/mounts; then + umount ${rootdir}/dev/urandom >/dev/null 2>&1 fi; return $retval } diff --git a/contrib/unbound.init_fedora b/contrib/unbound.init_fedora index 9f7e4422b..989440341 100644 --- a/contrib/unbound.init_fedora +++ b/contrib/unbound.init_fedora @@ -42,7 +42,7 @@ start() { cp -fp /etc/localtime ${rootdir}/etc/localtime fi; mount --bind -n /dev/log ${rootdir}/dev/log >/dev/null 2>&1; - mount --bind -n /dev/random ${rootdir}/dev/random >/dev/null 2>&1; + mount --bind -n /dev/urandom ${rootdir}/dev/urandom >/dev/null 2>&1; mount --bind -n /var/run/unbound ${rootdir}/var/run/unbound >/dev/null 2>&1; # if not running, start it up here @@ -58,7 +58,7 @@ stop() { killproc -p $pidfile unbound retval=$? [ $retval -eq 0 ] && rm -f $lockfile - for mountfile in /dev/log /dev/random /etc/localtime /etc/resolv.conf /var/run/unbound + for mountfile in /dev/log /dev/urandom /etc/localtime /etc/resolv.conf /var/run/unbound do if egrep -q '^/[^[:space:]]+[[:space:]]+'${rootdir}''${mountfile}'' /proc/mounts; then umount ${rootdir}$mountfile >/dev/null 2>&1 diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index 95976dd94..13ca4b294 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -9,11 +9,11 @@ Wants=nss-lookup.target WantedBy=multi-user.target [Service] -ExecReload=/bin/kill -HUP $MAINPID -ExecStart=@UNBOUND_SBIN_DIR@/unbound +ExecReload=+/bin/kill -HUP $MAINPID +ExecStart=@UNBOUND_SBIN_DIR@/unbound -d NotifyAccess=main Type=notify -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_NET_RAW MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateDevices=true @@ -21,11 +21,17 @@ PrivateTmp=true ProtectHome=true ProtectControlGroups=true ProtectKernelModules=true -ProtectKernelTunables=true ProtectSystem=strict -ReadWritePaths=@UNBOUND_SYSCONF_DIR@ @UNBOUND_LOCALSTATE_DIR@ /run @UNBOUND_RUN_DIR@ +ReadWritePaths=/run @UNBOUND_RUN_DIR@ @UNBOUND_CHROOT_DIR@ +TemporaryFileSystem=@UNBOUND_CHROOT_DIR@/dev:ro +TemporaryFileSystem=@UNBOUND_CHROOT_DIR@/run:ro +BindReadOnlyPaths=-/run/systemd/notify:@UNBOUND_CHROOT_DIR@/run/systemd/notify +BindReadOnlyPaths=-/dev/urandom:@UNBOUND_CHROOT_DIR@/dev/urandom +BindPaths=-/dev/log:@UNBOUND_CHROOT_DIR@/dev/log RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources - +RestrictNamespaces=yes +LockPersonality=yes +RestrictSUIDSGID=yes diff --git a/daemon/daemon.c b/daemon/daemon.c index f0fb1f407..8b0fc3483 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -221,7 +221,9 @@ daemon_init(void) (void)sldns_key_EVP_load_gost_id(); # endif # if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif # else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS @@ -248,8 +250,6 @@ daemon_init(void) /* init timezone info while we are not chrooted yet */ tzset(); #endif - /* open /dev/random if needed */ - ub_systemseed((unsigned)time(NULL)^(unsigned)getpid()^0xe67); daemon->need_to_exit = 0; modstack_init(&daemon->mods); if(!(daemon->env = (struct module_env*)calloc(1, @@ -427,9 +427,7 @@ daemon_create_workers(struct daemon* daemon) int* shufport; log_assert(daemon && daemon->cfg); if(!daemon->rand) { - unsigned int seed = (unsigned int)time(NULL) ^ - (unsigned int)getpid() ^ 0x438; - daemon->rand = ub_initstate(seed, NULL); + daemon->rand = ub_initstate(NULL); if(!daemon->rand) fatal_exit("could not init random generator"); hash_set_raninit((uint32_t)ub_random(daemon->rand)); diff --git a/daemon/remote.c b/daemon/remote.c index 85300972d..6fc152858 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -500,7 +500,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, goto close_exit; } SSL_set_accept_state(n->ssl); - (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(n->ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(n->ssl, newfd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(n->ssl); @@ -675,19 +675,19 @@ static void send_ok(RES* ssl) /** do the stop command */ static void -do_stop(RES* ssl, struct daemon_remote* rc) +do_stop(RES* ssl, struct worker* worker) { - rc->worker->need_to_exit = 1; - comm_base_exit(rc->worker->base); + worker->need_to_exit = 1; + comm_base_exit(worker->base); send_ok(ssl); } /** do the reload command */ static void -do_reload(RES* ssl, struct daemon_remote* rc) +do_reload(RES* ssl, struct worker* worker) { - rc->worker->need_to_exit = 0; - comm_base_exit(rc->worker->base); + worker->need_to_exit = 0; + comm_base_exit(worker->base); send_ok(ssl); } @@ -1081,9 +1081,9 @@ print_ext(RES* ssl, struct ub_stats_info* s) /** do the stats command */ static void -do_stats(RES* ssl, struct daemon_remote* rc, int reset) +do_stats(RES* ssl, struct worker* worker, int reset) { - struct daemon* daemon = rc->worker->daemon; + struct daemon* daemon = worker->daemon; struct ub_stats_info total; struct ub_stats_info s; int i; @@ -1091,7 +1091,7 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset) log_assert(daemon->num > 0); /* gather all thread statistics in one place */ for(i=0; inum; i++) { - server_stats_obtain(rc->worker, daemon->workers[i], &s, reset); + server_stats_obtain(worker, daemon->workers[i], &s, reset); if(!print_thread_stats(ssl, i, &s)) return; if(i == 0) @@ -1102,10 +1102,10 @@ do_stats(RES* ssl, struct daemon_remote* rc, int reset) total.mesh_time_median /= (double)daemon->num; if(!print_stats(ssl, "total", &total)) return; - if(!print_uptime(ssl, rc->worker, reset)) + if(!print_uptime(ssl, worker, reset)) return; if(daemon->cfg->stat_extended) { - if(!print_mem(ssl, rc->worker, daemon, &total)) + if(!print_mem(ssl, worker, daemon, &total)) return; if(!print_hist(ssl, &total)) return; @@ -2862,16 +2862,16 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, char* p = skipwhite(cmd); /* compare command */ if(cmdcmp(p, "stop", 4)) { - do_stop(ssl, rc); + do_stop(ssl, worker); return; } else if(cmdcmp(p, "reload", 6)) { - do_reload(ssl, rc); + do_reload(ssl, worker); return; } else if(cmdcmp(p, "stats_noreset", 13)) { - do_stats(ssl, rc, 0); + do_stats(ssl, worker, 0); return; } else if(cmdcmp(p, "stats", 5)) { - do_stats(ssl, rc, 1); + do_stats(ssl, worker, 1); return; } else if(cmdcmp(p, "status", 6)) { do_status(ssl, worker); @@ -3136,7 +3136,7 @@ remote_handshake_later(struct daemon_remote* rc, struct rc_state* s, } else { if(r == 0) log_err("remote control connection closed prematurely"); - log_addr(1, "failed connection from", + log_addr(VERB_OPS, "failed connection from", &s->c->repinfo.addr, s->c->repinfo.addrlen); log_crypto_err("remote control failed ssl"); clean_point(rc, s); diff --git a/daemon/unbound.c b/daemon/unbound.c index f696b19d3..beffb5700 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -787,7 +787,7 @@ main(int argc, char* argv[]) log_init(NULL, 0, NULL); /* close logfile */ #ifndef unbound_testbound if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } #endif return 0; diff --git a/daemon/worker.c b/daemon/worker.c index 8422ce111..d41453f7c 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1495,9 +1495,11 @@ lookup_cache: * Note that if there is more than one pass * its qname must be that used for cache * lookup. */ - if((worker->env.cfg->prefetch || worker->env.cfg->serve_expired) - && *worker->env.now >= - ((struct reply_info*)e->data)->prefetch_ttl) { + if((worker->env.cfg->prefetch && *worker->env.now >= + ((struct reply_info*)e->data)->prefetch_ttl) || + (worker->env.cfg->serve_expired && + *worker->env.now >= ((struct reply_info*)e->data)->ttl)) { + time_t leeway = ((struct reply_info*)e-> data)->ttl - *worker->env.now; if(((struct reply_info*)e->data)->ttl @@ -1589,16 +1591,17 @@ send_reply_rc: #endif if(worker->env.cfg->log_replies) { - struct timeval tv = {0, 0}; + struct timeval tv; + memset(&tv, 0, sizeof(tv)); if(qinfo.local_alias && qinfo.local_alias->rrset && qinfo.local_alias->rrset->rk.dname) { /* log original qname, before the local alias was * used to resolve that CNAME to something else */ qinfo.qname = qinfo.local_alias->rrset->rk.dname; - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } else { - log_reply_info(0, &qinfo, &repinfo->addr, repinfo->addrlen, + log_reply_info(NO_VERBOSE, &qinfo, &repinfo->addr, repinfo->addrlen, tv, 1, c->buffer); } } @@ -1707,11 +1710,7 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) return NULL; } /* create random state here to avoid locking trouble in RAND_bytes */ - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)worker->thread_num)<<17); - /* shift thread_num so it does not match out pid bits */ - if(!(worker->rndstate = ub_initstate(seed, daemon->rand))) { - explicit_bzero(&seed, sizeof(seed)); + if(!(worker->rndstate = ub_initstate(daemon->rand))) { log_err("could not init random numbers."); tube_delete(worker->cmd); free(worker->ports); diff --git a/dns64/dns64.c b/dns64/dns64.c index f2834da2b..1a569059a 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -191,16 +191,19 @@ uitoa(unsigned n, char* s) * * \param ipv6 IPv6 address represented as a 128-bit array in big-endian * order. + * \param ipv6_len length of the ipv6 byte array. * \param offset Index of the MSB of the IPv4 address embedded in the IPv6 * address. */ static uint32_t -extract_ipv4(const uint8_t ipv6[16], const int offset) +extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) { - uint32_t ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); + uint32_t ipv4; + log_assert(ipv6_len == 16); (void)ipv6_len; + ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) + | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) + | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) + | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); if (offset/8+4 < 16) ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); return ipv4; @@ -214,22 +217,26 @@ extract_ipv4(const uint8_t ipv6[16], const int offset) * \param ipv4 IPv4 address represented as an unsigned 32-bit number. * \param ptr The result will be written here. Must be large enough, be * careful! + * \param nm_len length of the ptr buffer. * * \return The number of characters written. */ static size_t -ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) +ipv4_to_ptr(uint32_t ipv4, char ptr[], size_t nm_len) { static const char IPV4_PTR_SUFFIX[] = "\07in-addr\04arpa"; int i; char* c = ptr; + log_assert(nm_len == MAX_PTR_QNAME_IPV4); for (i = 0; i < 4; ++i) { *c = uitoa((unsigned int)(ipv4 % 256), c + 1); c += *c + 1; + log_assert(c < ptr+nm_len); ipv4 /= 256; } + log_assert(c + sizeof(IPV4_PTR_SUFFIX) <= ptr+nm_len); memmove(c, IPV4_PTR_SUFFIX, sizeof(IPV4_PTR_SUFFIX)); return c + sizeof(IPV4_PTR_SUFFIX) - ptr; @@ -241,13 +248,15 @@ ipv4_to_ptr(uint32_t ipv4, char ptr[MAX_PTR_QNAME_IPV4]) * * \param ptr The domain name. (e.g. "\011[...]\010\012\016\012\03ip6\04arpa") * \param ipv6 The result will be written here, in network byte order. + * \param ipv6_len length of the ipv6 byte array. * * \return 1 on success, 0 on failure. */ static int -ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) +ptr_to_ipv6(const char* ptr, uint8_t ipv6[], size_t ipv6_len) { int i; + log_assert(ipv6_len == 16); (void)ipv6_len; for (i = 0; i < 64; i++) { int x; @@ -275,14 +284,20 @@ ptr_to_ipv6(const char* ptr, uint8_t ipv6[16]) * Synthesize an IPv6 address based on an IPv4 address and the DNS64 prefix. * * \param prefix_addr DNS64 prefix address. + * \param prefix_addr_len length of the prefix_addr buffer. * \param prefix_net CIDR length of the DNS64 prefix. Must be between 0 and 96. * \param a IPv4 address. + * \param a_len length of the a buffer. * \param aaaa IPv6 address. The result will be written here. + * \param aaaa_len length of the aaaa buffer. */ static void -synthesize_aaaa(const uint8_t prefix_addr[16], int prefix_net, - const uint8_t a[4], uint8_t aaaa[16]) +synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, + int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[], + size_t aaaa_len) { + log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16); + (void)prefix_addr_len; (void)a_len; (void)aaaa_len; memcpy(aaaa, prefix_addr, 16); aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); @@ -447,7 +462,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) /* Convert the PTR query string to an IPv6 address. */ memset(&sin6, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; - if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr)) + if (!ptr_to_ipv6((char*)qstate->qinfo.qname, sin6.sin6_addr.s6_addr, + sizeof(sin6.sin6_addr.s6_addr))) return module_wait_module; /* Let other module handle this. */ /* @@ -470,7 +486,8 @@ handle_ipv6_ptr(struct module_qstate* qstate, int id) if (!(qinfo.qname = regional_alloc(qstate->region, MAX_PTR_QNAME_IPV4))) return module_error; qinfo.qname_len = ipv4_to_ptr(extract_ipv4(sin6.sin6_addr.s6_addr, - dns64_env->prefix_net), (char*)qinfo.qname); + sizeof(sin6.sin6_addr.s6_addr), dns64_env->prefix_net), + (char*)qinfo.qname, MAX_PTR_QNAME_IPV4); /* Create the new sub-query. */ fptr_ok(fptr_whitelist_modenv_attach_sub(qstate->env->attach_sub)); @@ -740,8 +757,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk, dd->rr_data[i][1] = 16; synthesize_aaaa( ((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr, + sizeof(((struct sockaddr_in6*)&dns64_env->prefix_addr)->sin6_addr.s6_addr), dns64_env->prefix_net, &fd->rr_data[i][2], - &dd->rr_data[i][2] ); + fd->rr_len[i]-2, &dd->rr_data[i][2], + dd->rr_len[i]-2); dd->rr_ttl[i] = fd->rr_ttl[i]; } @@ -928,6 +947,12 @@ dns64_inform_super(struct module_qstate* qstate, int id, if(!super_dq) { super_dq = (struct dns64_qstate*)regional_alloc(super->region, sizeof(*super_dq)); + if(!super_dq) { + log_err("out of memory"); + super->return_rcode = LDNS_RCODE_SERVFAIL; + super->return_msg = NULL; + return; + } super->minfo[id] = super_dq; memset(super_dq, 0, sizeof(*super_dq)); super_dq->started_no_cache_store = super->no_cache_store; diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index 0787dec23..843735018 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -316,15 +316,15 @@ dnscrypt_server_uncurve(struct dnsc_env* env, #else return -1; #endif - } else { - if (crypto_box_beforenm(nmkey, - query_header->publickey, - cert->keypair->crypt_secretkey) != 0) { - return -1; - } - } - // Cache the shared secret we just computed. - dnsc_shared_secret_cache_insert(env->shared_secrets_cache, + } else { + if (crypto_box_beforenm(nmkey, + query_header->publickey, + cert->keypair->crypt_secretkey) != 0) { + return -1; + } + } + // Cache the shared secret we just computed. + dnsc_shared_secret_cache_insert(env->shared_secrets_cache, key, hash, nmkey); @@ -442,20 +442,7 @@ dnscrypt_hrtime(void) static void add_server_nonce(uint8_t *nonce) { - uint64_t ts; - uint64_t tsn; - uint32_t suffix; - ts = dnscrypt_hrtime(); - // TODO? dnscrypt-wrapper does some logic with context->nonce_ts_last - // unclear if we really need it, so skipping it for now. - tsn = (ts << 10) | (randombytes_random() & 0x3ff); -#if (BYTE_ORDER == LITTLE_ENDIAN) - tsn = - (((uint64_t)htonl((uint32_t)tsn)) << 32) | htonl((uint32_t)(tsn >> 32)); -#endif - memcpy(nonce + crypto_box_HALF_NONCEBYTES, &tsn, 8); - suffix = randombytes_random(); - memcpy(nonce + crypto_box_HALF_NONCEBYTES + 8, &suffix, 4); + randombytes_buf(nonce + crypto_box_HALF_NONCEBYTES, 8/*tsn*/+4/*suffix*/); } /** @@ -732,6 +719,11 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) ); continue; } + if((unsigned)strlen(dnscenv->provider_name) >= (unsigned)0xffff0000) { + /* guard against integer overflow in rrlen calculation */ + verbose(VERB_OPS, "cert #%" PRIu32 " is too long", serial); + continue; + } rrlen = strlen(dnscenv->provider_name) + strlen(ttl_class_type) + 4 * sizeof(struct SignedCert) + // worst case scenario @@ -746,9 +738,9 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) for(j=0; jlocal_data, strdup(rr)); free(rr); } @@ -877,7 +869,7 @@ sodium_misuse_handler(void) fatal_exit( "dnscrypt: libsodium could not be initialized, this typically" " happens when no good source of entropy is found. If you run" - " unbound in a chroot, make sure /dev/random is available. See" + " unbound in a chroot, make sure /dev/urandom is available. See" " https://www.unbound.net/documentation/unbound.conf.html"); } diff --git a/doc/Changelog b/doc/Changelog index 19d4e2d8d..519f4c3ea 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,268 @@ +14 January 2020: Wouter + - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, + because dnscrypt-proxy (2.0.36) does not support the test setup + any more, and also the config file format does not seem to have + the appropriate keys to recreate that setup. + - Fix crash after reload where a stats lookup could reference old key + cache and neg cache structures. + - Fix for memory leak when edns subnet config options are read when + compiled without edns subnet support. + - Fix auth zone support for NSEC3 records without salt. + +10 January 2020: Wouter + - Fix the relationship between serve-expired and prefetch options, + patch from Saksham Manchanda from Secure64. + - Fix unreachable code in ssl set options code. + +8 January 2020: Ralph + - Fix #138: stop binding pidfile inside chroot dir in systemd service + file. + +8 January 2020: Wouter + - Fix 'make test' to work for --disable-sha1 configure option. + - Fix out-of-bounds null-byte write in sldns_bget_token_par while + parsing type WKS, reported by Luis Merino from X41 D-Sec. + - Updated sldns_bget_token_par fix for also space for the zero + delimiter after the character. And update for more spare space. + +6 January 2020: George + - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. + The dl_iterate_phdr() function introduced in newer versions raises + compilation errors on solaris 10. + - Changes to compat/getentropy_solaris.c for, + ifdef stdint.h inclusion for older systems. + ifdef sha2.h inclusion for older systems. + +6 January 2020: Wouter + - Merge #135 from Florian Obser: Use passed in neg and key cache + if non-NULL. + - Fix #140: Document slave not downloading new zonefile upon update. + +16 December 2019: George + - Update mailing list URL. + +12 December 2019: Ralph + - Master is 1.9.7 in development. + - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by + Florian Obser + +10 December 2019: Wouter + - Fix to make auth zone IXFR to fallback to AXFR if a single + response RR is received over TCP with the SOA in it. + +6 December 2019: Wouter + - Fix ipsecmod compile. + - Fix Makefile.in for ipset module compile, from Adi Prasaja. + - release-1.9.6 tag, which became the 1.9.6 release + +5 December 2019: Wouter + - unbound-fuzzers.tar.bz2: three programs for fuzzing, that are 1:1 + replacements for unbound-fuzzme.c that gets created after applying + the contrib/unbound-fuzzme.patch. They are contributed by + Eric Sesterhenn from X41 D-Sec. + - tag for 1.9.6rc1. + +4 December 2019: Wouter + - Fix lock type for memory purify log lock deletion. + - Fix testbound for alloccheck runs, memory purify and lock checks. + - update contrib/fastrpz.patch to apply more cleanly. + - Fix Make Test Fails when Configured With --enable-alloc-nonregional, + reported by X41 D-Sec. + +3 December 2019: Wouter + - Merge pull request #124 from rmetrich: Changed log lock + from 'quick' to 'basic' because this is an I/O lock. + - Fix text around serial arithmatic used for RRSIG times to refer + to correct RFC number. + - Fix Assert Causing DoS in synth_cname(), + reported by X41 D-Sec. + - Fix similar code in auth_zone synth cname to add the extra checks. + - Fix Assert Causing DoS in dname_pkt_copy(), + reported by X41 D-Sec. + - Fix OOB Read in sldns_wire2str_dname_scan(), + reported by X41 D-Sec. + - Fix Out of Bounds Write in sldns_str2wire_str_buf(), + reported by X41 D-Sec. + - Fix Out of Bounds Write in sldns_b64_pton(), + fixed by check in sldns_str2wire_int16_data_buf(), + reported by X41 D-Sec. + - Fix Insufficient Handling of Compressed Names in dname_pkt_copy(), + reported by X41 D-Sec. + - Fix Out of Bound Write Compressed Names in rdata_copy(), + reported by X41 D-Sec. + - Fix Hang in sldns_wire2str_pkt_scan(), + reported by X41 D-Sec. + This further lowers the max to 256. + - Fix snprintf() supports the n-specifier, + reported by X41 D-Sec. + - Fix Bad Indentation, in dnscrypt.c, + reported by X41 D-Sec. + - Fix Client NONCE Generation used for Server NONCE, + reported by X41 D-Sec. + - Fix compile error in dnscrypt. + - Fix _vfixed not Used, removed from sbuffer code, + reported by X41 D-Sec. + - Fix Hardcoded Constant, reported by X41 D-Sec. + - make depend + +2 December 2019: Wouter + - Merge pull request #122 from he32: In tcp_callback_writer(), + don't disable time-out when changing to read. + +22 November 2019: George + - Fix compiler warnings. + +22 November 2019: Wouter + - Fix dname loop maximum, reported by Eric Sesterhenn from X41 D-Sec. + - Add make distclean that removes everything configure produced, + and make maintainer-clean that removes bison and flex output. + +20 November 2019: Wouter + - Fix Out of Bounds Read in rrinternal_get_owner(), + reported by X41 D-Sec. + - Fix Race Condition in autr_tp_create(), + reported by X41 D-Sec. + - Fix Shared Memory World Writeable, + reported by X41 D-Sec. + - Adjust unbound-control to make stats_shm a read only operation. + - Fix Weak Entropy Used For Nettle, + reported by X41 D-Sec. + - Fix Randomness Error not Handled Properly, + reported by X41 D-Sec. + - Fix Out-of-Bounds Read in dname_valid(), + reported by X41 D-Sec. + - Fix Config Injection in create_unbound_ad_servers.sh, + reported by X41 D-Sec. + - Fix Local Memory Leak in cachedb_init(), + reported by X41 D-Sec. + - Fix Integer Underflow in Regional Allocator, + reported by X41 D-Sec. + - Upgrade compat/getentropy_linux.c to version 1.46 from OpenBSD. + - Synchronize compat/getentropy_win.c with version 1.5 from + OpenBSD, no changes but makes the file, comments, identical. + - Upgrade compat/getentropy_solaris.c to version 1.13 from OpenBSD. + - Upgrade compat/getentropy_osx.c to version 1.12 from OpenBSD. + - Changes to compat/getentropy files for, + no link to openssl if using nettle, and hence config.h for + HAVE_NETTLE variable. + compat definition of MAP_ANON, for older systems. + ifdef stdint.h inclusion for older systems. + ifdef sha2.h inclusion for older systems. + - Fixed Compat Code Diverging from Upstream, reported by X41 D-Sec. + - Fix compile with --enable-alloc-checks, reported by X41 D-Sec. + - Fix Terminating Quotes not Written, reported by X41 D-Sec. + - Fix Useless memset() in validator, reported by X41 D-Sec. + - Fix Unrequired Checks, reported by X41 D-Sec. + - Fix Enum Name not Used, reported by X41 D-Sec. + - Fix NULL Pointer Dereference via Control Port, + reported by X41 D-Sec. + - Fix Bad Randomness in Seed, reported by X41 D-Sec. + - Fix python examples/calc.py for eval, reported by X41 D-Sec. + - Fix comments for doxygen in dns64. + +19 November 2019: Wouter + - Fix CVE-2019-18934, shell execution in ipsecmod. + - 1.9.5 is 1.9.4 with bugfix, trunk is 1.9.6 in development. + - Fix authzone printout buffer length check. + - Fixes to please lint checks. + - Fix Integer Overflow in Regional Allocator, + reported by X41 D-Sec. + - Fix Unchecked NULL Pointer in dns64_inform_super() + and ipsecmod_new(), reported by X41 D-Sec. + - Fix Out-of-bounds Read in rr_comment_dnskey(), + reported by X41 D-Sec. + - Fix Integer Overflows in Size Calculations, + reported by X41 D-Sec. + - Fix Integer Overflow to Buffer Overflow in + sldns_str2wire_dname_buf_origin(), reported by X41 D-Sec. + - Fix Out of Bounds Read in sldns_str2wire_dname(), + reported by X41 D-Sec. + - Fix Out of Bounds Write in sldns_bget_token_par(), + reported by X41 D-Sec. + +18 November 2019: Wouter + - In unbound-host use separate variable for get_option to please + code checkers. + - update to bison output of 3.4.1 in code repository. + - Provide a prototype for compat malloc to remove compile warning. + - Portable grep usage for reuseport configure test. + - Check return type of HMAC_Init_ex for openssl 0.9.8. + - gitignore .source tempfile used for compatible make. + +13 November 2019: Wouter + - iana portlist updated. + - contrib/fastrpz.patch updated to apply for current code. + - fixes for splint cleanliness, long vs int in SSL set_mode. + +11 November 2019: Wouter + - Fix #109: check number of arguments for stdin-pipes in + unbound-control and fail if too many arguments. + - Merge #102 from jrtc27: Add getentropy emulation for FreeBSD. + +24 October 2019: Wouter + - Fix #99: Memory leak in ub_ctx (event_base will never be freed). + +23 October 2019: George + - Add new configure option `--enable-fully-static` to enable full static + build if requested; in relation to #91. + +23 October 2019: Wouter + - Merge #97: manpage: Add missing word on unbound.conf, + from Erethon. + +22 October 2019: Wouter + - drop-tld.diff: adds option drop-tld: yesno that drops 2 label + queries, to stop random floods. Apply with + patch -p1 < contrib/drop-tld.diff and compile. + From Saksham Manchanda (Secure64). Please note that we think this + will drop DNSKEY and DS lookups for tlds and hence break DNSSEC + lookups for downstream clients. + +7 October 2019: Wouter + - Add doxygen comments to unbound-anchor source address code, in #86. + +3 October 2019: Wouter + - Merge #90 from vcunat: fix build with nettle-3.5. + - Merge 1.9.4 release with fix for vulnerability CVE-2019-16866. + - Continue with development of 1.9.5. + - Merge #86 from psquarejho: Added -b source address option to + smallapp/unbound-anchor.c, from Lukas Wunner. + +26 September 2019: Wouter + - Merge #87 from hardfalcon: Fix contrib/unbound.service.in, + Drop CAP_KILL, use + prefix for ExecReload= instead. + +25 September 2019: Wouter + - The unbound.conf includes are sorted ascending, for include + statements with a '*' from glob. + +23 September 2019: Wouter + - Merge #85 for #84 from sam-lunt: Add kill capability to systemd + service file to fix that systemctl reload fails. + +20 September 2019: Wouter + - Merge #82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW + in unbound.service. + - Merge #81 from Maryse47: Consistently use /dev/urandom instead + of /dev/random in scripts and docs. + - Merge #83 from Maryse47: contrib/unbound.service.in: do not fork + into the background. + +19 September 2019: Wouter + - Fix #78: Memory leak in outside_network.c. + - Merge pull request #76 from Maryse47: Improvements and fixes for + systemd unbound.service. + - oss-fuzz badge on README.md. + - Fix fix for #78 to also free service callback struct. + - Fix for oss-fuzz build warning. + - Fix wrong response ttl for prepended short CNAME ttls, this would + create a wrong zero_ttl response count with serve-expired enabled. + - Merge #80 from stasic: Improve wording in man page. + +11 September 2019: Wouter + - Use explicit bzero for wiping clear buffer of hash in cachedb, + reported by Eric Sesterhenn from X41 D-Sec. + 9 September 2019: Wouter - Fix #72: configure --with-syslog-facility=LOCAL0-7 with default LOG_DAEMON (as before) can set the syslog facility that the server diff --git a/doc/README b/doc/README index a10388867..b9366ffe6 100644 --- a/doc/README +++ b/doc/README @@ -99,7 +99,7 @@ o If you are not receiving the correct source IP address on replies (e.g. the config file is an alternative. The interface-automatic option uses non portable socket options, Linux and FreeBSD should work fine. o The warning 'openssl has no entropy, seeding with time', with chroot - enabled, may be solved with a symbolic link to /dev/random from . + enabled, may be solved with a symbolic link to /dev/urandom from . o On Solaris 5.10 some libtool packages from repositories do not work with gcc, showing errors gcc: unrecognized option `-KPIC' To solve this do ./configure libtool=./libtool [your options...]. diff --git a/doc/TODO b/doc/TODO index bfeef4aa4..a2690451a 100644 --- a/doc/TODO +++ b/doc/TODO @@ -29,7 +29,7 @@ o support OPT record placement on recv anywhere in the additional section. o add local-file: config with authority features. o (option) to make local-data answers be secure for libunbound (default=no) o (option) to make chroot: copy all needed files into jail (or make jail) - perhaps also print reminder to link /dev/random and sysloghack. + perhaps also print reminder to link /dev/urandom and sysloghack. o overhaul outside-network servicedquery to merge with udpwait and tcpwait, to make timers in servicedquery independent of udpwait queues. o check into rebinding ports for efficiency, configure time test. diff --git a/doc/example.conf.in b/doc/example.conf.in index b30dca513..ff5c16fc8 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -286,7 +286,7 @@ server: # The pid file can be absolute and outside of the chroot, it is # written just prior to performing the chroot and dropping permissions. # - # Additionally, unbound may need to access /dev/random (for entropy). + # Additionally, unbound may need to access /dev/urandom (for entropy). # How to do this is specific to your OS. # # If you give "" no chroot is performed. The path must not end in a /. diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index e114eb256..bccd33161 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -69,6 +69,10 @@ The server name, it connects to https://name. Specify without https:// prefix. The default is "data.iana.org". It connects to the port specified with \-P. You can pass an IPv4 address or IPv6 address (no brackets) if you want. .TP +.B \-b \fIaddress +The source address to bind to for domain resolution and contacting the server +on https. May be either an IPv4 address or IPv6 address (no brackets). +.TP .B \-x \fIpath The pathname to the root\-anchors.xml file on the server. (forms URL with \-u). The default is /root\-anchors/root\-anchors.xml. diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 3a649f450..5f8043fa5 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -50,7 +50,7 @@ server: username: unbound # make sure unbound can access entropy from inside the chroot. # e.g. on linux the use these commands (on BSD, devfs(8) is used): - # mount \-\-bind \-n /dev/random /etc/unbound/dev/random + # mount \-\-bind \-n /dev/urandom /etc/unbound/dev/urandom # and mount \-\-bind \-n /dev/log /etc/unbound/dev/log chroot: "/etc/unbound" # logfile: "/etc/unbound/unbound.log" #uncomment to use logfile. @@ -633,7 +633,7 @@ to chroot and dropping permissions. This allows the pidfile to be Unbound is not able to remove the pidfile after termination when it is located outside of the chroot directory. .IP -Additionally, unbound may need to access /dev/random (for entropy) +Additionally, unbound may need to access /dev/urandom (for entropy) from inside the chroot. .IP If given a chroot is done to the given directory. By default chroot is @@ -775,7 +775,7 @@ wise to send these, and could be necessary for operation if TSIG or EDNS payload is very large. .TP .B harden\-glue: \fI -Will trust glue only if it is within the servers authority. Default is on. +Will trust glue only if it is within the servers authority. Default is yes. .TP .B harden\-dnssec\-stripped: \fI Require DNSSEC data for trust\-anchored zones, if such data is absent, @@ -785,7 +785,7 @@ this behaves like there is no trust anchor. You could turn this off if you are sometimes behind an intrusive firewall (of some sort) that removes DNSSEC data from packets, or a zone changes from signed to unsigned to badly signed often. If turned off you run the risk of a -downgrade attack that disables security for a zone. Default is on. +downgrade attack that disables security for a zone. Default is yes. .TP .B harden\-below\-nxdomain: \fI From RFC 8020 (with title "NXDOMAIN: There Really Is Nothing Underneath"), @@ -795,7 +795,7 @@ noerror for empty nonterminals, hence this is possible. Very old software might return nxdomain for empty nonterminals (that usually happen for reverse IP address lookups), and thus may be incompatible with this. To try to avoid this only DNSSEC-secure nxdomains are used, because the old software does not -have DNSSEC. Default is on. +have DNSSEC. Default is yes. The nxdomain must be secure, this means nsec3 with optout is insufficient. .TP .B harden\-referral\-path: \fI @@ -949,7 +949,7 @@ Default is "", or no trust anchor file. .TP .B auto\-trust\-anchor\-file: \fI File with trust anchor for one zone, which is tracked with RFC5011 probes. -The probes are several times per month, thus the machine must be online +The probes are run several times per month, thus the machine must be online frequently. The initial file can be one with contents as described in \fBtrust\-anchor\-file\fR. The file is written to when the anchor is updated, so the unbound user must have write permission. Write permission to the file, @@ -974,10 +974,10 @@ It is possible to use wildcards with this statement, the wildcard is expanded on start and on reload. .TP .B trust\-anchor\-signaling: \fI -Send RFC8145 key tag query after trust anchor priming. Default is on. +Send RFC8145 key tag query after trust anchor priming. Default is yes. .TP .B root\-key\-sentinel: \fI -Root key trust anchor sentinel. Default is on. +Root key trust anchor sentinel. Default is yes. .TP .B dlv\-anchor\-file: \fI This option was used during early days DNSSEC deployment when no parent-side @@ -1680,6 +1680,12 @@ Name of the authority zone. Where to download a copy of the zone from, with AXFR and IXFR. Multiple masters can be specified. They are all tried if one fails. With the "ip#name" notation a AXFR over TLS can be used. +If you point it at another Unbound instance, it would not work because +that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download +the zonefile as a text file from a webserver that would work. +If you specify the hostname, you cannot use the domain from the zonefile, +because it may not have that when retrieving that data, instead use a plain +IP address to avoid a circular dependency on retrieving that IP address. .TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example @@ -1691,6 +1697,10 @@ see if the SOA serial number has changed, reducing the number of downloads. If none of the urls work, the masters are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. +If you specify a hostname in the URL, you cannot use the domain from the +zonefile, because it may not have that when retrieving that data, instead +use a plain IP address to avoid a circular dependency on retrieving that IP +address. Avoid dependencies on name lookups by using a notation like "http://192.0.2.1/unbound-master/example.com.zone", with an explicit IP address. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies. diff --git a/ipsecmod/ipsecmod.c b/ipsecmod/ipsecmod.c index c8400c633..a1f40a512 100644 --- a/ipsecmod/ipsecmod.c +++ b/ipsecmod/ipsecmod.c @@ -103,11 +103,11 @@ ipsecmod_new(struct module_qstate* qstate, int id) { struct ipsecmod_qstate* iq = (struct ipsecmod_qstate*)regional_alloc( qstate->region, sizeof(struct ipsecmod_qstate)); - memset(iq, 0, sizeof(*iq)); qstate->minfo[id] = iq; if(!iq) return 0; /* Initialise it. */ + memset(iq, 0, sizeof(*iq)); iq->enabled = qstate->env->cfg->ipsecmod_enabled; iq->is_whitelisted = ipsecmod_domain_is_whitelisted( (struct ipsecmod_env*)qstate->env->modinfo[id], qstate->qinfo.qname, @@ -161,6 +161,71 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name, return 1; } +/** + * Check if the string passed is a valid domain name with safe characters to + * pass to a shell. + * This will only allow: + * - digits + * - alphas + * - hyphen (not at the start) + * - dot (not at the start, or the only character) + * - underscore + * @param s: pointer to the string. + * @param slen: string's length. + * @return true if s only contains safe characters; false otherwise. + */ +static int +domainname_has_safe_characters(char* s, size_t slen) { + size_t i; + for(i = 0; i < slen; i++) { + if(s[i] == '\0') return 1; + if((s[i] == '-' && i != 0) + || (s[i] == '.' && (i != 0 || s[1] == '\0')) + || (s[i] == '_') || (s[i] >= '0' && s[i] <= '9') + || (s[i] >= 'A' && s[i] <= 'Z') + || (s[i] >= 'a' && s[i] <= 'z')) { + continue; + } + return 0; + } + return 1; +} + +/** + * Check if the stringified IPSECKEY RDATA contains safe characters to pass to + * a shell. + * This is only relevant for checking the gateway when the gateway type is 3 + * (domainname). + * @param s: pointer to the string. + * @param slen: string's length. + * @return true if s contains only safe characters; false otherwise. + */ +static int +ipseckey_has_safe_characters(char* s, size_t slen) { + int precedence, gateway_type, algorithm; + char* gateway; + gateway = (char*)calloc(slen, sizeof(char)); + if(!gateway) { + log_err("ipsecmod: out of memory when calling the hook"); + return 0; + } + if(sscanf(s, "%d %d %d %s ", + &precedence, &gateway_type, &algorithm, gateway) != 4) { + free(gateway); + return 0; + } + if(gateway_type != 3) { + free(gateway); + return 1; + } + if(domainname_has_safe_characters(gateway, slen)) { + free(gateway); + return 1; + } + free(gateway); + return 0; +} + /** * Prepare the data and call the hook. * @@ -175,7 +240,7 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, { size_t slen, tempdata_len, tempstring_len, i; char str[65535], *s, *tempstring; - int w; + int w = 0, w_temp, qtype; struct ub_packed_rrset_key* rrset_key; struct packed_rrset_data* rrset_data; uint8_t *tempdata; @@ -192,9 +257,9 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, memset(s, 0, slen); /* Copy the hook into the buffer. */ - sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook); + w += sldns_str_print(&s, &slen, "%s", qstate->env->cfg->ipsecmod_hook); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); /* Copy the qname into the buffer. */ tempstring = sldns_wire2str_dname(qstate->qinfo.qname, qstate->qinfo.qname_len); @@ -202,68 +267,96 @@ call_hook(struct module_qstate* qstate, struct ipsecmod_qstate* iq, log_err("ipsecmod: out of memory when calling the hook"); return 0; } - sldns_str_print(&s, &slen, "\"%s\"", tempstring); + if(!domainname_has_safe_characters(tempstring, strlen(tempstring))) { + log_err("ipsecmod: qname has unsafe characters"); + free(tempstring); + return 0; + } + w += sldns_str_print(&s, &slen, "\"%s\"", tempstring); free(tempstring); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); /* Copy the IPSECKEY TTL into the buffer. */ rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; - sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl); + w += sldns_str_print(&s, &slen, "\"%ld\"", (long)rrset_data->ttl); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); - /* Copy the A/AAAA record(s) into the buffer. Start and end this section - * with a double quote. */ + w += sldns_str_print(&s, &slen, " "); rrset_key = reply_find_answer_rrset(&qstate->return_msg->qinfo, qstate->return_msg->rep); + /* Double check that the records are indeed A/AAAA. + * This should never happen as this function is only executed for A/AAAA + * queries but make sure we don't pass anything other than A/AAAA to the + * shell. */ + qtype = ntohs(rrset_key->rk.type); + if(qtype != LDNS_RR_TYPE_AAAA && qtype != LDNS_RR_TYPE_A) { + log_err("ipsecmod: Answer is not of A or AAAA type"); + return 0; + } rrset_data = (struct packed_rrset_data*)rrset_key->entry.data; - sldns_str_print(&s, &slen, "\""); + /* Copy the A/AAAA record(s) into the buffer. Start and end this section + * with a double quote. */ + w += sldns_str_print(&s, &slen, "\""); for(i=0; icount; i++) { if(i > 0) { /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); } /* Ignore the first two bytes, they are the rr_data len. */ - w = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2, + w_temp = sldns_wire2str_rdata_buf(rrset_data->rr_data[i] + 2, rrset_data->rr_len[i] - 2, s, slen, qstate->qinfo.qtype); - if(w < 0) { + if(w_temp < 0) { /* Error in printout. */ - return -1; - } else if((size_t)w >= slen) { + log_err("ipsecmod: Error in printing IP address"); + return 0; + } else if((size_t)w_temp >= slen) { s = NULL; /* We do not want str to point outside of buffer. */ slen = 0; - return -1; + log_err("ipsecmod: shell command too long"); + return 0; } else { - s += w; - slen -= w; + s += w_temp; + slen -= w_temp; + w += w_temp; } } - sldns_str_print(&s, &slen, "\""); + w += sldns_str_print(&s, &slen, "\""); /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); /* Copy the IPSECKEY record(s) into the buffer. Start and end this section * with a double quote. */ - sldns_str_print(&s, &slen, "\""); + w += sldns_str_print(&s, &slen, "\""); rrset_data = (struct packed_rrset_data*)iq->ipseckey_rrset->entry.data; for(i=0; icount; i++) { if(i > 0) { /* Put space into the buffer. */ - sldns_str_print(&s, &slen, " "); + w += sldns_str_print(&s, &slen, " "); } /* Ignore the first two bytes, they are the rr_data len. */ tempdata = rrset_data->rr_data[i] + 2; tempdata_len = rrset_data->rr_len[i] - 2; /* Save the buffer pointers. */ tempstring = s; tempstring_len = slen; - w = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, &slen, - NULL, 0); + w_temp = sldns_wire2str_ipseckey_scan(&tempdata, &tempdata_len, &s, + &slen, NULL, 0, NULL); /* There was an error when parsing the IPSECKEY; reset the buffer * pointers to their previous values. */ - if(w == -1){ + if(w_temp == -1) { s = tempstring; slen = tempstring_len; + } else if(w_temp > 0) { + if(!ipseckey_has_safe_characters( + tempstring, tempstring_len - slen)) { + log_err("ipsecmod: ipseckey has unsafe characters"); + return 0; + } + w += w_temp; } } - sldns_str_print(&s, &slen, "\""); - verbose(VERB_ALGO, "ipsecmod: hook command: '%s'", str); + w += sldns_str_print(&s, &slen, "\""); + if(w >= (int)sizeof(str)) { + log_err("ipsecmod: shell command too long"); + return 0; + } + verbose(VERB_ALGO, "ipsecmod: shell command: '%s'", str); /* ipsecmod-hook should return 0 on success. */ if(system(str) != 0) return 0; diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index 3f1438a4f..cceec3d56 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -217,6 +217,10 @@ synth_cname(uint8_t* qname, size_t qnamelen, struct rrset_parse* dname_rrset, size_t dtarglen; if(!parse_get_cname_target(dname_rrset, &dtarg, &dtarglen)) return 0; + if(qnamelen <= dname_rrset->dname_len) + return 0; + if(qnamelen == 0) + return 0; log_assert(qnamelen > dname_rrset->dname_len); /* DNAME from com. to net. with qname example.com. -> example.net. */ /* so: \3com\0 to \3net\0 and qname \7example\3com\0 */ diff --git a/iterator/iterator.c b/iterator/iterator.c index c906c2714..1e0113a87 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -409,6 +409,8 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg, num_an = 0; for(p = iq->an_prepend_list; p; p = p->next) { sets[num_an++] = p->rrset; + if(ub_packed_rrset_ttl(p->rrset) < msg->rep->ttl) + msg->rep->ttl = ub_packed_rrset_ttl(p->rrset); } memcpy(sets+num_an, msg->rep->rrsets, msg->rep->an_numrrsets * sizeof(struct ub_packed_rrset_key*)); @@ -421,6 +423,8 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg, msg->rep->ns_numrrsets, p->rrset)) continue; sets[msg->rep->an_numrrsets + num_an + num_ns++] = p->rrset; + if(ub_packed_rrset_ttl(p->rrset) < msg->rep->ttl) + msg->rep->ttl = ub_packed_rrset_ttl(p->rrset); } memcpy(sets + num_an + msg->rep->an_numrrsets + num_ns, msg->rep->rrsets + msg->rep->an_numrrsets, diff --git a/libunbound/context.h b/libunbound/context.h index c3900154f..78f8731e2 100644 --- a/libunbound/context.h +++ b/libunbound/context.h @@ -119,6 +119,9 @@ struct ub_ctx { /** event base for event oriented interface */ struct ub_event_base* event_base; + /** true if the event_base is a pluggable base that is malloced + * with a user event base inside, if so, clean up the pluggable alloc*/ + int event_base_malloced; /** libworker for event based interface */ struct libworker* event_worker; diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 63770cc02..3b30419b3 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -86,7 +86,6 @@ int ctx_logfile_overridden = 0; static struct ub_ctx* ub_ctx_create_nopipe(void) { struct ub_ctx* ctx; - unsigned int seed; #ifdef USE_WINSOCK int r; WSADATA wsa_data; @@ -103,7 +102,7 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) return NULL; } #endif - verbosity = 0; /* errors only */ + verbosity = NO_VERBOSE; /* errors only */ checklock_start(); ctx = (struct ub_ctx*)calloc(1, sizeof(*ctx)); if(!ctx) { @@ -111,15 +110,12 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) return NULL; } alloc_init(&ctx->superalloc, NULL, 0); - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid(); - if(!(ctx->seed_rnd = ub_initstate(seed, NULL))) { - explicit_bzero(&seed, sizeof(seed)); + if(!(ctx->seed_rnd = ub_initstate(NULL))) { ub_randfree(ctx->seed_rnd); free(ctx); errno = ENOMEM; return NULL; } - explicit_bzero(&seed, sizeof(seed)); lock_basic_init(&ctx->qqpipe_lock); lock_basic_init(&ctx->rrpipe_lock); lock_basic_init(&ctx->cfglock); @@ -226,6 +222,7 @@ ub_ctx_create_event(struct event_base* eb) ub_ctx_delete(ctx); return NULL; } + ctx->event_base_malloced = 1; return ctx; } @@ -336,6 +333,8 @@ ub_ctx_delete(struct ub_ctx* ctx) log_file(NULL); ctx_logfile_overridden = 0; } + if(ctx->event_base_malloced) + free(ctx->event_base); free(ctx); #ifdef USE_WINSOCK WSACleanup(); diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 01621927e..5c62017a0 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -122,7 +122,6 @@ libworker_delete_event(struct libworker* w) static struct libworker* libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) { - unsigned int seed; struct libworker* w = (struct libworker*)calloc(1, sizeof(*w)); struct config_file* cfg = ctx->env->cfg; int* ports; @@ -177,17 +176,13 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) } w->env->worker = (struct worker*)w; w->env->probe_timer = NULL; - seed = (unsigned int)time(NULL) ^ (unsigned int)getpid() ^ - (((unsigned int)w->thread_num)<<17); - seed ^= (unsigned int)w->env->alloc->next_id; if(!w->is_bg || w->is_bg_thread) { lock_basic_lock(&ctx->cfglock); } - if(!(w->env->rnd = ub_initstate(seed, ctx->seed_rnd))) { + if(!(w->env->rnd = ub_initstate(ctx->seed_rnd))) { if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); } - explicit_bzero(&seed, sizeof(seed)); libworker_delete(w); return NULL; } @@ -207,7 +202,6 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) hash_set_raninit((uint32_t)ub_random(w->env->rnd)); } } - explicit_bzero(&seed, sizeof(seed)); if(eb) w->base = comm_base_create_event(eb); @@ -532,7 +526,7 @@ libworker_fillup_fg(struct ctx_query* q, int rcode, sldns_buffer* buf, } q->res->rcode = LDNS_RCODE_SERVFAIL; - q->msg_security = 0; + q->msg_security = sec_status_unchecked; q->msg = memdup(sldns_buffer_begin(buf), sldns_buffer_limit(buf)); q->msg_len = sldns_buffer_limit(buf); if(!q->msg) { diff --git a/pythonmod/examples/calc.py b/pythonmod/examples/calc.py index 3230e37e3..8c15f50b9 100644 --- a/pythonmod/examples/calc.py +++ b/pythonmod/examples/calc.py @@ -45,9 +45,13 @@ def operate(id, event, qstate, qdata): if (event == MODULE_EVENT_NEW) or (event == MODULE_EVENT_PASS): - if qstate.qinfo.qname_str.endswith("._calc_.cz."): + if qstate.qinfo.qname_str.endswith("._calc_.cz.") and not ("__" in qstate.qinfo.qname_str): try: - res = eval(''.join(qstate.qinfo.qname_list[0:-3])) + # the second and third argument to eval attempt to restrict + # functions and variables available to stop code execution + # but it may not be safe either. This is why __ substrings + # are excluded from evaluation. + res = eval(''.join(qstate.qinfo.qname_list[0:-3]),{"__builtins__":None},{}) except: res = "exception" diff --git a/respip/respip.c b/respip/respip.c index e9baa6292..5f4ddf2ae 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -495,10 +495,16 @@ copy_rrset(const struct ub_packed_rrset_key* key, struct regional* region) if(!ck->rk.dname) return NULL; + if((unsigned)data->count >= 0xffff00U) + return NULL; /* guard against integer overflow in dsize */ dsize = sizeof(struct packed_rrset_data) + data->count * (sizeof(size_t)+sizeof(uint8_t*)+sizeof(time_t)); - for(i=0; icount; i++) + for(i=0; icount; i++) { + if((unsigned)dsize >= 0x0fffffffU || + (unsigned)data->rr_len[i] >= 0x0fffffffU) + return NULL; /* guard against integer overflow */ dsize += data->rr_len[i]; + } d = regional_alloc(region, dsize); if(!d) return NULL; @@ -1298,5 +1304,5 @@ respip_inform_print(struct respip_action_info* respip_actinfo, uint8_t* qname, snprintf(txt+txtlen, sizeof(txt)-txtlen, "%s/%d %s %s@%u", respip, respip_addr->net, (actionstr) ? actionstr : "inform", srcip, port); - log_nametypeclass(0, txt, qname, qtype, qclass); + log_nametypeclass(NO_VERBOSE, txt, qname, qtype, qclass); } diff --git a/services/authzone.c b/services/authzone.c index e187ac6bf..edff3e6dd 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1649,7 +1649,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG; dat = nm; datlen = nmlen; - w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0); + w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0, NULL); w += sldns_str_print(&s, &slen, "\t"); w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]); w += sldns_wire2str_class_print(&s, &slen, cl); @@ -1658,7 +1658,7 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, w += sldns_str_print(&s, &slen, "\t"); datlen = data->rr_len[i]-2; dat = data->rr_data[i]+2; - w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0); + w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0, NULL); if(tp == LDNS_RR_TYPE_DNSKEY) { w += sldns_str_print(&s, &slen, " ;{id = %u}", @@ -1667,8 +1667,8 @@ auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, } w += sldns_str_print(&s, &slen, "\n"); - if(w > (int)buflen) { - log_nametypeclass(0, "RR too long to print", nm, tp, cl); + if(w >= (int)buflen) { + log_nametypeclass(NO_VERBOSE, "RR too long to print", nm, tp, cl); return 0; } return 1; @@ -2406,6 +2406,10 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region, return 0; /* rdatalen in DNAME rdata is malformed */ if(dname_valid(dtarg, dtarglen) != dtarglen) return 0; /* DNAME RR has malformed rdata */ + if(qname_len == 0) + return 0; /* too short */ + if(qname_len <= node->namelen) + return 0; /* qname too short for dname removal */ /* synthesize a CNAME */ newlen = synth_cname_buf(qname, qname_len, node->namelen, @@ -2608,12 +2612,14 @@ az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen, /* hashfunc(name, salt) */ memmove(p, nm, nmlen); query_dname_tolower(p); - memmove(p+nmlen, salt, saltlen); + if(salt && saltlen > 0) + memmove(p+nmlen, salt, saltlen); (void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf); for(i=0; i 0) + memmove(p+hlen, salt, saltlen); (void)secalgo_nsec3_hash(algo, p, hlen+saltlen, (unsigned char*)buf); } @@ -5563,9 +5569,12 @@ check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr, xfr->task_transfer->rr_scan_num == 0 && LDNS_ANCOUNT(wire)==1) { verbose(VERB_ALGO, "xfr to %s ended, " - "IXFR reply that zone has serial %u", + "IXFR reply that zone has serial %u," + " fallback from IXFR to AXFR", xfr->task_transfer->master->host, (unsigned)serial); + xfr->task_transfer->ixfr_fail = 1; + *gonextonfail = 0; return 0; } @@ -6008,15 +6017,15 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, } if (auth_name != NULL) { if (addr.ss_family == AF_INET - && ntohs(((struct sockaddr_in *)&addr)->sin_port) + && (int)ntohs(((struct sockaddr_in *)&addr)->sin_port) == env->cfg->ssl_port) ((struct sockaddr_in *)&addr)->sin_port - = htons(env->cfg->port); + = htons((uint16_t)env->cfg->port); else if (addr.ss_family == AF_INET6 - && ntohs(((struct sockaddr_in6 *)&addr)->sin6_port) + && (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port) == env->cfg->ssl_port) ((struct sockaddr_in6 *)&addr)->sin6_port - = htons(env->cfg->port); + = htons((uint16_t)env->cfg->port); } } diff --git a/services/localzone.c b/services/localzone.c index 9aa7bc247..3f86aa0f4 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1167,7 +1167,7 @@ local_zone_out(struct local_zone* z) struct local_rrset* p; RBTREE_FOR(d, struct local_data*, &z->data) { for(p = d->rrsets; p; p = p->next) { - log_nametypeclass(0, "rrset", d->name, + log_nametypeclass(NO_VERBOSE, "rrset", d->name, ntohs(p->rrset->rk.type), ntohs(p->rrset->rk.rrset_class)); } @@ -1184,7 +1184,7 @@ void local_zones_print(struct local_zones* zones) lock_rw_rdlock(&z->lock); snprintf(buf, sizeof(buf), "%s zone", local_zone_type2str(z->type)); - log_nametypeclass(0, buf, z->name, 0, z->dclass); + log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass); local_zone_out(z); lock_rw_unlock(&z->lock); } @@ -1589,7 +1589,7 @@ lz_inform_print(struct local_zone* z, struct query_info* qinfo, addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); snprintf(txt, sizeof(txt), "%s %s %s@%u", zname, local_zone_type2str(z->type), ip, (unsigned)port); - log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); + log_nametypeclass(NO_VERBOSE, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); } static enum localzone_type diff --git a/services/mesh.c b/services/mesh.c index 898122df8..039eab53a 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -1157,7 +1157,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, } /* Log reply sent */ if(m->s.env->cfg->log_replies) { - log_reply_info(0, &m->s.qinfo, &r->query_reply.addr, + log_reply_info(NO_VERBOSE, &m->s.qinfo, &r->query_reply.addr, r->query_reply.addrlen, duration, 0, r_buffer); } } @@ -1422,7 +1422,7 @@ mesh_continue(struct mesh_area* mesh, struct mesh_state* mstate, /* module is looping. Stop it. */ log_err("internal error: looping module (%s) stopped", mesh->mods.mod[mstate->s.curmod]->name); - log_query_info(0, "pass error for qstate", + log_query_info(NO_VERBOSE, "pass error for qstate", &mstate->s.qinfo); s = module_error; } diff --git a/services/outside_network.c b/services/outside_network.c index 0323f1b30..f865f13c1 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -2134,18 +2134,14 @@ outnet_serviced_query(struct outside_network* outnet, if(outnet->do_udp && !(tcp_upstream || ssl_upstream)) { if(!serviced_udp_send(sq, buff)) { (void)rbtree_delete(outnet->serviced, sq); - free(sq->qbuf); - free(sq->zone); - free(sq); + serviced_node_del(&sq->node, NULL); free(cb); return NULL; } } else { if(!serviced_tcp_send(sq, buff)) { (void)rbtree_delete(outnet->serviced, sq); - free(sq->qbuf); - free(sq->zone); - free(sq); + serviced_node_del(&sq->node, NULL); free(cb); return NULL; } diff --git a/services/rpz.c b/services/rpz.c index 6622606d3..97c2cff5c 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -422,9 +422,10 @@ rpz_create(struct config_auth* p) } r->log = p->rpz_log; if(p->rpz_log_name) { - if(!(r->log_name = strdup(p->rpz_log_name))) + if(!(r->log_name = strdup(p->rpz_log_name))) { log_err("malloc failure on RPZ log_name strdup"); goto err; + } } return r; err: diff --git a/sldns/parse.c b/sldns/parse.c index b62c40597..f4de8602f 100644 --- a/sldns/parse.c +++ b/sldns/parse.c @@ -120,7 +120,7 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (line_nr) { *line_nr = *line_nr + 1; } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } @@ -141,7 +141,8 @@ sldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l if (c != '\0' && c != '\n') { i++; } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + /* is there space for the character and the zero after it */ + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } @@ -325,8 +326,14 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, if (c == '\n' && p != 0) { /* in parentheses */ /* do not write ' ' if we want to skip spaces */ - if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) + if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) { + /* check for space for the space character and a zero delimiter after that. */ + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { + *t = '\0'; + return -1; + } *t++ = ' '; + } lc = c; continue; } @@ -348,7 +355,7 @@ sldns_bget_token_par(sldns_buffer *b, char *token, const char *delim, } i++; - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) { *t = '\0'; return -1; } diff --git a/sldns/rrdef.c b/sldns/rrdef.c index b365a4a8e..0af015f4b 100644 --- a/sldns/rrdef.c +++ b/sldns/rrdef.c @@ -236,7 +236,7 @@ static const sldns_rdf_type type_caa_wireformat[] = { */ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 0 */ - { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + {(enum sldns_enum_rr_type)0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 1 */ {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 2 */ @@ -344,7 +344,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 53 */ {LDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 54 */ -{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 55 * Hip ends with 0 or more Rendezvous Servers represented as dname's. * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field @@ -358,8 +358,8 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 57 */ {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #else -{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* 58 */ {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, @@ -372,54 +372,54 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 62 */ {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 99 */ {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, /* UINFO [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* UID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* GID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* UNSPEC [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 104 */ {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, @@ -435,145 +435,145 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 109 */ {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. @@ -605,7 +605,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 258 */ {LDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, #else -{LDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE258", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* split in array, no longer contiguous */ @@ -614,7 +614,7 @@ static sldns_rr_descriptor rdata_field_descriptors[] = { /* 32768 */ {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #else -{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{(enum sldns_enum_rr_type)0, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif /* 32769 */ {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 } @@ -710,18 +710,18 @@ sldns_get_rr_type_by_name(const char *name) /* special cases for query types */ if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { - return 251; + return LDNS_RR_TYPE_IXFR; } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { - return 252; + return LDNS_RR_TYPE_AXFR; } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { - return 253; + return LDNS_RR_TYPE_MAILB; } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { - return 254; + return LDNS_RR_TYPE_MAILA; } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { - return 255; + return LDNS_RR_TYPE_ANY; } - return 0; + return (enum sldns_enum_rr_type)0; } sldns_rr_class diff --git a/sldns/sbuffer.c b/sldns/sbuffer.c index 4ac83977e..f0f1fbd91 100644 --- a/sldns/sbuffer.c +++ b/sldns/sbuffer.c @@ -33,7 +33,6 @@ sldns_buffer_new(size_t capacity) buffer->_position = 0; buffer->_limit = buffer->_capacity = capacity; buffer->_fixed = 0; - buffer->_vfixed = 0; buffer->_status_err = 0; sldns_buffer_invariant(buffer); @@ -49,7 +48,6 @@ sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size) buffer->_position = 0; buffer->_limit = buffer->_capacity = size; buffer->_fixed = 0; - buffer->_vfixed = 0; if (!buffer->_fixed && buffer->_data) free(buffer->_data); buffer->_data = malloc(size); @@ -70,17 +68,6 @@ sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size) buffer->_data = data; buffer->_capacity = buffer->_limit = size; buffer->_fixed = 1; - buffer->_vfixed = 0; -} - -void -sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size) -{ - memset(buffer, 0, sizeof(*buffer)); - buffer->_data = data; - buffer->_capacity = buffer->_limit = size; - buffer->_fixed = 1; - buffer->_vfixed = 1; } int @@ -141,19 +128,6 @@ sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) if (written == -1) { buffer->_status_err = 1; return -1; - } else if (!buffer->_vfixed && (size_t) written >= remaining) { - if (!sldns_buffer_reserve(buffer, (size_t) written + 1)) { - buffer->_status_err = 1; - return -1; - } - va_start(args, format); - written = vsnprintf((char *) sldns_buffer_current(buffer), - sldns_buffer_remaining(buffer), format, args); - va_end(args); - if (written == -1) { - buffer->_status_err = 1; - return -1; - } } buffer->_position += written; } @@ -173,13 +147,6 @@ sldns_buffer_free(sldns_buffer *buffer) free(buffer); } -void * -sldns_buffer_export(sldns_buffer *buffer) -{ - buffer->_fixed = 1; - return buffer->_data; -} - void sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from) { diff --git a/sldns/sbuffer.h b/sldns/sbuffer.h index 2241640dd..5dbe988cd 100644 --- a/sldns/sbuffer.h +++ b/sldns/sbuffer.h @@ -130,17 +130,6 @@ struct sldns_buffer /** If the buffer is fixed it cannot be resized */ unsigned _fixed : 1; - /** If the buffer is vfixed, no more than capacity bytes will be - * written to _data, however the _position counter will be updated - * with the amount that would have been written in consecutive - * writes. This allows for a modus operandi in which a sequence is - * written on a fixed capacity buffer (perhaps with _data on stack). - * When everything could be written, then the _data is immediately - * usable, if not, then a buffer could be allocated sized precisely - * to fit the data for a second attempt. - */ - unsigned _vfixed : 1; - /** The current state of the buffer. If writing to the buffer fails * for any reason, this value is changed. This way, you can perform * multiple writes in sequence and check for success afterwards. */ @@ -158,9 +147,9 @@ INLINE void sldns_buffer_invariant(sldns_buffer *buffer) { assert(buffer != NULL); - assert(buffer->_position <= buffer->_limit || buffer->_vfixed); + assert(buffer->_position <= buffer->_limit); assert(buffer->_limit <= buffer->_capacity); - assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0 && buffer->_limit == 0)); + assert(buffer->_data != NULL); } #endif @@ -192,19 +181,6 @@ void sldns_buffer_new_frm_data(sldns_buffer *buffer, void *data, size_t size); */ void sldns_buffer_init_frm_data(sldns_buffer *buffer, void *data, size_t size); -/** - * Setup a buffer with the data pointed to. No data copied, no memory allocs. - * The buffer is "virtually" fixed. Writes beyond size (the capacity) will - * only update position, but no data will be written beyond capacity. This - * allows to determine how big the buffer should have been to contain all the - * written data, by looking at the position with sldns_buffer_position(), - * similarly to the return value of POSIX's snprintf. - * \param[in] buffer pointer to the buffer to put the data in - * \param[in] data the data to encapsulate in the buffer - * \param[in] size the size of the data - */ -void sldns_buffer_init_vfixed_frm_data(sldns_buffer *buffer, void *data, size_t size); - /** * clears the buffer and make it ready for writing. The buffer's limit * is set to the capacity and the position is set to 0. @@ -268,7 +244,7 @@ sldns_buffer_position(sldns_buffer *buffer) INLINE void sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) { - assert(mark <= buffer->_limit || buffer->_vfixed); + assert(mark <= buffer->_limit); buffer->_position = mark; } @@ -282,7 +258,7 @@ sldns_buffer_set_position(sldns_buffer *buffer, size_t mark) INLINE void sldns_buffer_skip(sldns_buffer *buffer, ssize_t count) { - assert(buffer->_position + count <= buffer->_limit || buffer->_vfixed); + assert(buffer->_position + count <= buffer->_limit); buffer->_position += count; } @@ -354,7 +330,7 @@ int sldns_buffer_reserve(sldns_buffer *buffer, size_t amount); INLINE uint8_t * sldns_buffer_at(const sldns_buffer *buffer, size_t at) { - assert(at <= buffer->_limit || buffer->_vfixed); + assert(at <= buffer->_limit); return buffer->_data + at; } @@ -404,7 +380,7 @@ INLINE size_t sldns_buffer_remaining_at(sldns_buffer *buffer, size_t at) { sldns_buffer_invariant(buffer); - assert(at <= buffer->_limit || buffer->_vfixed); + assert(at <= buffer->_limit); return at < buffer->_limit ? buffer->_limit - at : 0; } @@ -457,15 +433,7 @@ sldns_buffer_available(sldns_buffer *buffer, size_t count) INLINE void sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t count) { - if (!buffer->_vfixed) - assert(sldns_buffer_available_at(buffer, at, count)); - else if (sldns_buffer_remaining_at(buffer, at) == 0) - return; - else if (count > sldns_buffer_remaining_at(buffer, at)) { - memcpy(buffer->_data + at, data, - sldns_buffer_remaining_at(buffer, at)); - return; - } + assert(sldns_buffer_available_at(buffer, at, count)); memcpy(buffer->_data + at, data, count); } @@ -480,15 +448,7 @@ sldns_buffer_write_at(sldns_buffer *buffer, size_t at, const void *data, size_t INLINE void sldns_buffer_set_at(sldns_buffer *buffer, size_t at, int c, size_t count) { - if (!buffer->_vfixed) - assert(sldns_buffer_available_at(buffer, at, count)); - else if (sldns_buffer_remaining_at(buffer, at) == 0) - return; - else if (count > sldns_buffer_remaining_at(buffer, at)) { - memset(buffer->_data + at, c, - sldns_buffer_remaining_at(buffer, at)); - return; - } + assert(sldns_buffer_available_at(buffer, at, count)); memset(buffer->_data + at, c, count); } @@ -538,7 +498,6 @@ sldns_buffer_write_string(sldns_buffer *buffer, const char *str) INLINE void sldns_buffer_write_u8_at(sldns_buffer *buffer, size_t at, uint8_t data) { - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); buffer->_data[at] = data; } @@ -564,7 +523,6 @@ sldns_buffer_write_u8(sldns_buffer *buffer, uint8_t data) INLINE void sldns_buffer_write_u16_at(sldns_buffer *buffer, size_t at, uint16_t data) { - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); sldns_write_uint16(buffer->_data + at, data); } @@ -590,7 +548,6 @@ sldns_buffer_write_u16(sldns_buffer *buffer, uint16_t data) INLINE void sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) { - if (buffer->_vfixed && at + sizeof(data) > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, sizeof(data))); sldns_write_uint32(buffer->_data + at, data); } @@ -604,7 +561,6 @@ sldns_buffer_write_u32_at(sldns_buffer *buffer, size_t at, uint32_t data) INLINE void sldns_buffer_write_u48_at(sldns_buffer *buffer, size_t at, uint64_t data) { - if (buffer->_vfixed && at + 6 > buffer->_limit) return; assert(sldns_buffer_available_at(buffer, at, 6)); sldns_write_uint48(buffer->_data + at, data); } @@ -780,14 +736,6 @@ int sldns_buffer_printf(sldns_buffer *buffer, const char *format, ...) */ void sldns_buffer_free(sldns_buffer *buffer); -/** - * Makes the buffer fixed and returns a pointer to the data. The - * caller is responsible for free'ing the result. - * \param[in] *buffer the buffer to be exported - * \return void - */ -void *sldns_buffer_export(sldns_buffer *buffer); - /** * Copy contents of the from buffer to the result buffer and then flips * the result buffer. Data will be silently truncated if the result buffer is diff --git a/sldns/str2wire.c b/sldns/str2wire.c index e6dab6477..977cda28a 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -150,6 +150,10 @@ int sldns_str2wire_dname_buf_origin(const char* str, uint8_t* buf, size_t* len, if(s) return s; if(rel && origin && dlen > 0) { + if((unsigned)dlen >= 0x00ffffffU || + (unsigned)origin_len >= 0x00ffffffU) + /* guard against integer overflow in addition */ + return RET_ERR(LDNS_WIREPARSE_ERR_GENERAL, *len); if(dlen + origin_len - 1 > LDNS_MAX_DOMAINLEN) return RET_ERR(LDNS_WIREPARSE_ERR_DOMAINNAME_OVERFLOW, LDNS_MAX_DOMAINLEN); @@ -168,7 +172,9 @@ uint8_t* sldns_str2wire_dname(const char* str, size_t* len) uint8_t dname[LDNS_MAX_DOMAINLEN+1]; *len = sizeof(dname); if(sldns_str2wire_dname_buf(str, dname, len) == 0) { - uint8_t* r = (uint8_t*)malloc(*len); + uint8_t* r; + if(*len > sizeof(dname)) return NULL; + r = (uint8_t*)malloc(*len); if(r) return memcpy(r, dname, *len); } *len = 0; @@ -187,6 +193,9 @@ rrinternal_get_owner(sldns_buffer* strbuf, uint8_t* rr, size_t* len, sldns_buffer_position(strbuf)); } + if(token_len < 2) /* make sure there is space to read "@" or "" */ + return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, + sldns_buffer_position(strbuf)); if(token[0]=='@' && token[1]=='\0') { uint8_t* tocopy; if (origin) { @@ -1094,7 +1103,7 @@ int sldns_str2wire_str_buf(const char* str, uint8_t* rd, size_t* len) while(sldns_parse_char(&ch, &s)) { if(sl >= 255) return RET_ERR(LDNS_WIREPARSE_ERR_INVALID_STR, s-str); - if(*len < sl+1) + if(*len < sl+2) return RET_ERR(LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL, s-str); rd[++sl] = ch; @@ -2095,6 +2104,8 @@ int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len) char* s; int n; n = strtol(str, &s, 10); + if(n < 0) /* negative number not allowed */ + return LDNS_WIREPARSE_ERR_SYNTAX; if(*len < ((size_t)n)+2) return LDNS_WIREPARSE_ERR_BUFFER_TOO_SMALL; if(n > 65535) diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 01ec84b3c..d0d1632d4 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -22,6 +22,7 @@ #include "sldns/parseutil.h" #include "sldns/sbuffer.h" #include "sldns/keyraw.h" +#include "util/data/dname.h" #ifdef HAVE_TIME_H #include #endif @@ -252,13 +253,13 @@ int sldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen) int sldns_wire2str_rr_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_wire2str_rrquestion_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, @@ -266,13 +267,13 @@ int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, { /* use arguments as temporary variables */ return sldns_wire2str_rdata_scan(&rdata, &rdata_len, &str, &str_len, - rrtype, NULL, 0); + rrtype, NULL, 0, NULL); } int sldns_wire2str_rr_unknown_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rrlen, size_t dname_len, @@ -310,7 +311,7 @@ int sldns_wire2str_opcode_buf(int opcode, char* s, size_t slen) int sldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen) { /* use arguments as temporary variables */ - return sldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0); + return sldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0, NULL); } int sldns_str_vprint(char** str, size_t* slen, const char* format, va_list args) @@ -365,7 +366,7 @@ static int print_remainder_hex(const char* pref, uint8_t** d, size_t* dlen, int sldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) { - int w = 0; + int w = 0, comprloop = 0; unsigned qdcount, ancount, nscount, arcount, i; uint8_t* pkt = *d; size_t pktlen = *dlen; @@ -382,25 +383,25 @@ int sldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) w += sldns_str_print(s, slen, ";; QUESTION SECTION:\n"); for(i=0; i 4) + maxcompr = 4; /* just don't want to spend time, any more */ + } if(*dlen == 0) return sldns_str_print(s, slen, "ErrorMissingDname"); if(*pos == 0) { (*d)++; (*dlen)--; return sldns_str_print(s, slen, "."); } - while(*pos) { + while((!pkt || pos < pkt+pktlen) && *pos) { /* read label length */ uint8_t labellen = *pos++; if(in_buf) { (*d)++; (*dlen)--; } @@ -810,9 +820,12 @@ int sldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, if(!pkt || target >= pktlen) return w + sldns_str_print(s, slen, "ErrorComprPtrOutOfBounds"); - if(counter++ > maxcompr) + if(counter++ > maxcompr) { + if(comprloop && *comprloop < 10) + (*comprloop)++; return w + sldns_str_print(s, slen, "ErrorComprPtrLooped"); + } in_buf = 0; pos = pkt+target; continue; @@ -928,14 +941,14 @@ int sldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen) } int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, - int rdftype, uint8_t* pkt, size_t pktlen) + int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop) { if(*dlen == 0) return 0; switch(rdftype) { case LDNS_RDF_TYPE_NONE: return 0; case LDNS_RDF_TYPE_DNAME: - return sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen); + return sldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop); case LDNS_RDF_TYPE_INT8: return sldns_wire2str_int8_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_INT16: @@ -987,7 +1000,7 @@ int sldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen, return sldns_wire2str_atma_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_IPSECKEY: return sldns_wire2str_ipseckey_scan(d, dlen, s, slen, pkt, - pktlen); + pktlen, comprloop); case LDNS_RDF_TYPE_HIP: return sldns_wire2str_hip_scan(d, dlen, s, slen); case LDNS_RDF_TYPE_INT16_DATA: @@ -1529,7 +1542,7 @@ int sldns_wire2str_atma_scan(uint8_t** d, size_t* dl, char** s, size_t* sl) /* internal scan routine that can modify arguments on failure */ static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, - char** s, size_t* sl, uint8_t* pkt, size_t pktlen) + char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop) { /* http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt*/ uint8_t precedence, gateway_type, algorithm; @@ -1557,7 +1570,7 @@ static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, w += sldns_wire2str_aaaa_scan(d, dl, s, sl); break; case 3: /* dname */ - w += sldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen); + w += sldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen, comprloop); break; default: /* unknown */ return -1; @@ -1571,12 +1584,12 @@ static int sldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl, } int sldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t* sl, - uint8_t* pkt, size_t pktlen) + uint8_t* pkt, size_t pktlen, int* comprloop) { uint8_t* od = *d; char* os = *s; size_t odl = *dl, osl = *sl; - int w=sldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen); + int w=sldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen, comprloop); if(w == -1) { *d = od; *s = os; diff --git a/sldns/wire2str.h b/sldns/wire2str.h index a64f58072..0167fe7c1 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -156,10 +156,11 @@ int sldns_wire2str_pkt_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat question rr to string, with user buffers. @@ -170,10 +171,11 @@ int sldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat RR to string in unknown RR format, with user buffers. @@ -184,10 +186,11 @@ int sldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rr_unknown_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Print to string the RR-information comment in default format, @@ -228,10 +231,12 @@ int sldns_wire2str_header_scan(uint8_t** data, size_t* data_len, char** str, * @param rrtype: RR type of Rdata, host format. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. */ int sldns_wire2str_rdata_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen, + int* comprloop); /** * Scan wireformat rdata to string in unknown format, with user buffers. @@ -254,10 +259,17 @@ int sldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: inout bool, that is set true if compression loop failure + * happens. Pass in 0, if passsed in as true, a lower bound is set + * on compression loops to stop arbitrary long packet parse times. + * This is meant so you can set it to 0 at the start of a list of dnames, + * and then scan all of them in sequence, if a loop happens, it becomes + * true and then it becomes more strict for the next dnames in the list. + * You can leave it at NULL if there is no pkt (pkt is NULL too). * @return number of characters (except null) needed to print. */ int sldns_wire2str_dname_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat rr type to string, with user buffers. @@ -492,11 +504,13 @@ int sldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, * @param rdftype: the type of the rdata field, enum sldns_rdf_type. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. * Can return -1 on failure. */ int sldns_wire2str_rdf_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen); + size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen, + int* comprloop); /** * Scan wireformat int8 field to string, with user buffers. @@ -793,11 +807,12 @@ int sldns_wire2str_atma_scan(uint8_t** data, size_t* data_len, char** str, * @param str_len: length of string buffer. * @param pkt: packet for decompression, if NULL no decompression. * @param pktlen: length of packet buffer. + * @param comprloop: if pkt, bool detects compression loops. * @return number of characters (except null) needed to print. * Can return -1 on failure. */ int sldns_wire2str_ipseckey_scan(uint8_t** data, size_t* data_len, char** str, - size_t* str_len, uint8_t* pkt, size_t pktlen); + size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop); /** * Scan wireformat HIP (algo, HIT, pubkey) field to string, with user buffers. diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c index fbd8f130f..b8bd1b850 100644 --- a/smallapp/unbound-anchor.c +++ b/smallapp/unbound-anchor.c @@ -190,6 +190,7 @@ usage(void) printf("-x path pathname to xml in url, default %s\n", XMLNAME); printf("-s path pathname to p7s in url, default %s\n", P7SNAME); printf("-n name signer's subject emailAddress, default %s\n", P7SIGNER); + printf("-b address source address to bind to\n"); printf("-4 work using IPv4 only\n"); printf("-6 work using IPv6 only\n"); printf("-f resolv.conf use given resolv.conf\n"); @@ -277,7 +278,7 @@ ub_ctx_error_exit(struct ub_ctx* ctx, const char* str, const char* str2) */ static struct ub_ctx* create_unbound_context(const char* res_conf, const char* root_hints, - const char* debugconf, int ip4only, int ip6only) + const char* debugconf, const char* srcaddr, int ip4only, int ip6only) { int r; struct ub_ctx* ctx = ub_ctx_create(); @@ -301,6 +302,10 @@ create_unbound_context(const char* res_conf, const char* root_hints, r = ub_ctx_set_option(ctx, "root-hints:", root_hints); if(r) ub_ctx_error_exit(ctx, root_hints, ub_strerror(r)); } + if(srcaddr) { + r = ub_ctx_set_option(ctx, "outgoing-interface:", srcaddr); + if(r) ub_ctx_error_exit(ctx, srcaddr, ub_strerror(r)); + } if(ip4only) { r = ub_ctx_set_option(ctx, "do-ip6:", "no"); if(r) ub_ctx_error_exit(ctx, "ip4only", ub_strerror(r)); @@ -350,7 +355,7 @@ read_cert_bio(BIO* bio) exit(0); } while(!BIO_eof(bio)) { - X509* x = PEM_read_bio_X509(bio, NULL, 0, NULL); + X509* x = PEM_read_bio_X509(bio, NULL, NULL, NULL); if(x == NULL) { if(verb) { printf("failed to read X509\n"); @@ -391,7 +396,7 @@ read_cert_file(const char* file) return NULL; } while(!feof(in)) { - X509* x = PEM_read_X509(in, NULL, 0, NULL); + X509* x = PEM_read_X509(in, NULL, NULL, NULL); if(x == NULL) { if(verb) { printf("failed to read X509 file\n"); @@ -620,6 +625,7 @@ parse_ip_addr(const char* str, int port) * @param res_conf: resolv.conf (if any). * @param root_hints: root hints (if any). * @param debugconf: unbound.conf for debugging options. + * @param srcaddr: source address option (if any). * @param ip4only: use only ip4 for resolve and only lookup A * @param ip6only: use only ip6 for resolve and only lookup AAAA * default is to lookup A and AAAA using ip4 and ip6. @@ -627,7 +633,8 @@ parse_ip_addr(const char* str, int port) */ static struct ip_list* resolve_name(const char* host, int port, const char* res_conf, - const char* root_hints, const char* debugconf, int ip4only, int ip6only) + const char* root_hints, const char* debugconf, + const char* srcaddr, int ip4only, int ip6only) { struct ub_ctx* ctx; struct ip_list* list = NULL; @@ -638,7 +645,7 @@ resolve_name(const char* host, int port, const char* res_conf, /* create resolver context */ ctx = create_unbound_context(res_conf, root_hints, debugconf, - ip4only, ip6only); + srcaddr, ip4only, ip6only); /* try resolution of A */ if(!ip6only) { @@ -728,7 +735,7 @@ print_sock_err(const char* msg) /** connect to IP address */ static int -connect_to_ip(struct ip_list* ip) +connect_to_ip(struct ip_list* ip, struct ip_list* src) { int fd; verb_addr("connect to", ip); @@ -738,6 +745,11 @@ connect_to_ip(struct ip_list* ip) print_sock_err("socket"); return -1; } + if(src && bind(fd, (struct sockaddr*)&src->addr, src->len) < 0) { + print_sock_err("bind"); + fd_close(fd); + return -1; + } if(connect(fd, (struct sockaddr*)&ip->addr, ip->len) < 0) { print_sock_err("connect"); fd_close(fd); @@ -770,7 +782,7 @@ TLS_initiate(SSL_CTX* sslctx, int fd) return NULL; } SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { if(verb) printf("SSL_set_fd error\n"); SSL_free(ssl); @@ -931,7 +943,7 @@ read_data_chunk(SSL* ssl, size_t len) size_t got = 0; int r; char* data; - if(len >= 0xfffffff0) + if((unsigned)len >= (unsigned)0xfffffff0) return NULL; /* to protect against integer overflow in malloc*/ data = malloc(len+1); if(!data) { @@ -1110,7 +1122,8 @@ read_http_result(SSL* ssl) /** https to an IP addr, return BIO with pathname or NULL */ static BIO* -https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname) +https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname, + struct ip_list* src) { int fd; SSL* ssl; @@ -1119,7 +1132,7 @@ https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname) if(!sslctx) { return NULL; } - fd = connect_to_ip(ip); + fd = connect_to_ip(ip, src); if(fd == -1) { SSL_CTX_free(sslctx); return NULL; @@ -1147,10 +1160,12 @@ https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname) * @param ip_list: list of IP addresses to use to fetch from. * @param pathname: pathname of file on server to GET. * @param urlname: name to pass as the virtual host for this request. + * @param src: if nonNULL, source address to bind to. * @return a memory BIO with the file in it. */ static BIO* -https(struct ip_list* ip_list, const char* pathname, const char* urlname) +https(struct ip_list* ip_list, const char* pathname, const char* urlname, + struct ip_list* src) { struct ip_list* ip; BIO* bio = NULL; @@ -1158,7 +1173,7 @@ https(struct ip_list* ip_list, const char* pathname, const char* urlname) wipe_ip_usage(ip_list); while( (ip = pick_random_ip(ip_list)) ) { ip->used = 1; - bio = https_to_ip(ip, pathname, urlname); + bio = https_to_ip(ip, pathname, urlname, src); if(bio) break; } if(!bio) { @@ -1913,18 +1928,26 @@ static int do_certupdate(const char* root_anchor_file, const char* root_cert_file, const char* urlname, const char* xmlname, const char* p7sname, const char* p7signer, const char* res_conf, const char* root_hints, - const char* debugconf, int ip4only, int ip6only, int port) + const char* debugconf, const char* srcaddr, int ip4only, int ip6only, + int port) + { STACK_OF(X509)* cert; BIO *xml, *p7s; struct ip_list* ip_list = NULL; + struct ip_list* src = NULL; /* read pem file or provide builtin */ cert = read_cert_or_builtin(root_cert_file); /* lookup A, AAAA for the urlname (or parse urlname if IP address) */ ip_list = resolve_name(urlname, port, res_conf, root_hints, debugconf, - ip4only, ip6only); + srcaddr, ip4only, ip6only); + + if(srcaddr && !(src = parse_ip_addr(srcaddr, 0))) { + if(verb) printf("cannot parse source address: %s\n", srcaddr); + exit(0); + } #ifdef USE_WINSOCK if(1) { /* libunbound finished, startup WSA for the https connection */ @@ -1940,8 +1963,8 @@ do_certupdate(const char* root_anchor_file, const char* root_cert_file, #endif /* fetch the necessary files over HTTPS */ - xml = https(ip_list, xmlname, urlname); - p7s = https(ip_list, p7sname, urlname); + xml = https(ip_list, xmlname, urlname, src); + p7s = https(ip_list, p7sname, urlname, src); /* verify and update the root anchor */ verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer); @@ -2192,14 +2215,14 @@ probe_date_allows_certupdate(const char* root_anchor_file) static struct ub_result * fetch_root_key(const char* root_anchor_file, const char* res_conf, - const char* root_hints, const char* debugconf, + const char* root_hints, const char* debugconf, const char* srcaddr, int ip4only, int ip6only) { struct ub_ctx* ctx; struct ub_result* dnskey; ctx = create_unbound_context(res_conf, root_hints, debugconf, - ip4only, ip6only); + srcaddr, ip4only, ip6only); add_5011_probe_root(ctx, root_anchor_file); dnskey = prime_root_key(ctx); ub_ctx_delete(ctx); @@ -2211,8 +2234,8 @@ static int do_root_update_work(const char* root_anchor_file, const char* root_cert_file, const char* urlname, const char* xmlname, const char* p7sname, const char* p7signer, const char* res_conf, const char* root_hints, - const char* debugconf, int ip4only, int ip6only, int force, - int res_conf_fallback, int port) + const char* debugconf, const char* srcaddr, int ip4only, int ip6only, + int force, int res_conf_fallback, int port) { struct ub_result* dnskey; int used_builtin = 0; @@ -2226,7 +2249,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, /* make unbound context with 5011-probe for root anchor, * and probe . DNSKEY */ dnskey = fetch_root_key(root_anchor_file, res_conf, - root_hints, debugconf, ip4only, ip6only); + root_hints, debugconf, srcaddr, ip4only, ip6only); rcode = dnskey->rcode; if (res_conf_fallback && res_conf && !dnskey->secure) { @@ -2234,7 +2257,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, ub_resolve_free(dnskey); /* try direct query without res_conf */ dnskey = fetch_root_key(root_anchor_file, NULL, - root_hints, debugconf, ip4only, ip6only); + root_hints, debugconf, srcaddr, ip4only, ip6only); if (rcode != 0 && dnskey->rcode == 0) { res_conf = NULL; rcode = 0; @@ -2255,7 +2278,7 @@ do_root_update_work(const char* root_anchor_file, const char* root_cert_file, probe_date_allows_certupdate(root_anchor_file)) || force) { if(do_certupdate(root_anchor_file, root_cert_file, urlname, xmlname, p7sname, p7signer, res_conf, root_hints, - debugconf, ip4only, ip6only, port)) + debugconf, srcaddr, ip4only, ip6only, port)) return 1; return used_builtin; } @@ -2281,10 +2304,11 @@ int main(int argc, char* argv[]) const char* res_conf = NULL; const char* root_hints = NULL; const char* debugconf = NULL; + const char* srcaddr = NULL; int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; int res_conf_fallback = 0; /* parse the options */ - while( (c=getopt(argc, argv, "46C:FRP:a:c:f:hln:r:s:u:vx:")) != -1) { + while( (c=getopt(argc, argv, "46C:FRP:a:b:c:f:hln:r:s:u:vx:")) != -1) { switch(c) { case 'l': dolist = 1; @@ -2298,6 +2322,9 @@ int main(int argc, char* argv[]) case 'a': root_anchor_file = optarg; break; + case 'b': + srcaddr = optarg; + break; case 'c': root_cert_file = optarg; break; @@ -2352,7 +2379,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS @@ -2368,5 +2397,5 @@ int main(int argc, char* argv[]) return do_root_update_work(root_anchor_file, root_cert_file, urlname, xmlname, p7sname, p7signer, res_conf, root_hints, debugconf, - ip4only, ip6only, force, res_conf_fallback, port); + srcaddr, ip4only, ip6only, force, res_conf_fallback, port); } diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index c5aae7a8c..f97aa393f 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -432,19 +432,19 @@ static void print_stats_shm(const char* cfgfile) if(!config_read(cfg, cfgfile, NULL)) fatal_exit("could not read config file"); /* get shm segments */ - id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R|SHM_W); + id_ctl = shmget(cfg->shm_key, sizeof(int), SHM_R); if(id_ctl == -1) { fatal_exit("shmget(%d): %s", cfg->shm_key, strerror(errno)); } - id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R|SHM_W); + id_arr = shmget(cfg->shm_key+1, sizeof(int), SHM_R); if(id_arr == -1) { fatal_exit("shmget(%d): %s", cfg->shm_key+1, strerror(errno)); } - shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, 0); + shm_stat = (struct ub_shm_stat_info*)shmat(id_ctl, NULL, SHM_RDONLY); if(shm_stat == (void*)-1) { fatal_exit("shmat(%d): %s", id_ctl, strerror(errno)); } - stats = (struct ub_stats_info*)shmat(id_arr, NULL, 0); + stats = (struct ub_stats_info*)shmat(id_arr, NULL, SHM_RDONLY); if(stats == (void*)-1) { fatal_exit("shmat(%d): %s", id_arr, strerror(errno)); } @@ -502,9 +502,11 @@ setup_ctx(struct config_file* cfg) ctx = SSL_CTX_new(SSLv23_client_method()); if(!ctx) ssl_err("could not allocate SSL_CTX pointer"); +#if SSL_OP_NO_SSLv2 != 0 if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2) ssl_err("could not set SSL_OP_NO_SSLv2"); +#endif if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3) ssl_err("could not set SSL_OP_NO_SSLv3"); @@ -624,7 +626,7 @@ setup_ssl(SSL_CTX* ctx, int fd) if(!ssl) ssl_err("could not SSL_new"); SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) ssl_err("could not SSL_set_fd"); while(1) { @@ -699,6 +701,27 @@ remote_write(SSL* ssl, int fd, const char* buf, size_t len) } } +/** check args, to see if too many args. Because when a file is sent it + * would wait for the terminal, and we can check for too many arguments, + * eg. user put arguments on the commandline. */ +static void +check_args_for_listcmd(int argc, char* argv[]) +{ + if(argc >= 1 && (strcmp(argv[0], "local_zones") == 0 || + strcmp(argv[0], "local_zones_remove") == 0 || + strcmp(argv[0], "local_datas") == 0 || + strcmp(argv[0], "local_datas_remove") == 0) && + argc >= 2) { + fatal_exit("too many arguments for command '%s', " + "content is piped in from stdin", argv[0]); + } + if(argc >= 1 && strcmp(argv[0], "view_local_datas") == 0 && + argc >= 3) { + fatal_exit("too many arguments for command '%s', " + "content is piped in from stdin", argv[0]); + } +} + /** send stdin to server */ static void send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz) @@ -862,6 +885,7 @@ int main(int argc, char* argv[]) print_stats_shm(cfgfile); return 0; } + check_args_for_listcmd(argc, argv); #ifdef USE_WINSOCK if((r = WSAStartup(MAKEWORD(2,2), &wsa_data)) != 0) @@ -875,7 +899,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index f02511fe5..1ae2d8521 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -426,6 +426,7 @@ int main(int argc, char* argv[]) int c; char* qclass = NULL; char* qtype = NULL; + char* use_syslog = NULL; struct ub_ctx* ctx = NULL; int debuglevel = 0; @@ -486,11 +487,11 @@ int main(int argc, char* argv[]) } if(debuglevel != 0) /* set after possible -C options */ check_ub_res(ub_ctx_debuglevel(ctx, debuglevel)); - if(ub_ctx_get_option(ctx, "use-syslog", &optarg) == 0) { - if(strcmp(optarg, "yes") == 0) /* disable use-syslog */ + if(ub_ctx_get_option(ctx, "use-syslog", &use_syslog) == 0) { + if(strcmp(use_syslog, "yes") == 0) /* disable use-syslog */ check_ub_res(ub_ctx_set_option(ctx, "use-syslog:", "no")); - free(optarg); + free(use_syslog); } argc -= optind; argv += optind; @@ -505,7 +506,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/asynclook.c b/testcode/asynclook.c index f82c6dcab..660f72a7d 100644 --- a/testcode/asynclook.c +++ b/testcode/asynclook.c @@ -482,7 +482,9 @@ int main(int argc, char** argv) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/delayer.c b/testcode/delayer.c index 655e4a1e7..ebf883926 100644 --- a/testcode/delayer.c +++ b/testcode/delayer.c @@ -1042,7 +1042,7 @@ service(const char* bind_str, int bindport, const char* serv_str, } i=0; if(bindport == 0) { - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; i = 100; } while(1) { @@ -1058,7 +1058,7 @@ service(const char* bind_str, int bindport, const char* serv_str, #endif if(i--==0) fatal_exit("cannot bind any port"); - bindport = 1024 + arc4random()%64000; + bindport = 1024 + ((int)arc4random())%64000; } else break; } fd_set_nonblock(s); diff --git a/testcode/mini_tdir.sh b/testcode/mini_tdir.sh index 96745515e..5f02b0862 100755 --- a/testcode/mini_tdir.sh +++ b/testcode/mini_tdir.sh @@ -119,7 +119,11 @@ fi # Copy echo "minitdir copy $1 to $dir" mkdir $dir +if cp --help 2>&1 | grep -- "-a" >/dev/null; then cp -a $name.tdir/* $dir/ +else +cp -R $name.tdir/* $dir/ +fi cd $dir # EXE diff --git a/testcode/petal.c b/testcode/petal.c index a733017a4..123684aab 100644 --- a/testcode/petal.c +++ b/testcode/petal.c @@ -234,7 +234,9 @@ setup_ctx(char* key, char* cert) { SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); if(!ctx) print_exit("out of memory"); +#if SSL_OP_NO_SSLv2 != 0 (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); +#endif (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) print_exit("cannot read cert"); @@ -301,7 +303,7 @@ setup_ssl(int s, SSL_CTX* ctx) SSL* ssl = SSL_new(ctx); if(!ssl) return NULL; SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, s)) { SSL_free(ssl); return NULL; @@ -657,7 +659,9 @@ int main(int argc, char* argv[]) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index 668d6360b..65ea8d4bc 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -314,7 +314,7 @@ static int get_random(void) if (RAND_bytes((unsigned char*)&r, (int)sizeof(r)) == 1) { return r; } - return arc4random(); + return (int)arc4random(); } /** send the TCP queries and print answers */ @@ -485,7 +485,9 @@ int main(int argc, char** argv) ERR_load_SSL_strings(); #endif #if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) +# ifndef S_SPLINT_S OpenSSL_add_all_algorithms(); +# endif #else OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS diff --git a/testcode/testbound.c b/testcode/testbound.c index 246bc6735..4405231c0 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -65,6 +65,23 @@ /** config files (removed at exit) */ static struct config_strlist* cfgfiles = NULL; +#ifdef UNBOUND_ALLOC_STATS +# define strdup(s) unbound_stat_strdup_log(s, __FILE__, __LINE__, __func__) +char* unbound_stat_strdup_log(char* s, const char* file, int line, + const char* func); +char* unbound_stat_strdup_log(char* s, const char* file, int line, + const char* func) { + char* result; + size_t len; + if(!s) return NULL; + len = strlen(s); + log_info("%s:%d %s strdup(%u)", file, line, func, (unsigned)len+1); + result = unbound_stat_malloc(len+1); + memmove(result, s, len+1); + return result; +} +#endif /* UNBOUND_ALLOC_STATS */ + /** give commandline usage for testbound. */ static void testbound_usage(void) @@ -358,7 +375,7 @@ main(int argc, char* argv[]) testbound_selftest(); checklock_stop(); if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } exit(0); case '1': @@ -463,8 +480,14 @@ main(int argc, char* argv[]) free(pass_argv[c]); if(res == 0) { log_info("Testbound Exit Success\n"); + /* remove configfile from here, the atexit() is for when + * there is a crash to remove the tmpdir file. + * This one removes the file while alloc and log locks are + * still valid, and can be logged (for memory calculation), + * it leaves the ptr NULL so the atexit does nothing. */ + remove_configfile(); if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } #ifdef HAVE_PTHREAD /* dlopen frees its thread state (dlopen of gost engine) */ diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 6c90567aa..82c143967 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -704,6 +704,7 @@ static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) uint8_t* d; size_t dl, sl=0; char* snull = NULL; + int comprloop = 0; if(pktlen < LDNS_HEADER_SIZE) return 0; if(LDNS_QDCOUNT(pkt) == 0) @@ -711,7 +712,7 @@ static sldns_rr_type get_qtype(uint8_t* pkt, size_t pktlen) /* skip over dname with dname-scan routine */ d = pkt+LDNS_HEADER_SIZE; dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); + (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop); if(dl < 2) return 0; return sldns_read_uint16(d); @@ -723,6 +724,7 @@ static size_t get_qname_len(uint8_t* pkt, size_t pktlen) uint8_t* d; size_t dl, sl=0; char* snull = NULL; + int comprloop = 0; if(pktlen < LDNS_HEADER_SIZE) return 0; if(LDNS_QDCOUNT(pkt) == 0) @@ -730,7 +732,7 @@ static size_t get_qname_len(uint8_t* pkt, size_t pktlen) /* skip over dname with dname-scan routine */ d = pkt+LDNS_HEADER_SIZE; dl = pktlen-LDNS_HEADER_SIZE; - (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen); + (void)sldns_wire2str_dname_scan(&d, &dl, &snull, &sl, pkt, pktlen, &comprloop); return pktlen-dl-LDNS_HEADER_SIZE; } @@ -767,6 +769,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) size_t walk_len = plen, sl=0; char* snull = NULL; uint16_t i; + int comprloop = 0; if(walk_len < LDNS_HEADER_SIZE) return 0; @@ -776,10 +779,10 @@ static uint32_t get_serial(uint8_t* p, size_t plen) /* skip other records with wire2str_scan */ for(i=0; i < LDNS_QDCOUNT(p); i++) (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, p, plen); + &snull, &sl, p, plen, &comprloop); for(i=0; i < LDNS_ANCOUNT(p); i++) (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); + p, plen, &comprloop); /* walk through authority section */ for(i=0; i < LDNS_NSCOUNT(p); i++) { @@ -787,7 +790,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) uint8_t* dstart = walk; size_t dlen = walk_len; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - p, plen); + p, plen, &comprloop); if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_SOA) { /* skip type, class, TTL, rdatalen */ if(dlen < 10) @@ -798,9 +801,9 @@ static uint32_t get_serial(uint8_t* p, size_t plen) dlen -= 10; /* check third rdf */ (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); + &sl, p, plen, &comprloop); (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, - &sl, p, plen); + &sl, p, plen, &comprloop); if(dlen < 4) return 0; verbose(3, "found serial %u in msg. ", @@ -809,7 +812,7 @@ static uint32_t get_serial(uint8_t* p, size_t plen) } /* move to next RR */ (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - p, plen); + p, plen, &comprloop); } return 0; } @@ -823,6 +826,7 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) size_t wlen = *plen, sl=0; char* snull = NULL; uint16_t i; + int comprloop = 0; if(wlen < LDNS_HEADER_SIZE) return 0; @@ -832,11 +836,11 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) /* skip other records with wire2str_scan */ for(i=0; i < LDNS_QDCOUNT(*p); i++) (void)sldns_wire2str_rrquestion_scan(&w, &wlen, &snull, &sl, - *p, *plen); + *p, *plen, &comprloop); for(i=0; i < LDNS_ANCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); for(i=0; i < LDNS_NSCOUNT(*p); i++) - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); /* walk through additional section */ for(i=0; i < LDNS_ARCOUNT(*p); i++) { @@ -844,14 +848,14 @@ pkt_find_edns_opt(uint8_t** p, size_t* plen) uint8_t* dstart = w; size_t dlen = wlen; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - *p, *plen); + *p, *plen, &comprloop); if(dlen >= 2 && sldns_read_uint16(dstart) == LDNS_RR_TYPE_OPT) { *p = dstart+2; *plen = dlen-2; return 1; } /* move to next RR */ - (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen); + (void)sldns_wire2str_rr_scan(&w, &wlen, &snull, &sl, *p, *plen, &comprloop); } return 0; } @@ -889,25 +893,26 @@ zerottls(uint8_t* pkt, size_t pktlen) char* snull = NULL; uint16_t i; uint16_t num = LDNS_ANCOUNT(pkt)+LDNS_NSCOUNT(pkt)+LDNS_ARCOUNT(pkt); + int comprloop = 0; if(walk_len < LDNS_HEADER_SIZE) return; walk += LDNS_HEADER_SIZE; walk_len -= LDNS_HEADER_SIZE; for(i=0; i < LDNS_QDCOUNT(pkt); i++) (void)sldns_wire2str_rrquestion_scan(&walk, &walk_len, - &snull, &sl, pkt, pktlen); + &snull, &sl, pkt, pktlen, &comprloop); for(i=0; i < num; i++) { /* wipe TTL */ uint8_t* dstart = walk; size_t dlen = walk_len; (void)sldns_wire2str_dname_scan(&dstart, &dlen, &snull, &sl, - pkt, pktlen); + pkt, pktlen, &comprloop); if(dlen < 8) return; sldns_write_uint32(dstart+4, 0); /* go to next RR */ (void)sldns_wire2str_rr_scan(&walk, &walk_len, &snull, &sl, - pkt, pktlen); + pkt, pktlen, &comprloop); } } @@ -1347,10 +1352,11 @@ static int equal_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) char qs[512], ps[512]; size_t qslen = sizeof(qs), pslen = sizeof(ps); char* qss = qs, *pss = ps; + int comprloop = 0; if(!qn || !pn) return 0; - (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen); - (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen); + (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop); + (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop); return (strcmp(qs, ps) == 0); } @@ -1364,11 +1370,12 @@ static int subdomain_dname(uint8_t* q, size_t qlen, uint8_t* p, size_t plen) char qs[5120], ps[5120]; size_t qslen = sizeof(qs), pslen = sizeof(ps); char* qss = qs, *pss = ps; + int comprloop = 0; if(!qn || !pn) return 0; /* decompresses domain names */ - (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen); - (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen); + (void)sldns_wire2str_dname_scan(&qn, &qlen, &qss, &qslen, q, qlen, &comprloop); + (void)sldns_wire2str_dname_scan(&pn, &plen, &pss, &pslen, p, plen, &comprloop); /* same: false, (strict subdomain check)??? */ if(strcmp(qs, ps) == 0) return 1; diff --git a/testcode/unitmain.c b/testcode/unitmain.c index e28be8c83..e8e7a44c7 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -538,10 +538,8 @@ rnd_test(void) struct ub_randstate* r; int num = 1000, i; long int a[1000]; - unsigned int seed = (unsigned)time(NULL); unit_show_feature("ub_random"); - printf("ub_random seed is %u\n", seed); - unit_assert( (r = ub_initstate(seed, NULL)) ); + unit_assert( (r = ub_initstate(NULL)) ); for(i=0; i= 0); @@ -907,7 +905,7 @@ main(int argc, char* argv[]) ecs_test(); #endif /* CLIENT_SUBNET */ if(log_get_lock()) { - lock_quick_destroy((lock_quick_type*)log_get_lock()); + lock_basic_destroy((lock_basic_type*)log_get_lock()); } checklock_stop(); printf("%d checks ok.\n", testcount); diff --git a/testcode/unitregional.c b/testcode/unitregional.c index 49c8147c9..d21e2caa3 100644 --- a/testcode/unitregional.c +++ b/testcode/unitregional.c @@ -50,7 +50,9 @@ corner_cases(struct regional* r) size_t s; /* shadow count of allocated memory */ void* a; size_t minsize = sizeof(uint64_t); +#ifndef UNBOUND_ALLOC_NONREGIONAL size_t mysize; +#endif char* str; unit_assert(r); /* alloc cases: @@ -75,6 +77,7 @@ corner_cases(struct regional* r) s+=0; unit_assert(r->available == r->first_size - s); +#ifndef UNBOUND_ALLOC_NONREGIONAL a = regional_alloc(r, 1); unit_assert(a); memset(a, 0x42, 1); @@ -171,6 +174,7 @@ corner_cases(struct regional* r) memset(a, 0x42, mysize); unit_assert(a); unit_assert(r->available == 8); +#endif /* UNBOUND_ALLOC_NONREGIONAL */ /* test if really copied over */ str = "test12345"; diff --git a/testdata/auth_zonefile_dnssec_fail.rpl b/testdata/auth_zonefile_dnssec_fail.rpl index 49da19993..7e4e51de5 100644 --- a/testdata/auth_zonefile_dnssec_fail.rpl +++ b/testdata/auth_zonefile_dnssec_fail.rpl @@ -47,7 +47,9 @@ ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 ; this RR is edited to create the failure ;www.example.com. IN A 10.20.30.40 www.example.com. IN A 127.0.0.1 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +; also edits the signature to fail, without needing crypto checks. +;www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 28540 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} TEMPFILE_END diff --git a/testdata/dnscrypt_queries.tdir/1.cert b/testdata/dnscrypt_queries.tdir/1.cert deleted file mode 100644 index fbc529bfa..000000000 Binary files a/testdata/dnscrypt_queries.tdir/1.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries.tdir/1.key b/testdata/dnscrypt_queries.tdir/1.key deleted file mode 100644 index 165262c86..000000000 --- a/testdata/dnscrypt_queries.tdir/1.key +++ /dev/null @@ -1 +0,0 @@ -®öÝìK¬‡#‘€4ùsŽ pèÖôÁæÀx!¹»AŠ"mM \ No newline at end of file diff --git a/testdata/dnscrypt_queries.tdir/1_chacha.cert b/testdata/dnscrypt_queries.tdir/1_chacha.cert deleted file mode 100644 index 3da5c612d..000000000 Binary files a/testdata/dnscrypt_queries.tdir/1_chacha.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries.tdir/1_salsa.cert b/testdata/dnscrypt_queries.tdir/1_salsa.cert deleted file mode 100644 index 17e447fc3..000000000 Binary files a/testdata/dnscrypt_queries.tdir/1_salsa.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries.tdir/2.cert b/testdata/dnscrypt_queries.tdir/2.cert deleted file mode 100644 index ebf8ac108..000000000 Binary files a/testdata/dnscrypt_queries.tdir/2.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries.tdir/2.key b/testdata/dnscrypt_queries.tdir/2.key deleted file mode 100644 index c299f550a..000000000 --- a/testdata/dnscrypt_queries.tdir/2.key +++ /dev/null @@ -1 +0,0 @@ -m7Ÿñâƒx;‘%׸õé*•ÜR¯äÓ¯¹mDªñ \ No newline at end of file diff --git a/testdata/dnscrypt_queries.tdir/2_chacha.cert b/testdata/dnscrypt_queries.tdir/2_chacha.cert deleted file mode 100644 index ed4ec2606..000000000 Binary files a/testdata/dnscrypt_queries.tdir/2_chacha.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries.tdir/2_salsa.cert b/testdata/dnscrypt_queries.tdir/2_salsa.cert deleted file mode 100644 index 6e71fe978..000000000 Binary files a/testdata/dnscrypt_queries.tdir/2_salsa.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf deleted file mode 100644 index 355d4ff13..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.conf +++ /dev/null @@ -1,26 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - port: @PORT@ - interface: 0.0.0.0 - interface: 0.0.0.0@@DNSCRYPT_PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" - -dnscrypt: - dnscrypt-enable: yes - dnscrypt-port: @DNSCRYPT_PORT@ - dnscrypt-provider: 2.dnscrypt-cert.example.com. - dnscrypt-secret-key: 1.key - dnscrypt-secret-key: 2.key - dnscrypt-provider-cert: 1_salsa.cert - dnscrypt-provider-cert: 2_salsa.cert - diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc deleted file mode 100644 index e1e653e57..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: dnscrypt_queries -Version: 1.0 -Description: dnscrypt queries. -CreationDate: Fri Mar 03 10:08:08 CEST 2017 -Maintainer: Emmanuel Bretelle -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: dnscrypt_queries.pre -Post: dnscrypt_queries.post -Test: dnscrypt_queries.test -AuxFiles: -Passed: -Failure: diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post deleted file mode 100644 index b61480616..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.post +++ /dev/null @@ -1,20 +0,0 @@ -# #-- dnscrypt_queries.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -kill_pid $PROXY_PID diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre deleted file mode 100644 index 288a66541..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.pre +++ /dev/null @@ -1,53 +0,0 @@ -# #-- dnscrypt_queries.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -get_random_port 4 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -DNSCRYPT_PORT=$(($RND_PORT + 2)) -PROXY_PORT=$(($RND_PORT + 3)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test -echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test -echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \ - --resolver-address=127.0.0.1:${DNSCRYPT_PORT} \ - --provider-name=2.dnscrypt-cert.example.com \ - --provider-key=B85F:41A1:4F23:F7DB:C866:F397:CC6F:44B6:5F9D:65C5:B629:7C27:5403:A6E9:DCF2:4F9D \ - -m 32 \ - >dnscryptproxy.log 2>&1 & -PROXY_PID=$! -echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \ - -e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log -wait_server_up dnscryptproxy.log "Proxying from" diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test deleted file mode 100644 index 5614a444d..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.test +++ /dev/null @@ -1,107 +0,0 @@ -# #-- dnscrypt_queries.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - - -# do the test -for opt in '' '+tcp' -do - echo "> do queries ${opt}" - dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 & - digpid1=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 & - digpid2=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 & - digpid3=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 & - digpid4=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 & - digpid5=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 & - digpid6=$! - sleep 1 - kill -9 $digpid1 - kill -9 $digpid2 - kill -9 $digpid3 - kill -9 $digpid4 - kill -9 $digpid5 - kill -9 $digpid6 - - echo "> cat outfile1" - cat outfile1 - echo "> cat outfile2" - cat outfile2 - echo "> cat outfile3" - cat outfile3 - echo "> cat outfile4" - cat outfile4 - echo "> cat outfile5" - cat outfile5 - echo "> cat outfile6" - cat outfile6 - echo "> cat logfiles" - cat fwd.log - cat unbound.log - - echo "> check for ID bit collisions" - grep "pending reply" unbound.log > ids - numsend=`cat ids | wc -l` - cat ids | awk '{print $8};' | sort -u > ids2 - numuniq=`cat ids2 | wc -l` - if test $numuniq -ne $numsend; then - echo "got a ID number clash. could not do test, sorry" - exit 0 - fi - - echo "> check answers for queries" - if grep "10.20.30.40" outfile1; then - echo "1 is OK" - else - echo "1 is not OK" - exit 1 - fi - if grep "10.20.30.50" outfile2; then - echo "2 is OK" - else - echo "2 is not OK" - exit 1 - fi - if grep "10.20.30.60" outfile3; then - echo "3 is OK" - else - echo "3 is not OK" - exit 1 - fi - if grep "10.20.30.70" outfile4; then - echo "4 is OK" - else - echo "4 is not OK" - exit 1 - fi - if grep "10.20.30.80" outfile5; then - echo "5 is OK" - else - echo "5 is not OK" - exit 1 - fi - if grep "10.20.30.90" outfile6; then - echo "6 is OK" - else - echo "6 is not OK" - exit 1 - fi -done - -exit 0 diff --git a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns b/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns deleted file mode 100644 index f03c15f76..000000000 --- a/testdata/dnscrypt_queries.tdir/dnscrypt_queries.testns +++ /dev/null @@ -1,63 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www1 IN A -SECTION ANSWER -www1 IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www2 IN A -SECTION ANSWER -www2 IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www3 IN A -SECTION ANSWER -www3 IN A 10.20.30.60 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www4 IN A -SECTION ANSWER -www4 IN A 10.20.30.70 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www5 IN A -SECTION ANSWER -www5 IN A 10.20.30.80 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www6 IN A -SECTION ANSWER -www6 IN A 10.20.30.90 -ENTRY_END diff --git a/testdata/dnscrypt_queries_chacha.tdir/1.key b/testdata/dnscrypt_queries_chacha.tdir/1.key deleted file mode 100644 index 165262c86..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/1.key +++ /dev/null @@ -1 +0,0 @@ -®öÝìK¬‡#‘€4ùsŽ pèÖôÁæÀx!¹»AŠ"mM \ No newline at end of file diff --git a/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert b/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert deleted file mode 100644 index 3da5c612d..000000000 Binary files a/testdata/dnscrypt_queries_chacha.tdir/1_chacha.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert b/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert deleted file mode 100644 index 17e447fc3..000000000 Binary files a/testdata/dnscrypt_queries_chacha.tdir/1_salsa.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries_chacha.tdir/2.key b/testdata/dnscrypt_queries_chacha.tdir/2.key deleted file mode 100644 index c299f550a..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/2.key +++ /dev/null @@ -1 +0,0 @@ -m7Ÿñâƒx;‘%׸õé*•ÜR¯äÓ¯¹mDªñ \ No newline at end of file diff --git a/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert b/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert deleted file mode 100644 index ed4ec2606..000000000 Binary files a/testdata/dnscrypt_queries_chacha.tdir/2_chacha.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert b/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert deleted file mode 100644 index 6e71fe978..000000000 Binary files a/testdata/dnscrypt_queries_chacha.tdir/2_salsa.cert and /dev/null differ diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf deleted file mode 100644 index 9e269ba60..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.conf +++ /dev/null @@ -1,24 +0,0 @@ -server: - verbosity: 2 - # num-threads: 1 - port: @PORT@ - interface: 0.0.0.0 - interface: 0.0.0.0@@DNSCRYPT_PORT@ - use-syslog: no - directory: . - pidfile: "unbound.pid" - chroot: "" - username: "" - do-not-query-localhost: no - -forward-zone: - name: "." - forward-addr: "127.0.0.1@@TOPORT@" - -dnscrypt: - dnscrypt-enable: yes - dnscrypt-port: @DNSCRYPT_PORT@ - dnscrypt-provider: 2.dnscrypt-cert.example.com. - dnscrypt-secret-key: 2.key - dnscrypt-provider-cert: 2_salsa.cert - dnscrypt-provider-cert: 2_chacha.cert diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc deleted file mode 100644 index 372126bc3..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.dsc +++ /dev/null @@ -1,16 +0,0 @@ -BaseName: dnscrypt_queries_chacha -Version: 1.0 -Description: dnscrypt queries using xchacha -CreationDate: Thu Jun 01 10:08:08 CEST 2017 -Maintainer: Emmanuel Bretelle -Category: -Component: -CmdDepends: -Depends: -Help: -Pre: dnscrypt_queries_chacha.pre -Post: dnscrypt_queries_chacha.post -Test: dnscrypt_queries_chacha.test -AuxFiles: -Passed: -Failure: diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post deleted file mode 100644 index 1ca6a7e3f..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.post +++ /dev/null @@ -1,17 +0,0 @@ -# #-- dnscrypt_queries_chacha.post --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# source the test var file when it's there -[ -f .tpkg.var.test ] && source .tpkg.var.test -# -# do your teardown here -PRE="../.." -. ../common.sh - -# Check if we can run the test. -. ./precheck.sh - - -kill_pid $FWD_PID -kill_pid $UNBOUND_PID -kill_pid $PROXY_PID diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre deleted file mode 100644 index 6474c540d..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.pre +++ /dev/null @@ -1,52 +0,0 @@ -# #-- dnscrypt_queries_chacha.pre--# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# Check if we can run the test. -. ./precheck.sh - -get_random_port 4 -UNBOUND_PORT=$RND_PORT -FWD_PORT=$(($RND_PORT + 1)) -DNSCRYPT_PORT=$(($RND_PORT + 2)) -PROXY_PORT=$(($RND_PORT + 3)) -echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test -echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test -echo "DNSCRYPT_PORT=$DNSCRYPT_PORT" >> .tpkg.var.test -echo "PROXY_PORT=$PROXY_PORT" >> .tpkg.var.test - -# start forwarder -get_ldns_testns -$LDNS_TESTNS -p $FWD_PORT dnscrypt_queries_chacha.testns >fwd.log 2>&1 & -FWD_PID=$! -echo "FWD_PID=$FWD_PID" >> .tpkg.var.test - -dnscrypt-proxy --local-address=127.0.0.1:${PROXY_PORT} \ - --resolver-address=127.0.0.1:${DNSCRYPT_PORT} \ - --provider-name=2.dnscrypt-cert.example.com \ - --provider-key=C352:1F20:F2D2:FD65:B5F4:7BF6:6C1A:88C1:4BCB:80CE:1E3A:3572:5CB1:7D4B:12D3:E783 \ - -m 32 \ - >dnscryptproxy.log 2>&1 & -PROXY_PID=$! -echo "PROXY_PID=$PROXY_PID" >> .tpkg.var.test - -# make config file -sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' \ - -e 's/@DNSCRYPT_PORT\@/'$DNSCRYPT_PORT'/' < dnscrypt_queries_chacha.conf > ub.conf -# start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & -UNBOUND_PID=$! -echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test - -cat .tpkg.var.test -wait_ldns_testns_up fwd.log -wait_unbound_up unbound.log -wait_server_up dnscryptproxy.log "Proxying from" -if ! grep 'Using version 2.0 of the DNSCrypt protocol' dnscryptproxy.log; then - echo "Failed to select xchacha cert" - exit 1 -fi diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test deleted file mode 100644 index 455c506a0..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.test +++ /dev/null @@ -1,101 +0,0 @@ -# #-- dnscrypt_queries_chacha.test --# -# source the master var file when it's there -[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master -# use .tpkg.var.test for in test variable passing -[ -f .tpkg.var.test ] && source .tpkg.var.test - -PRE="../.." -. ../common.sh -# Check if we can run the test. -. ./precheck.sh - -# do the test -for opt in '' '+tcp' -do - echo "> do queries ${opt}" - dig @127.0.0.1 ${opt} -p $PROXY_PORT www1.example.com. >outfile1 & - digpid1=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www2.example.com. >outfile2 & - digpid2=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www3.example.com. >outfile3 & - digpid3=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www4.example.com. >outfile4 & - digpid4=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www5.example.com. >outfile5 & - digpid5=$! - dig @127.0.0.1 ${opt} -p $PROXY_PORT www6.example.com. >outfile6 & - digpid6=$! - sleep 1 - kill -9 $digpid1 - kill -9 $digpid2 - kill -9 $digpid3 - kill -9 $digpid4 - kill -9 $digpid5 - kill -9 $digpid6 - - echo "> cat outfile1" - cat outfile1 - echo "> cat outfile2" - cat outfile2 - echo "> cat outfile3" - cat outfile3 - echo "> cat outfile4" - cat outfile4 - echo "> cat outfile5" - cat outfile5 - echo "> cat outfile6" - cat outfile6 - echo "> cat logfiles" - cat fwd.log - cat unbound.log - - echo "> check for ID bit collisions" - grep "pending reply" unbound.log > ids - numsend=`cat ids | wc -l` - cat ids | awk '{print $8};' | sort -u > ids2 - numuniq=`cat ids2 | wc -l` - if test $numuniq -ne $numsend; then - echo "got a ID number clash. could not do test, sorry" - exit 0 - fi - - echo "> check answers for queries" - if grep "10.20.30.40" outfile1; then - echo "1 is OK" - else - echo "1 is not OK" - exit 1 - fi - if grep "10.20.30.50" outfile2; then - echo "2 is OK" - else - echo "2 is not OK" - exit 1 - fi - if grep "10.20.30.60" outfile3; then - echo "3 is OK" - else - echo "3 is not OK" - exit 1 - fi - if grep "10.20.30.70" outfile4; then - echo "4 is OK" - else - echo "4 is not OK" - exit 1 - fi - if grep "10.20.30.80" outfile5; then - echo "5 is OK" - else - echo "5 is not OK" - exit 1 - fi - if grep "10.20.30.90" outfile6; then - echo "6 is OK" - else - echo "6 is not OK" - exit 1 - fi -done - -exit 0 diff --git a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns b/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns deleted file mode 100644 index f03c15f76..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/dnscrypt_queries_chacha.testns +++ /dev/null @@ -1,63 +0,0 @@ -; nameserver test file -$ORIGIN example.com. -$TTL 3600 - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www1 IN A -SECTION ANSWER -www1 IN A 10.20.30.40 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www2 IN A -SECTION ANSWER -www2 IN A 10.20.30.50 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www3 IN A -SECTION ANSWER -www3 IN A 10.20.30.60 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www4 IN A -SECTION ANSWER -www4 IN A 10.20.30.70 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www5 IN A -SECTION ANSWER -www5 IN A 10.20.30.80 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -REPLY QR AA NOERROR -ADJUST copy_id -SECTION QUESTION -www6 IN A -SECTION ANSWER -www6 IN A 10.20.30.90 -ENTRY_END diff --git a/testdata/dnscrypt_queries_chacha.tdir/precheck.sh b/testdata/dnscrypt_queries_chacha.tdir/precheck.sh deleted file mode 100644 index 8288d9516..000000000 --- a/testdata/dnscrypt_queries_chacha.tdir/precheck.sh +++ /dev/null @@ -1,27 +0,0 @@ -# dnscrypt precheck.sh - -# if no dnscrypt; exit -if grep "define USE_DNSCRYPT 1" $PRE/config.h; then - echo "have dnscrypt" -else - echo "no dnscrypt" - exit 0 -fi - -# if no xchacha20 support in unbound; exit -if grep "define USE_DNSCRYPT_XCHACHA20 1" $PRE/config.h; then - echo "have xchacha20" - xchacha20=1 -else - echo "no xchacha20" - xchacha20=0 - exit 0 -fi - -# if dnscrypt-proxy does not support xchacha20; exit -if (dnscrypt-proxy -h 2>&1 | grep -q 'XChaCha20-Poly1305 cipher: present'); then - echo "dnscrypt-proxy has xchacha20" -else - echo "dnscrypt-proxy does not have xchacha20" - exit 0 -fi diff --git a/testdata/remote-threaded.tdir/remote-threaded.test b/testdata/remote-threaded.tdir/remote-threaded.test index 7392fa909..e2f6b2783 100644 --- a/testdata/remote-threaded.tdir/remote-threaded.test +++ b/testdata/remote-threaded.tdir/remote-threaded.test @@ -25,7 +25,7 @@ if grep "10.20.30.40" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -37,7 +37,7 @@ $PRE/unbound-control -c ub.conf blablargh if test $? -ne 1; then echo "wrong exit value on error." echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log exit 1 else @@ -61,7 +61,7 @@ if grep "5.6.7.8" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -72,6 +72,8 @@ echo "$PRE/unbound-control -c ub.conf stats" $PRE/unbound-control -c ub.conf stats > tmp.$$ if test $? -ne 0; then echo "wrong exit value after success" + cat fwd.log + cat unbound.log exit 1 fi if grep "^total.num.queries=[1-9][0-9]*$" tmp.$$; then @@ -90,7 +92,7 @@ if test $? -ne 0; then exit 1 fi -# check syntax error in parse +# check syntax error in parse echo "$PRE/unbound-control -c ub.conf verbosity jkdf" $PRE/unbound-control -c ub.conf verbosity jkdf if test $? -ne 1; then @@ -135,7 +137,7 @@ if grep "192.0.2.1" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -149,7 +151,7 @@ if grep "NXDOMAIN" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -169,7 +171,7 @@ if grep "NXDOMAIN" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -189,7 +191,7 @@ if grep "SERVFAIL" outfile; then echo "OK" else echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "Not OK" exit 1 @@ -216,7 +218,7 @@ else exit 1 fi -# test lookup +# test lookup echo "$PRE/unbound-control -c ub.conf lookup www.example.com" $PRE/unbound-control -c ub.conf lookup www.example.com if test $? -ne 0; then @@ -282,7 +284,7 @@ done if kill -0 $UNBOUND_PID; then echo "still up!" echo "> cat logfiles" - cat fwd.log + cat fwd.log cat unbound.log echo "not stopped, failure" exit 1 @@ -294,7 +296,7 @@ else echo "lock-verify test worked." else echo "lock-verify test failed." - cat fwd.log + cat fwd.log cat unbound.log exit 1 fi @@ -302,7 +304,7 @@ else fi echo "> cat logfiles" -cat fwd.log +cat fwd.log cat unbound.log echo "> OK" exit 0 diff --git a/util/config_file.c b/util/config_file.c index f8b123f6f..027228135 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -582,7 +582,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("aggressive-nsec:", aggressive_nsec) else S_YNO("ignore-cd-flag:", ignore_cd) else S_YNO("serve-expired:", serve_expired) - else if(strcmp(opt, "serve_expired_ttl:") == 0) + else if(strcmp(opt, "serve-expired-ttl:") == 0) { IS_NUMBER_OR_ZERO; cfg->serve_expired_ttl = atoi(val); SERVE_EXPIRED_TTL=(time_t)cfg->serve_expired_ttl;} else S_YNO("serve-expired-ttl-reset:", serve_expired_ttl_reset) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) diff --git a/util/configlexer.c b/util/configlexer.c index 0be116cf1..462820cef 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -2811,8 +2811,7 @@ static void config_start_include_glob(const char* filename) /* check for wildcards */ #ifdef HAVE_GLOB glob_t g; - size_t i; - int r, flags; + int i, r, flags; if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && !strchr(filename, '{') && !strchr(filename, '~'))) { flags = 0 @@ -2843,7 +2842,7 @@ static void config_start_include_glob(const char* filename) return; } /* process files found, if any */ - for(i=0; i<(size_t)g.gl_pathc; i++) { + for(i=(int)g.gl_pathc-1; i>=0; i--) { config_start_include(g.gl_pathv[i]); } globfree(&g); @@ -2877,18 +2876,18 @@ static void config_end_include(void) } #endif -#line 2879 "" +#line 2878 "" #define YY_NO_INPUT 1 -#line 185 "./util/configlexer.lex" +#line 184 "./util/configlexer.lex" #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 2888 "" +#line 2887 "" -#line 2890 "" +#line 2889 "" #define INITIAL 0 #define quotedstring 1 @@ -3108,9 +3107,9 @@ YY_DECL } { -#line 205 "./util/configlexer.lex" +#line 204 "./util/configlexer.lex" -#line 3112 "" +#line 3111 "" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -3175,1425 +3174,1425 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 206 "./util/configlexer.lex" +#line 205 "./util/configlexer.lex" { LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP -#line 208 "./util/configlexer.lex" +#line 207 "./util/configlexer.lex" { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK case 3: YY_RULE_SETUP -#line 211 "./util/configlexer.lex" +#line 210 "./util/configlexer.lex" { YDVAR(0, VAR_SERVER) } YY_BREAK case 4: YY_RULE_SETUP -#line 212 "./util/configlexer.lex" +#line 211 "./util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION) } YY_BREAK case 5: YY_RULE_SETUP -#line 213 "./util/configlexer.lex" +#line 212 "./util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } YY_BREAK case 6: YY_RULE_SETUP -#line 214 "./util/configlexer.lex" +#line 213 "./util/configlexer.lex" { YDVAR(1, VAR_NUM_THREADS) } YY_BREAK case 7: YY_RULE_SETUP -#line 215 "./util/configlexer.lex" +#line 214 "./util/configlexer.lex" { YDVAR(1, VAR_VERBOSITY) } YY_BREAK case 8: YY_RULE_SETUP -#line 216 "./util/configlexer.lex" +#line 215 "./util/configlexer.lex" { YDVAR(1, VAR_PORT) } YY_BREAK case 9: YY_RULE_SETUP -#line 217 "./util/configlexer.lex" +#line 216 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_RANGE) } YY_BREAK case 10: YY_RULE_SETUP -#line 218 "./util/configlexer.lex" +#line 217 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } YY_BREAK case 11: YY_RULE_SETUP -#line 219 "./util/configlexer.lex" +#line 218 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } YY_BREAK case 12: YY_RULE_SETUP -#line 220 "./util/configlexer.lex" +#line 219 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_NUM_TCP) } YY_BREAK case 13: YY_RULE_SETUP -#line 221 "./util/configlexer.lex" +#line 220 "./util/configlexer.lex" { YDVAR(1, VAR_INCOMING_NUM_TCP) } YY_BREAK case 14: YY_RULE_SETUP -#line 222 "./util/configlexer.lex" +#line 221 "./util/configlexer.lex" { YDVAR(1, VAR_DO_IP4) } YY_BREAK case 15: YY_RULE_SETUP -#line 223 "./util/configlexer.lex" +#line 222 "./util/configlexer.lex" { YDVAR(1, VAR_DO_IP6) } YY_BREAK case 16: YY_RULE_SETUP -#line 224 "./util/configlexer.lex" +#line 223 "./util/configlexer.lex" { YDVAR(1, VAR_PREFER_IP6) } YY_BREAK case 17: YY_RULE_SETUP -#line 225 "./util/configlexer.lex" +#line 224 "./util/configlexer.lex" { YDVAR(1, VAR_DO_UDP) } YY_BREAK case 18: YY_RULE_SETUP -#line 226 "./util/configlexer.lex" +#line 225 "./util/configlexer.lex" { YDVAR(1, VAR_DO_TCP) } YY_BREAK case 19: YY_RULE_SETUP -#line 227 "./util/configlexer.lex" +#line 226 "./util/configlexer.lex" { YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 20: YY_RULE_SETUP -#line 228 "./util/configlexer.lex" +#line 227 "./util/configlexer.lex" { YDVAR(1, VAR_TCP_MSS) } YY_BREAK case 21: YY_RULE_SETUP -#line 229 "./util/configlexer.lex" +#line 228 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_TCP_MSS) } YY_BREAK case 22: YY_RULE_SETUP -#line 230 "./util/configlexer.lex" +#line 229 "./util/configlexer.lex" { YDVAR(1, VAR_TCP_IDLE_TIMEOUT) } YY_BREAK case 23: YY_RULE_SETUP -#line 231 "./util/configlexer.lex" +#line 230 "./util/configlexer.lex" { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE) } YY_BREAK case 24: YY_RULE_SETUP -#line 232 "./util/configlexer.lex" +#line 231 "./util/configlexer.lex" { YDVAR(1, VAR_EDNS_TCP_KEEPALIVE_TIMEOUT) } YY_BREAK case 25: YY_RULE_SETUP -#line 233 "./util/configlexer.lex" +#line 232 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 26: YY_RULE_SETUP -#line 234 "./util/configlexer.lex" +#line 233 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 27: YY_RULE_SETUP -#line 235 "./util/configlexer.lex" +#line 234 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 28: YY_RULE_SETUP -#line 236 "./util/configlexer.lex" +#line 235 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK case 29: YY_RULE_SETUP -#line 237 "./util/configlexer.lex" +#line 236 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 30: YY_RULE_SETUP -#line 238 "./util/configlexer.lex" +#line 237 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK case 31: YY_RULE_SETUP -#line 239 "./util/configlexer.lex" +#line 238 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 32: YY_RULE_SETUP -#line 240 "./util/configlexer.lex" +#line 239 "./util/configlexer.lex" { YDVAR(1, VAR_SSL_PORT) } YY_BREAK case 33: YY_RULE_SETUP -#line 241 "./util/configlexer.lex" +#line 240 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 34: YY_RULE_SETUP -#line 242 "./util/configlexer.lex" +#line 241 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK case 35: YY_RULE_SETUP -#line 243 "./util/configlexer.lex" +#line 242 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_WIN_CERT) } YY_BREAK case 36: YY_RULE_SETUP -#line 244 "./util/configlexer.lex" +#line 243 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 37: YY_RULE_SETUP -#line 245 "./util/configlexer.lex" +#line 244 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 38: YY_RULE_SETUP -#line 246 "./util/configlexer.lex" +#line 245 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 39: YY_RULE_SETUP -#line 247 "./util/configlexer.lex" +#line 246 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_ADDITIONAL_PORT) } YY_BREAK case 40: YY_RULE_SETUP -#line 248 "./util/configlexer.lex" +#line 247 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } YY_BREAK case 41: YY_RULE_SETUP -#line 249 "./util/configlexer.lex" +#line 248 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CIPHERS) } YY_BREAK case 42: YY_RULE_SETUP -#line 250 "./util/configlexer.lex" +#line 249 "./util/configlexer.lex" { YDVAR(1, VAR_TLS_CIPHERSUITES) } YY_BREAK case 43: YY_RULE_SETUP -#line 251 "./util/configlexer.lex" +#line 250 "./util/configlexer.lex" { YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK case 44: YY_RULE_SETUP -#line 252 "./util/configlexer.lex" +#line 251 "./util/configlexer.lex" { YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 45: YY_RULE_SETUP -#line 253 "./util/configlexer.lex" +#line 252 "./util/configlexer.lex" { YDVAR(1, VAR_INTERFACE) } YY_BREAK case 46: YY_RULE_SETUP -#line 254 "./util/configlexer.lex" +#line 253 "./util/configlexer.lex" { YDVAR(1, VAR_INTERFACE) } YY_BREAK case 47: YY_RULE_SETUP -#line 255 "./util/configlexer.lex" +#line 254 "./util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 48: YY_RULE_SETUP -#line 256 "./util/configlexer.lex" +#line 255 "./util/configlexer.lex" { YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 49: YY_RULE_SETUP -#line 257 "./util/configlexer.lex" +#line 256 "./util/configlexer.lex" { YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 50: YY_RULE_SETUP -#line 258 "./util/configlexer.lex" +#line 257 "./util/configlexer.lex" { YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 51: YY_RULE_SETUP -#line 259 "./util/configlexer.lex" +#line 258 "./util/configlexer.lex" { YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 52: YY_RULE_SETUP -#line 260 "./util/configlexer.lex" +#line 259 "./util/configlexer.lex" { YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 53: YY_RULE_SETUP -#line 261 "./util/configlexer.lex" +#line 260 "./util/configlexer.lex" { YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 54: YY_RULE_SETUP -#line 262 "./util/configlexer.lex" +#line 261 "./util/configlexer.lex" { YDVAR(1, VAR_CHROOT) } YY_BREAK case 55: YY_RULE_SETUP -#line 263 "./util/configlexer.lex" +#line 262 "./util/configlexer.lex" { YDVAR(1, VAR_USERNAME) } YY_BREAK case 56: YY_RULE_SETUP -#line 264 "./util/configlexer.lex" +#line 263 "./util/configlexer.lex" { YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 57: YY_RULE_SETUP -#line 265 "./util/configlexer.lex" +#line 264 "./util/configlexer.lex" { YDVAR(1, VAR_LOGFILE) } YY_BREAK case 58: YY_RULE_SETUP -#line 266 "./util/configlexer.lex" +#line 265 "./util/configlexer.lex" { YDVAR(1, VAR_PIDFILE) } YY_BREAK case 59: YY_RULE_SETUP -#line 267 "./util/configlexer.lex" +#line 266 "./util/configlexer.lex" { YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 60: YY_RULE_SETUP -#line 268 "./util/configlexer.lex" +#line 267 "./util/configlexer.lex" { YDVAR(1, VAR_STREAM_WAIT_SIZE) } YY_BREAK case 61: YY_RULE_SETUP -#line 269 "./util/configlexer.lex" +#line 268 "./util/configlexer.lex" { YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 62: YY_RULE_SETUP -#line 270 "./util/configlexer.lex" +#line 269 "./util/configlexer.lex" { YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 63: YY_RULE_SETUP -#line 271 "./util/configlexer.lex" +#line 270 "./util/configlexer.lex" { YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 64: YY_RULE_SETUP -#line 272 "./util/configlexer.lex" +#line 271 "./util/configlexer.lex" { YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 65: YY_RULE_SETUP -#line 273 "./util/configlexer.lex" +#line 272 "./util/configlexer.lex" { YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 66: YY_RULE_SETUP -#line 274 "./util/configlexer.lex" +#line 273 "./util/configlexer.lex" { YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 67: YY_RULE_SETUP -#line 275 "./util/configlexer.lex" +#line 274 "./util/configlexer.lex" { YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 68: YY_RULE_SETUP -#line 276 "./util/configlexer.lex" +#line 275 "./util/configlexer.lex" { YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 69: YY_RULE_SETUP -#line 277 "./util/configlexer.lex" +#line 276 "./util/configlexer.lex" { YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 70: YY_RULE_SETUP -#line 278 "./util/configlexer.lex" +#line 277 "./util/configlexer.lex" { YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 71: YY_RULE_SETUP -#line 279 "./util/configlexer.lex" +#line 278 "./util/configlexer.lex" { YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 72: YY_RULE_SETUP -#line 280 "./util/configlexer.lex" +#line 279 "./util/configlexer.lex" { YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 73: YY_RULE_SETUP -#line 281 "./util/configlexer.lex" +#line 280 "./util/configlexer.lex" { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 74: YY_RULE_SETUP -#line 282 "./util/configlexer.lex" +#line 281 "./util/configlexer.lex" { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 75: YY_RULE_SETUP -#line 283 "./util/configlexer.lex" +#line 282 "./util/configlexer.lex" { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 76: YY_RULE_SETUP -#line 284 "./util/configlexer.lex" +#line 283 "./util/configlexer.lex" { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 77: YY_RULE_SETUP -#line 285 "./util/configlexer.lex" +#line 284 "./util/configlexer.lex" { YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 78: YY_RULE_SETUP -#line 286 "./util/configlexer.lex" +#line 285 "./util/configlexer.lex" { YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 79: YY_RULE_SETUP -#line 287 "./util/configlexer.lex" +#line 286 "./util/configlexer.lex" { YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 80: YY_RULE_SETUP -#line 288 "./util/configlexer.lex" +#line 287 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 81: YY_RULE_SETUP -#line 289 "./util/configlexer.lex" +#line 288 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 82: YY_RULE_SETUP -#line 290 "./util/configlexer.lex" +#line 289 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 83: YY_RULE_SETUP -#line 291 "./util/configlexer.lex" +#line 290 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 84: YY_RULE_SETUP -#line 292 "./util/configlexer.lex" +#line 291 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 85: YY_RULE_SETUP -#line 293 "./util/configlexer.lex" +#line 292 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 86: YY_RULE_SETUP -#line 294 "./util/configlexer.lex" +#line 293 "./util/configlexer.lex" { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 87: YY_RULE_SETUP -#line 295 "./util/configlexer.lex" +#line 294 "./util/configlexer.lex" { YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 88: YY_RULE_SETUP -#line 296 "./util/configlexer.lex" +#line 295 "./util/configlexer.lex" { YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 89: YY_RULE_SETUP -#line 297 "./util/configlexer.lex" +#line 296 "./util/configlexer.lex" { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 90: YY_RULE_SETUP -#line 298 "./util/configlexer.lex" +#line 297 "./util/configlexer.lex" { YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 91: YY_RULE_SETUP -#line 299 "./util/configlexer.lex" +#line 298 "./util/configlexer.lex" { YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 92: YY_RULE_SETUP -#line 300 "./util/configlexer.lex" +#line 299 "./util/configlexer.lex" { YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 93: YY_RULE_SETUP -#line 301 "./util/configlexer.lex" +#line 300 "./util/configlexer.lex" { YDVAR(1, VAR_PREFETCH) } YY_BREAK case 94: YY_RULE_SETUP -#line 302 "./util/configlexer.lex" +#line 301 "./util/configlexer.lex" { YDVAR(1, VAR_DENY_ANY) } YY_BREAK case 95: YY_RULE_SETUP -#line 303 "./util/configlexer.lex" +#line 302 "./util/configlexer.lex" { YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 96: YY_RULE_SETUP -#line 304 "./util/configlexer.lex" +#line 303 "./util/configlexer.lex" { YDVAR(1, VAR_NAME) } YY_BREAK case 97: YY_RULE_SETUP -#line 305 "./util/configlexer.lex" +#line 304 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 98: YY_RULE_SETUP -#line 306 "./util/configlexer.lex" +#line 305 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 99: YY_RULE_SETUP -#line 307 "./util/configlexer.lex" +#line 306 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 100: YY_RULE_SETUP -#line 308 "./util/configlexer.lex" +#line 307 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 101: YY_RULE_SETUP -#line 309 "./util/configlexer.lex" +#line 308 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_NO_CACHE) } YY_BREAK case 102: YY_RULE_SETUP -#line 310 "./util/configlexer.lex" +#line 309 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 103: YY_RULE_SETUP -#line 311 "./util/configlexer.lex" +#line 310 "./util/configlexer.lex" { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 104: YY_RULE_SETUP -#line 312 "./util/configlexer.lex" +#line 311 "./util/configlexer.lex" { YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 105: YY_RULE_SETUP -#line 313 "./util/configlexer.lex" +#line 312 "./util/configlexer.lex" { YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 106: YY_RULE_SETUP -#line 314 "./util/configlexer.lex" +#line 313 "./util/configlexer.lex" { YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 107: YY_RULE_SETUP -#line 315 "./util/configlexer.lex" +#line 314 "./util/configlexer.lex" { YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 108: YY_RULE_SETUP -#line 316 "./util/configlexer.lex" +#line 315 "./util/configlexer.lex" { YDVAR(1, VAR_FORWARD_NO_CACHE) } YY_BREAK case 109: YY_RULE_SETUP -#line 317 "./util/configlexer.lex" +#line 316 "./util/configlexer.lex" { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 110: YY_RULE_SETUP -#line 318 "./util/configlexer.lex" +#line 317 "./util/configlexer.lex" { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 111: YY_RULE_SETUP -#line 319 "./util/configlexer.lex" +#line 318 "./util/configlexer.lex" { YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK case 112: YY_RULE_SETUP -#line 320 "./util/configlexer.lex" +#line 319 "./util/configlexer.lex" { YDVAR(0, VAR_RPZ) } YY_BREAK case 113: YY_RULE_SETUP -#line 321 "./util/configlexer.lex" +#line 320 "./util/configlexer.lex" { YDVAR(1, VAR_TAGS) } YY_BREAK case 114: YY_RULE_SETUP -#line 322 "./util/configlexer.lex" +#line 321 "./util/configlexer.lex" { YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } YY_BREAK case 115: YY_RULE_SETUP -#line 323 "./util/configlexer.lex" +#line 322 "./util/configlexer.lex" { YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } YY_BREAK case 116: YY_RULE_SETUP -#line 324 "./util/configlexer.lex" +#line 323 "./util/configlexer.lex" { YDVAR(1, VAR_RPZ_LOG) } YY_BREAK case 117: YY_RULE_SETUP -#line 325 "./util/configlexer.lex" +#line 324 "./util/configlexer.lex" { YDVAR(1, VAR_RPZ_LOG_NAME) } YY_BREAK case 118: YY_RULE_SETUP -#line 326 "./util/configlexer.lex" +#line 325 "./util/configlexer.lex" { YDVAR(1, VAR_ZONEFILE) } YY_BREAK case 119: YY_RULE_SETUP -#line 327 "./util/configlexer.lex" +#line 326 "./util/configlexer.lex" { YDVAR(1, VAR_MASTER) } YY_BREAK case 120: YY_RULE_SETUP -#line 328 "./util/configlexer.lex" +#line 327 "./util/configlexer.lex" { YDVAR(1, VAR_URL) } YY_BREAK case 121: YY_RULE_SETUP -#line 329 "./util/configlexer.lex" +#line 328 "./util/configlexer.lex" { YDVAR(1, VAR_ALLOW_NOTIFY) } YY_BREAK case 122: YY_RULE_SETUP -#line 330 "./util/configlexer.lex" +#line 329 "./util/configlexer.lex" { YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK case 123: YY_RULE_SETUP -#line 331 "./util/configlexer.lex" +#line 330 "./util/configlexer.lex" { YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK case 124: YY_RULE_SETUP -#line 332 "./util/configlexer.lex" +#line 331 "./util/configlexer.lex" { YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK case 125: YY_RULE_SETUP -#line 333 "./util/configlexer.lex" +#line 332 "./util/configlexer.lex" { YDVAR(0, VAR_VIEW) } YY_BREAK case 126: YY_RULE_SETUP -#line 334 "./util/configlexer.lex" +#line 333 "./util/configlexer.lex" { YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 127: YY_RULE_SETUP -#line 335 "./util/configlexer.lex" +#line 334 "./util/configlexer.lex" { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 128: YY_RULE_SETUP -#line 336 "./util/configlexer.lex" +#line 335 "./util/configlexer.lex" { YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 129: YY_RULE_SETUP -#line 337 "./util/configlexer.lex" +#line 336 "./util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 130: YY_RULE_SETUP -#line 338 "./util/configlexer.lex" +#line 337 "./util/configlexer.lex" { YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 131: YY_RULE_SETUP -#line 339 "./util/configlexer.lex" +#line 338 "./util/configlexer.lex" { YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK case 132: YY_RULE_SETUP -#line 340 "./util/configlexer.lex" +#line 339 "./util/configlexer.lex" { YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 133: YY_RULE_SETUP -#line 341 "./util/configlexer.lex" +#line 340 "./util/configlexer.lex" { YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 134: YY_RULE_SETUP -#line 342 "./util/configlexer.lex" +#line 341 "./util/configlexer.lex" { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 135: YY_RULE_SETUP -#line 343 "./util/configlexer.lex" +#line 342 "./util/configlexer.lex" { YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 136: YY_RULE_SETUP -#line 344 "./util/configlexer.lex" +#line 343 "./util/configlexer.lex" { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } YY_BREAK case 137: YY_RULE_SETUP -#line 345 "./util/configlexer.lex" +#line 344 "./util/configlexer.lex" { YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } YY_BREAK case 138: YY_RULE_SETUP -#line 346 "./util/configlexer.lex" +#line 345 "./util/configlexer.lex" { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } YY_BREAK case 139: YY_RULE_SETUP -#line 347 "./util/configlexer.lex" +#line 346 "./util/configlexer.lex" { YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } YY_BREAK case 140: YY_RULE_SETUP -#line 348 "./util/configlexer.lex" +#line 347 "./util/configlexer.lex" { YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 141: YY_RULE_SETUP -#line 349 "./util/configlexer.lex" +#line 348 "./util/configlexer.lex" { YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 142: YY_RULE_SETUP -#line 350 "./util/configlexer.lex" +#line 349 "./util/configlexer.lex" { YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 143: YY_RULE_SETUP -#line 351 "./util/configlexer.lex" +#line 350 "./util/configlexer.lex" { YDVAR(1, VAR_IDENTITY) } YY_BREAK case 144: YY_RULE_SETUP -#line 352 "./util/configlexer.lex" +#line 351 "./util/configlexer.lex" { YDVAR(1, VAR_VERSION) } YY_BREAK case 145: YY_RULE_SETUP -#line 353 "./util/configlexer.lex" +#line 352 "./util/configlexer.lex" { YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 146: YY_RULE_SETUP -#line 354 "./util/configlexer.lex" +#line 353 "./util/configlexer.lex" { YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 147: YY_RULE_SETUP -#line 355 "./util/configlexer.lex" +#line 354 "./util/configlexer.lex" { YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 148: YY_RULE_SETUP -#line 356 "./util/configlexer.lex" +#line 355 "./util/configlexer.lex" { YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 149: YY_RULE_SETUP -#line 357 "./util/configlexer.lex" +#line 356 "./util/configlexer.lex" { YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 150: YY_RULE_SETUP -#line 358 "./util/configlexer.lex" +#line 357 "./util/configlexer.lex" { YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 151: YY_RULE_SETUP -#line 359 "./util/configlexer.lex" +#line 358 "./util/configlexer.lex" { YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 152: YY_RULE_SETUP -#line 360 "./util/configlexer.lex" +#line 359 "./util/configlexer.lex" { YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK case 153: YY_RULE_SETUP -#line 361 "./util/configlexer.lex" +#line 360 "./util/configlexer.lex" { YDVAR(1, VAR_ROOT_KEY_SENTINEL) } YY_BREAK case 154: YY_RULE_SETUP -#line 362 "./util/configlexer.lex" +#line 361 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 155: YY_RULE_SETUP -#line 363 "./util/configlexer.lex" +#line 362 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 156: YY_RULE_SETUP -#line 364 "./util/configlexer.lex" +#line 363 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 157: YY_RULE_SETUP -#line 365 "./util/configlexer.lex" +#line 364 "./util/configlexer.lex" { YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 158: YY_RULE_SETUP -#line 366 "./util/configlexer.lex" +#line 365 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 159: YY_RULE_SETUP -#line 367 "./util/configlexer.lex" +#line 366 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 160: YY_RULE_SETUP -#line 368 "./util/configlexer.lex" +#line 367 "./util/configlexer.lex" { YDVAR(1, VAR_AGGRESSIVE_NSEC) } YY_BREAK case 161: YY_RULE_SETUP -#line 369 "./util/configlexer.lex" +#line 368 "./util/configlexer.lex" { YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 162: YY_RULE_SETUP -#line 370 "./util/configlexer.lex" +#line 369 "./util/configlexer.lex" { YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 163: YY_RULE_SETUP -#line 371 "./util/configlexer.lex" +#line 370 "./util/configlexer.lex" { YDVAR(1, VAR_SERVE_EXPIRED_TTL) } YY_BREAK case 164: YY_RULE_SETUP -#line 372 "./util/configlexer.lex" +#line 371 "./util/configlexer.lex" { YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } YY_BREAK case 165: YY_RULE_SETUP -#line 373 "./util/configlexer.lex" +#line 372 "./util/configlexer.lex" { YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 166: YY_RULE_SETUP -#line 374 "./util/configlexer.lex" +#line 373 "./util/configlexer.lex" { YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 167: YY_RULE_SETUP -#line 375 "./util/configlexer.lex" +#line 374 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 168: YY_RULE_SETUP -#line 376 "./util/configlexer.lex" +#line 375 "./util/configlexer.lex" { YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 169: YY_RULE_SETUP -#line 377 "./util/configlexer.lex" +#line 376 "./util/configlexer.lex" { YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 170: YY_RULE_SETUP -#line 378 "./util/configlexer.lex" +#line 377 "./util/configlexer.lex" { YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 171: YY_RULE_SETUP -#line 379 "./util/configlexer.lex" +#line 378 "./util/configlexer.lex" { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 172: YY_RULE_SETUP -#line 381 "./util/configlexer.lex" +#line 380 "./util/configlexer.lex" { YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 173: YY_RULE_SETUP -#line 382 "./util/configlexer.lex" +#line 381 "./util/configlexer.lex" { YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 174: YY_RULE_SETUP -#line 383 "./util/configlexer.lex" +#line 382 "./util/configlexer.lex" { YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 175: YY_RULE_SETUP -#line 384 "./util/configlexer.lex" +#line 383 "./util/configlexer.lex" { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 176: YY_RULE_SETUP -#line 385 "./util/configlexer.lex" +#line 384 "./util/configlexer.lex" { YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 177: YY_RULE_SETUP -#line 386 "./util/configlexer.lex" +#line 385 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 178: YY_RULE_SETUP -#line 387 "./util/configlexer.lex" +#line 386 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 179: YY_RULE_SETUP -#line 388 "./util/configlexer.lex" +#line 387 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 180: YY_RULE_SETUP -#line 389 "./util/configlexer.lex" +#line 388 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 181: YY_RULE_SETUP -#line 390 "./util/configlexer.lex" +#line 389 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK case 182: YY_RULE_SETUP -#line 391 "./util/configlexer.lex" +#line 390 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK case 183: YY_RULE_SETUP -#line 392 "./util/configlexer.lex" +#line 391 "./util/configlexer.lex" { YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK case 184: YY_RULE_SETUP -#line 393 "./util/configlexer.lex" +#line 392 "./util/configlexer.lex" { YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 185: YY_RULE_SETUP -#line 394 "./util/configlexer.lex" +#line 393 "./util/configlexer.lex" { YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 186: YY_RULE_SETUP -#line 395 "./util/configlexer.lex" +#line 394 "./util/configlexer.lex" { YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 187: YY_RULE_SETUP -#line 396 "./util/configlexer.lex" +#line 395 "./util/configlexer.lex" { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 188: YY_RULE_SETUP -#line 397 "./util/configlexer.lex" +#line 396 "./util/configlexer.lex" { YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 189: YY_RULE_SETUP -#line 398 "./util/configlexer.lex" +#line 397 "./util/configlexer.lex" { YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 190: YY_RULE_SETUP -#line 399 "./util/configlexer.lex" +#line 398 "./util/configlexer.lex" { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 191: YY_RULE_SETUP -#line 400 "./util/configlexer.lex" +#line 399 "./util/configlexer.lex" { YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 192: YY_RULE_SETUP -#line 401 "./util/configlexer.lex" +#line 400 "./util/configlexer.lex" { YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 193: YY_RULE_SETUP -#line 402 "./util/configlexer.lex" +#line 401 "./util/configlexer.lex" { YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 194: YY_RULE_SETUP -#line 403 "./util/configlexer.lex" +#line 402 "./util/configlexer.lex" { YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 195: YY_RULE_SETUP -#line 404 "./util/configlexer.lex" +#line 403 "./util/configlexer.lex" { YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 196: YY_RULE_SETUP -#line 405 "./util/configlexer.lex" +#line 404 "./util/configlexer.lex" { YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 197: YY_RULE_SETUP -#line 406 "./util/configlexer.lex" +#line 405 "./util/configlexer.lex" { YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 198: YY_RULE_SETUP -#line 407 "./util/configlexer.lex" +#line 406 "./util/configlexer.lex" { YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 199: YY_RULE_SETUP -#line 408 "./util/configlexer.lex" +#line 407 "./util/configlexer.lex" { YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 200: YY_RULE_SETUP -#line 409 "./util/configlexer.lex" +#line 408 "./util/configlexer.lex" { YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 201: YY_RULE_SETUP -#line 410 "./util/configlexer.lex" +#line 409 "./util/configlexer.lex" { YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 202: YY_RULE_SETUP -#line 411 "./util/configlexer.lex" +#line 410 "./util/configlexer.lex" { YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 203: YY_RULE_SETUP -#line 412 "./util/configlexer.lex" +#line 411 "./util/configlexer.lex" { YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 204: YY_RULE_SETUP -#line 413 "./util/configlexer.lex" +#line 412 "./util/configlexer.lex" { YDVAR(0, VAR_PYTHON) } YY_BREAK case 205: YY_RULE_SETUP -#line 414 "./util/configlexer.lex" +#line 413 "./util/configlexer.lex" { YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 206: YY_RULE_SETUP -#line 415 "./util/configlexer.lex" +#line 414 "./util/configlexer.lex" { YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 207: YY_RULE_SETUP -#line 416 "./util/configlexer.lex" +#line 415 "./util/configlexer.lex" { YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 208: YY_RULE_SETUP -#line 417 "./util/configlexer.lex" +#line 416 "./util/configlexer.lex" { YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK case 209: YY_RULE_SETUP -#line 418 "./util/configlexer.lex" +#line 417 "./util/configlexer.lex" { YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 210: YY_RULE_SETUP -#line 419 "./util/configlexer.lex" +#line 418 "./util/configlexer.lex" { YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 211: YY_RULE_SETUP -#line 420 "./util/configlexer.lex" +#line 419 "./util/configlexer.lex" { YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 212: YY_RULE_SETUP -#line 421 "./util/configlexer.lex" +#line 420 "./util/configlexer.lex" { YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK case 213: YY_RULE_SETUP -#line 422 "./util/configlexer.lex" +#line 421 "./util/configlexer.lex" { YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 214: YY_RULE_SETUP -#line 423 "./util/configlexer.lex" +#line 422 "./util/configlexer.lex" { YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 215: YY_RULE_SETUP -#line 424 "./util/configlexer.lex" +#line 423 "./util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 216: YY_RULE_SETUP -#line 425 "./util/configlexer.lex" +#line 424 "./util/configlexer.lex" { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 217: YY_RULE_SETUP -#line 426 "./util/configlexer.lex" +#line 425 "./util/configlexer.lex" { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 218: YY_RULE_SETUP -#line 427 "./util/configlexer.lex" +#line 426 "./util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 219: YY_RULE_SETUP -#line 428 "./util/configlexer.lex" +#line 427 "./util/configlexer.lex" { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 220: YY_RULE_SETUP -#line 429 "./util/configlexer.lex" +#line 428 "./util/configlexer.lex" { YDVAR(0, VAR_DNSTAP) } YY_BREAK case 221: YY_RULE_SETUP -#line 430 "./util/configlexer.lex" +#line 429 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 222: YY_RULE_SETUP -#line 431 "./util/configlexer.lex" +#line 430 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK case 223: YY_RULE_SETUP -#line 432 "./util/configlexer.lex" +#line 431 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK case 224: YY_RULE_SETUP -#line 433 "./util/configlexer.lex" +#line 432 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK case 225: YY_RULE_SETUP -#line 434 "./util/configlexer.lex" +#line 433 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK case 226: YY_RULE_SETUP -#line 435 "./util/configlexer.lex" +#line 434 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK case 227: YY_RULE_SETUP -#line 436 "./util/configlexer.lex" +#line 435 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK case 228: YY_RULE_SETUP -#line 438 "./util/configlexer.lex" +#line 437 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK case 229: YY_RULE_SETUP -#line 440 "./util/configlexer.lex" +#line 439 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK case 230: YY_RULE_SETUP -#line 442 "./util/configlexer.lex" +#line 441 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK case 231: YY_RULE_SETUP -#line 444 "./util/configlexer.lex" +#line 443 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK case 232: YY_RULE_SETUP -#line 446 "./util/configlexer.lex" +#line 445 "./util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK case 233: YY_RULE_SETUP -#line 448 "./util/configlexer.lex" +#line 447 "./util/configlexer.lex" { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 234: YY_RULE_SETUP -#line 449 "./util/configlexer.lex" +#line 448 "./util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 235: YY_RULE_SETUP -#line 450 "./util/configlexer.lex" +#line 449 "./util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 236: YY_RULE_SETUP -#line 451 "./util/configlexer.lex" +#line 450 "./util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 237: YY_RULE_SETUP -#line 452 "./util/configlexer.lex" +#line 451 "./util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 238: YY_RULE_SETUP -#line 453 "./util/configlexer.lex" +#line 452 "./util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 239: YY_RULE_SETUP -#line 454 "./util/configlexer.lex" +#line 453 "./util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 240: YY_RULE_SETUP -#line 455 "./util/configlexer.lex" +#line 454 "./util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 241: YY_RULE_SETUP -#line 456 "./util/configlexer.lex" +#line 455 "./util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 242: YY_RULE_SETUP -#line 457 "./util/configlexer.lex" +#line 456 "./util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 243: YY_RULE_SETUP -#line 458 "./util/configlexer.lex" +#line 457 "./util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 244: YY_RULE_SETUP -#line 459 "./util/configlexer.lex" +#line 458 "./util/configlexer.lex" { YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 245: YY_RULE_SETUP -#line 460 "./util/configlexer.lex" +#line 459 "./util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 246: YY_RULE_SETUP -#line 461 "./util/configlexer.lex" +#line 460 "./util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 247: YY_RULE_SETUP -#line 462 "./util/configlexer.lex" +#line 461 "./util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 248: YY_RULE_SETUP -#line 463 "./util/configlexer.lex" +#line 462 "./util/configlexer.lex" { YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 249: YY_RULE_SETUP -#line 464 "./util/configlexer.lex" +#line 463 "./util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 250: YY_RULE_SETUP -#line 465 "./util/configlexer.lex" +#line 464 "./util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 251: YY_RULE_SETUP -#line 466 "./util/configlexer.lex" +#line 465 "./util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 252: YY_RULE_SETUP -#line 467 "./util/configlexer.lex" +#line 466 "./util/configlexer.lex" { YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 253: YY_RULE_SETUP -#line 468 "./util/configlexer.lex" +#line 467 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 254: YY_RULE_SETUP -#line 469 "./util/configlexer.lex" +#line 468 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 255: YY_RULE_SETUP -#line 470 "./util/configlexer.lex" +#line 469 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 256: YY_RULE_SETUP -#line 471 "./util/configlexer.lex" +#line 470 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 257: YY_RULE_SETUP -#line 472 "./util/configlexer.lex" +#line 471 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 258: YY_RULE_SETUP -#line 473 "./util/configlexer.lex" +#line 472 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 259: YY_RULE_SETUP -#line 474 "./util/configlexer.lex" +#line 473 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 260: YY_RULE_SETUP -#line 476 "./util/configlexer.lex" +#line 475 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 261: YY_RULE_SETUP -#line 478 "./util/configlexer.lex" +#line 477 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 262: YY_RULE_SETUP -#line 479 "./util/configlexer.lex" +#line 478 "./util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 263: YY_RULE_SETUP -#line 480 "./util/configlexer.lex" +#line 479 "./util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 264: YY_RULE_SETUP -#line 481 "./util/configlexer.lex" +#line 480 "./util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 265: YY_RULE_SETUP -#line 482 "./util/configlexer.lex" +#line 481 "./util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 266: YY_RULE_SETUP -#line 483 "./util/configlexer.lex" +#line 482 "./util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK case 267: YY_RULE_SETUP -#line 484 "./util/configlexer.lex" +#line 483 "./util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 268: YY_RULE_SETUP -#line 485 "./util/configlexer.lex" +#line 484 "./util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK case 269: YY_RULE_SETUP -#line 486 "./util/configlexer.lex" +#line 485 "./util/configlexer.lex" { YDVAR(0, VAR_CACHEDB) } YY_BREAK case 270: YY_RULE_SETUP -#line 487 "./util/configlexer.lex" +#line 486 "./util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK case 271: YY_RULE_SETUP -#line 488 "./util/configlexer.lex" +#line 487 "./util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK case 272: YY_RULE_SETUP -#line 489 "./util/configlexer.lex" +#line 488 "./util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_REDISHOST) } YY_BREAK case 273: YY_RULE_SETUP -#line 490 "./util/configlexer.lex" +#line 489 "./util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_REDISPORT) } YY_BREAK case 274: YY_RULE_SETUP -#line 491 "./util/configlexer.lex" +#line 490 "./util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } YY_BREAK case 275: YY_RULE_SETUP -#line 492 "./util/configlexer.lex" +#line 491 "./util/configlexer.lex" { YDVAR(0, VAR_IPSET) } YY_BREAK case 276: YY_RULE_SETUP -#line 493 "./util/configlexer.lex" +#line 492 "./util/configlexer.lex" { YDVAR(1, VAR_IPSET_NAME_V4) } YY_BREAK case 277: YY_RULE_SETUP -#line 494 "./util/configlexer.lex" +#line 493 "./util/configlexer.lex" { YDVAR(1, VAR_IPSET_NAME_V6) } YY_BREAK case 278: YY_RULE_SETUP -#line 495 "./util/configlexer.lex" +#line 494 "./util/configlexer.lex" { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } YY_BREAK case 279: YY_RULE_SETUP -#line 496 "./util/configlexer.lex" +#line 495 "./util/configlexer.lex" { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } YY_BREAK case 280: /* rule 280 can match eol */ YY_RULE_SETUP -#line 497 "./util/configlexer.lex" +#line 496 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ case 281: YY_RULE_SETUP -#line 500 "./util/configlexer.lex" +#line 499 "./util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 501 "./util/configlexer.lex" +#line 500 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4602,19 +4601,19 @@ case YY_STATE_EOF(quotedstring): YY_BREAK case 282: YY_RULE_SETUP -#line 506 "./util/configlexer.lex" +#line 505 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK case 283: /* rule 283 can match eol */ YY_RULE_SETUP -#line 507 "./util/configlexer.lex" +#line 506 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK case 284: YY_RULE_SETUP -#line 509 "./util/configlexer.lex" +#line 508 "./util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4629,11 +4628,11 @@ YY_RULE_SETUP /* Single Quoted strings. Strip leading and ending quotes */ case 285: YY_RULE_SETUP -#line 521 "./util/configlexer.lex" +#line 520 "./util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 522 "./util/configlexer.lex" +#line 521 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4642,19 +4641,19 @@ case YY_STATE_EOF(singlequotedstr): YY_BREAK case 286: YY_RULE_SETUP -#line 527 "./util/configlexer.lex" +#line 526 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK case 287: /* rule 287 can match eol */ YY_RULE_SETUP -#line 528 "./util/configlexer.lex" +#line 527 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK case 288: YY_RULE_SETUP -#line 530 "./util/configlexer.lex" +#line 529 "./util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4669,12 +4668,12 @@ YY_RULE_SETUP /* include: directive */ case 289: YY_RULE_SETUP -#line 542 "./util/configlexer.lex" +#line 541 "./util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 544 "./util/configlexer.lex" +#line 543 "./util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); @@ -4682,23 +4681,23 @@ case YY_STATE_EOF(include): YY_BREAK case 290: YY_RULE_SETUP -#line 548 "./util/configlexer.lex" +#line 547 "./util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK case 291: /* rule 291 can match eol */ YY_RULE_SETUP -#line 549 "./util/configlexer.lex" +#line 548 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK case 292: YY_RULE_SETUP -#line 550 "./util/configlexer.lex" +#line 549 "./util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK case 293: YY_RULE_SETUP -#line 551 "./util/configlexer.lex" +#line 550 "./util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext); @@ -4706,7 +4705,7 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 556 "./util/configlexer.lex" +#line 555 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); @@ -4714,19 +4713,19 @@ case YY_STATE_EOF(include_quoted): YY_BREAK case 294: YY_RULE_SETUP -#line 560 "./util/configlexer.lex" +#line 559 "./util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK case 295: /* rule 295 can match eol */ YY_RULE_SETUP -#line 561 "./util/configlexer.lex" +#line 560 "./util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK case 296: YY_RULE_SETUP -#line 563 "./util/configlexer.lex" +#line 562 "./util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -4736,7 +4735,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 569 "./util/configlexer.lex" +#line 568 "./util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -4750,31 +4749,31 @@ case YY_STATE_EOF(val): YY_BREAK case 297: YY_RULE_SETUP -#line 580 "./util/configlexer.lex" +#line 579 "./util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK case 298: YY_RULE_SETUP -#line 584 "./util/configlexer.lex" +#line 583 "./util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK case 299: YY_RULE_SETUP -#line 588 "./util/configlexer.lex" +#line 587 "./util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK case 300: YY_RULE_SETUP -#line 592 "./util/configlexer.lex" +#line 591 "./util/configlexer.lex" ECHO; YY_BREAK -#line 4776 "" +#line 4775 "" case YY_END_OF_BUFFER: { @@ -5740,6 +5739,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 592 "./util/configlexer.lex" +#line 591 "./util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index a0d63f8eb..8d9d1d525 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -112,8 +112,7 @@ static void config_start_include_glob(const char* filename) /* check for wildcards */ #ifdef HAVE_GLOB glob_t g; - size_t i; - int r, flags; + int i, r, flags; if(!(!strchr(filename, '*') && !strchr(filename, '?') && !strchr(filename, '[') && !strchr(filename, '{') && !strchr(filename, '~'))) { flags = 0 @@ -144,7 +143,7 @@ static void config_start_include_glob(const char* filename) return; } /* process files found, if any */ - for(i=0; i<(size_t)g.gl_pathc; i++) { + for(i=(int)g.gl_pathc-1; i>=0; i--) { config_start_include(g.gl_pathv[i]); } globfree(&g); diff --git a/util/configparser.c b/util/configparser.c index b141a052b..b59e42b17 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -1054,37 +1054,37 @@ static const yytype_uint16 yyrline[] = 347, 347, 347, 347, 348, 348, 348, 349, 352, 371, 388, 396, 406, 414, 431, 432, 433, 433, 433, 433, 433, 434, 434, 434, 435, 435, 437, 446, 455, 466, - 475, 484, 493, 504, 513, 524, 537, 552, 563, 580, - 597, 614, 631, 646, 661, 674, 689, 698, 707, 716, - 725, 734, 743, 752, 761, 770, 779, 788, 797, 806, - 819, 828, 841, 850, 859, 868, 875, 882, 891, 898, - 907, 915, 922, 929, 937, 946, 955, 969, 978, 987, - 996, 1005, 1014, 1023, 1030, 1037, 1063, 1071, 1078, 1085, - 1092, 1099, 1107, 1115, 1123, 1130, 1141, 1152, 1159, 1168, - 1177, 1186, 1193, 1200, 1208, 1216, 1226, 1236, 1246, 1254, - 1267, 1278, 1286, 1299, 1308, 1317, 1326, 1336, 1346, 1354, - 1367, 1376, 1384, 1393, 1401, 1414, 1423, 1430, 1440, 1450, - 1460, 1470, 1480, 1490, 1500, 1510, 1517, 1524, 1531, 1540, - 1549, 1558, 1567, 1574, 1584, 1604, 1611, 1629, 1642, 1655, - 1664, 1673, 1682, 1691, 1701, 1711, 1722, 1731, 1740, 1749, - 1758, 1771, 1784, 1793, 1800, 1809, 1818, 1827, 1836, 1844, - 1857, 1865, 1906, 1913, 1928, 1938, 1948, 1955, 1962, 1969, - 1978, 1986, 2000, 2021, 2042, 2054, 2066, 2078, 2087, 2108, - 2118, 2127, 2135, 2143, 2156, 2169, 2184, 2199, 2208, 2217, - 2223, 2232, 2241, 2251, 2261, 2274, 2287, 2299, 2313, 2325, - 2339, 2349, 2356, 2363, 2372, 2381, 2391, 2401, 2411, 2418, - 2425, 2434, 2443, 2453, 2463, 2470, 2477, 2484, 2492, 2502, - 2512, 2522, 2532, 2571, 2581, 2589, 2597, 2612, 2621, 2626, - 2627, 2628, 2628, 2628, 2629, 2629, 2629, 2630, 2630, 2632, - 2642, 2651, 2658, 2665, 2672, 2679, 2686, 2693, 2698, 2699, - 2700, 2700, 2701, 2701, 2702, 2702, 2703, 2704, 2705, 2706, - 2707, 2708, 2710, 2719, 2726, 2735, 2744, 2751, 2758, 2768, - 2778, 2788, 2798, 2808, 2818, 2823, 2824, 2825, 2827, 2833, - 2843, 2850, 2859, 2867, 2872, 2873, 2875, 2875, 2875, 2876, - 2876, 2877, 2878, 2879, 2880, 2881, 2883, 2893, 2902, 2909, - 2918, 2925, 2934, 2942, 2955, 2963, 2976, 2981, 2982, 2983, - 2983, 2984, 2984, 2984, 2986, 3001, 3016, 3028, 3043, 3056, - 3067, 3072, 3073, 3074, 3074, 3076, 3091 + 475, 484, 493, 504, 513, 525, 539, 554, 565, 582, + 599, 616, 633, 648, 663, 676, 691, 700, 709, 718, + 727, 736, 745, 754, 763, 772, 781, 790, 799, 808, + 821, 830, 843, 852, 861, 870, 877, 884, 893, 900, + 909, 917, 924, 931, 939, 948, 957, 971, 980, 989, + 998, 1007, 1016, 1025, 1032, 1039, 1065, 1073, 1080, 1087, + 1094, 1101, 1109, 1117, 1125, 1132, 1143, 1154, 1161, 1170, + 1179, 1188, 1195, 1202, 1210, 1218, 1228, 1238, 1248, 1256, + 1269, 1280, 1288, 1301, 1310, 1319, 1328, 1338, 1348, 1356, + 1369, 1378, 1386, 1395, 1403, 1416, 1425, 1432, 1442, 1452, + 1462, 1472, 1482, 1492, 1502, 1512, 1519, 1526, 1533, 1542, + 1551, 1560, 1569, 1576, 1586, 1606, 1613, 1631, 1644, 1657, + 1666, 1675, 1684, 1693, 1703, 1713, 1724, 1733, 1742, 1751, + 1760, 1773, 1786, 1795, 1802, 1811, 1820, 1829, 1838, 1846, + 1859, 1867, 1908, 1915, 1930, 1940, 1950, 1957, 1964, 1971, + 1980, 1988, 2002, 2023, 2044, 2056, 2068, 2080, 2089, 2110, + 2120, 2129, 2137, 2145, 2158, 2171, 2186, 2201, 2210, 2219, + 2225, 2234, 2243, 2253, 2263, 2276, 2289, 2301, 2315, 2327, + 2341, 2351, 2358, 2365, 2374, 2383, 2393, 2403, 2413, 2420, + 2427, 2436, 2445, 2455, 2465, 2472, 2479, 2486, 2494, 2504, + 2514, 2524, 2534, 2573, 2583, 2591, 2599, 2614, 2623, 2628, + 2629, 2630, 2630, 2630, 2631, 2631, 2631, 2632, 2632, 2634, + 2644, 2653, 2660, 2667, 2674, 2681, 2688, 2695, 2700, 2701, + 2702, 2702, 2703, 2703, 2704, 2704, 2705, 2706, 2707, 2708, + 2709, 2710, 2712, 2721, 2728, 2737, 2746, 2753, 2760, 2770, + 2780, 2790, 2800, 2810, 2820, 2825, 2826, 2827, 2829, 2835, + 2845, 2852, 2861, 2869, 2874, 2875, 2877, 2877, 2877, 2878, + 2878, 2879, 2880, 2881, 2882, 2883, 2885, 2895, 2904, 2911, + 2920, 2927, 2936, 2944, 2957, 2965, 2978, 2983, 2984, 2985, + 2985, 2986, 2986, 2986, 2988, 3003, 3018, 3030, 3045, 3058, + 3069, 3074, 3075, 3076, 3076, 3078, 3093 }; #endif @@ -2915,13 +2915,14 @@ yyreduce: fatal_exit("out of memory adding client-subnet"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free((yyvsp[0].str)); #endif } -#line 2921 "util/configparser.c" /* yacc.c:1646 */ +#line 2922 "util/configparser.c" /* yacc.c:1646 */ break; case 275: -#line 525 "./util/configparser.y" /* yacc.c:1646 */ +#line 526 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -2930,13 +2931,14 @@ yyreduce: fatal_exit("out of memory adding client-subnet-zone"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free((yyvsp[0].str)); #endif } -#line 2936 "util/configparser.c" /* yacc.c:1646 */ +#line 2938 "util/configparser.c" /* yacc.c:1646 */ break; case 276: -#line 538 "./util/configparser.y" /* yacc.c:1646 */ +#line 540 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -2950,11 +2952,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2954 "util/configparser.c" /* yacc.c:1646 */ +#line 2956 "util/configparser.c" /* yacc.c:1646 */ break; case 277: -#line 553 "./util/configparser.y" /* yacc.c:1646 */ +#line 555 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -2964,11 +2966,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2968 "util/configparser.c" /* yacc.c:1646 */ +#line 2970 "util/configparser.c" /* yacc.c:1646 */ break; case 278: -#line 564 "./util/configparser.y" /* yacc.c:1646 */ +#line 566 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -2984,11 +2986,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2988 "util/configparser.c" /* yacc.c:1646 */ +#line 2990 "util/configparser.c" /* yacc.c:1646 */ break; case 279: -#line 581 "./util/configparser.y" /* yacc.c:1646 */ +#line 583 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3004,11 +3006,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3008 "util/configparser.c" /* yacc.c:1646 */ +#line 3010 "util/configparser.c" /* yacc.c:1646 */ break; case 280: -#line 598 "./util/configparser.y" /* yacc.c:1646 */ +#line 600 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3024,11 +3026,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3028 "util/configparser.c" /* yacc.c:1646 */ +#line 3030 "util/configparser.c" /* yacc.c:1646 */ break; case 281: -#line 615 "./util/configparser.y" /* yacc.c:1646 */ +#line 617 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3044,11 +3046,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3048 "util/configparser.c" /* yacc.c:1646 */ +#line 3050 "util/configparser.c" /* yacc.c:1646 */ break; case 282: -#line 632 "./util/configparser.y" /* yacc.c:1646 */ +#line 634 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -3062,11 +3064,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3066 "util/configparser.c" /* yacc.c:1646 */ +#line 3068 "util/configparser.c" /* yacc.c:1646 */ break; case 283: -#line 647 "./util/configparser.y" /* yacc.c:1646 */ +#line 649 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -3080,11 +3082,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3084 "util/configparser.c" /* yacc.c:1646 */ +#line 3086 "util/configparser.c" /* yacc.c:1646 */ break; case 284: -#line 662 "./util/configparser.y" /* yacc.c:1646 */ +#line 664 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -3096,11 +3098,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 3100 "util/configparser.c" /* yacc.c:1646 */ +#line 3102 "util/configparser.c" /* yacc.c:1646 */ break; case 285: -#line 675 "./util/configparser.y" /* yacc.c:1646 */ +#line 677 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -3114,11 +3116,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 3118 "util/configparser.c" /* yacc.c:1646 */ +#line 3120 "util/configparser.c" /* yacc.c:1646 */ break; case 286: -#line 690 "./util/configparser.y" /* yacc.c:1646 */ +#line 692 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3126,11 +3128,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3130 "util/configparser.c" /* yacc.c:1646 */ +#line 3132 "util/configparser.c" /* yacc.c:1646 */ break; case 287: -#line 699 "./util/configparser.y" /* yacc.c:1646 */ +#line 701 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3138,11 +3140,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3142 "util/configparser.c" /* yacc.c:1646 */ +#line 3144 "util/configparser.c" /* yacc.c:1646 */ break; case 288: -#line 708 "./util/configparser.y" /* yacc.c:1646 */ +#line 710 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3150,11 +3152,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3154 "util/configparser.c" /* yacc.c:1646 */ +#line 3156 "util/configparser.c" /* yacc.c:1646 */ break; case 289: -#line 717 "./util/configparser.y" /* yacc.c:1646 */ +#line 719 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3162,11 +3164,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3166 "util/configparser.c" /* yacc.c:1646 */ +#line 3168 "util/configparser.c" /* yacc.c:1646 */ break; case 290: -#line 726 "./util/configparser.y" /* yacc.c:1646 */ +#line 728 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3174,11 +3176,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3178 "util/configparser.c" /* yacc.c:1646 */ +#line 3180 "util/configparser.c" /* yacc.c:1646 */ break; case 291: -#line 735 "./util/configparser.y" /* yacc.c:1646 */ +#line 737 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3186,11 +3188,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3190 "util/configparser.c" /* yacc.c:1646 */ +#line 3192 "util/configparser.c" /* yacc.c:1646 */ break; case 292: -#line 744 "./util/configparser.y" /* yacc.c:1646 */ +#line 746 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3198,11 +3200,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3202 "util/configparser.c" /* yacc.c:1646 */ +#line 3204 "util/configparser.c" /* yacc.c:1646 */ break; case 293: -#line 753 "./util/configparser.y" /* yacc.c:1646 */ +#line 755 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3210,11 +3212,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3214 "util/configparser.c" /* yacc.c:1646 */ +#line 3216 "util/configparser.c" /* yacc.c:1646 */ break; case 294: -#line 762 "./util/configparser.y" /* yacc.c:1646 */ +#line 764 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3222,11 +3224,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3226 "util/configparser.c" /* yacc.c:1646 */ +#line 3228 "util/configparser.c" /* yacc.c:1646 */ break; case 295: -#line 771 "./util/configparser.y" /* yacc.c:1646 */ +#line 773 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3234,11 +3236,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3238 "util/configparser.c" /* yacc.c:1646 */ +#line 3240 "util/configparser.c" /* yacc.c:1646 */ break; case 296: -#line 780 "./util/configparser.y" /* yacc.c:1646 */ +#line 782 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3246,11 +3248,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3250 "util/configparser.c" /* yacc.c:1646 */ +#line 3252 "util/configparser.c" /* yacc.c:1646 */ break; case 297: -#line 789 "./util/configparser.y" /* yacc.c:1646 */ +#line 791 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3258,11 +3260,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3262 "util/configparser.c" /* yacc.c:1646 */ +#line 3264 "util/configparser.c" /* yacc.c:1646 */ break; case 298: -#line 798 "./util/configparser.y" /* yacc.c:1646 */ +#line 800 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3270,11 +3272,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3274 "util/configparser.c" /* yacc.c:1646 */ +#line 3276 "util/configparser.c" /* yacc.c:1646 */ break; case 299: -#line 807 "./util/configparser.y" /* yacc.c:1646 */ +#line 809 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3286,11 +3288,11 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3290 "util/configparser.c" /* yacc.c:1646 */ +#line 3292 "util/configparser.c" /* yacc.c:1646 */ break; case 300: -#line 820 "./util/configparser.y" /* yacc.c:1646 */ +#line 822 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3298,11 +3300,11 @@ yyreduce: else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3302 "util/configparser.c" /* yacc.c:1646 */ +#line 3304 "util/configparser.c" /* yacc.c:1646 */ break; case 301: -#line 829 "./util/configparser.y" /* yacc.c:1646 */ +#line 831 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3314,11 +3316,11 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3318 "util/configparser.c" /* yacc.c:1646 */ +#line 3320 "util/configparser.c" /* yacc.c:1646 */ break; case 302: -#line 842 "./util/configparser.y" /* yacc.c:1646 */ +#line 844 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3326,11 +3328,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3330 "util/configparser.c" /* yacc.c:1646 */ +#line 3332 "util/configparser.c" /* yacc.c:1646 */ break; case 303: -#line 851 "./util/configparser.y" /* yacc.c:1646 */ +#line 853 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3338,11 +3340,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3342 "util/configparser.c" /* yacc.c:1646 */ +#line 3344 "util/configparser.c" /* yacc.c:1646 */ break; case 304: -#line 860 "./util/configparser.y" /* yacc.c:1646 */ +#line 862 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3350,31 +3352,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3354 "util/configparser.c" /* yacc.c:1646 */ +#line 3356 "util/configparser.c" /* yacc.c:1646 */ break; case 305: -#line 869 "./util/configparser.y" /* yacc.c:1646 */ +#line 871 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3364 "util/configparser.c" /* yacc.c:1646 */ +#line 3366 "util/configparser.c" /* yacc.c:1646 */ break; case 306: -#line 876 "./util/configparser.y" /* yacc.c:1646 */ +#line 878 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3374 "util/configparser.c" /* yacc.c:1646 */ +#line 3376 "util/configparser.c" /* yacc.c:1646 */ break; case 307: -#line 883 "./util/configparser.y" /* yacc.c:1646 */ +#line 885 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3382,21 +3384,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3386 "util/configparser.c" /* yacc.c:1646 */ +#line 3388 "util/configparser.c" /* yacc.c:1646 */ break; case 308: -#line 892 "./util/configparser.y" /* yacc.c:1646 */ +#line 894 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3396 "util/configparser.c" /* yacc.c:1646 */ +#line 3398 "util/configparser.c" /* yacc.c:1646 */ break; case 309: -#line 899 "./util/configparser.y" /* yacc.c:1646 */ +#line 901 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3404,53 +3406,53 @@ yyreduce: else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3408 "util/configparser.c" /* yacc.c:1646 */ +#line 3410 "util/configparser.c" /* yacc.c:1646 */ break; case 310: -#line 908 "./util/configparser.y" /* yacc.c:1646 */ +#line 910 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3419 "util/configparser.c" /* yacc.c:1646 */ +#line 3421 "util/configparser.c" /* yacc.c:1646 */ break; case 311: -#line 916 "./util/configparser.y" /* yacc.c:1646 */ +#line 918 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3429 "util/configparser.c" /* yacc.c:1646 */ +#line 3431 "util/configparser.c" /* yacc.c:1646 */ break; case 312: -#line 923 "./util/configparser.y" /* yacc.c:1646 */ +#line 925 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3439 "util/configparser.c" /* yacc.c:1646 */ +#line 3441 "util/configparser.c" /* yacc.c:1646 */ break; case 313: -#line 930 "./util/configparser.y" /* yacc.c:1646 */ +#line 932 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3450 "util/configparser.c" /* yacc.c:1646 */ +#line 3452 "util/configparser.c" /* yacc.c:1646 */ break; case 314: -#line 938 "./util/configparser.y" /* yacc.c:1646 */ +#line 940 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3458,11 +3460,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3462 "util/configparser.c" /* yacc.c:1646 */ +#line 3464 "util/configparser.c" /* yacc.c:1646 */ break; case 315: -#line 947 "./util/configparser.y" /* yacc.c:1646 */ +#line 949 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3470,11 +3472,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3474 "util/configparser.c" /* yacc.c:1646 */ +#line 3476 "util/configparser.c" /* yacc.c:1646 */ break; case 316: -#line 956 "./util/configparser.y" /* yacc.c:1646 */ +#line 958 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3487,11 +3489,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3491 "util/configparser.c" /* yacc.c:1646 */ +#line 3493 "util/configparser.c" /* yacc.c:1646 */ break; case 317: -#line 970 "./util/configparser.y" /* yacc.c:1646 */ +#line 972 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3499,11 +3501,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3503 "util/configparser.c" /* yacc.c:1646 */ +#line 3505 "util/configparser.c" /* yacc.c:1646 */ break; case 318: -#line 979 "./util/configparser.y" /* yacc.c:1646 */ +#line 981 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3511,11 +3513,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3515 "util/configparser.c" /* yacc.c:1646 */ +#line 3517 "util/configparser.c" /* yacc.c:1646 */ break; case 319: -#line 988 "./util/configparser.y" /* yacc.c:1646 */ +#line 990 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3523,11 +3525,11 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3527 "util/configparser.c" /* yacc.c:1646 */ +#line 3529 "util/configparser.c" /* yacc.c:1646 */ break; case 320: -#line 997 "./util/configparser.y" /* yacc.c:1646 */ +#line 999 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3535,11 +3537,11 @@ yyreduce: else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3539 "util/configparser.c" /* yacc.c:1646 */ +#line 3541 "util/configparser.c" /* yacc.c:1646 */ break; case 321: -#line 1006 "./util/configparser.y" /* yacc.c:1646 */ +#line 1008 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3547,11 +3549,11 @@ yyreduce: else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3551 "util/configparser.c" /* yacc.c:1646 */ +#line 3553 "util/configparser.c" /* yacc.c:1646 */ break; case 322: -#line 1015 "./util/configparser.y" /* yacc.c:1646 */ +#line 1017 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3559,31 +3561,31 @@ yyreduce: else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3563 "util/configparser.c" /* yacc.c:1646 */ +#line 3565 "util/configparser.c" /* yacc.c:1646 */ break; case 323: -#line 1024 "./util/configparser.y" /* yacc.c:1646 */ +#line 1026 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3573 "util/configparser.c" /* yacc.c:1646 */ +#line 3575 "util/configparser.c" /* yacc.c:1646 */ break; case 324: -#line 1031 "./util/configparser.y" /* yacc.c:1646 */ +#line 1033 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 3583 "util/configparser.c" /* yacc.c:1646 */ +#line 3585 "util/configparser.c" /* yacc.c:1646 */ break; case 325: -#line 1038 "./util/configparser.y" /* yacc.c:1646 */ +#line 1040 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -3608,105 +3610,105 @@ yyreduce: } } } -#line 3612 "util/configparser.c" /* yacc.c:1646 */ +#line 3614 "util/configparser.c" /* yacc.c:1646 */ break; case 326: -#line 1064 "./util/configparser.y" /* yacc.c:1646 */ +#line 1066 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3623 "util/configparser.c" /* yacc.c:1646 */ +#line 3625 "util/configparser.c" /* yacc.c:1646 */ break; case 327: -#line 1072 "./util/configparser.y" /* yacc.c:1646 */ +#line 1074 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3633 "util/configparser.c" /* yacc.c:1646 */ +#line 3635 "util/configparser.c" /* yacc.c:1646 */ break; case 328: -#line 1079 "./util/configparser.y" /* yacc.c:1646 */ +#line 1081 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3643 "util/configparser.c" /* yacc.c:1646 */ +#line 3645 "util/configparser.c" /* yacc.c:1646 */ break; case 329: -#line 1086 "./util/configparser.y" /* yacc.c:1646 */ +#line 1088 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 3653 "util/configparser.c" /* yacc.c:1646 */ +#line 3655 "util/configparser.c" /* yacc.c:1646 */ break; case 330: -#line 1093 "./util/configparser.y" /* yacc.c:1646 */ +#line 1095 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3663 "util/configparser.c" /* yacc.c:1646 */ +#line 3665 "util/configparser.c" /* yacc.c:1646 */ break; case 331: -#line 1100 "./util/configparser.y" /* yacc.c:1646 */ +#line 1102 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3674 "util/configparser.c" /* yacc.c:1646 */ +#line 3676 "util/configparser.c" /* yacc.c:1646 */ break; case 332: -#line 1108 "./util/configparser.y" /* yacc.c:1646 */ +#line 1110 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3685 "util/configparser.c" /* yacc.c:1646 */ +#line 3687 "util/configparser.c" /* yacc.c:1646 */ break; case 333: -#line 1116 "./util/configparser.y" /* yacc.c:1646 */ +#line 1118 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3696 "util/configparser.c" /* yacc.c:1646 */ +#line 3698 "util/configparser.c" /* yacc.c:1646 */ break; case 334: -#line 1124 "./util/configparser.y" /* yacc.c:1646 */ +#line 1126 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3706 "util/configparser.c" /* yacc.c:1646 */ +#line 3708 "util/configparser.c" /* yacc.c:1646 */ break; case 335: -#line 1131 "./util/configparser.y" /* yacc.c:1646 */ +#line 1133 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3716,11 +3718,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3720 "util/configparser.c" /* yacc.c:1646 */ +#line 3722 "util/configparser.c" /* yacc.c:1646 */ break; case 336: -#line 1142 "./util/configparser.y" /* yacc.c:1646 */ +#line 1144 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3730,21 +3732,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3734 "util/configparser.c" /* yacc.c:1646 */ +#line 3736 "util/configparser.c" /* yacc.c:1646 */ break; case 337: -#line 1153 "./util/configparser.y" /* yacc.c:1646 */ +#line 1155 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3744 "util/configparser.c" /* yacc.c:1646 */ +#line 3746 "util/configparser.c" /* yacc.c:1646 */ break; case 338: -#line 1160 "./util/configparser.y" /* yacc.c:1646 */ +#line 1162 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3752,11 +3754,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3756 "util/configparser.c" /* yacc.c:1646 */ +#line 3758 "util/configparser.c" /* yacc.c:1646 */ break; case 339: -#line 1169 "./util/configparser.y" /* yacc.c:1646 */ +#line 1171 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3764,11 +3766,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3768 "util/configparser.c" /* yacc.c:1646 */ +#line 3770 "util/configparser.c" /* yacc.c:1646 */ break; case 340: -#line 1178 "./util/configparser.y" /* yacc.c:1646 */ +#line 1180 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3776,53 +3778,53 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3780 "util/configparser.c" /* yacc.c:1646 */ +#line 3782 "util/configparser.c" /* yacc.c:1646 */ break; case 341: -#line 1187 "./util/configparser.y" /* yacc.c:1646 */ +#line 1189 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 3790 "util/configparser.c" /* yacc.c:1646 */ +#line 3792 "util/configparser.c" /* yacc.c:1646 */ break; case 342: -#line 1194 "./util/configparser.y" /* yacc.c:1646 */ +#line 1196 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 3800 "util/configparser.c" /* yacc.c:1646 */ +#line 3802 "util/configparser.c" /* yacc.c:1646 */ break; case 343: -#line 1201 "./util/configparser.y" /* yacc.c:1646 */ +#line 1203 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3811 "util/configparser.c" /* yacc.c:1646 */ +#line 3813 "util/configparser.c" /* yacc.c:1646 */ break; case 344: -#line 1209 "./util/configparser.y" /* yacc.c:1646 */ +#line 1211 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3822 "util/configparser.c" /* yacc.c:1646 */ +#line 3824 "util/configparser.c" /* yacc.c:1646 */ break; case 345: -#line 1217 "./util/configparser.y" /* yacc.c:1646 */ +#line 1219 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3831,11 +3833,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3835 "util/configparser.c" /* yacc.c:1646 */ +#line 3837 "util/configparser.c" /* yacc.c:1646 */ break; case 346: -#line 1227 "./util/configparser.y" /* yacc.c:1646 */ +#line 1229 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3844,11 +3846,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3848 "util/configparser.c" /* yacc.c:1646 */ +#line 3850 "util/configparser.c" /* yacc.c:1646 */ break; case 347: -#line 1237 "./util/configparser.y" /* yacc.c:1646 */ +#line 1239 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3857,22 +3859,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3861 "util/configparser.c" /* yacc.c:1646 */ +#line 3863 "util/configparser.c" /* yacc.c:1646 */ break; case 348: -#line 1247 "./util/configparser.y" /* yacc.c:1646 */ +#line 1249 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3872 "util/configparser.c" /* yacc.c:1646 */ +#line 3874 "util/configparser.c" /* yacc.c:1646 */ break; case 349: -#line 1255 "./util/configparser.y" /* yacc.c:1646 */ +#line 1257 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3884,11 +3886,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3888 "util/configparser.c" /* yacc.c:1646 */ +#line 3890 "util/configparser.c" /* yacc.c:1646 */ break; case 350: -#line 1268 "./util/configparser.y" /* yacc.c:1646 */ +#line 1270 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3898,22 +3900,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3902 "util/configparser.c" /* yacc.c:1646 */ +#line 3904 "util/configparser.c" /* yacc.c:1646 */ break; case 351: -#line 1279 "./util/configparser.y" /* yacc.c:1646 */ +#line 1281 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3913 "util/configparser.c" /* yacc.c:1646 */ +#line 3915 "util/configparser.c" /* yacc.c:1646 */ break; case 352: -#line 1287 "./util/configparser.y" /* yacc.c:1646 */ +#line 1289 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3925,11 +3927,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3929 "util/configparser.c" /* yacc.c:1646 */ +#line 3931 "util/configparser.c" /* yacc.c:1646 */ break; case 353: -#line 1300 "./util/configparser.y" /* yacc.c:1646 */ +#line 1302 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3937,11 +3939,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3941 "util/configparser.c" /* yacc.c:1646 */ +#line 3943 "util/configparser.c" /* yacc.c:1646 */ break; case 354: -#line 1309 "./util/configparser.y" /* yacc.c:1646 */ +#line 1311 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3949,11 +3951,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3953 "util/configparser.c" /* yacc.c:1646 */ +#line 3955 "util/configparser.c" /* yacc.c:1646 */ break; case 355: -#line 1318 "./util/configparser.y" /* yacc.c:1646 */ +#line 1320 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3961,11 +3963,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3965 "util/configparser.c" /* yacc.c:1646 */ +#line 3967 "util/configparser.c" /* yacc.c:1646 */ break; case 356: -#line 1327 "./util/configparser.y" /* yacc.c:1646 */ +#line 1329 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3974,11 +3976,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3978 "util/configparser.c" /* yacc.c:1646 */ +#line 3980 "util/configparser.c" /* yacc.c:1646 */ break; case 357: -#line 1337 "./util/configparser.y" /* yacc.c:1646 */ +#line 1339 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3987,22 +3989,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3991 "util/configparser.c" /* yacc.c:1646 */ +#line 3993 "util/configparser.c" /* yacc.c:1646 */ break; case 358: -#line 1347 "./util/configparser.y" /* yacc.c:1646 */ +#line 1349 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4002 "util/configparser.c" /* yacc.c:1646 */ +#line 4004 "util/configparser.c" /* yacc.c:1646 */ break; case 359: -#line 1355 "./util/configparser.y" /* yacc.c:1646 */ +#line 1357 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4014,11 +4016,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4018 "util/configparser.c" /* yacc.c:1646 */ +#line 4020 "util/configparser.c" /* yacc.c:1646 */ break; case 360: -#line 1368 "./util/configparser.y" /* yacc.c:1646 */ +#line 1370 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4026,22 +4028,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4030 "util/configparser.c" /* yacc.c:1646 */ +#line 4032 "util/configparser.c" /* yacc.c:1646 */ break; case 361: -#line 1377 "./util/configparser.y" /* yacc.c:1646 */ +#line 1379 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4041 "util/configparser.c" /* yacc.c:1646 */ +#line 4043 "util/configparser.c" /* yacc.c:1646 */ break; case 362: -#line 1385 "./util/configparser.y" /* yacc.c:1646 */ +#line 1387 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4049,22 +4051,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4053 "util/configparser.c" /* yacc.c:1646 */ +#line 4055 "util/configparser.c" /* yacc.c:1646 */ break; case 363: -#line 1394 "./util/configparser.y" /* yacc.c:1646 */ +#line 1396 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4064 "util/configparser.c" /* yacc.c:1646 */ +#line 4066 "util/configparser.c" /* yacc.c:1646 */ break; case 364: -#line 1402 "./util/configparser.y" /* yacc.c:1646 */ +#line 1404 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4076,11 +4078,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4080 "util/configparser.c" /* yacc.c:1646 */ +#line 4082 "util/configparser.c" /* yacc.c:1646 */ break; case 365: -#line 1415 "./util/configparser.y" /* yacc.c:1646 */ +#line 1417 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4088,21 +4090,21 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4092 "util/configparser.c" /* yacc.c:1646 */ +#line 4094 "util/configparser.c" /* yacc.c:1646 */ break; case 366: -#line 1424 "./util/configparser.y" /* yacc.c:1646 */ +#line 1426 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 4102 "util/configparser.c" /* yacc.c:1646 */ +#line 4104 "util/configparser.c" /* yacc.c:1646 */ break; case 367: -#line 1431 "./util/configparser.y" /* yacc.c:1646 */ +#line 1433 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4111,11 +4113,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4115 "util/configparser.c" /* yacc.c:1646 */ +#line 4117 "util/configparser.c" /* yacc.c:1646 */ break; case 368: -#line 1441 "./util/configparser.y" /* yacc.c:1646 */ +#line 1443 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4124,11 +4126,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4128 "util/configparser.c" /* yacc.c:1646 */ +#line 4130 "util/configparser.c" /* yacc.c:1646 */ break; case 369: -#line 1451 "./util/configparser.y" /* yacc.c:1646 */ +#line 1453 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4137,11 +4139,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4141 "util/configparser.c" /* yacc.c:1646 */ +#line 4143 "util/configparser.c" /* yacc.c:1646 */ break; case 370: -#line 1461 "./util/configparser.y" /* yacc.c:1646 */ +#line 1463 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4150,11 +4152,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4154 "util/configparser.c" /* yacc.c:1646 */ +#line 4156 "util/configparser.c" /* yacc.c:1646 */ break; case 371: -#line 1471 "./util/configparser.y" /* yacc.c:1646 */ +#line 1473 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4163,11 +4165,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4167 "util/configparser.c" /* yacc.c:1646 */ +#line 4169 "util/configparser.c" /* yacc.c:1646 */ break; case 372: -#line 1481 "./util/configparser.y" /* yacc.c:1646 */ +#line 1483 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4176,11 +4178,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4180 "util/configparser.c" /* yacc.c:1646 */ +#line 4182 "util/configparser.c" /* yacc.c:1646 */ break; case 373: -#line 1491 "./util/configparser.y" /* yacc.c:1646 */ +#line 1493 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4189,11 +4191,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4193 "util/configparser.c" /* yacc.c:1646 */ +#line 4195 "util/configparser.c" /* yacc.c:1646 */ break; case 374: -#line 1501 "./util/configparser.y" /* yacc.c:1646 */ +#line 1503 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4202,41 +4204,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4206 "util/configparser.c" /* yacc.c:1646 */ +#line 4208 "util/configparser.c" /* yacc.c:1646 */ break; case 375: -#line 1511 "./util/configparser.y" /* yacc.c:1646 */ +#line 1513 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4216 "util/configparser.c" /* yacc.c:1646 */ +#line 4218 "util/configparser.c" /* yacc.c:1646 */ break; case 376: -#line 1518 "./util/configparser.y" /* yacc.c:1646 */ +#line 1520 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4226 "util/configparser.c" /* yacc.c:1646 */ +#line 4228 "util/configparser.c" /* yacc.c:1646 */ break; case 377: -#line 1525 "./util/configparser.y" /* yacc.c:1646 */ +#line 1527 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4236 "util/configparser.c" /* yacc.c:1646 */ +#line 4238 "util/configparser.c" /* yacc.c:1646 */ break; case 378: -#line 1532 "./util/configparser.y" /* yacc.c:1646 */ +#line 1534 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4244,11 +4246,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4248 "util/configparser.c" /* yacc.c:1646 */ +#line 4250 "util/configparser.c" /* yacc.c:1646 */ break; case 379: -#line 1541 "./util/configparser.y" /* yacc.c:1646 */ +#line 1543 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4256,11 +4258,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4260 "util/configparser.c" /* yacc.c:1646 */ +#line 4262 "util/configparser.c" /* yacc.c:1646 */ break; case 380: -#line 1550 "./util/configparser.y" /* yacc.c:1646 */ +#line 1552 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4268,11 +4270,11 @@ yyreduce: else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4272 "util/configparser.c" /* yacc.c:1646 */ +#line 4274 "util/configparser.c" /* yacc.c:1646 */ break; case 381: -#line 1559 "./util/configparser.y" /* yacc.c:1646 */ +#line 1561 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4280,21 +4282,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4284 "util/configparser.c" /* yacc.c:1646 */ +#line 4286 "util/configparser.c" /* yacc.c:1646 */ break; case 382: -#line 1568 "./util/configparser.y" /* yacc.c:1646 */ +#line 1570 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4294 "util/configparser.c" /* yacc.c:1646 */ +#line 4296 "util/configparser.c" /* yacc.c:1646 */ break; case 383: -#line 1575 "./util/configparser.y" /* yacc.c:1646 */ +#line 1577 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4303,11 +4305,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4307 "util/configparser.c" /* yacc.c:1646 */ +#line 4309 "util/configparser.c" /* yacc.c:1646 */ break; case 384: -#line 1585 "./util/configparser.y" /* yacc.c:1646 */ +#line 1587 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -4326,21 +4328,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 4330 "util/configparser.c" /* yacc.c:1646 */ +#line 4332 "util/configparser.c" /* yacc.c:1646 */ break; case 385: -#line 1605 "./util/configparser.y" /* yacc.c:1646 */ +#line 1607 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4340 "util/configparser.c" /* yacc.c:1646 */ +#line 4342 "util/configparser.c" /* yacc.c:1646 */ break; case 386: -#line 1612 "./util/configparser.y" /* yacc.c:1646 */ +#line 1614 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4357,11 +4359,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4361 "util/configparser.c" /* yacc.c:1646 */ +#line 4363 "util/configparser.c" /* yacc.c:1646 */ break; case 387: -#line 1630 "./util/configparser.y" /* yacc.c:1646 */ +#line 1632 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4373,11 +4375,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4377 "util/configparser.c" /* yacc.c:1646 */ +#line 4379 "util/configparser.c" /* yacc.c:1646 */ break; case 388: -#line 1643 "./util/configparser.y" /* yacc.c:1646 */ +#line 1645 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4389,11 +4391,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4393 "util/configparser.c" /* yacc.c:1646 */ +#line 4395 "util/configparser.c" /* yacc.c:1646 */ break; case 389: -#line 1656 "./util/configparser.y" /* yacc.c:1646 */ +#line 1658 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4401,11 +4403,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4405 "util/configparser.c" /* yacc.c:1646 */ +#line 4407 "util/configparser.c" /* yacc.c:1646 */ break; case 390: -#line 1665 "./util/configparser.y" /* yacc.c:1646 */ +#line 1667 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4413,11 +4415,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4417 "util/configparser.c" /* yacc.c:1646 */ +#line 4419 "util/configparser.c" /* yacc.c:1646 */ break; case 391: -#line 1674 "./util/configparser.y" /* yacc.c:1646 */ +#line 1676 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4425,11 +4427,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4429 "util/configparser.c" /* yacc.c:1646 */ +#line 4431 "util/configparser.c" /* yacc.c:1646 */ break; case 392: -#line 1683 "./util/configparser.y" /* yacc.c:1646 */ +#line 1685 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4437,11 +4439,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4441 "util/configparser.c" /* yacc.c:1646 */ +#line 4443 "util/configparser.c" /* yacc.c:1646 */ break; case 393: -#line 1692 "./util/configparser.y" /* yacc.c:1646 */ +#line 1694 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4450,11 +4452,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4454 "util/configparser.c" /* yacc.c:1646 */ +#line 4456 "util/configparser.c" /* yacc.c:1646 */ break; case 394: -#line 1702 "./util/configparser.y" /* yacc.c:1646 */ +#line 1704 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4463,11 +4465,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4467 "util/configparser.c" /* yacc.c:1646 */ +#line 4469 "util/configparser.c" /* yacc.c:1646 */ break; case 395: -#line 1712 "./util/configparser.y" /* yacc.c:1646 */ +#line 1714 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4477,11 +4479,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4481 "util/configparser.c" /* yacc.c:1646 */ +#line 4483 "util/configparser.c" /* yacc.c:1646 */ break; case 396: -#line 1723 "./util/configparser.y" /* yacc.c:1646 */ +#line 1725 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4489,11 +4491,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4493 "util/configparser.c" /* yacc.c:1646 */ +#line 4495 "util/configparser.c" /* yacc.c:1646 */ break; case 397: -#line 1732 "./util/configparser.y" /* yacc.c:1646 */ +#line 1734 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4501,11 +4503,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4505 "util/configparser.c" /* yacc.c:1646 */ +#line 4507 "util/configparser.c" /* yacc.c:1646 */ break; case 398: -#line 1741 "./util/configparser.y" /* yacc.c:1646 */ +#line 1743 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4513,11 +4515,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4517 "util/configparser.c" /* yacc.c:1646 */ +#line 4519 "util/configparser.c" /* yacc.c:1646 */ break; case 399: -#line 1750 "./util/configparser.y" /* yacc.c:1646 */ +#line 1752 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4525,11 +4527,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4529 "util/configparser.c" /* yacc.c:1646 */ +#line 4531 "util/configparser.c" /* yacc.c:1646 */ break; case 400: -#line 1759 "./util/configparser.y" /* yacc.c:1646 */ +#line 1761 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4541,11 +4543,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4545 "util/configparser.c" /* yacc.c:1646 */ +#line 4547 "util/configparser.c" /* yacc.c:1646 */ break; case 401: -#line 1772 "./util/configparser.y" /* yacc.c:1646 */ +#line 1774 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4557,11 +4559,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4561 "util/configparser.c" /* yacc.c:1646 */ +#line 4563 "util/configparser.c" /* yacc.c:1646 */ break; case 402: -#line 1785 "./util/configparser.y" /* yacc.c:1646 */ +#line 1787 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4569,21 +4571,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4573 "util/configparser.c" /* yacc.c:1646 */ +#line 4575 "util/configparser.c" /* yacc.c:1646 */ break; case 403: -#line 1794 "./util/configparser.y" /* yacc.c:1646 */ +#line 1796 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 4583 "util/configparser.c" /* yacc.c:1646 */ +#line 4585 "util/configparser.c" /* yacc.c:1646 */ break; case 404: -#line 1801 "./util/configparser.y" /* yacc.c:1646 */ +#line 1803 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4591,11 +4593,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4595 "util/configparser.c" /* yacc.c:1646 */ +#line 4597 "util/configparser.c" /* yacc.c:1646 */ break; case 405: -#line 1810 "./util/configparser.y" /* yacc.c:1646 */ +#line 1812 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4603,11 +4605,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4607 "util/configparser.c" /* yacc.c:1646 */ +#line 4609 "util/configparser.c" /* yacc.c:1646 */ break; case 406: -#line 1819 "./util/configparser.y" /* yacc.c:1646 */ +#line 1821 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4615,11 +4617,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4619 "util/configparser.c" /* yacc.c:1646 */ +#line 4621 "util/configparser.c" /* yacc.c:1646 */ break; case 407: -#line 1828 "./util/configparser.y" /* yacc.c:1646 */ +#line 1830 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4628,22 +4630,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4632 "util/configparser.c" /* yacc.c:1646 */ +#line 4634 "util/configparser.c" /* yacc.c:1646 */ break; case 408: -#line 1837 "./util/configparser.y" /* yacc.c:1646 */ +#line 1839 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4643 "util/configparser.c" /* yacc.c:1646 */ +#line 4645 "util/configparser.c" /* yacc.c:1646 */ break; case 409: -#line 1845 "./util/configparser.y" /* yacc.c:1646 */ +#line 1847 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4655,22 +4657,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4659 "util/configparser.c" /* yacc.c:1646 */ +#line 4661 "util/configparser.c" /* yacc.c:1646 */ break; case 410: -#line 1858 "./util/configparser.y" /* yacc.c:1646 */ +#line 1860 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4670 "util/configparser.c" /* yacc.c:1646 */ +#line 4672 "util/configparser.c" /* yacc.c:1646 */ break; case 411: -#line 1866 "./util/configparser.y" /* yacc.c:1646 */ +#line 1868 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4710,21 +4712,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4714 "util/configparser.c" /* yacc.c:1646 */ +#line 4716 "util/configparser.c" /* yacc.c:1646 */ break; case 412: -#line 1907 "./util/configparser.y" /* yacc.c:1646 */ +#line 1909 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4724 "util/configparser.c" /* yacc.c:1646 */ +#line 4726 "util/configparser.c" /* yacc.c:1646 */ break; case 413: -#line 1914 "./util/configparser.y" /* yacc.c:1646 */ +#line 1916 "./util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4738,11 +4740,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4742 "util/configparser.c" /* yacc.c:1646 */ +#line 4744 "util/configparser.c" /* yacc.c:1646 */ break; case 414: -#line 1929 "./util/configparser.y" /* yacc.c:1646 */ +#line 1931 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4751,11 +4753,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4755 "util/configparser.c" /* yacc.c:1646 */ +#line 4757 "util/configparser.c" /* yacc.c:1646 */ break; case 415: -#line 1939 "./util/configparser.y" /* yacc.c:1646 */ +#line 1941 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4764,41 +4766,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4768 "util/configparser.c" /* yacc.c:1646 */ +#line 4770 "util/configparser.c" /* yacc.c:1646 */ break; case 416: -#line 1949 "./util/configparser.y" /* yacc.c:1646 */ +#line 1951 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4778 "util/configparser.c" /* yacc.c:1646 */ +#line 4780 "util/configparser.c" /* yacc.c:1646 */ break; case 417: -#line 1956 "./util/configparser.y" /* yacc.c:1646 */ +#line 1958 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4788 "util/configparser.c" /* yacc.c:1646 */ +#line 4790 "util/configparser.c" /* yacc.c:1646 */ break; case 418: -#line 1963 "./util/configparser.y" /* yacc.c:1646 */ +#line 1965 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4798 "util/configparser.c" /* yacc.c:1646 */ +#line 4800 "util/configparser.c" /* yacc.c:1646 */ break; case 419: -#line 1970 "./util/configparser.y" /* yacc.c:1646 */ +#line 1972 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4806,22 +4808,22 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4810 "util/configparser.c" /* yacc.c:1646 */ +#line 4812 "util/configparser.c" /* yacc.c:1646 */ break; case 420: -#line 1979 "./util/configparser.y" /* yacc.c:1646 */ +#line 1981 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 4821 "util/configparser.c" /* yacc.c:1646 */ +#line 4823 "util/configparser.c" /* yacc.c:1646 */ break; case 421: -#line 1987 "./util/configparser.y" /* yacc.c:1646 */ +#line 1989 "./util/configparser.y" /* yacc.c:1646 */ { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -4834,11 +4836,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4838 "util/configparser.c" /* yacc.c:1646 */ +#line 4840 "util/configparser.c" /* yacc.c:1646 */ break; case 422: -#line 2001 "./util/configparser.y" /* yacc.c:1646 */ +#line 2003 "./util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4858,11 +4860,11 @@ yyreduce: } } } -#line 4862 "util/configparser.c" /* yacc.c:1646 */ +#line 4864 "util/configparser.c" /* yacc.c:1646 */ break; case 423: -#line 2022 "./util/configparser.y" /* yacc.c:1646 */ +#line 2024 "./util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4882,11 +4884,11 @@ yyreduce: } } } -#line 4886 "util/configparser.c" /* yacc.c:1646 */ +#line 4888 "util/configparser.c" /* yacc.c:1646 */ break; case 424: -#line 2043 "./util/configparser.y" /* yacc.c:1646 */ +#line 2045 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -4897,11 +4899,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4901 "util/configparser.c" /* yacc.c:1646 */ +#line 4903 "util/configparser.c" /* yacc.c:1646 */ break; case 425: -#line 2055 "./util/configparser.y" /* yacc.c:1646 */ +#line 2057 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -4912,11 +4914,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4916 "util/configparser.c" /* yacc.c:1646 */ +#line 4918 "util/configparser.c" /* yacc.c:1646 */ break; case 426: -#line 2067 "./util/configparser.y" /* yacc.c:1646 */ +#line 2069 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -4927,11 +4929,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4931 "util/configparser.c" /* yacc.c:1646 */ +#line 4933 "util/configparser.c" /* yacc.c:1646 */ break; case 427: -#line 2079 "./util/configparser.y" /* yacc.c:1646 */ +#line 2081 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -4939,11 +4941,11 @@ yyreduce: yyerror("out of memory"); } } -#line 4943 "util/configparser.c" /* yacc.c:1646 */ +#line 4945 "util/configparser.c" /* yacc.c:1646 */ break; case 428: -#line 2088 "./util/configparser.y" /* yacc.c:1646 */ +#line 2090 "./util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4963,11 +4965,11 @@ yyreduce: } } } -#line 4967 "util/configparser.c" /* yacc.c:1646 */ +#line 4969 "util/configparser.c" /* yacc.c:1646 */ break; case 429: -#line 2109 "./util/configparser.y" /* yacc.c:1646 */ +#line 2111 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4975,11 +4977,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4979 "util/configparser.c" /* yacc.c:1646 */ +#line 4981 "util/configparser.c" /* yacc.c:1646 */ break; case 430: -#line 2119 "./util/configparser.y" /* yacc.c:1646 */ +#line 2121 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4987,33 +4989,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4991 "util/configparser.c" /* yacc.c:1646 */ +#line 4993 "util/configparser.c" /* yacc.c:1646 */ break; case 431: -#line 2128 "./util/configparser.y" /* yacc.c:1646 */ +#line 2130 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5002 "util/configparser.c" /* yacc.c:1646 */ +#line 5004 "util/configparser.c" /* yacc.c:1646 */ break; case 432: -#line 2136 "./util/configparser.y" /* yacc.c:1646 */ +#line 2138 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5013 "util/configparser.c" /* yacc.c:1646 */ +#line 5015 "util/configparser.c" /* yacc.c:1646 */ break; case 433: -#line 2144 "./util/configparser.y" /* yacc.c:1646 */ +#line 2146 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5025,11 +5027,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5029 "util/configparser.c" /* yacc.c:1646 */ +#line 5031 "util/configparser.c" /* yacc.c:1646 */ break; case 434: -#line 2157 "./util/configparser.y" /* yacc.c:1646 */ +#line 2159 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5041,11 +5043,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5045 "util/configparser.c" /* yacc.c:1646 */ +#line 5047 "util/configparser.c" /* yacc.c:1646 */ break; case 435: -#line 2170 "./util/configparser.y" /* yacc.c:1646 */ +#line 2172 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5059,11 +5061,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 5063 "util/configparser.c" /* yacc.c:1646 */ +#line 5065 "util/configparser.c" /* yacc.c:1646 */ break; case 436: -#line 2185 "./util/configparser.y" /* yacc.c:1646 */ +#line 2187 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5077,11 +5079,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 5081 "util/configparser.c" /* yacc.c:1646 */ +#line 5083 "util/configparser.c" /* yacc.c:1646 */ break; case 437: -#line 2200 "./util/configparser.y" /* yacc.c:1646 */ +#line 2202 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5089,11 +5091,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5093 "util/configparser.c" /* yacc.c:1646 */ +#line 5095 "util/configparser.c" /* yacc.c:1646 */ break; case 438: -#line 2209 "./util/configparser.y" /* yacc.c:1646 */ +#line 2211 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5101,20 +5103,20 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5105 "util/configparser.c" /* yacc.c:1646 */ +#line 5107 "util/configparser.c" /* yacc.c:1646 */ break; case 439: -#line 2218 "./util/configparser.y" /* yacc.c:1646 */ +#line 2220 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 5114 "util/configparser.c" /* yacc.c:1646 */ +#line 5116 "util/configparser.c" /* yacc.c:1646 */ break; case 440: -#line 2224 "./util/configparser.y" /* yacc.c:1646 */ +#line 2226 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -5122,11 +5124,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5126 "util/configparser.c" /* yacc.c:1646 */ +#line 5128 "util/configparser.c" /* yacc.c:1646 */ break; case 441: -#line 2233 "./util/configparser.y" /* yacc.c:1646 */ +#line 2235 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5134,11 +5136,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5138 "util/configparser.c" /* yacc.c:1646 */ +#line 5140 "util/configparser.c" /* yacc.c:1646 */ break; case 442: -#line 2242 "./util/configparser.y" /* yacc.c:1646 */ +#line 2244 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5147,11 +5149,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5151 "util/configparser.c" /* yacc.c:1646 */ +#line 5153 "util/configparser.c" /* yacc.c:1646 */ break; case 443: -#line 2252 "./util/configparser.y" /* yacc.c:1646 */ +#line 2254 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5160,11 +5162,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5164 "util/configparser.c" /* yacc.c:1646 */ +#line 5166 "util/configparser.c" /* yacc.c:1646 */ break; case 444: -#line 2262 "./util/configparser.y" /* yacc.c:1646 */ +#line 2264 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5176,11 +5178,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5180 "util/configparser.c" /* yacc.c:1646 */ +#line 5182 "util/configparser.c" /* yacc.c:1646 */ break; case 445: -#line 2275 "./util/configparser.y" /* yacc.c:1646 */ +#line 2277 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5192,11 +5194,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5196 "util/configparser.c" /* yacc.c:1646 */ +#line 5198 "util/configparser.c" /* yacc.c:1646 */ break; case 446: -#line 2288 "./util/configparser.y" /* yacc.c:1646 */ +#line 2290 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5207,11 +5209,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5211 "util/configparser.c" /* yacc.c:1646 */ +#line 5213 "util/configparser.c" /* yacc.c:1646 */ break; case 447: -#line 2300 "./util/configparser.y" /* yacc.c:1646 */ +#line 2302 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -5224,11 +5226,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5228 "util/configparser.c" /* yacc.c:1646 */ +#line 5230 "util/configparser.c" /* yacc.c:1646 */ break; case 448: -#line 2314 "./util/configparser.y" /* yacc.c:1646 */ +#line 2316 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -5239,11 +5241,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5243 "util/configparser.c" /* yacc.c:1646 */ +#line 5245 "util/configparser.c" /* yacc.c:1646 */ break; case 449: -#line 2326 "./util/configparser.y" /* yacc.c:1646 */ +#line 2328 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -5256,11 +5258,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5260 "util/configparser.c" /* yacc.c:1646 */ +#line 5262 "util/configparser.c" /* yacc.c:1646 */ break; case 450: -#line 2340 "./util/configparser.y" /* yacc.c:1646 */ +#line 2342 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -5269,31 +5271,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5273 "util/configparser.c" /* yacc.c:1646 */ +#line 5275 "util/configparser.c" /* yacc.c:1646 */ break; case 451: -#line 2350 "./util/configparser.y" /* yacc.c:1646 */ +#line 2352 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5283 "util/configparser.c" /* yacc.c:1646 */ +#line 5285 "util/configparser.c" /* yacc.c:1646 */ break; case 452: -#line 2357 "./util/configparser.y" /* yacc.c:1646 */ +#line 2359 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5293 "util/configparser.c" /* yacc.c:1646 */ +#line 5295 "util/configparser.c" /* yacc.c:1646 */ break; case 453: -#line 2364 "./util/configparser.y" /* yacc.c:1646 */ +#line 2366 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5301,11 +5303,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5305 "util/configparser.c" /* yacc.c:1646 */ +#line 5307 "util/configparser.c" /* yacc.c:1646 */ break; case 454: -#line 2373 "./util/configparser.y" /* yacc.c:1646 */ +#line 2375 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5313,11 +5315,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5317 "util/configparser.c" /* yacc.c:1646 */ +#line 5319 "util/configparser.c" /* yacc.c:1646 */ break; case 455: -#line 2382 "./util/configparser.y" /* yacc.c:1646 */ +#line 2384 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5326,11 +5328,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5330 "util/configparser.c" /* yacc.c:1646 */ +#line 5332 "util/configparser.c" /* yacc.c:1646 */ break; case 456: -#line 2392 "./util/configparser.y" /* yacc.c:1646 */ +#line 2394 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5339,11 +5341,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5343 "util/configparser.c" /* yacc.c:1646 */ +#line 5345 "util/configparser.c" /* yacc.c:1646 */ break; case 457: -#line 2402 "./util/configparser.y" /* yacc.c:1646 */ +#line 2404 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -5352,31 +5354,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5356 "util/configparser.c" /* yacc.c:1646 */ +#line 5358 "util/configparser.c" /* yacc.c:1646 */ break; case 458: -#line 2412 "./util/configparser.y" /* yacc.c:1646 */ +#line 2414 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5366 "util/configparser.c" /* yacc.c:1646 */ +#line 5368 "util/configparser.c" /* yacc.c:1646 */ break; case 459: -#line 2419 "./util/configparser.y" /* yacc.c:1646 */ +#line 2421 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5376 "util/configparser.c" /* yacc.c:1646 */ +#line 5378 "util/configparser.c" /* yacc.c:1646 */ break; case 460: -#line 2426 "./util/configparser.y" /* yacc.c:1646 */ +#line 2428 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5384,11 +5386,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5388 "util/configparser.c" /* yacc.c:1646 */ +#line 5390 "util/configparser.c" /* yacc.c:1646 */ break; case 461: -#line 2435 "./util/configparser.y" /* yacc.c:1646 */ +#line 2437 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5396,11 +5398,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5400 "util/configparser.c" /* yacc.c:1646 */ +#line 5402 "util/configparser.c" /* yacc.c:1646 */ break; case 462: -#line 2444 "./util/configparser.y" /* yacc.c:1646 */ +#line 2446 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5409,11 +5411,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5413 "util/configparser.c" /* yacc.c:1646 */ +#line 5415 "util/configparser.c" /* yacc.c:1646 */ break; case 463: -#line 2454 "./util/configparser.y" /* yacc.c:1646 */ +#line 2456 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -5422,52 +5424,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5426 "util/configparser.c" /* yacc.c:1646 */ +#line 5428 "util/configparser.c" /* yacc.c:1646 */ break; case 464: -#line 2464 "./util/configparser.y" /* yacc.c:1646 */ +#line 2466 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5436 "util/configparser.c" /* yacc.c:1646 */ +#line 5438 "util/configparser.c" /* yacc.c:1646 */ break; case 465: -#line 2471 "./util/configparser.y" /* yacc.c:1646 */ +#line 2473 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5446 "util/configparser.c" /* yacc.c:1646 */ +#line 5448 "util/configparser.c" /* yacc.c:1646 */ break; case 466: -#line 2478 "./util/configparser.y" /* yacc.c:1646 */ +#line 2480 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5456 "util/configparser.c" /* yacc.c:1646 */ +#line 5458 "util/configparser.c" /* yacc.c:1646 */ break; case 467: -#line 2485 "./util/configparser.y" /* yacc.c:1646 */ +#line 2487 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5467 "util/configparser.c" /* yacc.c:1646 */ +#line 5469 "util/configparser.c" /* yacc.c:1646 */ break; case 468: -#line 2493 "./util/configparser.y" /* yacc.c:1646 */ +#line 2495 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5476,11 +5478,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5480 "util/configparser.c" /* yacc.c:1646 */ +#line 5482 "util/configparser.c" /* yacc.c:1646 */ break; case 469: -#line 2503 "./util/configparser.y" /* yacc.c:1646 */ +#line 2505 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5489,11 +5491,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5493 "util/configparser.c" /* yacc.c:1646 */ +#line 5495 "util/configparser.c" /* yacc.c:1646 */ break; case 470: -#line 2513 "./util/configparser.y" /* yacc.c:1646 */ +#line 2515 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5502,11 +5504,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5506 "util/configparser.c" /* yacc.c:1646 */ +#line 5508 "util/configparser.c" /* yacc.c:1646 */ break; case 471: -#line 2523 "./util/configparser.y" /* yacc.c:1646 */ +#line 2525 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -5515,11 +5517,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5519 "util/configparser.c" /* yacc.c:1646 */ +#line 5521 "util/configparser.c" /* yacc.c:1646 */ break; case 472: -#line 2533 "./util/configparser.y" /* yacc.c:1646 */ +#line 2535 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5557,11 +5559,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5561 "util/configparser.c" /* yacc.c:1646 */ +#line 5563 "util/configparser.c" /* yacc.c:1646 */ break; case 473: -#line 2572 "./util/configparser.y" /* yacc.c:1646 */ +#line 2574 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5570,33 +5572,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5574 "util/configparser.c" /* yacc.c:1646 */ +#line 5576 "util/configparser.c" /* yacc.c:1646 */ break; case 474: -#line 2582 "./util/configparser.y" /* yacc.c:1646 */ +#line 2584 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5585 "util/configparser.c" /* yacc.c:1646 */ +#line 5587 "util/configparser.c" /* yacc.c:1646 */ break; case 475: -#line 2590 "./util/configparser.y" /* yacc.c:1646 */ +#line 2592 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5596 "util/configparser.c" /* yacc.c:1646 */ +#line 5598 "util/configparser.c" /* yacc.c:1646 */ break; case 476: -#line 2598 "./util/configparser.y" /* yacc.c:1646 */ +#line 2600 "./util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5610,11 +5612,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5614 "util/configparser.c" /* yacc.c:1646 */ +#line 5616 "util/configparser.c" /* yacc.c:1646 */ break; case 477: -#line 2613 "./util/configparser.y" /* yacc.c:1646 */ +#line 2615 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5622,19 +5624,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5626 "util/configparser.c" /* yacc.c:1646 */ +#line 5628 "util/configparser.c" /* yacc.c:1646 */ break; case 478: -#line 2622 "./util/configparser.y" /* yacc.c:1646 */ +#line 2624 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(remote-control:)\n")); } -#line 5634 "util/configparser.c" /* yacc.c:1646 */ +#line 5636 "util/configparser.c" /* yacc.c:1646 */ break; case 489: -#line 2633 "./util/configparser.y" /* yacc.c:1646 */ +#line 2635 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5643,11 +5645,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5647 "util/configparser.c" /* yacc.c:1646 */ +#line 5649 "util/configparser.c" /* yacc.c:1646 */ break; case 490: -#line 2643 "./util/configparser.y" /* yacc.c:1646 */ +#line 2645 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5655,79 +5657,79 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5659 "util/configparser.c" /* yacc.c:1646 */ +#line 5661 "util/configparser.c" /* yacc.c:1646 */ break; case 491: -#line 2652 "./util/configparser.y" /* yacc.c:1646 */ +#line 2654 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5669 "util/configparser.c" /* yacc.c:1646 */ +#line 5671 "util/configparser.c" /* yacc.c:1646 */ break; case 492: -#line 2659 "./util/configparser.y" /* yacc.c:1646 */ +#line 2661 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5679 "util/configparser.c" /* yacc.c:1646 */ +#line 5681 "util/configparser.c" /* yacc.c:1646 */ break; case 493: -#line 2666 "./util/configparser.y" /* yacc.c:1646 */ +#line 2668 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 5689 "util/configparser.c" /* yacc.c:1646 */ +#line 5691 "util/configparser.c" /* yacc.c:1646 */ break; case 494: -#line 2673 "./util/configparser.y" /* yacc.c:1646 */ +#line 2675 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 5699 "util/configparser.c" /* yacc.c:1646 */ +#line 5701 "util/configparser.c" /* yacc.c:1646 */ break; case 495: -#line 2680 "./util/configparser.y" /* yacc.c:1646 */ +#line 2682 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 5709 "util/configparser.c" /* yacc.c:1646 */ +#line 5711 "util/configparser.c" /* yacc.c:1646 */ break; case 496: -#line 2687 "./util/configparser.y" /* yacc.c:1646 */ +#line 2689 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 5719 "util/configparser.c" /* yacc.c:1646 */ +#line 5721 "util/configparser.c" /* yacc.c:1646 */ break; case 497: -#line 2694 "./util/configparser.y" /* yacc.c:1646 */ +#line 2696 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnstap:)\n")); } -#line 5727 "util/configparser.c" /* yacc.c:1646 */ +#line 5729 "util/configparser.c" /* yacc.c:1646 */ break; case 512: -#line 2711 "./util/configparser.y" /* yacc.c:1646 */ +#line 2713 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5735,21 +5737,21 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5739 "util/configparser.c" /* yacc.c:1646 */ +#line 5741 "util/configparser.c" /* yacc.c:1646 */ break; case 513: -#line 2720 "./util/configparser.y" /* yacc.c:1646 */ +#line 2722 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 5749 "util/configparser.c" /* yacc.c:1646 */ +#line 5751 "util/configparser.c" /* yacc.c:1646 */ break; case 514: -#line 2727 "./util/configparser.y" /* yacc.c:1646 */ +#line 2729 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5757,11 +5759,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5761 "util/configparser.c" /* yacc.c:1646 */ +#line 5763 "util/configparser.c" /* yacc.c:1646 */ break; case 515: -#line 2736 "./util/configparser.y" /* yacc.c:1646 */ +#line 2738 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5769,31 +5771,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5773 "util/configparser.c" /* yacc.c:1646 */ +#line 5775 "util/configparser.c" /* yacc.c:1646 */ break; case 516: -#line 2745 "./util/configparser.y" /* yacc.c:1646 */ +#line 2747 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 5783 "util/configparser.c" /* yacc.c:1646 */ +#line 5785 "util/configparser.c" /* yacc.c:1646 */ break; case 517: -#line 2752 "./util/configparser.y" /* yacc.c:1646 */ +#line 2754 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 5793 "util/configparser.c" /* yacc.c:1646 */ +#line 5795 "util/configparser.c" /* yacc.c:1646 */ break; case 518: -#line 2759 "./util/configparser.y" /* yacc.c:1646 */ +#line 2761 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5802,11 +5804,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5806 "util/configparser.c" /* yacc.c:1646 */ +#line 5808 "util/configparser.c" /* yacc.c:1646 */ break; case 519: -#line 2769 "./util/configparser.y" /* yacc.c:1646 */ +#line 2771 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5815,11 +5817,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5819 "util/configparser.c" /* yacc.c:1646 */ +#line 5821 "util/configparser.c" /* yacc.c:1646 */ break; case 520: -#line 2779 "./util/configparser.y" /* yacc.c:1646 */ +#line 2781 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5828,11 +5830,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5832 "util/configparser.c" /* yacc.c:1646 */ +#line 5834 "util/configparser.c" /* yacc.c:1646 */ break; case 521: -#line 2789 "./util/configparser.y" /* yacc.c:1646 */ +#line 2791 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5841,11 +5843,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5845 "util/configparser.c" /* yacc.c:1646 */ +#line 5847 "util/configparser.c" /* yacc.c:1646 */ break; case 522: -#line 2799 "./util/configparser.y" /* yacc.c:1646 */ +#line 2801 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5854,11 +5856,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5858 "util/configparser.c" /* yacc.c:1646 */ +#line 5860 "util/configparser.c" /* yacc.c:1646 */ break; case 523: -#line 2809 "./util/configparser.y" /* yacc.c:1646 */ +#line 2811 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5867,29 +5869,29 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5871 "util/configparser.c" /* yacc.c:1646 */ +#line 5873 "util/configparser.c" /* yacc.c:1646 */ break; case 524: -#line 2819 "./util/configparser.y" /* yacc.c:1646 */ +#line 2821 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(python:)\n")); } -#line 5879 "util/configparser.c" /* yacc.c:1646 */ +#line 5881 "util/configparser.c" /* yacc.c:1646 */ break; case 528: -#line 2828 "./util/configparser.y" /* yacc.c:1646 */ +#line 2830 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5889 "util/configparser.c" /* yacc.c:1646 */ +#line 5891 "util/configparser.c" /* yacc.c:1646 */ break; case 529: -#line 2834 "./util/configparser.y" /* yacc.c:1646 */ +#line 2836 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5898,21 +5900,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5902 "util/configparser.c" /* yacc.c:1646 */ +#line 5904 "util/configparser.c" /* yacc.c:1646 */ break; case 530: -#line 2844 "./util/configparser.y" /* yacc.c:1646 */ +#line 2846 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 5912 "util/configparser.c" /* yacc.c:1646 */ +#line 5914 "util/configparser.c" /* yacc.c:1646 */ break; case 531: -#line 2851 "./util/configparser.y" /* yacc.c:1646 */ +#line 2853 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5920,30 +5922,30 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 5924 "util/configparser.c" /* yacc.c:1646 */ +#line 5926 "util/configparser.c" /* yacc.c:1646 */ break; case 532: -#line 2860 "./util/configparser.y" /* yacc.c:1646 */ +#line 2862 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5935 "util/configparser.c" /* yacc.c:1646 */ +#line 5937 "util/configparser.c" /* yacc.c:1646 */ break; case 533: -#line 2868 "./util/configparser.y" /* yacc.c:1646 */ +#line 2870 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnscrypt:)\n")); } -#line 5943 "util/configparser.c" /* yacc.c:1646 */ +#line 5945 "util/configparser.c" /* yacc.c:1646 */ break; case 546: -#line 2884 "./util/configparser.y" /* yacc.c:1646 */ +#line 2886 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5951,11 +5953,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5955 "util/configparser.c" /* yacc.c:1646 */ +#line 5957 "util/configparser.c" /* yacc.c:1646 */ break; case 547: -#line 2894 "./util/configparser.y" /* yacc.c:1646 */ +#line 2896 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5963,21 +5965,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5967 "util/configparser.c" /* yacc.c:1646 */ +#line 5969 "util/configparser.c" /* yacc.c:1646 */ break; case 548: -#line 2903 "./util/configparser.y" /* yacc.c:1646 */ +#line 2905 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 5977 "util/configparser.c" /* yacc.c:1646 */ +#line 5979 "util/configparser.c" /* yacc.c:1646 */ break; case 549: -#line 2910 "./util/configparser.y" /* yacc.c:1646 */ +#line 2912 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -5985,21 +5987,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 5989 "util/configparser.c" /* yacc.c:1646 */ +#line 5991 "util/configparser.c" /* yacc.c:1646 */ break; case 550: -#line 2919 "./util/configparser.y" /* yacc.c:1646 */ +#line 2921 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 5999 "util/configparser.c" /* yacc.c:1646 */ +#line 6001 "util/configparser.c" /* yacc.c:1646 */ break; case 551: -#line 2926 "./util/configparser.y" /* yacc.c:1646 */ +#line 2928 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -6007,22 +6009,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 6011 "util/configparser.c" /* yacc.c:1646 */ +#line 6013 "util/configparser.c" /* yacc.c:1646 */ break; case 552: -#line 2935 "./util/configparser.y" /* yacc.c:1646 */ +#line 2937 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6022 "util/configparser.c" /* yacc.c:1646 */ +#line 6024 "util/configparser.c" /* yacc.c:1646 */ break; case 553: -#line 2943 "./util/configparser.y" /* yacc.c:1646 */ +#line 2945 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6034,22 +6036,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6038 "util/configparser.c" /* yacc.c:1646 */ +#line 6040 "util/configparser.c" /* yacc.c:1646 */ break; case 554: -#line 2956 "./util/configparser.y" /* yacc.c:1646 */ +#line 2958 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6049 "util/configparser.c" /* yacc.c:1646 */ +#line 6051 "util/configparser.c" /* yacc.c:1646 */ break; case 555: -#line 2964 "./util/configparser.y" /* yacc.c:1646 */ +#line 2966 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6061,19 +6063,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6065 "util/configparser.c" /* yacc.c:1646 */ +#line 6067 "util/configparser.c" /* yacc.c:1646 */ break; case 556: -#line 2977 "./util/configparser.y" /* yacc.c:1646 */ +#line 2979 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(cachedb:)\n")); } -#line 6073 "util/configparser.c" /* yacc.c:1646 */ +#line 6075 "util/configparser.c" /* yacc.c:1646 */ break; case 564: -#line 2987 "./util/configparser.y" /* yacc.c:1646 */ +#line 2989 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -6087,11 +6089,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6091 "util/configparser.c" /* yacc.c:1646 */ +#line 6093 "util/configparser.c" /* yacc.c:1646 */ break; case 565: -#line 3002 "./util/configparser.y" /* yacc.c:1646 */ +#line 3004 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -6105,11 +6107,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6109 "util/configparser.c" /* yacc.c:1646 */ +#line 6111 "util/configparser.c" /* yacc.c:1646 */ break; case 566: -#line 3017 "./util/configparser.y" /* yacc.c:1646 */ +#line 3019 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -6120,11 +6122,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6124 "util/configparser.c" /* yacc.c:1646 */ +#line 6126 "util/configparser.c" /* yacc.c:1646 */ break; case 567: -#line 3029 "./util/configparser.y" /* yacc.c:1646 */ +#line 3031 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -6138,11 +6140,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6142 "util/configparser.c" /* yacc.c:1646 */ +#line 6144 "util/configparser.c" /* yacc.c:1646 */ break; case 568: -#line 3044 "./util/configparser.y" /* yacc.c:1646 */ +#line 3046 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -6154,11 +6156,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6158 "util/configparser.c" /* yacc.c:1646 */ +#line 6160 "util/configparser.c" /* yacc.c:1646 */ break; case 569: -#line 3057 "./util/configparser.y" /* yacc.c:1646 */ +#line 3059 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -6168,19 +6170,19 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6172 "util/configparser.c" /* yacc.c:1646 */ +#line 6174 "util/configparser.c" /* yacc.c:1646 */ break; case 570: -#line 3068 "./util/configparser.y" /* yacc.c:1646 */ +#line 3070 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(ipset:)\n")); } -#line 6180 "util/configparser.c" /* yacc.c:1646 */ +#line 6182 "util/configparser.c" /* yacc.c:1646 */ break; case 575: -#line 3077 "./util/configparser.y" /* yacc.c:1646 */ +#line 3079 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -6194,11 +6196,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6198 "util/configparser.c" /* yacc.c:1646 */ +#line 6200 "util/configparser.c" /* yacc.c:1646 */ break; case 576: -#line 3092 "./util/configparser.y" /* yacc.c:1646 */ +#line 3094 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -6212,11 +6214,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6216 "util/configparser.c" /* yacc.c:1646 */ +#line 6218 "util/configparser.c" /* yacc.c:1646 */ break; -#line 6220 "util/configparser.c" /* yacc.c:1646 */ +#line 6222 "util/configparser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -6444,7 +6446,7 @@ yyreturn: #endif return yyresult; } -#line 3106 "./util/configparser.y" /* yacc.c:1906 */ +#line 3108 "./util/configparser.y" /* yacc.c:1906 */ /* parse helper routines could be here */ diff --git a/util/configparser.y b/util/configparser.y index 589caa195..8671a7cd3 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -518,6 +518,7 @@ server_send_client_subnet: VAR_SEND_CLIENT_SUBNET STRING_ARG fatal_exit("out of memory adding client-subnet"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free($2); #endif } ; @@ -530,6 +531,7 @@ server_client_subnet_zone: VAR_CLIENT_SUBNET_ZONE STRING_ARG fatal_exit("out of memory adding client-subnet-zone"); #else OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); + free($2); #endif } ; diff --git a/util/data/dname.c b/util/data/dname.c index 8a2db758c..793521276 100644 --- a/util/data/dname.c +++ b/util/data/dname.c @@ -75,6 +75,8 @@ dname_valid(uint8_t* dname, size_t maxlen) { size_t len = 0; size_t labellen; + if(maxlen == 0) + return 0; /* too short, shortest is '0' root label */ labellen = *dname++; while(labellen) { if(labellen&0xc0) @@ -327,16 +329,26 @@ dname_pkt_hash(sldns_buffer* pkt, uint8_t* dname, hashvalue_type h) void dname_pkt_copy(sldns_buffer* pkt, uint8_t* to, uint8_t* dname) { /* copy over the dname and decompress it at the same time */ + size_t comprcount = 0; size_t len = 0; uint8_t lablen; lablen = *dname++; while(lablen) { if(LABEL_IS_PTR(lablen)) { + if(comprcount++ > MAX_COMPRESS_PTRS) { + /* too many compression pointers */ + *to = 0; /* end the result prematurely */ + return; + } /* follow pointer */ dname = sldns_buffer_at(pkt, PTR_OFFSET(lablen, *dname)); lablen = *dname++; continue; } + if(lablen > LDNS_MAX_LABELLEN) { + *to = 0; /* end the result prematurely */ + return; + } log_assert(lablen <= LDNS_MAX_LABELLEN); len += (size_t)lablen+1; if(len >= LDNS_MAX_DOMAINLEN) { diff --git a/util/data/msgparse.c b/util/data/msgparse.c index 13cad8a26..fb3123703 100644 --- a/util/data/msgparse.c +++ b/util/data/msgparse.c @@ -1061,18 +1061,18 @@ parse_edns_from_pkt(sldns_buffer* pkt, struct edns_data* edns, size_t rdata_len; uint8_t* rdata_ptr; log_assert(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) == 1); + memset(edns, 0, sizeof(*edns)); if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) != 0 || LDNS_NSCOUNT(sldns_buffer_begin(pkt)) != 0) { if(!skip_pkt_rrs(pkt, ((int)LDNS_ANCOUNT(sldns_buffer_begin(pkt)))+ ((int)LDNS_NSCOUNT(sldns_buffer_begin(pkt))))) - return 0; + return LDNS_RCODE_FORMERR; } /* check edns section is present */ if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) > 1) { return LDNS_RCODE_FORMERR; } if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) == 0) { - memset(edns, 0, sizeof(*edns)); edns->udp_size = 512; return 0; } diff --git a/util/data/msgreply.c b/util/data/msgreply.c index a2c09ac20..4320f312d 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -243,10 +243,10 @@ rdata_copy(sldns_buffer* pkt, struct packed_rrset_data* data, uint8_t* to, break; } if(len) { + log_assert(len <= pkt_len); memmove(to, sldns_buffer_current(pkt), len); to += len; sldns_buffer_skip(pkt, (ssize_t)len); - log_assert(len <= pkt_len); pkt_len -= len; } rdf++; diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 8577073c8..3e6f3e6be 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -960,8 +960,6 @@ 1298, 1299, 1300, -1301, -1302, 1303, 1304, 1305, diff --git a/util/log.c b/util/log.c index 63c42f10b..8499d8c0a 100644 --- a/util/log.c +++ b/util/log.c @@ -61,7 +61,7 @@ #endif /* default verbosity */ -enum verbosity_value verbosity = 0; +enum verbosity_value verbosity = NO_VERBOSE; /** the file logged to. */ static FILE* logfile = 0; /** if key has been created */ @@ -70,7 +70,7 @@ static int key_created = 0; static ub_thread_key_type logkey; #ifndef THREADS_DISABLED /** pthread mutex to protect FILE* */ -static lock_quick_type log_lock; +static lock_basic_type log_lock; #endif /** the identity of this executable/process */ static const char* ident="unbound"; @@ -88,18 +88,18 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) if(!key_created) { key_created = 1; ub_thread_key_create(&logkey, NULL); - lock_quick_init(&log_lock); + lock_basic_init(&log_lock); } - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); if(logfile #if defined(HAVE_SYSLOG_H) || defined(UB_ON_WINDOWS) || logging_to_syslog #endif ) { - lock_quick_unlock(&log_lock); /* verbose() needs the lock */ + lock_basic_unlock(&log_lock); /* verbose() needs the lock */ verbose(VERB_QUERY, "switching log to %s", use_syslog?"syslog":(filename&&filename[0]?filename:"stderr")); - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); } if(logfile && logfile != stderr) { FILE* cl = logfile; @@ -119,7 +119,7 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) * --with-syslog-facility=LOCAL[0-7] can override it */ openlog(ident, LOG_NDELAY, UB_SYSLOG_FACILITY); logging_to_syslog = 1; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } #elif defined(UB_ON_WINDOWS) @@ -128,13 +128,13 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) } if(use_syslog) { logging_to_syslog = 1; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } #endif /* HAVE_SYSLOG_H */ if(!filename || !filename[0]) { logfile = stderr; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } /* open the file for logging */ @@ -143,7 +143,7 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) filename += strlen(chrootdir); f = fopen(filename, "a"); if(!f) { - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); log_err("Could not open logfile %s: %s", filename, strerror(errno)); return; @@ -153,14 +153,14 @@ log_init(const char* filename, int use_syslog, const char* chrootdir) setvbuf(f, NULL, (int)_IOLBF, 0); #endif logfile = f; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); } void log_file(FILE *f) { - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); logfile = f; - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); } void log_thread_set(int* num) @@ -245,9 +245,9 @@ log_vmsg(int pri, const char* type, return; } #endif /* HAVE_SYSLOG_H */ - lock_quick_lock(&log_lock); + lock_basic_lock(&log_lock); if(!logfile) { - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); return; } now = (time_t)time(NULL); @@ -272,7 +272,7 @@ log_vmsg(int pri, const char* type, /* line buffering does not work on windows */ fflush(logfile); #endif - lock_quick_unlock(&log_lock); + lock_basic_unlock(&log_lock); } /** diff --git a/util/net_help.c b/util/net_help.c index 21367ebd9..68a67fbd2 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -824,11 +824,13 @@ listen_sslctx_setup(void* ctxt) #ifdef HAVE_SSL SSL_CTX* ctx = (SSL_CTX*)ctxt; /* no SSLv2, SSLv3 because has defects */ +#if SSL_OP_NO_SSLv2 != 0 if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2){ log_crypto_err("could not set SSL_OP_NO_SSLv2"); return 0; } +#endif if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3){ log_crypto_err("could not set SSL_OP_NO_SSLv3"); @@ -1064,12 +1066,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert) log_crypto_err("could not allocate SSL_CTX pointer"); return NULL; } +#if SSL_OP_NO_SSLv2 != 0 if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2) { log_crypto_err("could not set SSL_OP_NO_SSLv2"); SSL_CTX_free(ctx); return NULL; } +#endif if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3) { log_crypto_err("could not set SSL_OP_NO_SSLv3"); @@ -1141,7 +1145,7 @@ void* incoming_ssl_fd(void* sslctx, int fd) return NULL; } SSL_set_accept_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(ssl); @@ -1163,7 +1167,7 @@ void* outgoing_ssl_fd(void* sslctx, int fd) return NULL; } SSL_set_connect_state(ssl); - (void)SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + (void)SSL_set_mode(ssl, (long)SSL_MODE_AUTO_RETRY); if(!SSL_set_fd(ssl, fd)) { log_crypto_err("could not SSL_set_fd"); SSL_free(ssl); @@ -1319,10 +1323,14 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name verbose(VERB_CLIENT, "EVP_EncryptInit_ex failed"); return -1; } +#ifndef HMAC_INIT_EX_RETURNS_VOID if (HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; } +#else + HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL); +#endif return 1; } else if (enc == 0) { /* decrypt */ @@ -1339,10 +1347,14 @@ int tls_session_ticket_key_cb(void *ATTR_UNUSED(sslctx), unsigned char* key_name return 0; } +#ifndef HMAC_INIT_EX_RETURNS_VOID if (HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); return -1; } +#else + HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL); +#endif if (EVP_DecryptInit_ex(evp_sctx, cipher, NULL, key->aes_key, iv) != 1) { log_err("EVP_DecryptInit_ex failed"); return -1; diff --git a/util/netevent.c b/util/netevent.c index c54c570f6..980bb8bea 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1001,7 +1001,7 @@ tcp_callback_writer(struct comm_point* c) tcp_req_info_handle_writedone(c->tcp_req_info); } else { comm_point_stop_listening(c); - comm_point_start_listening(c, -1, -1); + comm_point_start_listening(c, -1, c->tcp_timeout_msec); } } @@ -1128,7 +1128,7 @@ ssl_handshake(struct comm_point* c) unsigned long err = ERR_get_error(); if(!squelch_err_ssl_handshake(err)) { log_crypto_err_code("ssl handshake failed", err); - log_addr(1, "ssl handshake failed", &c->repinfo.addr, + log_addr(VERB_OPS, "ssl handshake failed", &c->repinfo.addr, c->repinfo.addrlen); } return 0; @@ -1309,7 +1309,7 @@ ssl_handle_write(struct comm_point* c) return 1; } /* ignore return, if fails we may simply block */ - (void)SSL_set_mode(c->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE); + (void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE); if(c->tcp_byte_count < sizeof(uint16_t)) { uint16_t len = htons(sldns_buffer_limit(c->buffer)); ERR_clear_error(); @@ -3191,7 +3191,7 @@ comm_point_drop_reply(struct comm_reply* repinfo) { if(!repinfo) return; - log_assert(repinfo && repinfo->c); + log_assert(repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); if(repinfo->c->type == comm_udp) return; diff --git a/util/random.c b/util/random.c index 8332960b4..bb564f2f9 100644 --- a/util/random.c +++ b/util/random.c @@ -79,15 +79,8 @@ #define MAX_VALUE 0x7fffffff #if defined(HAVE_SSL) -void -ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ - /* arc4random_uniform does not need seeds, it gets kernel entropy */ -} - struct ub_randstate* -ub_initstate(unsigned int ATTR_UNUSED(seed), - struct ub_randstate* ATTR_UNUSED(from)) +ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)malloc(1); if(!s) { @@ -119,12 +112,7 @@ struct ub_randstate { int ready; }; -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -} - -struct ub_randstate* ub_initstate(unsigned int ATTR_UNUSED(seed), - struct ub_randstate* ATTR_UNUSED(from)) +struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); if(!s) { @@ -140,7 +128,9 @@ long int ub_random(struct ub_randstate* ATTR_UNUSED(state)) /* random 31 bit value. */ SECStatus s = PK11_GenerateRandom((unsigned char*)&x, (int)sizeof(x)); if(s != SECSuccess) { - log_err("PK11_GenerateRandom error: %s", + /* unbound needs secure randomness for randomized + * ID bits and port numbers in packets to upstream servers */ + fatal_exit("PK11_GenerateRandom error: %s", PORT_ErrorToString(PORT_GetError())); } return x & MAX_VALUE; @@ -157,17 +147,7 @@ struct ub_randstate { int seeded; }; -void ub_systemseed(unsigned int ATTR_UNUSED(seed)) -{ -/** - * We seed on init and not here, as we need the ctx to re-seed. - * This also means that re-seeding is not supported. - */ - log_err("Re-seeding not supported, generator untouched"); -} - -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* ATTR_UNUSED(from)) +struct ub_randstate* ub_initstate(struct ub_randstate* ATTR_UNUSED(from)) { struct ub_randstate* s = (struct ub_randstate*)calloc(1, sizeof(*s)); uint8_t buf[YARROW256_SEED_FILE_SIZE]; @@ -183,15 +163,10 @@ struct ub_randstate* ub_initstate(unsigned int seed, yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); s->seeded = yarrow256_is_seeded(&s->ctx); } else { - /* Stretch the uint32 input seed and feed it to Yarrow */ - uint32_t v = seed; - size_t i; - for(i=0; i < (YARROW256_SEED_FILE_SIZE/sizeof(seed)); i++) { - memmove(buf+i*sizeof(seed), &v, sizeof(seed)); - v = v*seed + (uint32_t)i; - } - yarrow256_seed(&s->ctx, YARROW256_SEED_FILE_SIZE, buf); - s->seeded = yarrow256_is_seeded(&s->ctx); + log_err("nettle random(yarrow) cannot initialize, " + "getentropy failed: %s", strerror(errno)); + free(s); + return NULL; } return s; diff --git a/util/random.h b/util/random.h index a05a994a3..b257793a4 100644 --- a/util/random.h +++ b/util/random.h @@ -47,25 +47,14 @@ */ struct ub_randstate; -/** - * Initialize the system randomness. Obtains entropy from the system - * before a chroot or privilege makes it unavailable. - * You do not have to call this, otherwise ub_initstate does so. - * @param seed: seed value to create state (if no good entropy is found). - */ -void ub_systemseed(unsigned int seed); - /** * Initialize a random generator state for use - * @param seed: seed value to create state contents. - * (ignored for arc4random). * @param from: if not NULL, the seed is taken from this random structure. * can be used to seed random states via a parent-random-state that * is itself seeded with entropy. * @return new state or NULL alloc failure. */ -struct ub_randstate* ub_initstate(unsigned int seed, - struct ub_randstate* from); +struct ub_randstate* ub_initstate(struct ub_randstate* from); /** * Generate next random number from the state passed along. diff --git a/util/regional.c b/util/regional.c index 899a54edb..ff36d0e21 100644 --- a/util/regional.c +++ b/util/regional.c @@ -84,6 +84,7 @@ struct regional* regional_create_custom(size_t size) { struct regional* r = (struct regional*)malloc(size); + size = ALIGN_UP(size, ALIGNMENT); log_assert(sizeof(struct regional) <= size); if(!r) return NULL; r->first_size = size; @@ -120,8 +121,18 @@ regional_destroy(struct regional *r) void * regional_alloc(struct regional *r, size_t size) { - size_t a = ALIGN_UP(size, ALIGNMENT); + size_t a; void *s; + if( +#if SIZEOF_SIZE_T == 8 + (unsigned long long)size >= 0xffffffffffffff00ULL +#else + (unsigned)size >= (unsigned)0xffffff00UL +#endif + ) + return NULL; /* protect against integer overflow in + malloc and ALIGN_UP */ + a = ALIGN_UP(size, ALIGNMENT); /* large objects */ if(a > REGIONAL_LARGE_OBJECT_SIZE) { s = malloc(ALIGNMENT + size); diff --git a/util/shm_side/shm_main.c b/util/shm_side/shm_main.c index a783c099b..46a71510f 100644 --- a/util/shm_side/shm_main.c +++ b/util/shm_side/shm_main.c @@ -121,7 +121,7 @@ int shm_main_init(struct daemon* daemon) shmctl(daemon->shm_info->id_arr, IPC_RMID, NULL); /* SHM: Create the segment */ - daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0666); + daemon->shm_info->id_ctl = shmget(daemon->shm_info->key, sizeof(struct ub_shm_stat_info), IPC_CREAT | 0644); if (daemon->shm_info->id_ctl < 0) { @@ -134,7 +134,7 @@ int shm_main_init(struct daemon* daemon) return 0; } - daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0666); + daemon->shm_info->id_arr = shmget(daemon->shm_info->key + 1, shm_size, IPC_CREAT | 0644); if (daemon->shm_info->id_arr < 0) { @@ -223,8 +223,10 @@ void shm_main_run(struct worker *worker) struct ub_stats_info *stat_info; int offset; +#ifndef S_SPLINT_S verbose(VERB_DETAIL, "SHM run - worker [%d] - daemon [%p] - timenow(%u) - timeboot(%u)", worker->thread_num, worker->daemon, (unsigned)worker->env.now_tv->tv_sec, (unsigned)worker->daemon->time_boot.tv_sec); +#endif offset = worker->thread_num + 1; stat_total = worker->daemon->shm_info->ptr_arr; @@ -240,9 +242,11 @@ void shm_main_run(struct worker *worker) memset(stat_total, 0, sizeof(struct ub_stats_info)); /* Point to data into SHM */ +#ifndef S_SPLINT_S shm_stat = worker->daemon->shm_info->ptr_ctl; shm_stat->time.now_sec = (long long)worker->env.now_tv->tv_sec; shm_stat->time.now_usec = (long long)worker->env.now_tv->tv_usec; +#endif stat_timeval_subtract(&shm_stat->time.up_sec, &shm_stat->time.up_usec, worker->env.now_tv, &worker->daemon->time_boot); stat_timeval_subtract(&shm_stat->time.elapsed_sec, &shm_stat->time.elapsed_usec, worker->env.now_tv, &worker->daemon->time_last_stat); diff --git a/util/ub_event.c b/util/ub_event.c index e097fbc40..9af476ad4 100644 --- a/util/ub_event.c +++ b/util/ub_event.c @@ -458,7 +458,9 @@ void ub_comm_base_now(struct comm_base* cb) if(gettimeofday(tv, NULL) < 0) { log_err("gettimeofday: %s", strerror(errno)); } +#ifndef S_SPLINT_S *tt = tv->tv_sec; +#endif #endif /* USE_MINI_EVENT */ } diff --git a/util/ub_event_pluggable.c b/util/ub_event_pluggable.c index 4a9451263..235bba6ba 100644 --- a/util/ub_event_pluggable.c +++ b/util/ub_event_pluggable.c @@ -453,7 +453,7 @@ ub_get_event_sys(struct ub_event_base* ub_base, const char** n, const char** s, * ub_base is guaranteed to exist and to be the default * event base. */ - assert(b); + assert(b != NULL); *n = "pluggable-event"; *s = event_get_version(); # if defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP) @@ -687,6 +687,8 @@ void ub_comm_base_now(struct comm_base* cb) if(gettimeofday(tv, NULL) < 0) { log_err("gettimeofday: %s", strerror(errno)); } +#ifndef S_SPLINT_S *tt = tv->tv_sec; +#endif } diff --git a/validator/autotrust.c b/validator/autotrust.c index fba14ff7c..fd9fb3cf1 100644 --- a/validator/autotrust.c +++ b/validator/autotrust.c @@ -86,7 +86,6 @@ void autr_global_delete(struct autr_global_data* global) if(!global) return; /* elements deleted by parent */ - memset(global, 0, sizeof(*global)); free(global); } @@ -370,10 +369,10 @@ autr_tp_create(struct val_anchors* anchors, uint8_t* own, size_t own_len, free(tp); return NULL; } - lock_basic_unlock(&anchors->lock); lock_basic_init(&tp->lock); lock_protect(&tp->lock, tp, sizeof(*tp)); lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr)); + lock_basic_unlock(&anchors->lock); return tp; } @@ -1175,7 +1174,9 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) { FILE* out; char* fname = tp->autr->file; +#ifndef S_SPLINT_S long long llvalue; +#endif char tempf[2048]; log_assert(tp->autr); if(!env) { @@ -1184,6 +1185,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) } /* unique name with pid number, thread number, and struct pointer * (the pointer uniquifies for multiple libunbound contexts) */ +#ifndef S_SPLINT_S #if defined(SIZE_MAX) && defined(UINT32_MAX) && (UINT32_MAX == SIZE_MAX || INT32_MAX == SIZE_MAX) /* avoid warning about upcast on 32bit systems */ llvalue = (unsigned long)tp; @@ -1197,6 +1199,7 @@ void autr_write_file(struct module_env* env, struct trust_anchor* tp) snprintf(tempf, sizeof(tempf), "%s.%d-%d-%I64x", fname, (int)getpid(), env->worker?*(int*)env->worker:0, llvalue); #endif +#endif /* S_SPLINT_S */ verbose(VERB_ALGO, "autotrust: write to disk: %s", tempf); out = fopen(tempf, "w"); if(!out) { @@ -2258,7 +2261,7 @@ autr_debug_print_ta(struct autr_ta* ta) log_info("out of memory in debug_print_ta"); return; } - if(str && str[0]) str[strlen(str)-1]=0; /* remove newline */ + if(str[0]) str[strlen(str)-1]=0; /* remove newline */ ctime_r(&ta->last_change, buf); if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ log_info("[%s] %s ;;state:%d ;;pending_count:%d%s%s last:%s", @@ -2280,10 +2283,10 @@ autr_debug_print_tp(struct trust_anchor* tp) log_info("assembled %d DS and %d DNSKEYs", (int)tp->numDS, (int)tp->numDNSKEY); if(tp->ds_rrset) { - log_packed_rrset(0, "DS:", tp->ds_rrset); + log_packed_rrset(NO_VERBOSE, "DS:", tp->ds_rrset); } if(tp->dnskey_rrset) { - log_packed_rrset(0, "DNSKEY:", tp->dnskey_rrset); + log_packed_rrset(NO_VERBOSE, "DNSKEY:", tp->dnskey_rrset); } log_info("file %s", tp->autr->file); ctime_r(&tp->autr->last_queried, buf); diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 8ae9e7f3b..7224f00a2 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -1007,12 +1007,12 @@ anchors_assemble_rrsets(struct val_anchors* anchors) nods = anchors_ds_unsupported(ta); nokey = anchors_dnskey_unsupported(ta); if(nods) { - log_nametypeclass(0, "warning: unsupported " + log_nametypeclass(NO_VERBOSE, "warning: unsupported " "algorithm for trust anchor", ta->name, LDNS_RR_TYPE_DS, ta->dclass); } if(nokey) { - log_nametypeclass(0, "warning: unsupported " + log_nametypeclass(NO_VERBOSE, "warning: unsupported " "algorithm for trust anchor", ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); } diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 0613316c9..5e02f6bdb 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -326,8 +326,10 @@ setup_dsa_sig(unsigned char** sig, unsigned int* len) #ifdef HAVE_DSA_SIG_SET0 if(!DSA_SIG_set0(dsasig, R, S)) return 0; #else +# ifndef S_SPLINT_S dsasig->r = R; dsasig->s = S; +# endif /* S_SPLINT_S */ #endif *sig = NULL; newlen = i2d_DSA_SIG(dsasig, sig); @@ -1725,7 +1727,7 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* { uint8_t digest[SHA256_DIGEST_SIZE]; mpz_t x, y; - nettle_ecc_point_init(&pubkey, &nettle_secp_256r1); + nettle_ecc_point_init(&pubkey, nettle_get_secp_256r1()); nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key); nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE); nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock); @@ -1742,7 +1744,7 @@ _verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* { uint8_t digest[SHA384_DIGEST_SIZE]; mpz_t x, y; - nettle_ecc_point_init(&pubkey, &nettle_secp_384r1); + nettle_ecc_point_init(&pubkey, nettle_get_secp_384r1()); nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key); nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE); nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock); diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index cfa3eadcf..33d206de8 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -1225,11 +1225,11 @@ sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) (unsigned)incep, (unsigned)now); } -/** RFC 1918 comparison, uses unsigned integers, and tries to avoid +/** RFC 1982 comparison, uses unsigned integers, and tries to avoid * compiler optimization (eg. by avoiding a-b<0 comparisons), * this routine matches compare_serial(), for SOA serial number checks */ static int -compare_1918(uint32_t a, uint32_t b) +compare_1982(uint32_t a, uint32_t b) { /* for 32 bit values */ const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); @@ -1244,9 +1244,9 @@ compare_1918(uint32_t a, uint32_t b) } /** if we know that b is larger than a, return the difference between them, - * that is the distance between them. in RFC1918 arith */ + * that is the distance between them. in RFC1982 arith */ static uint32_t -subtract_1918(uint32_t a, uint32_t b) +subtract_1982(uint32_t a, uint32_t b) { /* for 32 bit values */ const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); @@ -1286,18 +1286,18 @@ check_dates(struct val_env* ve, uint32_t unow, } else now = unow; /* check them */ - if(compare_1918(incep, expi) > 0) { + if(compare_1982(incep, expi) > 0) { sigdate_error("verify: inception after expiration, " "signature bad", expi, incep, now); *reason = "signature inception after expiration"; return 0; } - if(compare_1918(incep, now) > 0) { + if(compare_1982(incep, now) > 0) { /* within skew ? (calc here to avoid calculation normally) */ - uint32_t skew = subtract_1918(incep, expi)/10; + uint32_t skew = subtract_1982(incep, expi)/10; if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min; if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max; - if(subtract_1918(now, incep) > skew) { + if(subtract_1982(now, incep) > skew) { sigdate_error("verify: signature bad, current time is" " before inception date", expi, incep, now); *reason = "signature before inception date"; @@ -1306,11 +1306,11 @@ check_dates(struct val_env* ve, uint32_t unow, sigdate_error("verify warning suspicious signature inception " " or bad local clock", expi, incep, now); } - if(compare_1918(now, expi) > 0) { - uint32_t skew = subtract_1918(incep, expi)/10; + if(compare_1982(now, expi) > 0) { + uint32_t skew = subtract_1982(incep, expi)/10; if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min; if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max; - if(subtract_1918(expi, now) > skew) { + if(subtract_1982(expi, now) > skew) { sigdate_error("verify: signature expired", expi, incep, now); *reason = "signature expired"; diff --git a/validator/validator.c b/validator/validator.c index fa8d5419a..c3ca0a27d 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -121,6 +121,8 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env, log_err("out of memory"); return 0; } + if (env->key_cache) + val_env->kcache = env->key_cache; if(!val_env->kcache) val_env->kcache = key_cache_create(cfg); if(!val_env->kcache) { @@ -146,6 +148,8 @@ val_apply_cfg(struct module_env* env, struct val_env* val_env, log_err("validator: cannot apply nsec3 key iterations"); return 0; } + if (env->neg_cache) + val_env->neg_cache = env->neg_cache; if(!val_env->neg_cache) val_env->neg_cache = val_neg_create(cfg, val_env->nsec3_maxiter[val_env->nsec3_keyiter_count-1]); @@ -196,7 +200,9 @@ val_deinit(struct module_env* env, int id) anchors_delete(env->anchors); env->anchors = NULL; key_cache_delete(val_env->kcache); + env->key_cache = NULL; neg_cache_delete(val_env->neg_cache); + env->neg_cache = NULL; free(val_env->nsec3_keysize); free(val_env->nsec3_maxiter); free(val_env); @@ -2242,7 +2248,7 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, !qstate->env->cfg->val_log_squelch) { if(qstate->env->cfg->val_log_level < 2 && !qstate->env->cfg->log_servfail) - log_query_info(0, "validation failure", + log_query_info(NO_VERBOSE, "validation failure", &qstate->qinfo); else { char* err = errinf_to_str_bogus(qstate);