diff --git a/.gitignore b/.gitignore index 7688fd758..d0c69f81d 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ /unbound.h /asynclook /delayer +/dohclient /lock-verify /memstats /perf diff --git a/Makefile.in b/Makefile.in index bac212df2..99943a650 100644 --- a/Makefile.in +++ b/Makefile.in @@ -231,6 +231,10 @@ STREAMTCP_SRC=testcode/streamtcp.c STREAMTCP_OBJ=streamtcp.lo STREAMTCP_OBJ_LINK=$(STREAMTCP_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ $(SLDNS_OBJ) +DOHCLIENT_SRC=testcode/dohclient.c +DOHCLIENT_OBJ=dohclient.lo +DOHCLIENT_OBJ_LINK=$(DOHCLIENT_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) \ +$(SLDNS_OBJ) PERF_SRC=testcode/perf.c PERF_OBJ=perf.lo PERF_OBJ_LINK=$(PERF_OBJ) worker_cb.lo $(COMMON_OBJ) $(COMPAT_OBJ) $(SLDNS_OBJ) @@ -272,7 +276,8 @@ ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \ $(ASYNCLOOK_SRC) $(STREAMTCP_SRC) $(PERF_SRC) $(DELAYER_SRC) \ $(CONTROL_SRC) $(UBANCHOR_SRC) $(PETAL_SRC) $(DNSTAP_SOCKET_SRC)\ $(PYTHONMOD_SRC) $(PYUNBOUND_SRC) $(WIN_DAEMON_THE_SRC) \ - $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) + $(SVCINST_SRC) $(SVCUNINST_SRC) $(ANCHORUPD_SRC) $(SLDNS_SRC) \ + $(DOHCLIENT_SRC) ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(TESTBOUND_OBJ) $(LOCKVERIFY_OBJ) $(PKTVIEW_OBJ) \ @@ -280,7 +285,8 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ $(ASYNCLOOK_OBJ) $(STREAMTCP_OBJ) $(PERF_OBJ) $(DELAYER_OBJ) \ $(CONTROL_OBJ) $(UBANCHOR_OBJ) $(PETAL_OBJ) $(DNSTAP_SOCKET_OBJ)\ $(COMPAT_OBJ) $(PYUNBOUND_OBJ) \ - $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) + $(SVCINST_OBJ) $(SVCUNINST_OBJ) $(ANCHORUPD_OBJ) $(SLDNS_OBJ) \ + $(DOHCLIENT_OBJ) COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) @@ -317,7 +323,7 @@ rsrc_unbound_checkconf.o: $(srcdir)/winrc/rsrc_unbound_checkconf.rc config.h TEST_BIN=asynclook$(EXEEXT) delayer$(EXEEXT) \ lock-verify$(EXEEXT) memstats$(EXEEXT) perf$(EXEEXT) \ petal$(EXEEXT) pktview$(EXEEXT) streamtcp$(EXEEXT) \ - unbound-dnstap-socket$(EXEEXT) \ + unbound-dnstap-socket$(EXEEXT) dohclient$(EXEEXT) \ testbound$(EXEEXT) unittest$(EXEEXT) tests: all $(TEST_BIN) @@ -343,10 +349,10 @@ unbound$(EXEEXT): $(DAEMON_OBJ_LINK) libunbound.la $(LINK) -o $@ $(DAEMON_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) unbound-checkconf$(EXEEXT): $(CHECKCONF_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(CHECKCONF_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) @@ -364,34 +370,37 @@ anchor-update$(EXEEXT): $(ANCHORUPD_OBJ_LINK) libunbound.la $(LINK) -o $@ $(ANCHORUPD_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) unittest$(EXEEXT): $(UNITTEST_OBJ_LINK) - $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(UNITTEST_OBJ_LINK) $(SSLLIB) $(LIBS) testbound$(EXEEXT): $(TESTBOUND_OBJ_LINK) - $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(TESTBOUND_OBJ_LINK) $(SSLLIB) $(LIBS) lock-verify$(EXEEXT): $(LOCKVERIFY_OBJ_LINK) - $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(LOCKVERIFY_OBJ_LINK) $(SSLLIB) $(LIBS) petal$(EXEEXT): $(PETAL_OBJ_LINK) $(LINK) -o $@ $(PETAL_OBJ_LINK) $(SSLLIB) $(LIBS) pktview$(EXEEXT): $(PKTVIEW_OBJ_LINK) - $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(PKTVIEW_OBJ_LINK) $(SSLLIB) $(LIBS) memstats$(EXEEXT): $(MEMSTATS_OBJ_LINK) - $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(MEMSTATS_OBJ_LINK) $(SSLLIB) $(LIBS) asynclook$(EXEEXT): $(ASYNCLOOK_OBJ_LINK) libunbound.la $(LINK) -o $@ $(ASYNCLOOK_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) streamtcp$(EXEEXT): $(STREAMTCP_OBJ_LINK) - $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(STREAMTCP_OBJ_LINK) $(SSLLIB) $(LIBS) + +dohclient$(EXEEXT): $(DOHCLIENT_OBJ_LINK) + $(LINK) -o $@ $(DOHCLIENT_OBJ_LINK) $(SSLLIB) $(LIBS) perf$(EXEEXT): $(PERF_OBJ_LINK) - $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(PERF_OBJ_LINK) $(SSLLIB) $(LIBS) delayer$(EXEEXT): $(DELAYER_OBJ_LINK) - $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(DELAYER_OBJ_LINK) $(SSLLIB) $(LIBS) signit$(EXEEXT): testcode/signit.c $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ -o $@ testcode/signit.c $(LDFLAGS) -lldns $(SSLLIB) $(LIBS) @@ -414,12 +423,13 @@ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto $(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto unbound-dnstap-socket$(EXEEXT): $(DNSTAP_SOCKET_OBJ_LINK) - $(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS) $(DYNLIBMOD_EXTRALIBS) + $(LINK) -o $@ $(DNSTAP_SOCKET_OBJ_LINK) $(SSLLIB) $(LIBS) dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h $(srcdir)/dnstap/dtstream.h +dynlibmod.lo dynlibdmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h # dnscrypt dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h \ @@ -672,7 +682,7 @@ dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_de $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/cache/dns.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/cache/infra.h \ @@ -713,10 +723,11 @@ msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/d $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/respip/respip.h -packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h +packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ @@ -785,7 +796,7 @@ listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ @@ -808,21 +819,24 @@ mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(s $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h \ - $(srcdir)/services/listen_dnsport.h + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/edns.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/data/dname.h $(srcdir)/services/listen_dnsport.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ - $(srcdir)/ipset/ipset.h $(srcdir)/dynlibmod/dynlibmod.h + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) $(srcdir)/cachedb/cachedb.h \ + $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ @@ -853,7 +867,8 @@ outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c confi $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ - $(srcdir)/dnstap/dnstap.h + $(srcdir)/util/edns.h $(srcdir)/dnstap/dnstap.h \ + alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -874,7 +889,8 @@ config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/ut $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/iana_ports.inc + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ @@ -903,38 +919,31 @@ authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/service $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_secalgo.h + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ - $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ - $(PYTHONMOD_HEADER) $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h \ - $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h \ - $(srcdir)/dynlibmod/dynlibmod.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ + $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(PYTHONMOD_HEADER) $(DYNLIBMOD_HEADER) \ + $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/ipset/ipset.h $(srcdir)/dnstap/dtstream.h locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h @@ -947,12 +956,14 @@ netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/neteve $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/listen_dnsport.h \ + net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ + random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -968,11 +979,11 @@ rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h $(srcdir)/itera $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h -edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h +edns.lo edns.o: $(srcdir)/util/edns.c config.h $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/net_help.h @@ -1006,7 +1017,8 @@ tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/u $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/util/tube.h \ + ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ @@ -1016,7 +1028,8 @@ ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ @@ -1029,7 +1042,8 @@ autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/val $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h + $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ + val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h \ @@ -1059,11 +1073,13 @@ val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/ val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h -val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + +val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ + $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ @@ -1081,15 +1097,17 @@ val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/valida val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/sldns/sbuffer.h \ + val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_secalgo.h \ $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ + val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ @@ -1110,15 +1128,43 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(src $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h -edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h -subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h +edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h +subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ + $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/respip/respip.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h -subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h -cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h -redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h +subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ + $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ + $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h +cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/cachedb/redis.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h +redis.lo redis.o: $(srcdir)/cachedb/redis.c config.h $(srcdir)/cachedb/redis.h $(srcdir)/cachedb/cachedb.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \ + $(srcdir)/sldns/sbuffer.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ @@ -1133,31 +1179,40 @@ checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/u $(srcdir)/testcode/checklocks.h dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/locks.h $(srcdir)/dnstap/dnstap.h \ - dnstap/dnstap.pb-c.h + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h dnstap/dnstap.pb-c.h dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h \ -dynlibmod.lo dynlibmod.o: $(srcdir)/dynlibmod/dynlibmod.c config.h $(srcdir)/dynlibmod/dynlibmod.h \ +dnstap_fstrm.lo dnstap_fstrm.o: $(srcdir)/dnstap/dnstap_fstrm.c config.h $(srcdir)/dnstap/dnstap_fstrm.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h +dtstream.lo dtstream.o: $(srcdir)/dnstap/dtstream.c config.h $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/sldns/sbuffer.h \ + +ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h\ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h -dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/storage/lookup3.h -ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h +ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ + $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ + $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h ipset.lo ipset.o: $(srcdir)/ipset/ipset.c config.h $(srcdir)/ipset/ipset.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h -ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h + $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h @@ -1166,7 +1221,8 @@ unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h -unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ +unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ @@ -1174,7 +1230,8 @@ unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h $(srcdir)/sldns/r $(srcdir)/sldns/pkthdr.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/random.h $(srcdir)/respip/respip.h \ - $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/services/outside_network.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ @@ -1204,8 +1261,15 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h -unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/parseutil.h +unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h \ + $(srcdir)/edns-subnet/edns-subnet.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgparse.h \ @@ -1222,40 +1286,43 @@ acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/ac $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h $(srcdir)/daemon/cachedump.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ +cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ + $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/str2wire.h +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ $(srcdir)/sldns/keyraw.h -remote.lo remote.o: $(srcdir)/daemon/remote.c config.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ +remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1280,19 +1347,21 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/ub_event.h + $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/ub_event.h worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ @@ -1300,22 +1369,24 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ - $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c \ - $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ @@ -1334,33 +1405,35 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(sr $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h \ - $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/edns.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/respip/respip.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ + $(srcdir)/util/edns.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/libunbound/context.h \ + $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/dnstap/dtstream.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h -daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/remote.h $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h \ +daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/tcp_conn_limit.h $(srcdir)/util/edns.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/respip/respip.h $(srcdir)/util/random.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ @@ -1378,7 +1451,9 @@ stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(s $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h + $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_neg.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/data/dname.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ @@ -1388,13 +1463,14 @@ fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/t $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/edns.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/config_file.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ + $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ @@ -1429,7 +1505,8 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/modstack.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h + $(srcdir)/libunbound/unbound.h $(srcdir)/respip/respip.h $(srcdir)/sldns/str2wire.h \ + $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ @@ -1450,70 +1527,83 @@ context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbou $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h + $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/util/edns.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ + $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h $(srcdir)/util/edns.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ $(srcdir)/services/rpz.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h -libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ - $(srcdir)/sldns/str2wire.h +libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ + $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/util/config_file.h $(srcdir)/services/authzone.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/respip/respip.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \ + asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \ + streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ + perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h -unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h $(srcdir)/util/log.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/authzone.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ +unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/rpz.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h -petal.lo petal.o: $(srcdir)/testcode/petal.c config.h + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ + +petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ + +unbound-dnstap-socket.lo unbound-dnstap-socket.o: $(srcdir)/dnstap/unbound-dnstap-socket.c config.h \ + $(srcdir)/dnstap/dtstream.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/dnstap/dnstap_fstrm.h \ + $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ + dnstap/dnstap.pb-c.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ + win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/daemon/worker.h \ @@ -1521,8 +1611,8 @@ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h \ - $(srcdir)/util/net_help.h + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ $(srcdir)/winrc/w_inst.h @@ -1530,18 +1620,26 @@ unbound-service-remove.lo unbound-service-remove.o: $(srcdir)/winrc/unbound-serv $(srcdir)/winrc/w_inst.h anchor-update.lo anchor-update.o: $(srcdir)/winrc/anchor-update.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/wire2str.h -keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h $(srcdir)/sldns/rrdef.h +keyraw.lo keyraw.o: $(srcdir)/sldns/keyraw.c config.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/sldns/rrdef.h \ + sbuffer.lo sbuffer.o: $(srcdir)/sldns/sbuffer.c config.h $(srcdir)/sldns/sbuffer.h wire2str.lo wire2str.o: $(srcdir)/sldns/wire2str.c config.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/keyraw.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h + $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h parse.lo parse.o: $(srcdir)/sldns/parse.c config.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h \ $(srcdir)/sldns/sbuffer.h parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/parseutil.h rrdef.lo rrdef.o: $(srcdir)/sldns/rrdef.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h str2wire.lo str2wire.o: $(srcdir)/sldns/str2wire.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h +dohclient.lo dohclient.o: $(srcdir)/testcode/dohclient.c config.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/net_help.h \ + ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h @@ -1556,9 +1654,11 @@ strlcat.lo strlcat.o: $(srcdir)/compat/strlcat.c config.h strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h strptime.lo strptime.o: $(srcdir)/compat/strptime.c config.h getentropy_freebsd.lo getentropy_freebsd.o: $(srcdir)/compat/getentropy_freebsd.c -getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h +getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h \ + getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c -getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h +getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h \ + getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h diff --git a/README.md b/README.md index 7120d486f..3e11ce58c 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ fast and lean and incorporates modern features based on open standards. If you have any feedback, we would love to hear from you. Don’t hesitate to [create an issue on Github](https://github.com/NLnetLabs/unbound/issues/new) or post a message on the [Unbound mailing list](https://lists.nlnetlabs.nl/mailman/listinfo/unbound-users). -You can lean more about Unbound by reading our +You can learn more about Unbound by reading our [documentation](https://nlnetlabs.nl/documentation/unbound/). ## Compiling diff --git a/aclocal.m4 b/aclocal.m4 index dd1b8658c..2fedf028c 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -736,7 +736,6 @@ _LT_CONFIG_SAVE_COMMANDS([ cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. @@ -1048,8 +1047,8 @@ int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1499,7 +1498,7 @@ need_locks=$enable_libtool_lock m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) @@ -2873,9 +2872,6 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # before this can be enabled. hardcode_into_libs=yes - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command @@ -2884,7 +2880,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -2896,6 +2892,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -3555,7 +3563,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else @@ -4061,7 +4069,8 @@ _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm - if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -4433,7 +4442,7 @@ m4_if([$1], [CXX], [ ;; esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise @@ -4701,6 +4710,12 @@ m4_if([$1], [CXX], [ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -4945,6 +4960,9 @@ m4_if([$1], [CXX], [ ;; esac ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; @@ -5007,6 +5025,9 @@ dnl Note also adjust exclude_expsyms for C++ above. openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + _LT_TAGVAR(link_all_deplibs, $1)=no + ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes @@ -5261,7 +5282,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -5782,6 +5803,7 @@ _LT_EOF if test yes = "$lt_cv_irix_exported_symbol"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + _LT_TAGVAR(link_all_deplibs, $1)=no else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -5803,7 +5825,7 @@ _LT_EOF esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -6425,7 +6447,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else GXX=no @@ -6800,7 +6822,7 @@ if test yes != "$_lt_caught_CXX_error"; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -6865,7 +6887,7 @@ if test yes != "$_lt_caught_CXX_error"; then # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. - output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' ;; *) if test yes = "$GXX"; then @@ -7204,7 +7226,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # FIXME: insert proper C++ library support @@ -7288,7 +7310,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' else # g++ 2.7 appears to require '-G' NOT '-shared' on this # platform. @@ -7299,7 +7321,7 @@ if test yes != "$_lt_caught_CXX_error"; then # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. - output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir' @@ -9044,9 +9066,9 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 11 (pkg-config-0.29.1) - +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29.1) +dnl dnl Copyright © 2004 Scott James Remnant . dnl Copyright © 2012-2015 Dan Nicholson dnl @@ -9320,74 +9342,6 @@ AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl ])dnl PKG_CHECK_VAR -dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES, -dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND], -dnl [DESCRIPTION], [DEFAULT]) -dnl ------------------------------------------ -dnl -dnl Prepare a "--with-" configure option using the lowercase -dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and -dnl PKG_CHECK_MODULES in a single macro. -AC_DEFUN([PKG_WITH_MODULES], -[ -m4_pushdef([with_arg], m4_tolower([$1])) - -m4_pushdef([description], - [m4_default([$5], [build with ]with_arg[ support])]) - -m4_pushdef([def_arg], [m4_default([$6], [auto])]) -m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes]) -m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no]) - -m4_case(def_arg, - [yes],[m4_pushdef([with_without], [--without-]with_arg)], - [m4_pushdef([with_without],[--with-]with_arg)]) - -AC_ARG_WITH(with_arg, - AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),, - [AS_TR_SH([with_]with_arg)=def_arg]) - -AS_CASE([$AS_TR_SH([with_]with_arg)], - [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)], - [auto],[PKG_CHECK_MODULES([$1],[$2], - [m4_n([def_action_if_found]) $3], - [m4_n([def_action_if_not_found]) $4])]) - -m4_popdef([with_arg]) -m4_popdef([description]) -m4_popdef([def_arg]) - -])dnl PKG_WITH_MODULES - -dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES, -dnl [DESCRIPTION], [DEFAULT]) -dnl ----------------------------------------------- -dnl -dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES -dnl check._[VARIABLE-PREFIX] is exported as make variable. -AC_DEFUN([PKG_HAVE_WITH_MODULES], -[ -PKG_WITH_MODULES([$1],[$2],,,[$3],[$4]) - -AM_CONDITIONAL([HAVE_][$1], - [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"]) -])dnl PKG_HAVE_WITH_MODULES - -dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES, -dnl [DESCRIPTION], [DEFAULT]) -dnl ------------------------------------------------------ -dnl -dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after -dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make -dnl and preprocessor variable. -AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES], -[ -PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4]) - -AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"], - [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])]) -])dnl PKG_HAVE_DEFINE_WITH_MODULES - # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2018 Free Software Foundation, Inc. diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 index 8eccc15b0..d33352f17 100644 --- a/acx_nlnetlabs.m4 +++ b/acx_nlnetlabs.m4 @@ -2,7 +2,10 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 34 +# Version 37 +# 2021-01-05 fix defun for aclocal +# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE +# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 @@ -446,15 +449,12 @@ AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute) AC_CACHE_VAL(ac_cv_c_format_attribute, [ac_cv_c_format_attribute=no -AC_TRY_COMPILE( -[#include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); -], [ +]], [[ f ("%s", "str"); -], -[ac_cv_c_format_attribute="yes"], -[ac_cv_c_format_attribute="no"]) +]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_format_attribute) @@ -483,14 +483,11 @@ AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute) AC_CACHE_VAL(ac_cv_c_unused_attribute, [ac_cv_c_unused_attribute=no -AC_TRY_COMPILE( -[#include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include void f (char *u __attribute__((unused))); -], [ +]], [[ f ("x"); -], -[ac_cv_c_unused_attribute="yes"], -[ac_cv_c_unused_attribute="no"]) +]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"]) ]) dnl Setup ATTR_UNUSED config.h parts. @@ -547,7 +544,7 @@ dnl as a requirement so that is gets called before LIBTOOL dnl because libtools 'AC_REQUIRE' names are right after this one, before dnl this function contents. AC_REQUIRE([ACX_LIBTOOL_C_PRE]) -AC_PROG_LIBTOOL +LT_INIT ]) dnl Detect if u_char type is defined, otherwise define it. @@ -673,17 +670,17 @@ AC_DEFUN([ACX_SSL_CHECKS], [ ACX_RUNTIME_PATH_ADD([$ssldir/lib]) fi - AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) + AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" - AC_TRY_LINK(, [ - int HMAC_Update(void); - (void)HMAC_Update(); - ], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - ], [ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + ],[ AC_MSG_RESULT(no) # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" @@ -691,12 +688,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$LIBS -lgdi32 -lws2_32" LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -705,12 +702,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$LIBS -ldl" LIBSSL_LIBS="$LIBSSL_LIBS -ldl" AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -719,12 +716,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ LIBS="$LIBS -ldl -pthread" LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -749,8 +746,7 @@ dnl Checks main header files of SSL. dnl AC_DEFUN([ACX_WITH_SSL], [ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ ],[ withval="yes" @@ -768,8 +764,7 @@ dnl Checks main header files of SSL. dnl AC_DEFUN([ACX_WITH_SSL_OPTIONAL], [ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ ],[ withval="yes" @@ -1061,7 +1056,7 @@ dnl defines MKDIR_HAS_ONE_ARG AC_DEFUN([ACX_MKDIR_ONE_ARG], [ AC_MSG_CHECKING([whether mkdir has one arg]) -AC_TRY_COMPILE([ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #ifdef HAVE_WINSOCK2_H @@ -1070,14 +1065,12 @@ AC_TRY_COMPILE([ #ifdef HAVE_SYS_STAT_H #include #endif -], [ +]], [[ (void)mkdir("directory"); -], -AC_MSG_RESULT(yes) +]])],[AC_MSG_RESULT(yes) AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.]) -, -AC_MSG_RESULT(no) -) +],[AC_MSG_RESULT(no) +]) ])dnl end of ACX_MKDIR_ONE_ARG dnl Check for ioctlsocket function. works on mingw32 too. diff --git a/acx_python.m4 b/acx_python.m4 index a84daa035..767db5b65 100644 --- a/acx_python.m4 +++ b/acx_python.m4 @@ -85,11 +85,11 @@ $ac_distutils_result]) LIBS="$LIBS $PYTHON_LDFLAGS" CPPFLAGS="$CPPFLAGS $PYTHON_CPPFLAGS" - AC_TRY_LINK([ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include - ],[ + ]],[[ Py_Initialize(); - ],[pythonexists=yes],[pythonexists=no]) + ]])],[pythonexists=yes],[pythonexists=no]) AC_MSG_RESULT([$pythonexists]) diff --git a/config.h.in b/config.h.in index f7a4095ed..103ad9f00 100644 --- a/config.h.in +++ b/config.h.in @@ -113,6 +113,10 @@ don't. */ #undef HAVE_DECL_INET_PTON +/* Define to 1 if you have the declaration of `nghttp2_session_server_new', + and to 0 if you don't. */ +#undef HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW + /* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you don't. */ #undef HAVE_DECL_NID_ED25519 @@ -221,6 +225,9 @@ /* Define to 1 if you have the `EVP_EncryptInit_ex' function. */ #undef HAVE_EVP_ENCRYPTINIT_EX +/* Define to 1 if you have the `EVP_MAC_CTX_set_params' function. */ +#undef HAVE_EVP_MAC_CTX_SET_PARAMS + /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ #undef HAVE_EVP_MD_CTX_NEW @@ -269,6 +276,9 @@ /* Define to 1 if you have the `getentropy' function. */ #undef HAVE_GETENTROPY +/* Define to 1 if you have the `getifaddrs' function. */ +#undef HAVE_GETIFADDRS + /* Define to 1 if you have the header file. */ #undef HAVE_GETOPT_H @@ -296,12 +306,12 @@ /* Define to 1 if you have the `HMAC_Init_ex' function. */ #undef HAVE_HMAC_INIT_EX -/* If you have HMAC_Update */ -#undef HAVE_HMAC_UPDATE - /* If we have htobe64 */ #undef HAVE_HTOBE64 +/* Define to 1 if you have the header file. */ +#undef HAVE_IFADDRS_H + /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON @@ -371,6 +381,15 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NETTLE_EDDSA_H +/* Define to 1 if you have the header file. */ +#undef HAVE_NET_IF_H + +/* Define this to use nghttp2 client. */ +#undef HAVE_NGHTTP2 + +/* Define to 1 if you have the header file. */ +#undef HAVE_NGHTTP2_NGHTTP2_H + /* Use libnss for crypto */ #undef HAVE_NSS @@ -497,6 +516,9 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB + /* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ #undef HAVE_SSL_CTX_SET_CIPHERSUITES @@ -573,6 +595,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_RESOURCE_H +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SHA2_H @@ -722,7 +747,8 @@ your system. */ #undef PTHREAD_CREATE_JOINABLE -/* Define as the return type of signal handlers (`int' or `void'). */ +/* Return type of signal handlers, but autoconf 2.70 says 'your code may + safely assume C89 semantics that RETSIGTYPE is void.' */ #undef RETSIGTYPE /* if REUSEPORT is enabled by default */ @@ -1358,6 +1384,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, #define UNBOUND_DNS_PORT 53 /** default port for DNS over TLS traffic. */ #define UNBOUND_DNS_OVER_TLS_PORT 853 +/** default port for DNS over HTTPS traffic. */ +#define UNBOUND_DNS_OVER_HTTPS_PORT 443 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 diff --git a/configure b/configure index a976189e5..7957f0dd6 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.11.1. +# Generated by GNU Autoconf 2.69 for unbound 1.13.1. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.11.1' -PACKAGE_STRING='unbound 1.11.1' +PACKAGE_VERSION='1.13.1' +PACKAGE_STRING='unbound 1.13.1' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -882,6 +882,7 @@ enable_tfo_server with_libevent with_libexpat with_libhiredis +with_libnghttp2 enable_static_exe enable_fully_static enable_lock_checks @@ -1458,7 +1459,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.11.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.13.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1523,7 +1524,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.11.1:";; + short | recursive ) echo "Configuration of unbound 1.13.1:";; esac cat <<\_ACEOF @@ -1642,6 +1643,7 @@ Optional Packages: outgoing port ranges. --with-libexpat=path specify explicit path for libexpat. --with-libhiredis=path specify explicit path for libhiredis. + --with-libnghttp2=path specify explicit path for libnghttp2. --with-dnstap-socket-path=pathname set default dnstap socket path --with-protobuf-c=path Path where protobuf-c is installed, for dnstap @@ -1750,7 +1752,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.11.1 +unbound configure 1.13.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2459,7 +2461,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.11.1, which was +It was created by unbound $as_me 1.13.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2809,13 +2811,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=11 +UNBOUND_VERSION_MINOR=13 UNBOUND_VERSION_MICRO=1 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=10 +LIBUNBOUND_REVISION=12 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2892,7 +2894,9 @@ LIBUNBOUND_AGE=1 # 1.10.0 had 9:7:1 # 1.10.1 had 9:8:1 # 1.11.0 had 9:9:1 -# 1.11.1 had 9:10:1 +# 1.12.0 had 9:10:1 +# 1.13.0 had 9:11:1 +# 1.13.1 had 9:12:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4173,7 +4177,6 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h - if test "$ac_cv_header_minix_config_h" = "yes"; then $as_echo "#define _NETBSD_SOURCE 1" >>confdefs.h @@ -8067,7 +8070,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) lt_cv_deplibs_check_method=pass_all ;; -netbsd*) +netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else @@ -8429,7 +8432,7 @@ esac fi : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} @@ -8972,11 +8975,8 @@ _LT_EOF test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm - if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 - (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && test -s "$nlist"; then + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5 + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" @@ -10195,8 +10195,8 @@ int forced_loaded() { return 2;} _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cru libconftest.a conftest.o" >&5 - $AR cru libconftest.a conftest.o 2>&5 + echo "$AR cr libconftest.a conftest.o" >&5 + $AR cr libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF @@ -11056,6 +11056,12 @@ lt_prog_compiler_static= lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; + # flang / f18. f95 an alias for gfortran or flang on Debian + flang* | f18* | f95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) @@ -11532,6 +11538,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie openbsd* | bitrig*) with_gnu_ld=no ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs=no + ;; esac ld_shlibs=yes @@ -11786,7 +11795,7 @@ _LT_EOF fi ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= @@ -12456,6 +12465,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi + link_all_deplibs=no else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' @@ -12477,7 +12487,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } esac ;; - netbsd*) + netbsd* | netbsdelf*-gnu) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else @@ -13572,9 +13582,6 @@ fi # before this can be enabled. hardcode_into_libs=yes - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" - # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not # being certain /sbin/ldconfig is available, command @@ -13583,7 +13590,7 @@ fi # appending ld.so.conf contents (and includes) to the search path. if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` - sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on @@ -13595,6 +13602,18 @@ fi dynamic_linker='GNU/Linux ld.so' ;; +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + netbsd*) version_type=sunos need_lib_prefix=no @@ -14726,7 +14745,7 @@ $as_echo "no" >&6; } fi # Checks for header files. -for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h +for ac_header in stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -14740,6 +14759,34 @@ fi done +# net/if.h portability for Darwin see: +# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html +for ac_header in net/if.h +do : + ac_fn_c_check_header_compile "$LINENO" "net/if.h" "ac_cv_header_net_if_h" " +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + +" +if test "x$ac_cv_header_net_if_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NET_IF_H 1 +_ACEOF + +fi + +done + # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH for ac_header in TargetConditionals.h @@ -15548,38 +15595,8 @@ $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 -$as_echo_n "checking return type of signal handlers... " >&6; } -if ${ac_cv_type_signal+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include - -int -main () -{ -return *(signal (0, 0)) (0) == 1; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_type_signal=int -else - ac_cv_type_signal=void -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 -$as_echo "$ac_cv_type_signal" >&6; } - -cat >>confdefs.h <<_ACEOF -#define RETSIGTYPE $ac_cv_type_signal -_ACEOF +$as_echo "#define RETSIGTYPE void" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 $as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } @@ -17220,7 +17237,7 @@ $as_echo "#define WITH_DYNLIBMODULE 1" >>confdefs.h if test $on_mingw = "no"; then DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" else - DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a" + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a" fi fi @@ -17943,8 +17960,8 @@ $as_echo "found in $ssldir" >&6; } fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5 -$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5 +$as_echo_n "checking for EVP_sha256 in -lcrypto... " >&6; } LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -17954,8 +17971,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -17966,7 +17983,7 @@ if ac_fn_c_try_link "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h else @@ -17987,8 +18004,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -17997,7 +18014,7 @@ _ACEOF if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -18019,8 +18036,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18029,7 +18046,7 @@ _ACEOF if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -18051,8 +18068,8 @@ int main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -18061,7 +18078,7 @@ _ACEOF if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -18240,17 +18257,13 @@ $as_echo_n "checking if libssl needs -lcrypt32... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char HMAC_Update (); int main () { -return HMAC_Update (); + + int EVP_sha256(void); + (void)EVP_sha256(); + ; return 0; } @@ -18341,7 +18354,7 @@ fi done -for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback +for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18357,7 +18370,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19669,6 +19682,70 @@ _ACEOF fi +# nghttp2 + +# Check whether --with-libnghttp2 was given. +if test "${with_libnghttp2+set}" = set; then : + withval=$with_libnghttp2; +else + withval="no" +fi + +found_libnghttp2="no" +if test x_$withval = x_yes -o x_$withval != x_no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnghttp2" >&5 +$as_echo_n "checking for libnghttp2... " >&6; } + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/nghttp2/nghttp2.h"; then + found_libnghttp2="yes" + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found in $dir" >&5 +$as_echo "found in $dir" >&6; } + +$as_echo "#define HAVE_NGHTTP2 1" >>confdefs.h + + LIBS="$LIBS -lnghttp2" + break; + fi + done + if test x_$found_libnghttp2 != x_yes; then + as_fn_error $? "Could not find libnghttp2, nghttp2.h" "$LINENO" 5 + fi + for ac_header in nghttp2/nghttp2.h +do : + ac_fn_c_check_header_compile "$LINENO" "nghttp2/nghttp2.h" "ac_cv_header_nghttp2_nghttp2_h" "$ac_includes_default +" +if test "x$ac_cv_header_nghttp2_nghttp2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NGHTTP2_NGHTTP2_H 1 +_ACEOF + +fi + +done + + ac_fn_c_check_decl "$LINENO" "nghttp2_session_server_new" "ac_cv_have_decl_nghttp2_session_server_new" "$ac_includes_default + #include + +" +if test "x$ac_cv_have_decl_nghttp2_session_server_new" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_NGHTTP2_SESSION_SERVER_NEW $ac_have_decl +_ACEOF + +fi + # set static linking for uninstalled libraries if requested staticexe="" @@ -20224,7 +20301,7 @@ if test "$ac_res" != no; then : fi -for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 +for ac_func in tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -21620,7 +21697,7 @@ _ACEOF -version=1.11.1 +version=1.13.1 date=`date +'%b %e, %Y'` @@ -22139,7 +22216,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.11.1, which was +This file was extended by unbound $as_me 1.13.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -22205,7 +22282,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.11.1 +unbound config.status 1.13.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -23198,7 +23275,6 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} cat <<_LT_EOF >> "$cfgfile" #! $SHELL # Generated automatically by $as_me ($PACKAGE) $VERSION -# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # Provide generalized library-building support services. diff --git a/configure.ac b/configure.ac index 22319b5a9..3e872bca9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_PREREQ(2.56) +AC_PREREQ([2.56]) sinclude(acx_nlnetlabs.m4) sinclude(ax_pthread.m4) sinclude(acx_python.m4) @@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[11]) +m4_define([VERSION_MINOR],[13]) m4_define([VERSION_MICRO],[1]) -AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues, unbound) +AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=10 +LIBUNBOUND_REVISION=12 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -95,7 +95,9 @@ LIBUNBOUND_AGE=1 # 1.10.0 had 9:7:1 # 1.10.1 had 9:8:1 # 1.11.0 had 9:9:1 -# 1.11.1 had 9:10:1 +# 1.12.0 had 9:10:1 +# 1.13.0 had 9:11:1 +# 1.13.1 had 9:12:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -124,7 +126,7 @@ cmdln="`echo $@ | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/'g`" AC_DEFINE_UNQUOTED(CONFCMDLINE, ["$cmdln"], [Command line arguments used with configure]) CFLAGS="$CFLAGS" -AC_AIX +AC_USE_SYSTEM_EXTENSIONS if test "$ac_cv_header_minix_config_h" = "yes"; then AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix]) fi @@ -165,8 +167,7 @@ else ub_conf_file="C:\\Program Files\\Unbound\\service.conf" fi AC_ARG_WITH([conf_file], - AC_HELP_STRING([--with-conf-file=path], - [Pathname to the Unbound configuration file]), + AS_HELP_STRING([--with-conf-file=path],[Pathname to the Unbound configuration file]), [ub_conf_file="$withval"]) AC_SUBST(ub_conf_file) ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config) @@ -176,8 +177,7 @@ AC_SUBST(ub_conf_dir) # Determine run, chroot directory and pidfile locations AC_ARG_WITH(run-dir, - AC_HELP_STRING([--with-run-dir=path], - [set default directory to chdir to (by default dir part of cfg file)]), + AS_HELP_STRING([--with-run-dir=path],[set default directory to chdir to (by default dir part of cfg file)]), UNBOUND_RUN_DIR="$withval", if test $on_mingw = no; then UNBOUND_RUN_DIR=`dirname "$ub_conf_file"` @@ -190,8 +190,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_RUN_DIR, hdr_run) AC_DEFINE_UNQUOTED(RUN_DIR, ["$hdr_run"], [Directory to chdir to]) AC_ARG_WITH(chroot-dir, - AC_HELP_STRING([--with-chroot-dir=path], - [set default directory to chroot to (by default same as run-dir)]), + AS_HELP_STRING([--with-chroot-dir=path],[set default directory to chroot to (by default same as run-dir)]), UNBOUND_CHROOT_DIR="$withval", if test $on_mingw = no; then UNBOUND_CHROOT_DIR="$UNBOUND_RUN_DIR" @@ -204,16 +203,14 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_CHROOT_DIR, hdr_chroot) AC_DEFINE_UNQUOTED(CHROOT_DIR, ["$hdr_chroot"], [Directory to chroot to]) AC_ARG_WITH(share-dir, - AC_HELP_STRING([--with-share-dir=path], - [set default directory with shared data (by default same as share/unbound)]), + AS_HELP_STRING([--with-share-dir=path],[set default directory with shared data (by default same as share/unbound)]), UNBOUND_SHARE_DIR="$withval", UNBOUND_SHARE_DIR="$UNBOUND_RUN_DIR") AC_SUBST(UNBOUND_SHARE_DIR) AC_DEFINE_UNQUOTED(SHARE_DIR, ["$UNBOUND_SHARE_DIR"], [Shared data]) AC_ARG_WITH(pidfile, - AC_HELP_STRING([--with-pidfile=filename], - [set default pathname to unbound pidfile (default run-dir/unbound.pid)]), + AS_HELP_STRING([--with-pidfile=filename],[set default pathname to unbound pidfile (default run-dir/unbound.pid)]), UNBOUND_PIDFILE="$withval", if test $on_mingw = no; then UNBOUND_PIDFILE="$UNBOUND_RUN_DIR/unbound.pid" @@ -226,8 +223,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_PIDFILE, hdr_pid) AC_DEFINE_UNQUOTED(PIDFILE, ["$hdr_pid"], [default pidfile location]) AC_ARG_WITH(rootkey-file, - AC_HELP_STRING([--with-rootkey-file=filename], - [set default pathname to root key file (default run-dir/root.key). This file is read and written.]), + AS_HELP_STRING([--with-rootkey-file=filename],[set default pathname to root key file (default run-dir/root.key). This file is read and written.]), UNBOUND_ROOTKEY_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTKEY_FILE="$UNBOUND_RUN_DIR/root.key" @@ -240,8 +236,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTKEY_FILE, hdr_rkey) AC_DEFINE_UNQUOTED(ROOT_ANCHOR_FILE, ["$hdr_rkey"], [default rootkey location]) AC_ARG_WITH(rootcert-file, - AC_HELP_STRING([--with-rootcert-file=filename], - [set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), + AS_HELP_STRING([--with-rootcert-file=filename],[set default pathname to root update certificate file (default run-dir/icannbundle.pem). This file need not exist if you are content with the builtin.]), UNBOUND_ROOTCERT_FILE="$withval", if test $on_mingw = no; then UNBOUND_ROOTCERT_FILE="$UNBOUND_RUN_DIR/icannbundle.pem" @@ -254,8 +249,7 @@ ACX_ESCAPE_BACKSLASH($UNBOUND_ROOTCERT_FILE, hdr_rpem) AC_DEFINE_UNQUOTED(ROOT_CERT_FILE, ["$hdr_rpem"], [default rootcert location]) AC_ARG_WITH(username, - AC_HELP_STRING([--with-username=user], - [set default user that unbound changes to (default user is unbound)]), + AS_HELP_STRING([--with-username=user],[set default user that unbound changes to (default user is unbound)]), UNBOUND_USERNAME="$withval", UNBOUND_USERNAME="unbound") AC_SUBST(UNBOUND_USERNAME) @@ -267,7 +261,7 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST -AC_LANG_C +AC_LANG([C]) # allow user to override the -g -O2 flags. default_cflags=no if test "x$CFLAGS" = "x" ; then @@ -280,8 +274,8 @@ ACX_DEPFLAG ACX_DETERMINE_EXT_FLAGS_UNBOUND # debug mode flags warnings -AC_ARG_ENABLE(checking, AC_HELP_STRING([--enable-checking], [Enable warnings, asserts, makefile-dependencies])) -AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [same as enable-checking])) +AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable warnings, asserts, makefile-dependencies])) +AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[same as enable-checking])) if test "$enable_debug" = "yes"; then debug_enabled="$enable_debug"; else debug_enabled="$enable_checking"; fi AC_SUBST(debug_enabled) @@ -315,14 +309,11 @@ AC_DEFUN([CHECK_WEAK_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "weak" attribute) AC_CACHE_VAL(ac_cv_c_weak_attribute, [ac_cv_c_weak_attribute=no -AC_TRY_COMPILE( -[ #include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include __attribute__((weak)) void f(int x) { printf("%d", x); } -], [ +]], [[ f(1); -], -[ac_cv_c_weak_attribute="yes"], -[ac_cv_c_weak_attribute="no"]) +]])],[ac_cv_c_weak_attribute="yes"],[ac_cv_c_weak_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_weak_attribute) @@ -339,14 +330,11 @@ AC_DEFUN([CHECK_NORETURN_ATTRIBUTE], AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "noreturn" attribute) AC_CACHE_VAL(ac_cv_c_noreturn_attribute, [ac_cv_c_noreturn_attribute=no -AC_TRY_COMPILE( -[ #include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include __attribute__((noreturn)) void f(int x) { printf("%d", x); } -], [ +]], [[ f(1); -], -[ac_cv_c_noreturn_attribute="yes"], -[ac_cv_c_noreturn_attribute="no"]) +]])],[ac_cv_c_noreturn_attribute="yes"],[ac_cv_c_noreturn_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_noreturn_attribute) @@ -384,7 +372,7 @@ EOF fi ]) -AC_PROG_LEX +AC_PROG_LEX([noyywrap]) if test "$LEX" != "" -a "$LEX" != ":"; then ACX_YYLEX_DESTROY fi @@ -399,7 +387,23 @@ ACX_LIBTOOL_C_ONLY PKG_PROG_PKG_CONFIG # Checks for header files. -AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h netinet/tcp.h sys/param.h sys/select.h sys/socket.h sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h sys/endian.h libkern/OSByteOrder.h sys/ipc.h sys/shm.h ifaddrs.h],,, [AC_INCLUDES_DEFAULT]) +# net/if.h portability for Darwin see: +# https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Header-Portability.html +AC_CHECK_HEADERS([net/if.h],,, [ +#include +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +]) # Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH AC_CHECK_HEADERS([TargetConditionals.h]) @@ -477,7 +481,7 @@ fi # check some functions of the OS before linking libs (while still runnable). AC_FUNC_CHOWN AC_FUNC_FORK -AC_TYPE_SIGNAL +AC_DEFINE(RETSIGTYPE,void,[Return type of signal handlers, but autoconf 2.70 says 'your code may safely assume C89 semantics that RETSIGTYPE is void.']) AC_FUNC_FSEEKO ACX_SYS_LARGEFILE ACX_CHECK_NONBLOCKING_BROKEN @@ -496,14 +500,11 @@ sinclude(systemd.m4) # Include systemd.m4 - end # set memory allocation checking if requested -AC_ARG_ENABLE(alloc-checks, AC_HELP_STRING([--enable-alloc-checks], - [ enable to memory allocation statistics, for debug purposes ]), +AC_ARG_ENABLE(alloc-checks, AS_HELP_STRING([--enable-alloc-checks],[ enable to memory allocation statistics, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-lite, AC_HELP_STRING([--enable-alloc-lite], - [ enable for lightweight alloc assertions, for debug purposes ]), +AC_ARG_ENABLE(alloc-lite, AS_HELP_STRING([--enable-alloc-lite],[ enable for lightweight alloc assertions, for debug purposes ]), , ) -AC_ARG_ENABLE(alloc-nonregional, AC_HELP_STRING([--enable-alloc-nonregional], - [ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), +AC_ARG_ENABLE(alloc-nonregional, AS_HELP_STRING([--enable-alloc-nonregional],[ enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes ]), , ) if test x_$enable_alloc_nonregional = x_yes; then AC_DEFINE(UNBOUND_ALLOC_NONREGIONAL, 1, [use malloc not regions, for debug use]) @@ -547,8 +548,7 @@ else # check this first, so that the pthread lib does not get linked in via # libssl or libpython, and thus distorts the tests, and we end up using # the non-threadsafe C libraries. -AC_ARG_WITH(pthreads, AC_HELP_STRING([--with-pthreads], - [use pthreads library, or --without-pthreads to disable threading support.]), +AC_ARG_WITH(pthreads, AS_HELP_STRING([--with-pthreads],[use pthreads library, or --without-pthreads to disable threading support.]), [ ],[ withval="yes" ]) ub_have_pthreads=no if test x_$withval != x_no; then @@ -595,12 +595,11 @@ int main(void) {return 0;} fi # check solaris thread library -AC_ARG_WITH(solaris-threads, AC_HELP_STRING([--with-solaris-threads], - [use solaris native thread library.]), [ ],[ withval="no" ]) +AC_ARG_WITH(solaris-threads, AS_HELP_STRING([--with-solaris-threads],[use solaris native thread library.]), [ ],[ withval="no" ]) ub_have_sol_threads=no if test x_$withval != x_no; then if test x_$ub_have_pthreads != x_no; then - AC_WARN([Have pthreads already, ignoring --with-solaris-threads]) + AC_MSG_WARN([Have pthreads already, ignoring --with-solaris-threads]) else AC_SEARCH_LIBS(thr_create, [thread], [ @@ -610,7 +609,7 @@ if test x_$withval != x_no; then [CFLAGS="$CFLAGS -D_REENTRANT"]) ub_have_sol_threads=yes ] , [ - AC_ERROR([no solaris threads found.]) + AC_MSG_ERROR([no solaris threads found.]) ]) fi fi @@ -618,7 +617,7 @@ fi fi # end of non-mingw check of thread libraries # Check for SYSLOG_FACILITY -AC_ARG_WITH(syslog-facility, AC_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7], [ set SYSLOG_FACILITY, default DAEMON ]), +AC_ARG_WITH(syslog-facility, AS_HELP_STRING([--with-syslog-facility=LOCAL0 - LOCAL7],[ set SYSLOG_FACILITY, default DAEMON ]), [ UNBOUND_SYSLOG_FACILITY="$withval" ], []) case "${UNBOUND_SYSLOG_FACILITY}" in @@ -631,8 +630,7 @@ AC_DEFINE_UNQUOTED(UB_SYSLOG_FACILITY,${UNBOUND_SYSLOG_FACILITY},[the SYSLOG_FAC # Check for dynamic library module AC_ARG_WITH(dynlibmodule, - AC_HELP_STRING([--with-dynlibmodule], - [build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]), + AS_HELP_STRING([--with-dynlibmodule],[build dynamic library module, or --without-dynlibmodule to disable it. (default=no)]), [], [ withval="no" ]) if test x_$withval != x_no; then @@ -646,15 +644,14 @@ if test x_$withval != x_no; then if test $on_mingw = "no"; then DYNLIBMOD_EXTRALIBS="-ldl -export-dynamic" else - DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.a" + DYNLIBMOD_EXTRALIBS="-Wl,--export-all-symbols,--out-implib,libunbound.dll.a" fi AC_SUBST(DYNLIBMOD_EXTRALIBS) fi # Check for PyUnbound AC_ARG_WITH(pyunbound, - AC_HELP_STRING([--with-pyunbound], - [build PyUnbound, or --without-pyunbound to skip it. (default=no)]), + AS_HELP_STRING([--with-pyunbound],[build PyUnbound, or --without-pyunbound to skip it. (default=no)]), [], [ withval="no" ]) ub_test_python=no @@ -666,8 +663,7 @@ fi # Check for Python module AC_ARG_WITH(pythonmodule, - AC_HELP_STRING([--with-pythonmodule], - [build Python module, or --without-pythonmodule to disable script engine. (default=no)]), + AS_HELP_STRING([--with-pythonmodule],[build Python module, or --without-pythonmodule to disable script engine. (default=no)]), [], [ withval="no" ]) ub_with_pythonmod=no @@ -685,7 +681,7 @@ if test x_$ub_test_python != x_no; then AC_PYTHON_DEVEL if test ! -z "$PYTHON_VERSION"; then if test `$PYTHON -c "print('$PYTHON_VERSION' >= '2.4.0')"` = "False"; then - AC_ERROR([Python version >= 2.4.0 is required]) + AC_MSG_ERROR([Python version >= 2.4.0 is required]) fi [PY_MAJOR_VERSION="`$PYTHON -c \"import sys; print(sys.version_info[0])\"`"] @@ -713,7 +709,7 @@ if test x_$ub_test_python != x_no; then # Check for SWIG ub_have_swig=no - AC_ARG_ENABLE(swig-version-check, AC_HELP_STRING([--disable-swig-version-check], [Disable swig version check to build python modules with older swig even though that is unreliable])) + AC_ARG_ENABLE(swig-version-check, AS_HELP_STRING([--disable-swig-version-check],[Disable swig version check to build python modules with older swig even though that is unreliable])) if test "$enable_swig_version_check" = "yes"; then AC_PROG_SWIG(2.0.1) else @@ -721,7 +717,7 @@ if test x_$ub_test_python != x_no; then fi AC_MSG_CHECKING(SWIG) if test ! -x "$SWIG"; then - AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) + AC_MSG_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) else AC_DEFINE(HAVE_SWIG, 1, [Define if you have Swig libraries and header files.]) AC_SUBST(swig, "$SWIG") @@ -776,8 +772,7 @@ AC_SUBST(CONFIG_DATE) # libnss USE_NSS="no" -AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], - [use libnss instead of openssl, installed at path.]), +AC_ARG_WITH([nss], AS_HELP_STRING([--with-nss=path],[use libnss instead of openssl, installed at path.]), [ USE_NSS="yes" AC_DEFINE(HAVE_NSS, 1, [Use libnss for crypto]) @@ -799,8 +794,7 @@ AC_ARG_WITH([nss], AC_HELP_STRING([--with-nss=path], # libnettle USE_NETTLE="no" -AC_ARG_WITH([nettle], AC_HELP_STRING([--with-nettle=path], - [use libnettle as crypto library, installed at path.]), +AC_ARG_WITH([nettle], AS_HELP_STRING([--with-nettle=path],[use libnettle as crypto library, installed at path.]), [ USE_NETTLE="yes" AC_DEFINE(HAVE_NETTLE, 1, [Use libnettle for crypto]) @@ -832,7 +826,10 @@ AC_SUBST(PC_CRYPTO_DEPENDENCY) BAKLIBS="$LIBS" LIBS="-lssl $LIBS" AC_MSG_CHECKING([if libssl needs -lcrypt32]) -AC_TRY_LINK_FUNC([HMAC_Update], [ +AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); +]])], [ AC_MSG_RESULT([no]) LIBS="$BAKLIBS" ], [ @@ -852,12 +849,12 @@ else AC_MSG_RESULT([no]) fi AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h],,, [AC_INCLUDES_DEFAULT]) -AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback]) +AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params]) # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ @@ -920,7 +917,7 @@ fi AC_SUBST(SSLLIB) # libbsd -AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd functions]), [ +AC_ARG_WITH([libbsd], AS_HELP_STRING([--with-libbsd],[Use portable libbsd functions]), [ AC_CHECK_HEADERS([bsd/string.h bsd/stdlib.h],,, [AC_INCLUDES_DEFAULT]) if test "x$ac_cv_header_bsd_string_h" = xyes -a "x$ac_cv_header_bsd_stdlib_h" = xyes; then for func in strlcpy strlcat arc4random arc4random_uniform reallocarray; do @@ -933,7 +930,7 @@ AC_ARG_WITH([libbsd], AC_HELP_STRING([--with-libbsd], [Use portable libbsd funct fi ]) -AC_ARG_ENABLE(sha1, AC_HELP_STRING([--disable-sha1], [Disable SHA1 RRSIG support, does not disable nsec3 support])) +AC_ARG_ENABLE(sha1, AS_HELP_STRING([--disable-sha1],[Disable SHA1 RRSIG support, does not disable nsec3 support])) case "$enable_sha1" in no) ;; @@ -943,7 +940,7 @@ case "$enable_sha1" in esac -AC_ARG_ENABLE(sha2, AC_HELP_STRING([--disable-sha2], [Disable SHA256 and SHA512 RRSIG support])) +AC_ARG_ENABLE(sha2, AS_HELP_STRING([--disable-sha2],[Disable SHA256 and SHA512 RRSIG support])) case "$enable_sha2" in no) ;; @@ -952,7 +949,7 @@ case "$enable_sha2" in ;; esac -AC_ARG_ENABLE(subnet, AC_HELP_STRING([--enable-subnet], [Enable client subnet])) +AC_ARG_ENABLE(subnet, AS_HELP_STRING([--enable-subnet],[Enable client subnet])) case "$enable_subnet" in yes) AC_DEFINE([CLIENT_SUBNET], [1], [Define this to enable client subnet option.]) @@ -1063,7 +1060,7 @@ fi AC_MSG_RESULT($ac_cv_c_gost_works) ])dnl -AC_ARG_ENABLE(gost, AC_HELP_STRING([--disable-gost], [Disable GOST support])) +AC_ARG_ENABLE(gost, AS_HELP_STRING([--disable-gost],[Disable GOST support])) use_gost="no" if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then case "$enable_gost" in @@ -1081,7 +1078,7 @@ case "$enable_gost" in esac fi dnl !USE_NSS && !USE_NETTLE -AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support])) +AC_ARG_ENABLE(ecdsa, AS_HELP_STRING([--disable-ecdsa],[Disable ECDSA support])) use_ecdsa="no" case "$enable_ecdsa" in no) @@ -1113,7 +1110,7 @@ case "$enable_ecdsa" in ;; esac -AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) +AC_ARG_ENABLE(dsa, AS_HELP_STRING([--disable-dsa],[Disable DSA support])) use_dsa="no" case "$enable_dsa" in yes) @@ -1153,7 +1150,7 @@ AC_INCLUDES_DEFAULT ;; esac -AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable ED25519 support])) +AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable ED25519 support])) use_ed25519="no" case "$enable_ed25519" in no) @@ -1176,7 +1173,7 @@ case "$enable_ed25519" in ;; esac -AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable ED448 support])) +AC_ARG_ENABLE(ed448, AS_HELP_STRING([--disable-ed448],[Disable ED448 support])) use_ed448="no" case "$enable_ed448" in no) @@ -1196,7 +1193,7 @@ case "$enable_ed448" in ;; esac -AC_ARG_ENABLE(event-api, AC_HELP_STRING([--enable-event-api], [Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) +AC_ARG_ENABLE(event-api, AS_HELP_STRING([--enable-event-api],[Enable (experimental) pluggable event base libunbound API installed to unbound-event.h])) case "$enable_event_api" in yes) AC_SUBST(UNBOUND_EVENT_INSTALL, [unbound-event-install]) @@ -1206,7 +1203,7 @@ case "$enable_event_api" in ;; esac -AC_ARG_ENABLE(tfo-client, AC_HELP_STRING([--enable-tfo-client], [Enable TCP Fast Open for client mode])) +AC_ARG_ENABLE(tfo-client, AS_HELP_STRING([--enable-tfo-client],[Enable TCP Fast Open for client mode])) case "$enable_tfo_client" in yes) case `uname` in @@ -1230,7 +1227,7 @@ case "$enable_tfo_client" in ;; esac -AC_ARG_ENABLE(tfo-server, AC_HELP_STRING([--enable-tfo-server], [Enable TCP Fast Open for server mode])) +AC_ARG_ENABLE(tfo-server, AS_HELP_STRING([--enable-tfo-server],[Enable TCP Fast Open for server mode])) case "$enable_tfo_server" in yes) AC_CHECK_DECL([TCP_FASTOPEN], [AC_MSG_WARN([Check the platform specific TFO kernel parameters are correctly configured to support server mode TFO])], [AC_MSG_ERROR([TCP Fast Open is not available for server mode: please rerun without --enable-tfo-server])], [AC_INCLUDES_DEFAULT @@ -1243,8 +1240,7 @@ case "$enable_tfo_server" in esac # check for libevent -AC_ARG_WITH(libevent, AC_HELP_STRING([--with-libevent=pathname], - [use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), +AC_ARG_WITH(libevent, AS_HELP_STRING([--with-libevent=pathname],[use libevent (will check /usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr or you can specify an explicit path). Slower, but allows use of large outgoing port ranges.]), [ ],[ with_libevent="no" ]) if test "x_$with_libevent" != x_no; then AC_DEFINE([USE_LIBEVENT], [1], [Define if you enable libevent]) @@ -1338,8 +1334,7 @@ else fi # check for libexpat -AC_ARG_WITH(libexpat, AC_HELP_STRING([--with-libexpat=path], - [specify explicit path for libexpat.]), +AC_ARG_WITH(libexpat, AS_HELP_STRING([--with-libexpat=path],[specify explicit path for libexpat.]), [ ],[ withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" ]) AC_MSG_CHECKING(for libexpat) found_libexpat="no" @@ -1356,7 +1351,7 @@ for dir in $withval ; do fi done if test x_$found_libexpat != x_yes; then - AC_ERROR([Could not find libexpat, expat.h]) + AC_MSG_ERROR([Could not find libexpat, expat.h]) fi AC_CHECK_HEADERS([expat.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT @@ -1364,8 +1359,7 @@ AC_CHECK_DECLS([XML_StopParser], [], [], [AC_INCLUDES_DEFAULT ]) # hiredis (redis C client for cachedb) -AC_ARG_WITH(libhiredis, AC_HELP_STRING([--with-libhiredis=path], - [specify explicit path for libhiredis.]), +AC_ARG_WITH(libhiredis, AS_HELP_STRING([--with-libhiredis=path],[specify explicit path for libhiredis.]), [ ],[ withval="no" ]) found_libhiredis="no" if test x_$withval = x_yes -o x_$withval != x_no; then @@ -1388,7 +1382,7 @@ if test x_$withval = x_yes -o x_$withval != x_no; then fi done if test x_$found_libhiredis != x_yes; then - AC_ERROR([Could not find libhiredis, hiredis.h]) + AC_MSG_ERROR([Could not find libhiredis, hiredis.h]) fi AC_CHECK_HEADERS([hiredis/hiredis.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_DECLS([redisConnect], [], [], [AC_INCLUDES_DEFAULT @@ -1396,11 +1390,42 @@ if test x_$withval = x_yes -o x_$withval != x_no; then ]) fi +# nghttp2 +AC_ARG_WITH(libnghttp2, AS_HELP_STRING([--with-libnghttp2=path],[specify explicit path for libnghttp2.]), + [ ],[ withval="no" ]) +found_libnghttp2="no" +if test x_$withval = x_yes -o x_$withval != x_no; then + AC_MSG_CHECKING(for libnghttp2) + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local /opt/local /usr/lib /usr/pkg /usr/sfw /usr" + fi + for dir in $withval ; do + if test -f "$dir/include/nghttp2/nghttp2.h"; then + found_libnghttp2="yes" + dnl assume /usr is in default path. + if test "$dir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$dir/include" + LDFLAGS="$LDFLAGS -L$dir/lib" + fi + AC_MSG_RESULT(found in $dir) + AC_DEFINE([HAVE_NGHTTP2], [1], [Define this to use nghttp2 client.]) + LIBS="$LIBS -lnghttp2" + break; + fi + done + if test x_$found_libnghttp2 != x_yes; then + AC_MSG_ERROR([Could not find libnghttp2, nghttp2.h]) + fi + AC_CHECK_HEADERS([nghttp2/nghttp2.h],,, [AC_INCLUDES_DEFAULT]) + AC_CHECK_DECLS([nghttp2_session_server_new], [], [], [AC_INCLUDES_DEFAULT + #include + ]) +fi + # set static linking for uninstalled libraries if requested AC_SUBST(staticexe) staticexe="" -AC_ARG_ENABLE(static-exe, AC_HELP_STRING([--enable-static-exe], - [ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), +AC_ARG_ENABLE(static-exe, AS_HELP_STRING([--enable-static-exe],[ enable to compile executables statically against (event) uninstalled libs, for debug purposes ]), , ) if test x_$enable_static_exe = x_yes; then staticexe="-static" @@ -1417,8 +1442,7 @@ if test x_$enable_static_exe = x_yes; then fi # set full static linking if requested -AC_ARG_ENABLE(fully-static, AC_HELP_STRING([--enable-fully-static], - [ enable to compile fully static ]), +AC_ARG_ENABLE(fully-static, AS_HELP_STRING([--enable-fully-static],[ enable to compile fully static ]), , ) if test x_$enable_fully_static = x_yes; then staticexe="-all-static" @@ -1434,8 +1458,7 @@ if test x_$enable_fully_static = x_yes; then fi # set lock checking if requested -AC_ARG_ENABLE(lock_checks, AC_HELP_STRING([--enable-lock-checks], - [ enable to check lock and unlock calls, for debug purposes ]), +AC_ARG_ENABLE(lock_checks, AS_HELP_STRING([--enable-lock-checks],[ enable to check lock and unlock calls, for debug purposes ]), , ) if test x_$enable_lock_checks = x_yes; then AC_DEFINE(ENABLE_LOCK_CHECKS, 1, [Define if you want to use debug lock checking (slow).]) @@ -1552,7 +1575,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM([ AC_MSG_RESULT(no)) AC_SEARCH_LIBS([setusercontext], [util]) -AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4]) +AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam endpwent getrlimit setrlimit setsid chroot kill chown sleep usleep random srandom recvmsg sendmsg writev socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex endservent endprotoent fsync shmget accept4 getifaddrs]) AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])]) AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])]) @@ -1677,7 +1700,7 @@ AC_SUBST(LIBOBJ_WITHOUT_CTIME) AC_REPLACE_FUNCS(ctime_r) AC_REPLACE_FUNCS(strsep) -AC_ARG_ENABLE(allsymbols, AC_HELP_STRING([--enable-allsymbols], [export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols])) +AC_ARG_ENABLE(allsymbols, AS_HELP_STRING([--enable-allsymbols],[export all symbols from libunbound and link binaries to it, smaller install size but libunbound export table is polluted by internal symbols])) case "$enable_allsymbols" in yes) COMMON_OBJ_ALL_SYMBOLS="" @@ -1743,7 +1766,7 @@ dnsc_DNSCRYPT([ ) # check for cachedb if requested -AC_ARG_ENABLE(cachedb, AC_HELP_STRING([--enable-cachedb], [enable cachedb module that can use external cache storage])) +AC_ARG_ENABLE(cachedb, AS_HELP_STRING([--enable-cachedb],[enable cachedb module that can use external cache storage])) # turn on cachedb when hiredis support is enabled. if test "$found_libhiredis" = "yes"; then enable_cachedb="yes"; fi case "$enable_cachedb" in @@ -1756,7 +1779,7 @@ case "$enable_cachedb" in esac # check for ipsecmod if requested -AC_ARG_ENABLE(ipsecmod, AC_HELP_STRING([--enable-ipsecmod], [Enable ipsecmod module that facilitates opportunistic IPsec])) +AC_ARG_ENABLE(ipsecmod, AS_HELP_STRING([--enable-ipsecmod],[Enable ipsecmod module that facilitates opportunistic IPsec])) case "$enable_ipsecmod" in yes) AC_DEFINE([USE_IPSECMOD], [1], [Define to 1 to use ipsecmod support.]) @@ -1771,7 +1794,7 @@ case "$enable_ipsecmod" in esac # check for ipset if requested -AC_ARG_ENABLE(ipset, AC_HELP_STRING([--enable-ipset], [enable ipset module])) +AC_ARG_ENABLE(ipset, AS_HELP_STRING([--enable-ipset],[enable ipset module])) case "$enable_ipset" in yes) AC_DEFINE([USE_IPSET], [1], [Define to 1 to use ipset support]) @@ -1781,8 +1804,7 @@ case "$enable_ipset" in AC_SUBST(IPSET_OBJ) # mnl - AC_ARG_WITH(libmnl, AC_HELP_STRING([--with-libmnl=path], - [specify explicit path for libmnl.]), + AC_ARG_WITH(libmnl, AS_HELP_STRING([--with-libmnl=path],[specify explicit path for libmnl.]), [ ],[ withval="yes" ]) found_libmnl="no" AC_MSG_CHECKING(for libmnl) @@ -1803,14 +1825,14 @@ case "$enable_ipset" in fi done if test x_$found_libmnl != x_yes; then - AC_ERROR([Could not find libmnl, libmnl.h]) + AC_MSG_ERROR([Could not find libmnl, libmnl.h]) fi ;; no|*) # nothing ;; esac -AC_ARG_ENABLE(explicit-port-randomisation, AC_HELP_STRING([--disable-explicit-port-randomisation], [disable explicit source port randomisation and rely on the kernel to provide random source ports])) +AC_ARG_ENABLE(explicit-port-randomisation, AS_HELP_STRING([--disable-explicit-port-randomisation],[disable explicit source port randomisation and rely on the kernel to provide random source ports])) case "$enable_explicit_port_randomisation" in no) AC_DEFINE([DISABLE_EXPLICIT_PORT_RANDOMISATION], [1], [Define this to enable kernel based UDP source port randomization.]) @@ -1858,8 +1880,7 @@ AC_SUBST(SOURCEFILE) # see if we want to build the library or everything ALLTARGET="alltargets" INSTALLTARGET="install-all" -AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], - [do not build daemon and tool programs]), +AC_ARG_WITH(libunbound-only, AS_HELP_STRING([--with-libunbound-only],[do not build daemon and tool programs]), [ if test "$withval" = "yes"; then ALLTARGET="lib" @@ -1868,10 +1889,10 @@ AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], ]) if test $ALLTARGET = "alltargets"; then if test $USE_NSS = "yes"; then - AC_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) + AC_MSG_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) fi if test $USE_NETTLE = "yes"; then - AC_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) + AC_MSG_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) fi fi @@ -2132,6 +2153,8 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file, #define UNBOUND_DNS_PORT 53 /** default port for DNS over TLS traffic. */ #define UNBOUND_DNS_OVER_TLS_PORT 853 +/** default port for DNS over HTTPS traffic. */ +#define UNBOUND_DNS_OVER_HTTPS_PORT 443 /** default port for unbound control traffic, registered port with IANA, ub-dns-control 8953/tcp unbound dns nameserver control */ #define UNBOUND_CONTROL_PORT 8953 @@ -2146,5 +2169,5 @@ AC_SUBST(version, [VERSION_MAJOR.VERSION_MINOR.VERSION_MICRO]) AC_SUBST(date, [`date +'%b %e, %Y'`]) AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh dnstap/dnstap_config.h dnscrypt/dnscrypt_config.h contrib/libunbound.pc contrib/unbound.socket contrib/unbound.service contrib/unbound_portable.service]) -AC_CONFIG_HEADER([config.h]) +AC_CONFIG_HEADERS([config.h]) AC_OUTPUT diff --git a/contrib/README b/contrib/README index 9db078e56..ef2a0ab88 100644 --- a/contrib/README +++ b/contrib/README @@ -53,3 +53,5 @@ distribution but may be helpful. lookups for downstream clients. * drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format, contributed by Andreas Schulze. +* metrics.awk: awk script that can convert unbound-control stats to + Prometheus metrics format output. diff --git a/contrib/aaaa-filter-iterator.patch b/contrib/aaaa-filter-iterator.patch index 9881bde89..f51de2a40 100644 --- a/contrib/aaaa-filter-iterator.patch +++ b/contrib/aaaa-filter-iterator.patch @@ -1,10 +1,10 @@ -Index: trunk/doc/unbound.conf.5.in -=================================================================== ---- trunk/doc/unbound.conf.5.in (revision 4357) -+++ trunk/doc/unbound.conf.5.in (working copy) -@@ -701,6 +701,13 @@ +diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in +index f426ac5f..147fbfa9 100644 +--- a/doc/unbound.conf.5.in ++++ b/doc/unbound.conf.5.in +@@ -872,6 +872,13 @@ potentially broken nameservers. A lot of domains will not be resolvable when this option in enabled. Only use if you know what you are doing. - This option only has effect when qname-minimisation is enabled. Default is off. + This option only has effect when qname-minimisation is enabled. Default is no. .TP +.B aaaa\-filter: \fI +Activate behavior similar to BIND's AAAA-filter. @@ -16,14 +16,15 @@ Index: trunk/doc/unbound.conf.5.in .B aggressive\-nsec: \fI Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN and other denials, using information from previous NXDOMAINs answers. -Index: trunk/iterator/iter_scrub.c -=================================================================== ---- trunk/iterator/iter_scrub.c (revision 4357) -+++ trunk/iterator/iter_scrub.c (working copy) -@@ -617,6 +617,32 @@ +diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c +index aae934dd..55c55de0 100644 +--- a/iterator/iter_scrub.c ++++ b/iterator/iter_scrub.c +@@ -667,6 +667,32 @@ static int sanitize_nsec_is_overreach(struct rrset_parse* rrset, + return 0; } - /** ++/** + * ASN: Lookup A records from rrset cache. + * @param qinfo: the question originally asked. + * @param env: module environment with config and cache. @@ -49,11 +50,10 @@ Index: trunk/iterator/iter_scrub.c + return 0; +} + -+/** + /** * Given a response event, remove suspect RRsets from the response. * "Suspect" rrsets are potentially poison. Note that this routine expects - * the response to be in a "normalized" state -- that is, all "irrelevant" -@@ -635,6 +661,7 @@ +@@ -686,6 +712,7 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, struct query_info* qinfo, uint8_t* zonename, struct module_env* env, struct iter_env* ie) { @@ -61,7 +61,7 @@ Index: trunk/iterator/iter_scrub.c int del_addi = 0; /* if additional-holding rrsets are deleted, we do not trust the normalized additional-A-AAAA any more */ struct rrset_parse* rrset, *prev; -@@ -670,6 +697,13 @@ +@@ -721,6 +748,13 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, rrset = rrset->rrset_all_next; } @@ -75,11 +75,10 @@ Index: trunk/iterator/iter_scrub.c /* At this point, we brutally remove ALL rrsets that aren't * children of the originating zone. The idea here is that, * as far as we know, the server that we contacted is ONLY -@@ -680,6 +714,24 @@ - prev = NULL; +@@ -732,6 +766,24 @@ scrub_sanitize(sldns_buffer* pkt, struct msg_parse* msg, rrset = msg->rrset_first; while(rrset) { -+ + + /* ASN: For AAAA records only... */ + if((ie->aaaa_filter) && (rrset->type == LDNS_RR_TYPE_AAAA)) { + /* ASN: If this is not a AAAA query, then remove AAAA @@ -97,14 +96,15 @@ Index: trunk/iterator/iter_scrub.c + LDNS_RR_TYPE_AAAA, qinfo->qclass); + } + /* ASN: End of added code */ - ++ /* remove private addresses */ if( (rrset->type == LDNS_RR_TYPE_A || -Index: trunk/iterator/iter_utils.c -=================================================================== ---- trunk/iterator/iter_utils.c (revision 4357) -+++ trunk/iterator/iter_utils.c (working copy) -@@ -175,6 +175,7 @@ + rrset->type == LDNS_RR_TYPE_AAAA)) { +diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c +index 7bc67da6..e10f547a 100644 +--- a/iterator/iter_utils.c ++++ b/iterator/iter_utils.c +@@ -175,6 +175,7 @@ iter_apply_cfg(struct iter_env* iter_env, struct config_file* cfg) } iter_env->supports_ipv6 = cfg->do_ip6; iter_env->supports_ipv4 = cfg->do_ip4; @@ -112,11 +112,11 @@ Index: trunk/iterator/iter_utils.c return 1; } -Index: trunk/iterator/iterator.c -=================================================================== ---- trunk/iterator/iterator.c (revision 4357) -+++ trunk/iterator/iterator.c (working copy) -@@ -1847,6 +1847,53 @@ +diff --git a/iterator/iterator.c b/iterator/iterator.c +index 23b07ea9..ca29b48c 100644 +--- a/iterator/iterator.c ++++ b/iterator/iterator.c +@@ -2127,6 +2127,53 @@ processDSNSFind(struct module_qstate* qstate, struct iter_qstate* iq, int id) return 0; } @@ -170,7 +170,7 @@ Index: trunk/iterator/iterator.c /** * This is the request event state where the request will be sent to one of -@@ -1894,6 +1941,13 @@ +@@ -2186,6 +2233,13 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } @@ -184,7 +184,7 @@ Index: trunk/iterator/iterator.c /* Make sure we have a delegation point, otherwise priming failed * or another failure occurred */ if(!iq->dp) { -@@ -3095,6 +3149,61 @@ +@@ -3574,6 +3628,61 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, return 0; } @@ -246,7 +246,7 @@ Index: trunk/iterator/iterator.c /* * Return priming query results to interested super querystates. * -@@ -3114,6 +3223,9 @@ +@@ -3593,6 +3702,9 @@ iter_inform_super(struct module_qstate* qstate, int id, else if(super->qinfo.qtype == LDNS_RR_TYPE_DS && ((struct iter_qstate*) super->minfo[id])->state == DSNS_FIND_STATE) processDSNSResponse(qstate, id, super); @@ -256,7 +256,7 @@ Index: trunk/iterator/iterator.c else if(qstate->return_rcode != LDNS_RCODE_NOERROR) error_supers(qstate, id, super); else if(qstate->is_priming) -@@ -3151,6 +3263,9 @@ +@@ -3630,6 +3742,9 @@ iter_handle(struct module_qstate* qstate, struct iter_qstate* iq, case INIT_REQUEST_3_STATE: cont = processInitRequest3(qstate, iq, id); break; @@ -266,7 +266,7 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE: cont = processQueryTargets(qstate, iq, ie, id); break; -@@ -3460,6 +3575,8 @@ +@@ -3961,6 +4076,8 @@ iter_state_to_string(enum iter_state state) return "INIT REQUEST STATE (stage 2)"; case INIT_REQUEST_3_STATE: return "INIT REQUEST STATE (stage 3)"; @@ -275,7 +275,7 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE : return "QUERY TARGETS STATE"; case PRIME_RESP_STATE : -@@ -3484,6 +3601,7 @@ +@@ -3985,6 +4102,7 @@ iter_state_is_responsestate(enum iter_state s) case INIT_REQUEST_STATE : case INIT_REQUEST_2_STATE : case INIT_REQUEST_3_STATE : @@ -283,11 +283,11 @@ Index: trunk/iterator/iterator.c case QUERYTARGETS_STATE : case COLLECT_CLASS_STATE : return 0; -Index: trunk/iterator/iterator.h -=================================================================== ---- trunk/iterator/iterator.h (revision 4357) -+++ trunk/iterator/iterator.h (working copy) -@@ -130,6 +130,9 @@ +diff --git a/iterator/iterator.h b/iterator/iterator.h +index 342ac207..731948d1 100644 +--- a/iterator/iterator.h ++++ b/iterator/iterator.h +@@ -135,6 +135,9 @@ struct iter_env { */ int* target_fetch_policy; @@ -297,10 +297,11 @@ Index: trunk/iterator/iterator.h /** lock on ratelimit counter */ lock_basic_type queries_ratelimit_lock; /** number of queries that have been ratelimited */ -@@ -182,6 +185,14 @@ +@@ -186,6 +189,14 @@ enum iter_state { + */ INIT_REQUEST_3_STATE, - /** ++ /** + * This state is responsible for intercepting AAAA queries, + * and launch a A subquery on the same target, to populate the + * cache with A records, so the AAAA filter scrubbing logic can @@ -308,29 +309,28 @@ Index: trunk/iterator/iterator.h + */ + ASN_FETCH_A_FOR_AAAA_STATE, + -+ /** + /** * Each time a delegation point changes for a given query or a * query times out and/or wakes up, this state is (re)visited. - * This state is responsible for iterating through a list of -@@ -364,6 +375,13 @@ - * be used when creating the state. A higher one will be attempted. +@@ -375,6 +386,13 @@ struct iter_qstate { */ int refetch_glue; -+ + + /** + * ASN: This is a flag that, if true, means that this query is + * for fetching A records to populate cache and determine if we must + * return AAAA records or not. + */ + int fetch_a_for_aaaa; - ++ /** list of pending queries to authoritative servers. */ struct outbound_list outlist; -Index: trunk/pythonmod/interface.i -=================================================================== ---- trunk/pythonmod/interface.i (revision 4357) -+++ trunk/pythonmod/interface.i (working copy) -@@ -851,6 +851,7 @@ + +diff --git a/pythonmod/interface.i b/pythonmod/interface.i +index f08b575d..47f1bb2e 100644 +--- a/pythonmod/interface.i ++++ b/pythonmod/interface.i +@@ -975,6 +975,7 @@ struct config_file { int harden_dnssec_stripped; int harden_referral_path; int use_caps_bits_for_id; @@ -338,11 +338,11 @@ Index: trunk/pythonmod/interface.i struct config_strlist* private_address; struct config_strlist* private_domain; size_t unwanted_threshold; -Index: trunk/util/config_file.c -=================================================================== ---- trunk/util/config_file.c (revision 4357) -+++ trunk/util/config_file.c (working copy) -@@ -195,6 +195,7 @@ +diff --git a/util/config_file.c b/util/config_file.c +index 0ab8614a..729fb147 100644 +--- a/util/config_file.c ++++ b/util/config_file.c +@@ -218,6 +218,7 @@ config_create(void) cfg->harden_referral_path = 0; cfg->harden_algo_downgrade = 0; cfg->use_caps_bits_for_id = 0; @@ -350,11 +350,11 @@ Index: trunk/util/config_file.c cfg->caps_whitelist = NULL; cfg->private_address = NULL; cfg->private_domain = NULL; -Index: trunk/util/config_file.h -=================================================================== ---- trunk/util/config_file.h (revision 4357) -+++ trunk/util/config_file.h (working copy) -@@ -209,6 +209,8 @@ +diff --git a/util/config_file.h b/util/config_file.h +index e61257a3..dabaa7bb 100644 +--- a/util/config_file.h ++++ b/util/config_file.h +@@ -260,6 +260,8 @@ struct config_file { int harden_algo_downgrade; /** use 0x20 bits in query as random ID bits */ int use_caps_bits_for_id; @@ -363,11 +363,11 @@ Index: trunk/util/config_file.h /** 0x20 whitelist, domains that do not use capsforid */ struct config_strlist* caps_whitelist; /** strip away these private addrs from answers, no DNS Rebinding */ -Index: trunk/util/configlexer.lex -=================================================================== ---- trunk/util/configlexer.lex (revision 4357) -+++ trunk/util/configlexer.lex (working copy) -@@ -279,6 +279,7 @@ +diff --git a/util/configlexer.lex b/util/configlexer.lex +index 79a0edca..4eaec678 100644 +--- a/util/configlexer.lex ++++ b/util/configlexer.lex +@@ -304,6 +304,7 @@ harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } @@ -375,11 +375,11 @@ Index: trunk/util/configlexer.lex private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } -Index: trunk/util/configparser.y -=================================================================== ---- trunk/util/configparser.y (revision 4357) -+++ trunk/util/configparser.y (working copy) -@@ -95,6 +95,7 @@ +diff --git a/util/configparser.y b/util/configparser.y +index 1d0e8658..f284dd43 100644 +--- a/util/configparser.y ++++ b/util/configparser.y +@@ -97,6 +97,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT %token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR %token VAR_NEG_CACHE_SIZE VAR_HARDEN_REFERRAL_PATH VAR_PRIVATE_ADDRESS @@ -387,7 +387,7 @@ Index: trunk/util/configparser.y %token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE %token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE %token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE -@@ -203,6 +204,7 @@ +@@ -233,6 +234,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_dlv_anchor_file | server_dlv_anchor | server_neg_cache_size | server_harden_referral_path | server_private_address | server_private_domain | server_extended_statistics | @@ -395,12 +395,10 @@ Index: trunk/util/configparser.y server_local_data_ptr | server_jostle_timeout | server_unwanted_reply_threshold | server_log_time_ascii | server_domain_insecure | server_val_sig_skew_min | -@@ -1183,6 +1185,15 @@ - OUTYY(("P(server_caps_whitelist:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, $2)) +@@ -1563,6 +1565,15 @@ server_caps_whitelist: VAR_CAPS_WHITELIST STRING_ARG yyerror("out of memory"); -+ } -+ ; + } + ; +server_aaaa_filter: VAR_AAAA_FILTER STRING_ARG + { + OUTYY(("P(server_aaaa_filter:%s)\n", $2)); @@ -408,6 +406,8 @@ Index: trunk/util/configparser.y + yyerror("expected yes or no."); + else cfg_parser->cfg->aaaa_filter = (strcmp($2, "yes")==0); + free($2); - } - ; ++ } ++ ; server_private_address: VAR_PRIVATE_ADDRESS STRING_ARG + { + OUTYY(("P(server_private_address:%s)\n", $2)); diff --git a/contrib/metrics.awk b/contrib/metrics.awk new file mode 100644 index 000000000..5a7a2569c --- /dev/null +++ b/contrib/metrics.awk @@ -0,0 +1,180 @@ +# read output of unbound-control stats +# and output prometheus metrics style output. +# use these options: +# server: extended-statistics: yes +# statistics-cumulative: no +# statistics-interval: 0 +# remote-control: control-enable: yes +# Can use it like unbound-control stats | awk -f "metrics.awk" + +BEGIN { + FS="="; +} +# everything like total.num.queries=value is put in val["total.num.queries"] +/^.*\..*=/ { + val[$1]=$2; +} +# print the output metrics +END { + print "# HELP unbound_hits_queries Unbound DNS traffic and cache hits" + print "# TYPE unbound_hits_queries gauge" + print "unbound_hits_queries{type=\"total.num.queries\"} " val["total.num.queries"]; + for (x=0; x<99; x++) { + if(val["thread" $x ".num.queries"] != "") { + print "unbound_hits_queries{type=\"thread" $x ".num.queries\"} " val["thread" $x ".num.queries"]; + } + } + print "unbound_hits_queries{type=\"total.num.cachehits\"} " val["total.num.cachehits"]; + print "unbound_hits_queries{type=\"total.num.prefetch\"} " val["total.num.prefetch"]; + print "unbound_hits_queries{type=\"num.query.tcp\"} " val["num.query.tcp"]; + print "unbound_hits_queries{type=\"num.query.tcpout\"} " val["num.query.tcpout"]; + print "unbound_hits_queries{type=\"num.query.tls\"} " val["num.query.tls"]; + print "unbound_hits_queries{type=\"num.query.tls.resume\"} " val["num.query.tls.resume"]; + print "unbound_hits_queries{type=\"num.query.ipv6\"} " val["num.query.ipv6"]; + print "unbound_hits_queries{type=\"unwanted.queries\"} " val["unwanted.queries"]; + print "" + + print "# HELP unbound_queue_queries Unbound requestlist size" + print "# TYPE unbound_queue_queries gauge" + print "unbound_queue_queries{type=\"total.requestlist.avg\"} " val["total.requestlist.avg"]; + print "unbound_queue_queries{type=\"total.requestlist.max\"} " val["total.requestlist.max"]; + print "unbound_queue_queries{type=\"total.requestlist.overwritten\"} " val["total.requestlist.overwritten"]; + print "unbound_queue_queries{type=\"total.requestlist.exceeded\"} " val["total.requestlist.exceeded"]; + print "" + + print "# HELP unbound_memory_bytes Unbound memory usage" + print "# TYPE unbound_memory_bytes gauge" + print "unbound_memory_bytes{type=\"mem.cache.rrset\"} " val["mem.cache.rrset"]; + print "unbound_memory_bytes{type=\"mem.cache.message\"} " val["mem.cache.message"]; + print "unbound_memory_bytes{type=\"mem.mod.iterator\"} " val["mem.mod.iterator"]; + if(val["mem.mod.validator"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.validator\"} " val["mem.mod.validator"]; + } + if(val["mem.mod.respip"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.respip\"} " val["mem.mod.respip"]; + } + if(val["mem.mod.subnet"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.subnet\"} " val["mem.mod.subnet"]; + } + if(val["mem.mod.ipsecmod"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.ipsecmod\"} " val["mem.mod.ipsecmod"]; + } + if(val["mem.mod.dynlibmod"] != "") { + print "unbound_memory_bytes{type=\"mem.mod.dynlibmod\"} " val["mem.mod.dynlibmod"]; + } + print "unbound_memory_bytes{type=\"msg.cache.count\"} " val["msg.cache.count"]; + print "unbound_memory_bytes{type=\"rrset.cache.count\"} " val["rrset.cache.count"]; + print "unbound_memory_bytes{type=\"infra.cache.count\"} " val["infra.cache.count"]; + print "unbound_memory_bytes{type=\"key.cache.count\"} " val["key.cache.count"]; + print "" + + print "# HELP unbound_by_type_queries Unbound DNS queries by type" + print "# TYPE unbound_by_type_queries gauge" + for(x in val) { + if(x ~ /^num.query.type./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_type_queries{type=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_class_queries Unbound DNS queries by class" + print "# TYPE unbound_by_class_queries gauge" + for(x in val) { + if(x ~ /^num.query.class./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_class_queries{class=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_opcode_queries Unbound DNS queries by opcode" + print "# TYPE unbound_by_opcode_queries gauge" + for(x in val) { + if(x ~ /^num.query.opcode./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_opcode_queries{opcode=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_rcode_queries Unbound DNS answers by rcode" + print "# TYPE unbound_by_rcode_queries gauge" + for(x in val) { + if(x ~ /^num.answer.rcode./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_rcode_queries{rcode=\"" a[4] "\"} " val[x]; + } + } + } + print "" + + print "# HELP unbound_by_flags_queries Unbound DNS queries by flags" + print "# TYPE unbound_by_flags_queries gauge" + for(x in val) { + if(x ~ /^num.query.flags./) { + if(val[x] != "") { + split(x, a, "."); + print "unbound_by_flags_queries{flag=\"" a[4] "\"} " val[x]; + } + } + } + if(val["num.query.edns.present"] != "") { + print "unbound_by_flags_queries{flag=\"num.query.edns.present\"} " val["num.query.edns.present"]; + } + if(val["num.query.edns.DO"] != "") { + print "unbound_by_flags_queries{flag=\"num.query.edns.DO\"} " val["num.query.edns.DO"]; + } + print "" + + print "# HELP unbound_histogram_seconds Unbound DNS histogram of reply time" + print "# TYPE unbound_histogram_seconds gauge" + print "unbound_histogram_seconds{bucket=\"000000.000000.to.000000.000001\"} " val["histogram.000000.000000.to.000000.000001"]; + print "unbound_histogram_seconds{bucket=\"000000.000001.to.000000.000002\"} " val["histogram.000000.000001.to.000000.000002"]; + print "unbound_histogram_seconds{bucket=\"000000.000002.to.000000.000004\"} " val["histogram.000000.000002.to.000000.000004"]; + print "unbound_histogram_seconds{bucket=\"000000.000004.to.000000.000008\"} " val["histogram.000000.000004.to.000000.000008"]; + print "unbound_histogram_seconds{bucket=\"000000.000008.to.000000.000016\"} " val["histogram.000000.000008.to.000000.000016"]; + print "unbound_histogram_seconds{bucket=\"000000.000016.to.000000.000032\"} " val["histogram.000000.000016.to.000000.000032"]; + print "unbound_histogram_seconds{bucket=\"000000.000032.to.000000.000064\"} " val["histogram.000000.000032.to.000000.000064"]; + print "unbound_histogram_seconds{bucket=\"000000.000064.to.000000.000128\"} " val["histogram.000000.000064.to.000000.000128"]; + print "unbound_histogram_seconds{bucket=\"000000.000128.to.000000.000256\"} " val["histogram.000000.000128.to.000000.000256"]; + print "unbound_histogram_seconds{bucket=\"000000.000256.to.000000.000512\"} " val["histogram.000000.000256.to.000000.000512"]; + print "unbound_histogram_seconds{bucket=\"000000.000512.to.000000.001024\"} " val["histogram.000000.000512.to.000000.001024"]; + print "unbound_histogram_seconds{bucket=\"000000.001024.to.000000.002048\"} " val["histogram.000000.001024.to.000000.002048"]; + print "unbound_histogram_seconds{bucket=\"000000.002048.to.000000.004096\"} " val["histogram.000000.002048.to.000000.004096"]; + print "unbound_histogram_seconds{bucket=\"000000.004096.to.000000.008192\"} " val["histogram.000000.004096.to.000000.008192"]; + print "unbound_histogram_seconds{bucket=\"000000.008192.to.000000.016384\"} " val["histogram.000000.008192.to.000000.016384"]; + print "unbound_histogram_seconds{bucket=\"000000.016384.to.000000.032768\"} " val["histogram.000000.016384.to.000000.032768"]; + print "unbound_histogram_seconds{bucket=\"000000.032768.to.000000.065536\"} " val["histogram.000000.032768.to.000000.065536"]; + print "unbound_histogram_seconds{bucket=\"000000.065536.to.000000.131072\"} " val["histogram.000000.065536.to.000000.131072"]; + print "unbound_histogram_seconds{bucket=\"000000.131072.to.000000.262144\"} " val["histogram.000000.131072.to.000000.262144"]; + print "unbound_histogram_seconds{bucket=\"000000.262144.to.000000.524288\"} " val["histogram.000000.262144.to.000000.524288"]; + print "unbound_histogram_seconds{bucket=\"000000.524288.to.000001.000000\"} " val["histogram.000000.524288.to.000001.000000"]; + print "unbound_histogram_seconds{bucket=\"000001.000000.to.000002.000000\"} " val["histogram.000001.000000.to.000002.000000"]; + print "unbound_histogram_seconds{bucket=\"000002.000000.to.000004.000000\"} " val["histogram.000002.000000.to.000004.000000"]; + print "unbound_histogram_seconds{bucket=\"000004.000000.to.000008.000000\"} " val["histogram.000004.000000.to.000008.000000"]; + print "unbound_histogram_seconds{bucket=\"000008.000000.to.000016.000000\"} " val["histogram.000008.000000.to.000016.000000"]; + print "unbound_histogram_seconds{bucket=\"000016.000000.to.000032.000000\"} " val["histogram.000016.000000.to.000032.000000"]; + print "unbound_histogram_seconds{bucket=\"000032.000000.to.000064.000000\"} " val["histogram.000032.000000.to.000064.000000"]; + print "unbound_histogram_seconds{bucket=\"000064.000000.to.000128.000000\"} " val["histogram.000064.000000.to.000128.000000"]; + print "unbound_histogram_seconds{bucket=\"000128.000000.to.000256.000000\"} " val["histogram.000128.000000.to.000256.000000"]; + print "unbound_histogram_seconds{bucket=\"000256.000000.to.000512.000000\"} " val["histogram.000256.000000.to.000512.000000"]; + print "unbound_histogram_seconds{bucket=\"000512.000000.to.001024.000000\"} " val["histogram.000512.000000.to.001024.000000"]; + print "unbound_histogram_seconds{bucket=\"001024.000000.to.002048.000000\"} " val["histogram.001024.000000.to.002048.000000"]; + print "unbound_histogram_seconds{bucket=\"002048.000000.to.004096.000000\"} " val["histogram.002048.000000.to.004096.000000"]; + print "unbound_histogram_seconds{bucket=\"004096.000000.to.008192.000000\"} " val["histogram.004096.000000.to.008192.000000"]; + print "unbound_histogram_seconds{bucket=\"008192.000000.to.016384.000000\"} " val["histogram.008192.000000.to.016384.000000"]; + print "unbound_histogram_seconds{bucket=\"016384.000000.to.032768.000000\"} " val["histogram.016384.000000.to.032768.000000"]; + print "unbound_histogram_seconds{bucket=\"032768.000000.to.065536.000000\"} " val["histogram.032768.000000.to.065536.000000"]; + print "unbound_histogram_seconds{bucket=\"065536.000000.to.131072.000000\"} " val["histogram.065536.000000.to.131072.000000"]; + print "unbound_histogram_seconds{bucket=\"131072.000000.to.262144.000000\"} " val["histogram.131072.000000.to.262144.000000"]; + print "unbound_histogram_seconds{bucket=\"262144.000000.to.524288.000000\"} " val["histogram.262144.000000.to.524288.000000"]; + print "" +} diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in index 8ebe529c9..a4596978d 100644 --- a/contrib/unbound.service.in +++ b/contrib/unbound.service.in @@ -42,9 +42,9 @@ [Unit] Description=Validating, recursive, and caching DNS resolver Documentation=man:unbound(8) -After=network.target -Before=network-online.target nss-lookup.target -Wants=nss-lookup.target +After=network-online.target +Before=nss-lookup.target +Wants=network-online.target nss-lookup.target [Install] WantedBy=multi-user.target @@ -66,7 +66,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources diff --git a/contrib/unbound_portable.service.in b/contrib/unbound_portable.service.in index 998b66dec..e763763f0 100644 --- a/contrib/unbound_portable.service.in +++ b/contrib/unbound_portable.service.in @@ -38,7 +38,7 @@ ProtectSystem=strict RuntimeDirectory=unbound ConfigurationDirectory=unbound StateDirectory=unbound -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX RestrictRealtime=true SystemCallArchitectures=native SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete @resources diff --git a/daemon/daemon.c b/daemon/daemon.c index 5d4279259..a11d50a9b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -77,6 +77,7 @@ #include "util/storage/lookup3.h" #include "util/storage/slabhash.h" #include "util/tcp_conn_limit.h" +#include "util/edns.h" #include "services/listen_dnsport.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" @@ -290,6 +291,15 @@ daemon_init(void) free(daemon); return NULL; } + if(!(daemon->env->edns_strings = edns_strings_create())) { + auth_zones_delete(daemon->env->auth_zones); + acl_list_delete(daemon->acl); + tcl_list_delete(daemon->tcl); + edns_known_options_delete(daemon->env); + free(daemon->env); + free(daemon); + return NULL; + } return daemon; } @@ -298,6 +308,8 @@ daemon_open_shared_ports(struct daemon* daemon) { log_assert(daemon); if(daemon->cfg->port != daemon->listening_port) { + char** resif = NULL; + int num_resif = 0; size_t i; struct listen_port* p0; daemon->reuseport = 0; @@ -308,15 +320,18 @@ daemon_open_shared_ports(struct daemon* daemon) free(daemon->ports); daemon->ports = NULL; } + if(!resolve_interface_names(daemon->cfg, &resif, &num_resif)) + return 0; /* see if we want to reuseport */ #ifdef SO_REUSEPORT if(daemon->cfg->so_reuseport && daemon->cfg->num_threads > 0) daemon->reuseport = 1; #endif /* try to use reuseport */ - p0 = listening_ports_open(daemon->cfg, &daemon->reuseport); + p0 = listening_ports_open(daemon->cfg, resif, num_resif, &daemon->reuseport); if(!p0) { listening_ports_free(p0); + config_del_strarray(resif, num_resif); return 0; } if(daemon->reuseport) { @@ -330,6 +345,7 @@ daemon_open_shared_ports(struct daemon* daemon) if(!(daemon->ports = (struct listen_port**)calloc( daemon->num_ports, sizeof(*daemon->ports)))) { listening_ports_free(p0); + config_del_strarray(resif, num_resif); return 0; } daemon->ports[0] = p0; @@ -338,16 +354,19 @@ daemon_open_shared_ports(struct daemon* daemon) for(i=1; inum_ports; i++) { if(!(daemon->ports[i]= listening_ports_open(daemon->cfg, + resif, num_resif, &daemon->reuseport)) || !daemon->reuseport ) { for(i=0; inum_ports; i++) listening_ports_free(daemon->ports[i]); free(daemon->ports); daemon->ports = NULL; + config_del_strarray(resif, num_resif); return 0; } } } + config_del_strarray(resif, num_resif); daemon->listening_port = daemon->cfg->port; } if(!daemon->cfg->remote_control_enable && daemon->rc_port) { @@ -619,6 +638,10 @@ daemon_fork(struct daemon* daemon) &daemon->use_rpz)) fatal_exit("auth_zones could not be setup"); + /* Set-up EDNS strings */ + if(!edns_strings_apply_cfg(daemon->env->edns_strings, daemon->cfg)) + fatal_exit("Could not set up EDNS strings"); + /* setup modules */ daemon_setup_modules(daemon); @@ -750,6 +773,7 @@ daemon_delete(struct daemon* daemon) rrset_cache_delete(daemon->env->rrset_cache); infra_delete(daemon->env->infra_cache); edns_known_options_delete(daemon->env); + edns_strings_delete(daemon->env->edns_strings); auth_zones_delete(daemon->env->auth_zones); } ub_randfree(daemon->rand); diff --git a/daemon/remote.c b/daemon/remote.c index aa263d074..64057a57b 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -329,7 +329,8 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, /* open fd */ fd = create_tcp_accept_sock(res, 1, &noproto, 0, - cfg->ip_transparent, 0, cfg->ip_freebind, cfg->use_systemd, cfg->ip_dscp); + cfg->ip_transparent, 0, 0, cfg->ip_freebind, + cfg->use_systemd, cfg->ip_dscp); freeaddrinfo(res); } @@ -348,11 +349,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err, /* alloc */ n = (struct listen_port*)calloc(1, sizeof(*n)); if(!n) { -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif + sock_close(fd); log_err("out of memory"); return 0; } @@ -461,11 +458,7 @@ int remote_accept_callback(struct comm_point* c, void* arg, int err, if(rc->active >= rc->max_active) { log_warn("drop incoming remote control: too many connections"); close_exit: -#ifndef USE_WINSOCK - close(newfd); -#else - closesocket(newfd); -#endif + sock_close(newfd); return 0; } @@ -574,11 +567,8 @@ ssl_print_text(RES* res, const char* text) if(r == -1) { if(errno == EAGAIN || errno == EINTR) continue; -#ifndef USE_WINSOCK - log_err("could not send: %s", strerror(errno)); -#else - log_err("could not send: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("could not send: %s", + sock_strerror(errno)); return 0; } at += r; @@ -635,11 +625,8 @@ ssl_read_line(RES* res, char* buf, size_t max) } if(errno == EINTR || errno == EAGAIN) continue; -#ifndef USE_WINSOCK - log_err("could not recv: %s", strerror(errno)); -#else - log_err("could not recv: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("could not recv: %s", + sock_strerror(errno)); return 0; } break; @@ -862,6 +849,12 @@ print_mem(RES* ssl, struct worker* worker, struct daemon* daemon, if(!print_longnum(ssl, "mem.streamwait"SQ, (size_t)s->svr.mem_stream_wait)) return 0; + if(!print_longnum(ssl, "mem.http.query_buffer"SQ, + (size_t)s->svr.mem_http2_query_buffer)) + return 0; + if(!print_longnum(ssl, "mem.http.response_buffer"SQ, + (size_t)s->svr.mem_http2_response_buffer)) + return 0; return 1; } @@ -988,6 +981,8 @@ print_ext(RES* ssl, struct ub_stats_info* s) (unsigned long)s->svr.qtls_resume)) return 0; if(!ssl_printf(ssl, "num.query.ipv6"SQ"%lu\n", (unsigned long)s->svr.qipv6)) return 0; + if(!ssl_printf(ssl, "num.query.https"SQ"%lu\n", + (unsigned long)s->svr.qhttps)) return 0; /* flags */ if(!ssl_printf(ssl, "num.query.flags.QR"SQ"%lu\n", (unsigned long)s->svr.qbit_QR)) return 0; @@ -2865,6 +2860,57 @@ do_ip_ratelimit_list(RES* ssl, struct worker* worker, char* arg) slabhash_traverse(a.infra->client_ip_rates, 0, ip_rate_list, &a); } +/** do the rpz_enable/disable command */ +static void +do_rpz_enable_disable(RES* ssl, struct worker* worker, char* arg, int enable) { + size_t nmlen; + int nmlabs; + uint8_t *nm = NULL; + struct auth_zones *az = worker->env.auth_zones; + struct auth_zone *z = NULL; + if (!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs)) + return; + if (az) { + lock_rw_rdlock(&az->lock); + z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN); + if (z) { + lock_rw_wrlock(&z->lock); + } + lock_rw_unlock(&az->lock); + } + free(nm); + if (!z) { + (void) ssl_printf(ssl, "error no auth-zone %s\n", arg); + return; + } + if (!z->rpz) { + (void) ssl_printf(ssl, "error auth-zone %s not RPZ\n", arg); + lock_rw_unlock(&z->lock); + return; + } + if (enable) { + rpz_enable(z->rpz); + } else { + rpz_disable(z->rpz); + } + lock_rw_unlock(&z->lock); + send_ok(ssl); +} + +/** do the rpz_enable command */ +static void +do_rpz_enable(RES* ssl, struct worker* worker, char* arg) +{ + do_rpz_enable_disable(ssl, worker, arg, 1); +} + +/** do the rpz_disable command */ +static void +do_rpz_disable(RES* ssl, struct worker* worker, char* arg) +{ + do_rpz_enable_disable(ssl, worker, arg, 0); +} + /** tell other processes to execute the command */ static void distribute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd) @@ -3065,6 +3111,10 @@ execute_cmd(struct daemon_remote* rc, RES* ssl, char* cmd, do_flush_bogus(ssl, worker); } else if(cmdcmp(p, "flush_negative", 14)) { do_flush_negative(ssl, worker); + } else if(cmdcmp(p, "rpz_enable", 10)) { + do_rpz_enable(ssl, worker, skipwhite(p+10)); + } else if(cmdcmp(p, "rpz_disable", 11)) { + do_rpz_disable(ssl, worker, skipwhite(p+11)); } else { (void)ssl_printf(ssl, "error unknown command '%s'\n", p); } @@ -3116,11 +3166,7 @@ handle_req(struct daemon_remote* rc, struct rc_state* s, RES* res) if(rr == 0) return; if(errno == EINTR || errno == EAGAIN) continue; -#ifndef USE_WINSOCK - log_err("could not recv: %s", strerror(errno)); -#else - log_err("could not recv: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("could not recv: %s", sock_strerror(errno)); return; } r = (int)rr; diff --git a/daemon/stats.c b/daemon/stats.c index a568ba070..8720a52d6 100644 --- a/daemon/stats.c +++ b/daemon/stats.c @@ -271,6 +271,7 @@ server_stats_compile(struct worker* worker, struct ub_stats_info* s, int reset) s->svr.ans_secure += (long long)worker->env.mesh->ans_secure; s->svr.ans_bogus += (long long)worker->env.mesh->ans_bogus; s->svr.ans_rcode_nodata += (long long)worker->env.mesh->ans_nodata; + s->svr.ans_expired += (long long)worker->env.mesh->ans_expired; for(i=0; isvr.ans_rcode[i] += (long long)worker->env.mesh->ans_rcode[i]; for(i=0; isvr.mem_stream_wait = (long long)tcp_req_info_get_stream_buffer_size(); + s->svr.mem_http2_query_buffer = + (long long)http2_get_query_buffer_size(); + s->svr.mem_http2_response_buffer = + (long long)http2_get_response_buffer_size(); /* Set neg cache usage numbers */ set_neg_cache_stats(worker, &s->svr, reset); @@ -421,6 +426,7 @@ void server_stats_add(struct ub_stats_info* total, struct ub_stats_info* a) total->svr.qtcp_outgoing += a->svr.qtcp_outgoing; total->svr.qtls += a->svr.qtls; total->svr.qtls_resume += a->svr.qtls_resume; + total->svr.qhttps += a->svr.qhttps; total->svr.qipv6 += a->svr.qipv6; total->svr.qbit_QR += a->svr.qbit_QR; total->svr.qbit_AA += a->svr.qbit_AA; @@ -484,6 +490,8 @@ void server_stats_insquery(struct ub_server_stats* stats, struct comm_point* c, if(SSL_session_reused(c->ssl)) stats->qtls_resume++; #endif + if(c->type == comm_http) + stats->qhttps++; } } if(repinfo && addr_is_ip6(&repinfo->addr, repinfo->addrlen)) diff --git a/daemon/unbound.c b/daemon/unbound.c index 3f96603c4..bc6d2bc9e 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -92,7 +92,7 @@ #include #endif -#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH) #undef HAVE_FORK #endif @@ -337,22 +337,44 @@ readpid (const char* file) /** write pid to file. * @param pidfile: file name of pid file. * @param pid: pid to write to file. + * @return false on failure */ -static void +static int writepid (const char* pidfile, pid_t pid) { - FILE* f; + int fd; + char pidbuf[32]; + size_t count = 0; + snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid); - if ((f = fopen(pidfile, "w")) == NULL ) { + if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + , 0644)) == -1) { log_err("cannot open pidfile %s: %s", pidfile, strerror(errno)); - return; + return 0; } - if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) { - log_err("cannot write to pidfile %s: %s", - pidfile, strerror(errno)); + while(count < strlen(pidbuf)) { + ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count); + if(r == -1) { + if(errno == EAGAIN || errno == EINTR) + continue; + log_err("cannot write to pidfile %s: %s", + pidfile, strerror(errno)); + close(fd); + return 0; + } else if(r == 0) { + log_err("cannot write any bytes to pidfile %s: " + "write returns 0 bytes written", pidfile); + close(fd); + return 0; + } + count += r; } - fclose(f); + close(fd); + return 1; } /** @@ -506,16 +528,17 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, /* write new pidfile (while still root, so can be outside chroot) */ #ifdef HAVE_KILL if(cfg->pidfile && cfg->pidfile[0] && need_pidfile) { - writepid(daemon->pidfile, getpid()); - if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 && - pidinchroot) { + if(writepid(daemon->pidfile, getpid())) { + if(cfg->username && cfg->username[0] && cfg_uid != (uid_t)-1 && + pidinchroot) { # ifdef HAVE_CHOWN - if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { - verbose(VERB_QUERY, "cannot chown %u.%u %s: %s", - (unsigned)cfg_uid, (unsigned)cfg_gid, - daemon->pidfile, strerror(errno)); - } + if(chown(daemon->pidfile, cfg_uid, cfg_gid) == -1) { + verbose(VERB_QUERY, "cannot chown %u.%u %s: %s", + (unsigned)cfg_uid, (unsigned)cfg_gid, + daemon->pidfile, strerror(errno)); + } # endif /* HAVE_CHOWN */ + } } } #else diff --git a/daemon/worker.c b/daemon/worker.c index 23e3244c5..37a8e1fe0 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -513,7 +513,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, - msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + msg->rep, LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) return 0; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); @@ -544,7 +545,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, msg->rep, - (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad)) + (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad, + worker->env.now_tv)) return 0; msg->rep->flags |= BIT_QR|BIT_RA; if(!apply_edns_options(edns, &edns_bak, worker->env.cfg, @@ -553,7 +555,8 @@ answer_norec_from_cache(struct worker* worker, struct query_info* qinfo, repinfo->c->buffer, 0, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), secure)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) edns->opt_list = NULL; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, &msg->qinfo, id, flags, edns); @@ -576,7 +579,7 @@ apply_respip_action(struct worker* worker, const struct query_info* qinfo, struct comm_reply* repinfo, struct ub_packed_rrset_key** alias_rrset, struct reply_info** encode_repp, struct auth_zones* az) { - struct respip_action_info actinfo = {0}; + struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; actinfo.action = respip_none; if(qinfo->qtype != LDNS_RR_TYPE_A && @@ -684,7 +687,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, rep, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) goto bail_out; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); @@ -718,7 +722,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_cache_call(&worker->env, qinfo, NULL, rep, - (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad)) + (int)(flags&LDNS_RCODE_MASK), edns, repinfo, worker->scratchpad, + worker->env.now_tv)) goto bail_out; *alias_rrset = NULL; /* avoid confusion if caller set it to non-NULL */ if((worker->daemon->use_response_ip || worker->daemon->use_rpz) && @@ -754,7 +759,8 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo, repinfo->c->buffer, timenow, 1, worker->scratchpad, udpsize, edns, (int)(edns->bits & EDNS_DO), *is_secure_answer)) { if(!inplace_cb_reply_servfail_call(&worker->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_SERVFAIL, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) edns->opt_list = NULL; error_encode(repinfo->c->buffer, LDNS_RCODE_SERVFAIL, qinfo, id, flags, edns); @@ -842,7 +848,8 @@ chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns, edns->udp_size = EDNS_ADVERTISED_SIZE; edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL, - LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad)) + LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad, + worker->env.now_tv)) edns->opt_list = NULL; if(sldns_buffer_capacity(pkt) >= sldns_buffer_limit(pkt)+calc_edns_field_size(edns)) @@ -1109,7 +1116,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, struct respip_client_info* cinfo = NULL, cinfo_tmp; memset(&qinfo, 0, sizeof(qinfo)); - if(error != NETEVENT_NOERROR || !repinfo) { + if((error != NETEVENT_NOERROR && error != NETEVENT_DONE)|| !repinfo) { /* some bad tcp query DNS formats give these error calls */ verbose(VERB_ALGO, "handle request called with err=%d", error); return 0; @@ -1219,7 +1226,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_QR_SET(sldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), LDNS_RCODE_FORMERR); - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(worker->env.cfg->log_queries) { @@ -1237,7 +1243,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_RCODE_REFUSED); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; - server_stats_insrcode(&worker->stats, c->buffer); } goto send_reply; } @@ -1259,7 +1264,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_RCODE_FORMERR); if(worker->stats.extended) { worker->stats.qtype[qinfo.qtype]++; - server_stats_insrcode(&worker->stats, c->buffer); } goto send_reply; } @@ -1275,7 +1279,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), &reply_edns); regional_free_all(worker->scratchpad); - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(edns.edns_present) { @@ -1354,7 +1357,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, edns.udp_size = 65535; /* max size for TCP replies */ if(qinfo.qclass == LDNS_RR_CLASS_CH && answer_chaos(worker, &qinfo, &edns, repinfo, c->buffer)) { - server_stats_insrcode(&worker->stats, c->buffer); regional_free_all(worker->scratchpad); goto send_reply; } @@ -1375,7 +1377,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, comm_point_drop_reply(repinfo); return 0; } - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(worker->env.auth_zones && @@ -1387,7 +1388,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, comm_point_drop_reply(repinfo); return 0; } - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } if(worker->env.auth_zones && @@ -1403,7 +1403,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, if(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer)) && acl != acl_deny_non_local && acl != acl_refuse_non_local) LDNS_RA_SET(sldns_buffer_begin(c->buffer)); - server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } @@ -1432,7 +1431,6 @@ worker_handle_request(struct comm_point* c, void* arg, int error, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), sldns_buffer_read_u16_at(c->buffer, 2), NULL); regional_free_all(worker->scratchpad); - server_stats_insrcode(&worker->stats, c->buffer); log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -1588,9 +1586,9 @@ send_reply_rc: if(is_expired_answer) { worker->stats.ans_expired++; } + server_stats_insrcode(&worker->stats, c->buffer); if(worker->stats.extended) { if(is_secure_answer) worker->stats.ans_secure++; - server_stats_insrcode(&worker->stats, repinfo->c->buffer); } #ifdef USE_DNSTAP if(worker->dtenv.log_client_response_messages) @@ -1726,14 +1724,6 @@ worker_create(struct daemon* daemon, int id, int* ports, int n) return NULL; } explicit_bzero(&seed, sizeof(seed)); -#ifdef USE_DNSTAP - if(daemon->cfg->dnstap) { - log_assert(daemon->dtenv != NULL); - memcpy(&worker->dtenv, daemon->dtenv, sizeof(struct dt_env)); - if(!dt_init(&worker->dtenv)) - fatal_exit("dt_init failed"); - } -#endif return worker; } @@ -1792,13 +1782,22 @@ worker_init(struct worker* worker, struct config_file *cfg, } else { /* !do_sigs */ worker->comsig = NULL; } +#ifdef USE_DNSTAP + if(cfg->dnstap) { + log_assert(worker->daemon->dtenv != NULL); + memcpy(&worker->dtenv, worker->daemon->dtenv, sizeof(struct dt_env)); + if(!dt_init(&worker->dtenv, worker->base)) + fatal_exit("dt_init failed"); + } +#endif worker->front = listen_create(worker->base, ports, cfg->msg_buffer_size, (int)cfg->incoming_num_tcp, cfg->do_tcp_keepalive ? cfg->tcp_keepalive_timeout : cfg->tcp_idle_timeout, - worker->daemon->tcl, - worker->daemon->listen_sslctx, + cfg->harden_large_queries, cfg->http_max_streams, + cfg->http_endpoint, cfg->http_notls_downstream, + worker->daemon->tcl, worker->daemon->listen_sslctx, dtenv, worker_handle_request, worker); if(!worker->front) { log_err("could not create listening sockets"); @@ -1815,7 +1814,7 @@ worker_init(struct worker* worker, struct config_file *cfg, &worker_alloc_cleanup, worker, cfg->do_udp || cfg->udp_upstream_without_downstream, worker->daemon->connect_sslctx, cfg->delay_close, - cfg->tls_use_sni, dtenv); + cfg->tls_use_sni, dtenv, cfg->udp_connect); if(!worker->back) { log_err("could not create outgoing sockets"); worker_delete(worker); diff --git a/dns64/dns64.c b/dns64/dns64.c index 39fd8778c..c79bc9c65 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -198,14 +198,17 @@ uitoa(unsigned n, char* s) static uint32_t extract_ipv4(const uint8_t ipv6[], size_t ipv6_len, const int offset) { - uint32_t ipv4; + uint32_t ipv4 = 0; + int i, pos; log_assert(ipv6_len == 16); (void)ipv6_len; - ipv4 = (uint32_t)ipv6[offset/8+0] << (24 + (offset%8)) - | (uint32_t)ipv6[offset/8+1] << (16 + (offset%8)) - | (uint32_t)ipv6[offset/8+2] << ( 8 + (offset%8)) - | (uint32_t)ipv6[offset/8+3] << ( 0 + (offset%8)); - if (offset/8+4 < 16) - ipv4 |= (uint32_t)ipv6[offset/8+4] >> (8 - offset%8); + log_assert(offset == 32 || offset == 40 || offset == 48 || offset == 56 || + offset == 64 || offset == 96); + for(i = 0, pos = offset / 8; i < 4; i++, pos++) { + if (pos == 8) + pos++; + ipv4 = ipv4 << 8; + ipv4 |= ipv6[pos]; + } return ipv4; } @@ -296,18 +299,18 @@ synthesize_aaaa(const uint8_t prefix_addr[], size_t prefix_addr_len, int prefix_net, const uint8_t a[], size_t a_len, uint8_t aaaa[], size_t aaaa_len) { + size_t i; + int pos; log_assert(prefix_addr_len == 16 && a_len == 4 && aaaa_len == 16); + log_assert(prefix_net == 32 || prefix_net == 40 || prefix_net == 48 || + prefix_net == 56 || prefix_net == 64 || prefix_net == 96); (void)prefix_addr_len; (void)a_len; (void)aaaa_len; memcpy(aaaa, prefix_addr, 16); - aaaa[prefix_net/8+0] |= a[0] >> (0+prefix_net%8); - aaaa[prefix_net/8+1] |= a[0] << (8-prefix_net%8); - aaaa[prefix_net/8+1] |= a[1] >> (0+prefix_net%8); - aaaa[prefix_net/8+2] |= a[1] << (8-prefix_net%8); - aaaa[prefix_net/8+2] |= a[2] >> (0+prefix_net%8); - aaaa[prefix_net/8+3] |= a[2] << (8-prefix_net%8); - aaaa[prefix_net/8+3] |= a[3] >> (0+prefix_net%8); - if (prefix_net/8+4 < 16) /* <-- my beautiful symmetry is destroyed! */ - aaaa[prefix_net/8+4] |= a[3] << (8-prefix_net%8); + for(i = 0, pos = prefix_net / 8; i < a_len; i++, pos++) { + if(pos == 8) + aaaa[pos++] = 0; + aaaa[pos] = a[i]; + } } @@ -374,8 +377,10 @@ dns64_apply_cfg(struct dns64_env* dns64_env, struct config_file* cfg) log_err("dns64_prefix is not IPv6: %s", cfg->dns64_prefix); return 0; } - if (dns64_env->prefix_net < 0 || dns64_env->prefix_net > 96) { - log_err("dns64-prefix length it not between 0 and 96: %s", + if (dns64_env->prefix_net != 32 && dns64_env->prefix_net != 40 && + dns64_env->prefix_net != 48 && dns64_env->prefix_net != 56 && + dns64_env->prefix_net != 64 && dns64_env->prefix_net != 96 ) { + log_err("dns64-prefix length it not 32, 40, 48, 56, 64 or 96: %s", cfg->dns64_prefix); return 0; } diff --git a/dnscrypt/dnscrypt.m4 b/dnscrypt/dnscrypt.m4 index 591bd1375..68964242a 100644 --- a/dnscrypt/dnscrypt.m4 +++ b/dnscrypt/dnscrypt.m4 @@ -11,7 +11,7 @@ AC_DEFUN([dnsc_DNSCRYPT], [opt_dnscrypt=$enableval], [opt_dnscrypt=no]) if test "x$opt_dnscrypt" != "xno"; then - AC_ARG_WITH([libsodium], AC_HELP_STRING([--with-libsodium=path], + AC_ARG_WITH([libsodium], AS_HELP_STRING([--with-libsodium=path], [Path where libsodium is installed, for dnscrypt]), [ CFLAGS="$CFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib" diff --git a/dnstap/dnstap.c b/dnstap/dnstap.c index cc5449dff..b8a321670 100644 --- a/dnstap/dnstap.c +++ b/dnstap/dnstap.c @@ -134,9 +134,13 @@ dt_create(struct config_file* cfg) if(cfg->dnstap && cfg->dnstap_socket_path && cfg->dnstap_socket_path[0] && (cfg->dnstap_ip==NULL || cfg->dnstap_ip[0]==0)) { + char* p = cfg->dnstap_socket_path; + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(p, + cfg->chrootdir, strlen(cfg->chrootdir)) == 0) + p += strlen(cfg->chrootdir); verbose(VERB_OPS, "attempting to connect to dnstap socket %s", - cfg->dnstap_socket_path); - check_socket_file(cfg->dnstap_socket_path); + p); + check_socket_file(p); } env = (struct dt_env *) calloc(1, sizeof(struct dt_env)); @@ -240,9 +244,9 @@ dt_apply_cfg(struct dt_env *env, struct config_file *cfg) } int -dt_init(struct dt_env *env) +dt_init(struct dt_env *env, struct comm_base* base) { - env->msgqueue = dt_msg_queue_create(); + env->msgqueue = dt_msg_queue_create(base); if(!env->msgqueue) { log_err("malloc failure"); return 0; diff --git a/dnstap/dnstap.h b/dnstap/dnstap.h index cfef6fc42..783b8c514 100644 --- a/dnstap/dnstap.h +++ b/dnstap/dnstap.h @@ -101,10 +101,11 @@ dt_apply_cfg(struct dt_env *env, struct config_file *cfg); /** * Initialize per-worker state in dnstap environment object. * @param env: dnstap environment object to initialize, created with dt_create(). + * @param base: event base for wakeup timer. * @return: true on success, false on failure. */ int -dt_init(struct dt_env *env); +dt_init(struct dt_env *env, struct comm_base* base); /** * Deletes the per-worker state created by dt_init diff --git a/dnstap/dnstap.m4 b/dnstap/dnstap.m4 index ba723e0be..1ff6c3fea 100644 --- a/dnstap/dnstap.m4 +++ b/dnstap/dnstap.m4 @@ -20,7 +20,7 @@ AC_DEFUN([dt_DNSTAP], if test -z "$PROTOC_C"; then AC_MSG_ERROR([The protoc-c program was not found. Please install protobuf-c!]) fi - AC_ARG_WITH([protobuf-c], AC_HELP_STRING([--with-protobuf-c=path], + AC_ARG_WITH([protobuf-c], AS_HELP_STRING([--with-protobuf-c=path], [Path where protobuf-c is installed, for dnstap]), [ # workaround for protobuf-c includes at old dir before protobuf-c-1.0.0 if test -f $withval/include/google/protobuf-c/protobuf-c.h; then diff --git a/dnstap/dtstream.c b/dnstap/dtstream.c index dda3ef1ff..f1ace3c34 100644 --- a/dnstap/dtstream.c +++ b/dnstap/dtstream.c @@ -68,6 +68,8 @@ #define DTIO_RECONNECT_TIMEOUT_MAX 1000 /** the msec to wait for reconnect slow, to stop busy spinning on reconnect */ #define DTIO_RECONNECT_TIMEOUT_SLOW 1000 +/** number of messages before wakeup of thread */ +#define DTIO_MSG_FOR_WAKEUP 32 /** maximum length of received frame */ #define DTIO_RECV_FRAME_MAX_LEN 1000 @@ -99,13 +101,18 @@ static int dtio_enable_brief_write(struct dt_io_thread* dtio); #endif struct dt_msg_queue* -dt_msg_queue_create(void) +dt_msg_queue_create(struct comm_base* base) { struct dt_msg_queue* mq = calloc(1, sizeof(*mq)); if(!mq) return NULL; mq->maxsize = 1*1024*1024; /* set max size of buffer, per worker, about 1 M should contain 64K messages with some overhead, or a whole bunch smaller ones */ + mq->wakeup_timer = comm_timer_create(base, mq_wakeup_cb, mq); + if(!mq->wakeup_timer) { + free(mq); + return NULL; + } lock_basic_init(&mq->lock); lock_protect(&mq->lock, mq, sizeof(*mq)); return mq; @@ -125,6 +132,7 @@ dt_msg_queue_clear(struct dt_msg_queue* mq) mq->first = NULL; mq->last = NULL; mq->cursize = 0; + mq->msgcount = 0; } void @@ -133,6 +141,7 @@ dt_msg_queue_delete(struct dt_msg_queue* mq) if(!mq) return; lock_basic_destroy(&mq->lock); dt_msg_queue_clear(mq); + comm_timer_delete(mq->wakeup_timer); free(mq); } @@ -149,25 +158,71 @@ static void dtio_wakeup(struct dt_io_thread* dtio) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) continue; - log_err("dnstap io wakeup: write: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) continue; if(WSAGetLastError() == WSAEWOULDBLOCK) continue; - log_err("dnstap io stop: write: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io wakeup: write: %s", + sock_strerror(errno)); break; } break; } } +void +mq_wakeup_cb(void* arg) +{ + struct dt_msg_queue* mq = (struct dt_msg_queue*)arg; + /* even if the dtio is already active, because perhaps much + * traffic suddenly, we leave the timer running to save on + * managing it, the once a second timer is less work then + * starting and stopping the timer frequently */ + lock_basic_lock(&mq->dtio->wakeup_timer_lock); + mq->dtio->wakeup_timer_enabled = 0; + lock_basic_unlock(&mq->dtio->wakeup_timer_lock); + dtio_wakeup(mq->dtio); +} + +/** start timer to wakeup dtio because there is content in the queue */ +static void +dt_msg_queue_start_timer(struct dt_msg_queue* mq) +{ + struct timeval tv; + /* Start a timer to process messages to be logged. + * If we woke up the dtio thread for every message, the wakeup + * messages take up too much processing power. If the queue + * fills up the wakeup happens immediately. The timer wakes it up + * if there are infrequent messages to log. */ + + /* we cannot start a timer in dtio thread, because it is a different + * thread and its event base is in use by the other thread, it would + * give race conditions if we tried to modify its event base, + * and locks would wait until it woke up, and this is what we do. */ + + /* do not start the timer if a timer already exists, perhaps + * in another worker. So this variable is protected by a lock in + * dtio */ + lock_basic_lock(&mq->dtio->wakeup_timer_lock); + if(mq->dtio->wakeup_timer_enabled) { + lock_basic_unlock(&mq->dtio->wakeup_timer_lock); + return; + } + mq->dtio->wakeup_timer_enabled = 1; /* we are going to start one */ + lock_basic_unlock(&mq->dtio->wakeup_timer_lock); + + /* start the timer, in mq, in the event base of our worker */ + tv.tv_sec = 1; + tv.tv_usec = 0; + comm_timer_set(mq->wakeup_timer, &tv); +} + void dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) { - int wakeup = 0; + int wakeupnow = 0, wakeupstarttimer = 0; struct dt_msg_entry* entry; /* check conditions */ @@ -198,9 +253,15 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) /* aqcuire lock */ lock_basic_lock(&mq->lock); - /* list was empty, wakeup dtio */ + /* if list was empty, start timer for (eventual) wakeup */ if(mq->first == NULL) - wakeup = 1; + wakeupstarttimer = 1; + /* if list contains more than wakeupnum elements, wakeup now, + * or if list is (going to be) almost full */ + if(mq->msgcount == DTIO_MSG_FOR_WAKEUP || + (mq->cursize < mq->maxsize * 9 / 10 && + mq->cursize+len >= mq->maxsize * 9 / 10)) + wakeupnow = 1; /* see if it is going to fit */ if(mq->cursize + len > mq->maxsize) { /* buffer full, or congested. */ @@ -211,6 +272,7 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) return; } mq->cursize += len; + mq->msgcount ++; /* append to list */ if(mq->last) { mq->last->next = entry; @@ -221,13 +283,19 @@ dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len) /* release lock */ lock_basic_unlock(&mq->lock); - if(wakeup) + if(wakeupnow) { dtio_wakeup(mq->dtio); + } else if(wakeupstarttimer) { + dt_msg_queue_start_timer(mq); + } } struct dt_io_thread* dt_io_thread_create(void) { struct dt_io_thread* dtio = calloc(1, sizeof(*dtio)); + lock_basic_init(&dtio->wakeup_timer_lock); + lock_protect(&dtio->wakeup_timer_lock, &dtio->wakeup_timer_enabled, + sizeof(dtio->wakeup_timer_enabled)); return dtio; } @@ -235,6 +303,7 @@ void dt_io_thread_delete(struct dt_io_thread* dtio) { struct dt_io_list_item* item, *nextitem; if(!dtio) return; + lock_basic_destroy(&dtio->wakeup_timer_lock); item=dtio->io_list; while(item) { nextitem = item->next; @@ -272,14 +341,19 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg) dtio->is_bidirectional = cfg->dnstap_bidirectional; if(dtio->upstream_is_unix) { + char* nm; if(!cfg->dnstap_socket_path || cfg->dnstap_socket_path[0]==0) { log_err("dnstap setup: no dnstap-socket-path for " "socket connect"); return 0; } + nm = cfg->dnstap_socket_path; + if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, + cfg->chrootdir, strlen(cfg->chrootdir)) == 0) + nm += strlen(cfg->chrootdir); free(dtio->socket_path); - dtio->socket_path = strdup(cfg->dnstap_socket_path); + dtio->socket_path = strdup(nm); if(!dtio->socket_path) { log_err("dnstap setup: malloc failure"); return 0; @@ -416,6 +490,7 @@ static int dt_msg_queue_pop(struct dt_msg_queue* mq, void** buf, mq->first = entry->next; if(!entry->next) mq->last = NULL; mq->cursize -= entry->len; + mq->msgcount --; lock_basic_unlock(&mq->lock); *buf = entry->buf; @@ -587,11 +662,7 @@ static void dtio_del_output_event(struct dt_io_thread* dtio) /** close dtio socket and set it to -1 */ static void dtio_close_fd(struct dt_io_thread* dtio) { -#ifndef USE_WINSOCK - close(dtio->fd); -#else - closesocket(dtio->fd); -#endif + sock_close(dtio->fd); dtio->fd = -1; } @@ -659,13 +730,8 @@ static int dtio_check_nb_connect(struct dt_io_thread* dtio) char* to = dtio->socket_path; if(!to) to = dtio->ip_str; if(!to) to = ""; -#ifndef USE_WINSOCK log_err("dnstap io: failed to connect to \"%s\": %s", - to, strerror(error)); -#else - log_err("dnstap io: failed to connect to \"%s\": %s", - to, wsa_strerror(error)); -#endif + to, sock_strerror(error)); return -1; /* error, close it */ } @@ -742,7 +808,6 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf, #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 0; - log_err("dnstap io: failed send: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) return 0; @@ -752,9 +817,8 @@ static int dtio_write_buf(struct dt_io_thread* dtio, uint8_t* buf, UB_EV_WRITE); return 0; } - log_err("dnstap io: failed send: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io: failed send: %s", sock_strerror(errno)); return -1; } return ret; @@ -778,7 +842,6 @@ static int dtio_write_with_writev(struct dt_io_thread* dtio) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 0; - log_err("dnstap io: failed writev: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) return 0; @@ -788,9 +851,8 @@ static int dtio_write_with_writev(struct dt_io_thread* dtio) UB_EV_WRITE); return 0; } - log_err("dnstap io: failed writev: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io: failed writev: %s", sock_strerror(errno)); /* close the channel */ dtio_del_output_event(dtio); dtio_close_output(dtio); @@ -1115,6 +1177,8 @@ static int dtio_read_accept_frame(struct dt_io_thread* dtio) goto close_connection; } dtio->accept_frame_received = 1; + if(!dtio_add_output_event_write(dtio)) + goto close_connection; return 1; } else { /* unknow content type */ @@ -1482,15 +1546,13 @@ void dtio_cmd_cb(int fd, short ATTR_UNUSED(bits), void* arg) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return; /* ignore this */ - log_err("dnstap io: failed to read: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) return; if(WSAGetLastError() == WSAEWOULDBLOCK) return; - log_err("dnstap io: failed to read: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io: failed to read: %s", sock_strerror(errno)); /* and then fall through to quit the thread */ } else if(r == 0) { verbose(VERB_ALGO, "dnstap io: cmd channel closed"); @@ -1852,13 +1914,8 @@ static int dtio_open_output_local(struct dt_io_thread* dtio) struct sockaddr_un s; dtio->fd = socket(AF_LOCAL, SOCK_STREAM, 0); if(dtio->fd == -1) { -#ifndef USE_WINSOCK log_err("dnstap io: failed to create socket: %s", - strerror(errno)); -#else - log_err("dnstap io: failed to create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + sock_strerror(errno)); return 0; } memset(&s, 0, sizeof(s)); @@ -1873,13 +1930,13 @@ static int dtio_open_output_local(struct dt_io_thread* dtio) if(connect(dtio->fd, (struct sockaddr*)&s, (socklen_t)sizeof(s)) == -1) { char* to = dtio->socket_path; -#ifndef USE_WINSOCK + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) { + dtio_close_fd(dtio); + return 0; /* no log retries on low verbosity */ + } log_err("dnstap io: failed to connect to \"%s\": %s", - to, strerror(errno)); -#else - log_err("dnstap io: failed to connect to \"%s\": %s", - to, wsa_strerror(WSAGetLastError())); -#endif + to, sock_strerror(errno)); dtio_close_fd(dtio); return 0; } @@ -1904,18 +1961,18 @@ static int dtio_open_output_tcp(struct dt_io_thread* dtio) } dtio->fd = socket(addr.ss_family, SOCK_STREAM, 0); if(dtio->fd == -1) { -#ifndef USE_WINSOCK - log_err("can't create socket: %s", strerror(errno)); -#else - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + log_err("can't create socket: %s", sock_strerror(errno)); return 0; } fd_set_nonblock(dtio->fd); if(connect(dtio->fd, (struct sockaddr*)&addr, addrlen) == -1) { if(errno == EINPROGRESS) return 1; /* wait until connect done*/ + if(dtio->reconnect_timeout > DTIO_RECONNECT_TIMEOUT_MIN && + verbosity < 4) { + dtio_close_fd(dtio); + return 0; /* no log retries on low verbosity */ + } #ifndef USE_WINSOCK if(tcp_connect_errno_needs_log( (struct sockaddr *)&addr, addrlen)) { @@ -2097,15 +2154,14 @@ void dt_io_thread_stop(struct dt_io_thread* dtio) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) continue; - log_err("dnstap io stop: write: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS) continue; if(WSAGetLastError() == WSAEWOULDBLOCK) continue; - log_err("dnstap io stop: write: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("dnstap io stop: write: %s", + sock_strerror(errno)); break; } break; diff --git a/dnstap/dtstream.h b/dnstap/dtstream.h index ede491f30..f87d6dc8d 100644 --- a/dnstap/dtstream.h +++ b/dnstap/dtstream.h @@ -49,6 +49,7 @@ struct dt_msg_entry; struct dt_io_list_item; struct dt_io_thread; struct config_file; +struct comm_base; /** * A message buffer with dnstap messages queued up. It is per-worker. @@ -68,11 +69,15 @@ struct dt_msg_queue { /** current size of the buffer, in bytes. data bytes of messages. * If a new message make it more than maxsize, the buffer is full */ size_t cursize; + /** number of messages in the queue */ + int msgcount; /** list of messages. The messages are added to the back and taken * out from the front. */ struct dt_msg_entry* first, *last; /** reference to the io thread to wakeup */ struct dt_io_thread* dtio; + /** the wakeup timer for dtio, on worker event base */ + struct comm_timer* wakeup_timer; }; /** @@ -166,6 +171,10 @@ struct dt_io_thread { * for the current message length that precedes the frame */ size_t cur_msg_len_done; + /** lock on wakeup_timer_enabled */ + lock_basic_type wakeup_timer_lock; + /** if wakeup timer is enabled in some thread */ + int wakeup_timer_enabled; /** command pipe that stops the pipe if closed. Used to quit * the program. [0] is read, [1] is written to. */ int commandpipe[2]; @@ -233,9 +242,10 @@ struct dt_io_list_item { /** * Create new (empty) worker message queue. Limit set to default on max. + * @param base: event base for wakeup timer. * @return NULL on malloc failure or a new queue (not locked). */ -struct dt_msg_queue* dt_msg_queue_create(void); +struct dt_msg_queue* dt_msg_queue_create(struct comm_base* base); /** * Delete a worker message queue. It has to be unlinked from access, @@ -258,6 +268,9 @@ void dt_msg_queue_delete(struct dt_msg_queue* mq); */ void dt_msg_queue_submit(struct dt_msg_queue* mq, void* buf, size_t len); +/** timer callback to wakeup dtio thread to process messages */ +void mq_wakeup_cb(void* arg); + /** * Create IO thread. * @return new io thread object. not yet started. or NULL malloc failure. diff --git a/dnstap/unbound-dnstap-socket.c b/dnstap/unbound-dnstap-socket.c index 44a0eda95..8e28be4e8 100644 --- a/dnstap/unbound-dnstap-socket.c +++ b/dnstap/unbound-dnstap-socket.c @@ -278,57 +278,31 @@ static int make_tcp_accept(char* ip) } if((s = socket(addr.ss_family, SOCK_STREAM, 0)) == -1) { -#ifndef USE_WINSOCK - log_err("can't create socket: %s", strerror(errno)); -#else - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + log_err("can't create socket: %s", sock_strerror(errno)); return -1; } #ifdef SO_REUSEADDR if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + sock_strerror(errno)); + sock_close(s); return -1; } #endif /* SO_REUSEADDR */ if(bind(s, (struct sockaddr*)&addr, len) != 0) { -#ifndef USE_WINSOCK - log_err_addr("can't bind socket", strerror(errno), + log_err_addr("can't bind socket", sock_strerror(errno), &addr, len); - close(s); -#else - log_err_addr("can't bind socket", - wsa_strerror(WSAGetLastError()), &addr, len); - closesocket(s); -#endif + sock_close(s); return -1; } if(!fd_set_nonblock(s)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; } if(listen(s, LISTEN_BACKLOG) == -1) { -#ifndef USE_WINSOCK - log_err("can't listen: %s", strerror(errno)); - close(s); -#else - log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + log_err("can't listen: %s", sock_strerror(errno)); + sock_close(s); return -1; } return s; @@ -654,7 +628,6 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return -1; - log_err("could not recv: %s", strerror(errno)); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAEINPROGRESS) return -1; @@ -662,9 +635,8 @@ static ssize_t receive_bytes(struct tap_data* data, int fd, void* buf, ub_winsock_tcp_wouldblock(data->ev, UB_EV_READ); return -1; } - log_err("could not recv: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("could not recv: %s", sock_strerror(errno)); if(verbosity) log_info("dnstap client stream closed from %s", (data->id?data->id:"")); return 0; @@ -755,7 +727,7 @@ static ssize_t tap_receive(struct tap_data* data, void* buf, size_t len) } /** delete the tap structure */ -void tap_data_free(struct tap_data* data) +static void tap_data_free(struct tap_data* data) { ub_event_del(data->ev); ub_event_free(data->ev); @@ -796,12 +768,7 @@ static int reply_with_accept(struct tap_data* data) } } else { if(send(data->fd, acceptframe, len, 0) == -1) { -#ifndef USE_WINSOCK - log_err("send failed: %s", strerror(errno)); -#else - log_err("send failed: %s", - wsa_strerror(WSAGetLastError())); -#endif + log_err("send failed: %s", sock_strerror(errno)); fd_set_nonblock(data->fd); free(acceptframe); return 0; @@ -834,11 +801,7 @@ static int reply_with_finish(int fd) fd_set_block(fd); if(send(fd, finishframe, len, 0) == -1) { -#ifndef USE_WINSOCK - log_err("send failed: %s", strerror(errno)); -#else - log_err("send failed: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("send failed: %s", sock_strerror(errno)); fd_set_nonblock(fd); free(finishframe); return 0; @@ -1094,7 +1057,6 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) #endif /* EPROTO */ ) return; - log_err_addr("accept failed", strerror(errno), &addr, addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAECONNRESET) @@ -1103,9 +1065,9 @@ void dtio_mainfdcallback(int fd, short ATTR_UNUSED(bits), void* arg) ub_winsock_tcp_wouldblock(maindata->ev, UB_EV_READ); return; } - log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), - &addr, addrlen); #endif + log_err_addr("accept failed", sock_strerror(errno), &addr, + addrlen); return; } fd_set_nonblock(s); @@ -1204,9 +1166,12 @@ int sig_quit = 0; /** signal handler for user quit */ static RETSIGTYPE main_sigh(int sig) { - verbose(VERB_ALGO, "exit on signal %d\n", sig); - if(sig_base) + if(!sig_quit) + fprintf(stderr, "exit on signal %d\n", sig); + if(sig_base) { ub_event_base_loopexit(sig_base); + sig_base = NULL; + } sig_quit = 1; } @@ -1247,9 +1212,9 @@ setup_and_run(struct config_strlist_head* local_list, if(verbosity) log_info("start of service"); ub_event_base_dispatch(base); + sig_base = NULL; if(verbosity) log_info("end of service"); - sig_base = NULL; tap_socket_list_delete(maindata->acceptlist); ub_event_base_free(base); free(maindata); @@ -1390,6 +1355,10 @@ int main(int argc, char** argv) struct tube; struct query_info; #include "util/data/packed_rrset.h" +#include "daemon/worker.h" +#include "daemon/remote.h" +#include "util/fptr_wlist.h" +#include "libunbound/context.h" void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), diff --git a/doc/Changelog b/doc/Changelog index 3ee202c62..5cb33ef2e 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,376 @@ +22 January 2021: George + - Fix TTL of SOA record for negative answers (localzone and + authzone data) to be the minimum of the SOA TTL and the SOA.MINIMUM. + +19 January 2021: Willem + - Support for RFC5001: DNS Name Server Identifier (NSID) Option + with the nsid: option in unbound.conf + +18 January 2021: Wouter + - Fix #404: DNS query with small edns bufsize fail. + - Fix declaration before statement and signed comparison warning in + dns64. + +15 January 2021: Wouter + - Merge #402 from fobser: Implement IPv4-Embedded addresses according + to RFC6052. + +14 January 2021: Wouter + - Fix for #93: dynlibmodule import library is named libunbound.dll.a. + +13 January 2021: Wouter + - Merge #399 from xiangbao227: The lock of lruhash table should + unlocked after markdel entry. + - Fix for #93: dynlibmodule link fix for Windows. + +12 January 2021: Wouter + - Fix #397: [Feature request] add new type always_null to local-zone + similar to always_nxdomain. + - Fix so local zone types always_nodata and always_deny can be used + from the config file. + +8 January 2021: Wouter + - Merge PR #391 from fhriley: Add start_time to reply callbacks so + modules can compute the response time. + - For #391: use struct timeval* start_time for callback information. + - For #391: fix indentation. + - For #391: more double casts in python start time calculation. + - Add comment documentation. + - Fix clang analysis warning. + +6 January 2021: Wouter + - Fix #379: zone loading over HTTP appears to have buffer issues. + - Merge PR #395 from mptre: add missing null check. + - Fix #387: client-subnet-always-forward seems to effectively bypass + any caching? + +5 January 2021: Wouter + - Fix #385: autoconf 2.70 impacts unbound build + - Merge PR #375 by fhriley: Add rpz_enable and rpz_disable commands + to unbound-control. + +4 January 2021: Wouter + - For #376: Fix that comm point event is not double removed or double + added to event map. + - iana portlist updated. + +16 December 2020: George + - Fix error cases when udp-connect is set and send() returns an error + (modified patch from Xin Li @delphij). + +11 December 2020: Wouter + - Fix #371: unbound-control timeout when Unbound is not running. + - Fix to squelch permission denied and other errors from remote host, + they are logged at higher verbosity but not on low verbosity. + - Merge PR #335 from fobser: Sprinkle in some static to prevent + missing prototype warnings. + - Merge PR #373 from fobser: Warning: arithmetic on a pointer to void + is a GNU extension. + - Fix missing prototypes in the code. + +3 December 2020: Wouter + - make depend. + - iana portlist updated. + +2 December 2020: Wouter + - Fix #360: for the additionally reported TCP Fast Open makes TCP + connections fail, in that case we print a hint that this is + happening with the error in the logs. + - Fix #356: deadlock when listening tcp. + - Fix unbound-dnstap-socket to not use log routine from interrupt + handler and not print so frequently when invoked in sequence. + - Fix on windows to ignore connection failure on UDP, unless verbose. + - Fix for #283: fix stream reuse and tcp fast open. + - Fix update, with write event check with streamreuse and fastopen. + +1 December 2020: Wouter + - Fix #358: Squelch udp connect 'no route to host' errors on low + verbosity. + +30 November 2020: Wouter + - Fix assertion failure on double callback when iterator loses + interest in query at head of line that then has the tcp stream + not kept for reuse. + - tag for the 1.13.0rc4 release. This also became the 1.13.0 + release version on 3 dec 2020 with the streamreuse and fastopen + fix from 2 dec 2020. The code repo continues for 1.13.1 in + development. + +27 November 2020: Wouter + - Fix compile warning for type cast in http2_submit_dns_response. + - Fix when use free buffer to initialize rbtree for stream reuse. + - Fix compile warnings for windows. + - Fix compile warnings in rpz initialization. + - Fix contrib/metrics.awk for FreeBSD awk compatibility. + - tag for the 1.13.0rc3 release. + +26 November 2020: Wouter + - Fix to omit UDP receive errors from log, if verbosity low. + These happen because of udp-connect. + - For #352: contrib/metrics.awk for Prometheus style metrics output. + - Fix that after failed read, the readagain cannot activate. + - Clear readagain upon decommission of pending tcp structure. + +25 November 2020: Wouter + - with udp-connect ignore connection refused with UDP timeouts. + - Fix udp-connect on FreeBSD, do send calls on connected UDP socket. + - Better fix for reuse tree comparison for is-tls sockets. Where + the tree key identity is preserved after cleanup of the TLS state. + - Remove debug commands from reuse tests. + - Fix memory leak for edns client tag opcode config element. + - Attempt fix for libevent state in tcp reuse cases after a packet + is written. + - Fix readagain and writeagain callback functions for comm point + cleanup. + - tag for the 1.13.0rc2 release. + +24 November 2020: Wouter + - Merge PR #283 : Stream reuse. This implements upstream stream + reuse for performing several queries over the same TCP or TLS + channel. + - set version of main branch to 1.13.0 for upcoming release. + - iana portlist updated. + - Fix one port unit test for udp-connect. + - tag for the 1.13.0rc1 release. + - Fix crash when TLS connection is closed prematurely, when + reuse tree comparison is not properly identical to insertion. + - Fix padding of struct regional for 32bit systems. + +23 November 2020: George + - Merge PR #313 from Ralph Dolmans: Replace edns-client-tag with + edns-client-string option. + +23 November 2020: Wouter + - Merge #351 from dvzrv: Add AF_NETLINK to set of allowed socket + address families. + - Fix #350: with the AF_NETLINK permission, to fix 1.12.0 error: + failed to list interfaces: getifaddrs: Address family not + supported by protocol. + - Fix #347: IP_DONTFRAG broken on Apple xcode 12.2. + - Option to toggle udp-connect, default is enabled. + - Fix for #303 CVE-2020-28935 : Fix that symlink does not interfere + with chown of pidfile. + - Further fix for it and retvalue 0 fix for it. + +12 November 2020: Wouter + - Fix to connect() to UDP destinations, default turned on, + this lowers vulnerability to ICMP side channels. + - Retry for interfaces with unused ports if possible. + +10 November 2020: Wouter + - Fix #341: fixing a possible memory leak. + - Fix memory leak after fix for possible memory leak failure. + - Fix #343: Fail to build --with-libnghttp2 with error: 'SSIZE_MAX' + undeclared. + +27 October 2020: Wouter + - In man page note that tls-cert-bundle is read before permission + drop and chroot. + +22 October 2020: Wouter + - Fix #333: Unbound Segmentation Fault w/ log_info Functions From + Python Mod. + - Fix that minimal-responses does not remove addresses from a priming + query response. + +21 October 2020: George + - Fix #327: net/if.h check fails on some darwin versions; contribution by + Joshua Root. + - Fix #320: potential memory corruption due to size miscomputation upton + custom region alloc init. + +21 October 2020: Wouter + - Merge PR #228 : infra-keep-probing option to probe hosts that are + down. Add infra-keep-probing: yes option. Hosts that are down are + probed more frequently. + With the option turned on, it probes about every 120 seconds, + eventually after exponential backoff, and that keeps that way. If + traffic keeps up for the domain. It probes with one at a time, eg. + one query is allowed to probe, other queries within that 120 second + interval are turned away. + +19 October 2020: George + - Merge PR #324 from James Renken: Add modern X.509v3 extensions to + unbound-control TLS certificates. + - Fix for PR #324 to attach the x509v3 extensions to the client + certificate. + +19 October 2020: Ralph + - local-zone regional allocations outside of chunk + +19 October 2020: Wouter + - Fix that http settings have colon in set_option, for + http-endpoint, http-max-streams, http-query-buffer-size, + http-response-buffer-size, and http-nodelay. + - Fix memory leak of https port string when reading config. + - Fix #330: [Feature request] Add unencrypted DNS over HTTPS support. + This adds the option http-notls-downstream: yesno to change that, + and the dohclient test code has the -n option. + - Fix python documentation warning on functions.rst inplace_cb_reply. + - Fix dnstap test to wait for log timer to see if queries are logged. + - Log ip address when http session recv fails, eg. due to tls fail. + - Fix to set the tcp handler event toggle flag back to default when + the handler structure is reused. + - Clean the fix for out of order TCP processing limits on number + of queries. It was tested to work. + +16 October 2020: Wouter + - Fix that the out of order TCP processing does not limit the + number of outstanding queries over a connection. + +15 October 2020: George + - Fix that if there are reply callbacks for the given rcode, those + are called per reply and a new message created if that was modified + by the call. + - Pass the comm_reply information to the inplace_cb_reply* functions + during the mesh state and update the documentation on that. + +15 October 2020: Wouter + - Merge PR #326 from netblue30: DoH: implement content-length + header field + - DoH content length, simplify code, remove declaration after + statement and fix cast warning. + +14 October 2020: Wouter + - Fix for python reply callback to see mesh state reply_list member, + it only removes it briefly for the commpoint call so that it does + not drop it and attempt to modify the reply list during reply. + - Fix that if there are on reply callbacks, those are called per + reply and a new message created if that was modified by the call. + - Free up auth zone parse region after use for lookup of host + +13 October 2020: Wouter + - Fix #323: unbound testsuite fails on mock build in systemd-nspawn + if systemd support is build. + +9 October 2020: Wouter + - Fix dnstap socket and the chroot not applied properly to the dnstap + socket path. + - Fix warning in libnss compile, nss_buf2dsa is not used without DSA. + +8 October 2020: Wouter + - Tag for 1.12.0 release. + - Current repo is version 1.12.1 in development. + - Fix #319: potential memory leak on config failure, in rpz config. + +1 October 2020: Wouter + - Current repo is version 1.12.0 for release. Tag for 1.12.0rc1. + +30 September 2020: Wouter + - Fix doh tests when not compiled in. + - Add dohclient test executable to gitignore. + - Fix stream_ssl, ssl_req_order and ssl_req_timeout tests for + alloc check debug output. + - Easier kill of unbound-dnstap-socket tool in test. + - Fix memory leak of edns tags at libunbound context delete. + - Fix double loopexit for unbound-dnstap-socket after sigterm. + +29 September 2020: Ralph + - DNS Flag Day 2020: change edns-buffer-size default to 1232. + +28 September 2020: Wouter + - Fix unit test for dnstap changes, so that it waits for the timer. + +23 September 2020: Wouter + - Fix #305: dnstap logging significantly affects unbound performance + (regression in 1.11). + - Fix #305: only wake up thread when threshold reached. + - Fix to ifdef fptr wlist item for dnstap. + +23 September 2020: Ralph + - Fix edns-client-tags get_option typo + - Add edns-client-tag-opcode option + - Use inclusive language in configuration + +21 September 2020: Ralph + - Fix #304: dnstap logging not recovering after dnstap process restarts + +21 September 2020: Wouter + - Merge PR #311 by luismerino: Dynlibmod leak. + - Error message is logged for dynlibmod malloc failures. + - iana portlist updated. + +18 September 2020: Wouter + - Fix that prefer-ip4 and prefer-ip6 can be get and set with + unbound-control, with libunbound and the unbound-checkconf option + output function. + - iana portlist updated. + +15 September 2020: George + - Introduce test for statistics. + +15 September 2020: Wouter + - Spelling fix. + +11 September 2020: Wouter + - Remove x file mode on ipset/ipset.c and h files. + +9 September 2020: Wouter + - Fix num.expired statistics output. + +31 August 2020: Wouter + - Merge PR #293: Add missing prototype. Also refactor to use the new + shorthand function to clean up the code. + - Refactor to use sock_strerr shorthand function. + - Fix #296: systemd nss-lookup.target is reached before unbound can + successfully answer queries. Changed contrib/unbound.service.in. + +27 August 2020: Wouter + - Similar to NSD PR#113, implement that interface names can be used, + eg. something like interface: eth0 is resolved at server start and + uses the IP addresses for that named interface. + - Review fix, doxygen and assign null in case of error free. + +26 August 2020: George + - Update documentation in python example code. + +24 August 2020: Wouter + - Fix that dnstap reconnects do not spam the log with the repeated + attempts. Attempts on the timer are only logged on high verbosity, + if they produce a connection failure error. + - Fix to apply chroot to dnstap-socket-path, if chroot is enabled. + - Change configure to use EVP_sha256 instead of HMAC_Update for + openssl-3.0.0. + +20 August 2020: Ralph + - Fix stats double count issue (#289). + +13 August 2020: Ralph + - Create and init edns tags data for libunbound. + +10 August 2020: Ralph + - Merge (modified) PR #277, use EVP_MAC_CTX_set_params if available, + by Vítězslav Čížek. + +10 August 2020: Wouter + - Fix #287: doc typo: "Additionaly". + - Rerun autoconf + +6 August 2020: Wouter + - Merge PR #284 and Fix #246: Remove DLV entirely from Unbound. + The DLV has been decommisioned and in unbound 1.5.4, in 2015, there + was advise to stop using it. The current code base does not contain + DLV code any more. The use of dlv options displays a warning. + +5 August 2020: Wouter + - contrib/aaaa-filter-iterator.patch file renewed diff content to + apply cleanly to the current coderepo for the current code version. + +5 August 2020: Ralph + - Merge PR #272: Add EDNS client tag functionality. + +4 August 2020: George + - Improve error log message when inserting rpz RR. + - Merge PR #280, Make tvOS & watchOS checks verify truthiness as well as + definedness, by Felipe Gasper. + +4 August 2020: Wouter + - Fix mini_event.h on OpenBSD cannot find fd_set. + +31 July 2020: Wouter + - Fix doxygen comment for no ssl for tls session ticket key callback + routine. + 27 July 2020: George - Merge PR #268, draft-ietf-dnsop-serve-stale-10 has become RFC 8767 on March 2020, by and0x000. diff --git a/doc/FEATURES b/doc/FEATURES index 076988ea9..8d69aba9b 100644 --- a/doc/FEATURES +++ b/doc/FEATURES @@ -39,6 +39,7 @@ RFC 4343: case insensitive handling of domain names. RFC 4509: SHA256 DS hash. RFC 4592: wildcards. RFC 4697: No DNS Resolution Misbehavior. +RFC 5001: DNS Name Server Identifier (NSID) Option RFC 5011: update of trust anchors with timers. RFC 5155: NSEC3, NSEC3PARAM types RFC 5358: reflectors-are-evil: access control list for recursive diff --git a/doc/TODO b/doc/TODO index a2690451a..839656154 100644 --- a/doc/TODO +++ b/doc/TODO @@ -14,7 +14,6 @@ o (option) store primed key data in a overlaid keyhints file (sort of like draft o windows version, auto update feature, a query to check for the version. o command the server with TSIG inband. get-config, clearcache, get stats, get memstats, get ..., reload, clear one zone from cache -o NSID rfc 5001 support. o timers rfc 5011 support. o Treat YXDOMAIN from a DNAME properly, in iterator (not throwaway), validator. o make timeout backoffs randomized (a couple percent random) to spread traffic. diff --git a/doc/example.conf.in b/doc/example.conf.in index 3af4420c6..08d1620cf 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -129,8 +129,8 @@ server: # ip-dscp: 0 # EDNS reassembly buffer to advertise to UDP peers (the actual buffer - # is set with msg-buffer-size). 1472 can solve fragmentation (timeouts) - # edns-buffer-size: 4096 + # is set with msg-buffer-size). + # edns-buffer-size: 1232 # Maximum UDP response size (not applied to TCP response). # Suggested values are 512 to 4096. Default is 4096. 65536 disables it. @@ -161,6 +161,9 @@ server: # msec to wait before close of port on timeout UDP. 0 disables. # delay-close: 0 + # perform connect for UDP sockets to mitigate ICMP side channel. + # udp-connect: yes + # msec for waiting for an unknown server to reply. Increase if you # are behind a slow satellite link, to eg. 1128. # unknown-server-time-limit: 376 @@ -192,6 +195,9 @@ server: # minimum wait time for responses, increase if uplink is long. In msec. # infra-cache-min-rtt: 50 + # enable to make server probe down hosts more frequently. + # infra-keep-probing: no + # the number of slabs to use for the Infrastructure cache. # the number of slabs must be a power of 2. # more slabs reduce lock contention, but fragment memory usage. @@ -371,6 +377,9 @@ server: # the version to report. Leave "" or default to return package version. # version: "" + # NSID identity (hex string, or "ascii_somestring"). default disabled. + # nsid: "aabbccdd" + # the target fetch policy. # series of integers describing the policy per dependency depth. # The number of values in the list determines the maximum dependency @@ -382,7 +391,7 @@ server: # target-fetch-policy: "3 2 1 0 0" # Harden against very small EDNS buffer sizes. - # harden-short-bufsize: no + # harden-short-bufsize: yes # Harden against unseemly large queries. # harden-large-queries: no @@ -431,8 +440,8 @@ server: # Domains (and domains in them) without support for dns-0x20 and # the fallback fails because they keep sending different answers. - # caps-whitelist: "licdn.com" - # caps-whitelist: "senderbase.org" + # caps-exempt: "licdn.com" + # caps-exempt: "senderbase.org" # Enforce privacy of these addresses. Strips them away from answers. # It may cause DNSSEC validation to additionally mark it as bogus. @@ -509,11 +518,6 @@ server: # Root key trust anchor sentinel (draft-ietf-dnsop-kskroll-sentinel) # root-key-sentinel: yes - # File with DLV trusted keys. Same format as trust-anchor-file. - # There can be only one DLV configured, it is trusted from root down. - # DLV is going to be decommissioned. Please do not use it any more. - # dlv-anchor-file: "dlv.isc.org.key" - # File with trusted keys for validation. Specify more than one file # with several entries, one file per entry. # Zone file format, with DS and DNSKEY entries. @@ -627,7 +631,7 @@ server: # more slabs reduce lock contention, but fragment memory usage. # key-cache-slabs: 4 - # the amount of memory to use for the negative cache (used for DLV). + # the amount of memory to use for the negative cache. # plain value in bytes or you can append k, m or G. default is "1Mb". # neg-cache-size: 1m @@ -703,8 +707,10 @@ server: # o inform acts like transparent, but logs client IP address # o inform_deny drops queries and logs client IP address # o inform_redirect redirects queries and logs client IP address - # o always_transparent, always_refuse, always_nxdomain, resolve in - # that way but ignore local data for that name + # o always_transparent, always_refuse, always_nxdomain, always_nodata, + # always_deny resolve in that way but ignore local data for + # that name + # o always_null returns 0.0.0.0 or ::0 for any name in the zone. # o noview breaks out of that view towards global local-zones. # # defaults are localhost address, reverse for 127.0.0.1 and ::1 @@ -738,12 +744,14 @@ server: # add a netblock specific override to a localzone, with zone type # local-zone-override: "example.com" 192.0.2.0/24 refuse - # service clients over TLS (on the TCP sockets), with plain DNS inside - # the TLS stream. Give the certificate to use and private key. + # service clients over TLS (on the TCP sockets) with plain DNS inside + # the TLS stream, and over HTTPS using HTTP/2 as specified in RFC8484. + # Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. # tls-service-key: "path/to/privatekeyfile.key" # tls-service-pem: "path/to/publiccertfile.pem" # tls-port: 853 + # https-port: 443 # cipher setting for TLSv1.2 # tls-ciphers: "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256" @@ -775,6 +783,25 @@ server: # Also serve tls on these port numbers (eg. 443, ...), by listing # tls-additional-port: portno for each of the port numbers. + # HTTP endpoint to provide DNS-over-HTTPS service on. + # http-endpoint: "/dns-query" + + # HTTP/2 SETTINGS_MAX_CONCURRENT_STREAMS value to use. + # http-max-streams: 100 + + # Maximum number of bytes used for all HTTP/2 query buffers. + # http-query-buffer-size: 4m + + # Maximum number of bytes used for all HTTP/2 response buffers. + # http-response-buffer-size: 4m + + # Set TCP_NODELAY socket option on sockets used for DNS-over-HTTPS + # service. + # http-nodelay: yes + + # Disable TLS for DNS-over-HTTP downstream service. + # http-notls-downstream: no + # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. # dns64-prefix: 64:ff9b::0/96 @@ -848,9 +875,9 @@ server: # ipsecmod-ignore-bogus: no # # Domains for which ipsecmod will be triggered. If not defined (default) - # all domains are treated as being whitelisted. - # ipsecmod-whitelist: "example.com" - # ipsecmod-whitelist: "nlnetlabs.nl" + # all domains are treated as being allowed. + # ipsecmod-allow: "example.com" + # ipsecmod-allow: "nlnetlabs.nl" # Python config section. To enable: @@ -948,27 +975,27 @@ remote-control: # upstream (which saves a lookup to the upstream). The first example # has a copy of the root for local usage. The second serves example.org # authoritatively. zonefile: reads from file (and writes to it if you also -# download it), master: fetches with AXFR and IXFR, or url to zonefile. -# With allow-notify: you can give additional (apart from masters) sources of +# download it), primary: fetches with AXFR and IXFR, or url to zonefile. +# With allow-notify: you can give additional (apart from primaries) sources of # notifies. # auth-zone: # name: "." -# master: 199.9.14.201 # b.root-servers.net -# master: 192.33.4.12 # c.root-servers.net -# master: 199.7.91.13 # d.root-servers.net -# master: 192.5.5.241 # f.root-servers.net -# master: 192.112.36.4 # g.root-servers.net -# master: 193.0.14.129 # k.root-servers.net -# master: 192.0.47.132 # xfr.cjr.dns.icann.org -# master: 192.0.32.132 # xfr.lax.dns.icann.org -# master: 2001:500:200::b # b.root-servers.net -# master: 2001:500:2::c # c.root-servers.net -# master: 2001:500:2d::d # d.root-servers.net -# master: 2001:500:2f::f # f.root-servers.net -# master: 2001:500:12::d0d # g.root-servers.net -# master: 2001:7fd::1 # k.root-servers.net -# master: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org -# master: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org +# primary: 199.9.14.201 # b.root-servers.net +# primary: 192.33.4.12 # c.root-servers.net +# primary: 199.7.91.13 # d.root-servers.net +# primary: 192.5.5.241 # f.root-servers.net +# primary: 192.112.36.4 # g.root-servers.net +# primary: 193.0.14.129 # k.root-servers.net +# primary: 192.0.47.132 # xfr.cjr.dns.icann.org +# primary: 192.0.32.132 # xfr.lax.dns.icann.org +# primary: 2001:500:200::b # b.root-servers.net +# primary: 2001:500:2::c # c.root-servers.net +# primary: 2001:500:2d::d # d.root-servers.net +# primary: 2001:500:2f::f # f.root-servers.net +# primary: 2001:500:12::d0d # g.root-servers.net +# primary: 2001:7fd::1 # k.root-servers.net +# primary: 2620:0:2830:202::132 # xfr.cjr.dns.icann.org +# primary: 2620:0:2d0:202::132 # xfr.lax.dns.icann.org # fallback-enabled: yes # for-downstream: no # for-upstream: yes @@ -1088,7 +1115,7 @@ remote-control: # rpz: # name: "rpz.example.com" # zonefile: "rpz.example.com" -# master: 192.0.2.0 +# primary: 192.0.2.0 # allow-notify: 192.0.2.0/32 # url: http://www.example.com/rpz.example.org.zone # rpz-action-override: cname diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 74d06cfd9..20325abf2 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -305,6 +305,12 @@ Transfer the auth zone from master. The auth zone probe sequence is started, where the masters are probed to see if they have an updated zone (with the SOA serial check). And then the zone is transferred for a newer zone version. .TP +.B rpz_enable \fIzone\fR +Enable the RPZ zone if it had previously been disabled. +.TP +.B rpz_enable \fIzone\fR +Disable the RPZ zone. +.TP .B view_list_local_zones \fIview\fR \fIlist_local_zones\fR for given view. .TP @@ -506,6 +512,14 @@ negative cache. Memory in bytes in used by the TCP and TLS stream wait buffers. These are answers waiting to be written back to the clients. .TP +.I mem.http.query_buffer +Memory in bytes used by the HTTP/2 query buffers. Containing (partial) DNS +queries waiting for request stream completion. +.TP +.I mem.http.response_buffer +Memory in bytes used by the HTTP/2 response buffers. Containing DNS responses +waiting to be written back to the clients. +.TP .I histogram...to.. Shows a histogram, summed over all threads. Every element counts the recursive queries whose reply time fit between the lower and upper bound. @@ -545,6 +559,11 @@ These are also counted in num.query.tcp, because TLS uses TCP. Number of TLS session resumptions, these are queries over TLS towards the unbound server where the client negotiated a TLS session resumption key. .TP +.I num.query.https +Number of queries that were made using HTTPS towards the unbound server. +These are also counted in num.query.tcp and num.query.tls, because HTTPS +uses TLS and TCP. +.TP .I num.query.ipv6 Number of queries that were made using IPv6 towards the unbound server. .TP diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index 51152edb5..d72b4cc6e 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -122,7 +122,8 @@ The port number, default 53, on which the server responds to queries. Interface to use to connect to the network. This interface is listened to for queries from clients, and answers to clients are given from it. Can be given multiple times to work on several interfaces. If none are -given the default is to listen to localhost. +given the default is to listen to localhost. If an interface name is used +instead of an ip address, the list of ip addresses on that interface are used. The interfaces are not changed on a reload (kill \-HUP) but only on restart. A port number can be specified with @port (without spaces between interface and port number), if not specified the default port (from @@ -206,12 +207,11 @@ accepted. For larger installations increasing this value is a good idea. Number of bytes size to advertise as the EDNS reassembly buffer size. This is the value put into datagrams over UDP towards peers. The actual buffer size is determined by msg\-buffer\-size (both for TCP and UDP). Do -not set higher than that value. Default is 4096 which is RFC recommended. -If you have fragmentation reassembly problems, usually seen as timeouts, -then a value of 1472 can fix it. Setting to 512 bypasses even the most -stringent path MTU problems, but is seen as extreme, since the amount -of TCP fallback generated is excessive (probably also for this resolver, -consider tuning the outgoing tcp number). +not set higher than that value. Default is 1232 which is the DNS Flag Day 2020 +recommendation. Setting to 512 bypasses even the most stringent path MTU +problems, but is seen as extreme, since the amount of TCP fallback generated is +excessive (probably also for this resolver, consider tuning the outgoing tcp +number). .TP .B max\-udp\-size: \fI Maximum UDP response size (not applied to TCP response). 65536 disables the @@ -274,6 +274,10 @@ eg. 1500 msec. When timeouts happen you need extra sockets, it checks the ID and remote IP of packets, and unwanted packets are added to the unwanted packet counter. .TP +.B udp\-connect: \fI +Perform connect for UDP sockets that mitigates ICMP side channel leakage. +Default is yes. +.TP .B unknown\-server\-time\-limit: \fI The wait time in msec for waiting for an unknown server to reply. Increase this if you are behind a slow satellite link, to eg. 1128. @@ -382,6 +386,12 @@ Lower limit for dynamic retransmit timeout calculation in infrastructure cache. Default is 50 milliseconds. Increase this value if using forwarders needing more time to do recursive name resolution. .TP +.B infra\-keep\-probing: \fI +If enabled the server keeps probing hosts that are down, in the one probe +at a time regime. Default is no. Hosts that are down, eg. they did +not respond during the one probe at a time period, are marked as down and +it may take \fBinfra\-host\-ttl\fR time to get probed again. +.TP .B define\-tag: \fI<"list of tags"> Define the tags that can be used with local\-zone and access\-control. Enclose the list between quotes ("") and put spaces between tags. @@ -484,15 +494,16 @@ Alternate syntax for \fBtls\-upstream\fR. If both are present in the config file the last is used. .TP .B tls\-service\-key: \fI -If enabled, the server provides TLS service on the TCP ports marked -implicitly or explicitly for TLS service with tls\-port. The file must -contain the private key for the TLS session, the public certificate is in -the tls\-service\-pem file and it must also be specified if tls\-service\-key -is specified. The default is "", turned off. Enabling or disabling -this service requires a restart (a reload is not enough), because the -key is read while root permissions are held and before chroot (if any). -The ports enabled implicitly or explicitly via \fBtls\-port:\fR do not provide -normal DNS TCP service. +If enabled, the server provides DNS-over-TLS or DNS-over-HTTPS service on the +TCP ports marked implicitly or explicitly for these services with tls\-port or +https\-port. The file must contain the private key for the TLS session, the +public certificate is in the tls\-service\-pem file and it must also be +specified if tls\-service\-key is specified. The default is "", turned off. +Enabling or disabling this service requires a restart (a reload is not enough), +because the key is read while root permissions are held and before chroot (if any). +The ports enabled implicitly or explicitly via \fBtls\-port:\fR and +\fBhttps\-port:\fR do not provide normal DNS TCP service. Unbound needs to be +compiled with libnghttp2 in order to provide DNS-over-HTTPS. .TP .B ssl\-service\-key: \fI Alternate syntax for \fBtls\-service\-key\fR. @@ -515,7 +526,8 @@ Alternate syntax for \fBtls\-port\fR. If null or "", no file is used. Set it to the certificate bundle file, for example "/etc/pki/tls/certs/ca\-bundle.crt". These certificates are used for authenticating connections made to outside peers. For example auth\-zone -urls, and also DNS over TLS connections. +urls, and also DNS over TLS connections. It is read at start up before +permission drop and chroot. .TP .B ssl\-cert\-bundle: \fI Alternate syntax for \fBtls\-cert\-bundle\fR. @@ -557,6 +569,39 @@ Enable or disable sending the SNI extension on TLS connections. Default is yes. Changing the value requires a reload. .TP +.B https\-port: \fI +The port number on which to provide DNS-over-HTTPS service, default 443, only +interfaces configured with that port number as @number get the HTTPS service. +.TP +.B http\-endpoint: \fI +The HTTP endpoint to provide DNS-over-HTTPS service on. Default "/dns-query". +.TP +.B http\-max\-streams: \fI +Number used in the SETTINGS_MAX_CONCURRENT_STREAMS parameter in the HTTP/2 +SETTINGS frame for DNS-over-HTTPS connections. Default 100. +.TP +.B http\-query\-buffer\-size: \fI +Maximum number of bytes used for all HTTP/2 query buffers combined. These +buffers contain (partial) DNS queries waiting for request stream completion. +An RST_STREAM frame will be send to streams exceeding this limit. Default is 4 +megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, +megabytes or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B http\-response\-buffer\-size: \fI +Maximum number of bytes used for all HTTP/2 response buffers combined. These +buffers contain DNS responses waiting to be written back to the clients. +An RST_STREAM frame will be send to streams exceeding this limit. Default is 4 +megabytes. A plain number is in bytes, append 'k', 'm' or 'g' for kilobytes, +megabytes or gigabytes (1024*1024 bytes in a megabyte). +.TP +.B http\-nodelay: \fI +Set TCP_NODELAY socket option on sockets used to provide DNS-over-HTTPS service. +Ignored if the option is not available. Default is yes. +.TP +.B http\-notls\-downstream: \fI +Disable use of TLS for the downstream DNS-over-HTTP connections. Useful for +local back end servers. Default is no. +.TP .B use\-systemd: \fI Enable or disable systemd socket activation. Default is no. @@ -774,6 +819,11 @@ If enabled version.server and version.bind queries are refused. Set the version to report. If set to "", the default, then the package version is returned. .TP +.B nsid:\fR +Add the specified nsid to the EDNS section of the answer when queried +with an NSID EDNS enabled packet. As a sequence of hex characters or +with ascii_ prefix and then an ascii string. +.TP .B hide\-trustanchor: \fI If enabled trustanchor.unbound queries are refused. .TP @@ -794,9 +844,8 @@ closer to that of BIND 9, while setting "\-1 \-1 \-1 \-1 \-1" gives behaviour rumoured to be closer to that of BIND 8. .TP .B harden\-short\-bufsize: \fI -Very small EDNS buffer sizes from queries are ignored. Default is off, since -it is legal protocol wise to send these, and unbound tries to give very -small answers to these queries, where possible. +Very small EDNS buffer sizes from queries are ignored. Default is on, as +described in the standard. .TP .B harden\-large\-queries: \fI Very large queries are ignored. Default is off, since it is legal protocol @@ -853,12 +902,15 @@ authority servers and checks if the reply still has the correct casing. Disabled by default. This feature is an experimental implementation of draft dns\-0x20. .TP -.B caps\-whitelist: \fI -Whitelist the domain so that it does not receive caps\-for\-id perturbed +.B caps\-exempt: \fI +Exempt the domain so that it does not receive caps\-for\-id perturbed queries. For domains that do not support 0x20 and also fail with fallback because they keep sending different answers, like some load balancers. Can be given multiple times, for different domains. .TP +.B caps\-whitelist: \fI +Alternate syntax for \fBcaps\-exempt\fR. +.TP .B qname\-minimisation: \fI Send minimum amount of information to upstream servers to enhance privacy. Only send minimum required labels of the QNAME and set QTYPE to A when @@ -1010,26 +1062,11 @@ Send RFC8145 key tag query after trust anchor priming. Default is yes. .B root\-key\-sentinel: \fI Root key trust anchor sentinel. Default is yes. .TP -.B dlv\-anchor\-file: \fI -This option was used during early days DNSSEC deployment when no parent-side -DS record registrations were easily available. Nowadays, it is best to have -DS records registered with the parent zone (many top level zones are signed). -File with trusted keys for DLV (DNSSEC Lookaside Validation). Both DS and -DNSKEY entries can be used in the file, in the same format as for -\fItrust\-anchor\-file:\fR statements. Only one DLV can be configured, more -would be slow. The DLV configured is used as a root trusted DLV, this -means that it is a lookaside for the root. Default is "", or no dlv anchor -file. DLV is going to be decommissioned. Please do not use it any more. -.TP -.B dlv\-anchor: \fI<"Resource Record"> -Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline. -DLV is going to be decommissioned. Please do not use it any more. -.TP .B domain\-insecure: \fI Sets domain name to be insecure, DNSSEC chain of trust is ignored towards the domain name. So a trust anchor above the domain name can not make the domain secure with a DS record, such a DS record is then ignored. -Also keys from DLV are ignored for the domain. Can be given multiple times +Can be given multiple times to specify multiple domains that are treated as if unsigned. If you set trust anchors for the domain they override this setting (and the domain is secured). @@ -1211,7 +1248,7 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -inform_redirect, always_transparent, always_refuse, always_nxdomain, noview, +inform_redirect, always_transparent, always_refuse, always_nxdomain, always_null, noview, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -1285,6 +1322,17 @@ Like refuse, but ignores local data and refuses the query. \h'5'\fIalways_nxdomain\fR Like static, but ignores local data and returns nxdomain for the query. .TP 10 +\h'5'\fIalways_nodata\fR +Like static, but ignores local data and returns nodata for the query. +.TP 10 +\h'5'\fIalways_deny\fR +Like deny, but ignores local data and drops the query. +.TP 10 +\h'5'\fIalways_null\fR +Always returns 0.0.0.0 or ::0 for every name in the zone. Like redirect +with zero data for A and AAAA. Ignores local data in the zone. Used for +some block lists. +.TP 10 \h'5'\fInoview\fR Breaks out of that view and moves towards the global local zones for answer to the query. If the view first is no, it'll resolve normally. If view first @@ -1529,6 +1577,16 @@ servers set. The default for fast\-server\-permil is 0. Set the number of servers that should be used for fast server selection. Only use the fastest specified number of servers with the fast\-server\-permil option, that turns this on or off. The default is to use the fastest 3 servers. +.TP 5 +.B edns\-client\-string: \fI +Include an EDNS0 option containing configured ascii string in queries with +destination address matching the configured IP netblock. This configuration +option can be used multiple times. The most specific match will be used. +.TP 5 +.B edns\-client\-string\-opcode: \fI +EDNS0 option code for the \fIedns\-client\-string\fR option, from 0 to 65535. +A value from the `Reserved for Local/Experimental` range (65001-65534) should +be used. Default is 65001. .SS "Remote Control Options" In the .B remote\-control: @@ -1731,16 +1789,16 @@ uses the SOA timer values and performs SOA UDP queries to detect zone changes. If the update fetch fails, the timers in the SOA record are used to time another fetch attempt. Until the SOA expiry timer is reached. Then the zone is expired. When a zone is expired, queries are SERVFAIL, and -any new serial number is accepted from the master (even if older), and if +any new serial number is accepted from the primary (even if older), and if fallback is enabled, the fallback activates to fetch from the upstream instead of the SERVFAIL. .TP .B name: \fI Name of the authority zone. .TP -.B master: \fI +.B primary: \fI Where to download a copy of the zone from, with AXFR and IXFR. Multiple -masters can be specified. They are all tried if one fails. +primaries can be specified. They are all tried if one fails. With the "ip#name" notation a AXFR over TLS can be used. If you point it at another Unbound instance, it would not work because that does not support AXFR/IXFR for the zone, but if you used \fBurl:\fR to download @@ -1749,27 +1807,31 @@ If you specify the hostname, you cannot use the domain from the zonefile, because it may not have that when retrieving that data, instead use a plain IP address to avoid a circular dependency on retrieving that IP address. .TP +.B master: \fI +Alternate syntax for \fBprimary\fR. +.TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example for the url is "http://www.example.com/example.org.zone". Multiple url statements can be given, they are tried in turn. If only urls are given the SOA refresh timer is used to wait for making new downloads. If also -masters are listed, the masters are first probed with UDP SOA queries to +primaries are listed, the primaries are first probed with UDP SOA queries to see if the SOA serial number has changed, reducing the number of downloads. -If none of the urls work, the masters are tried with IXFR and AXFR. +If none of the urls work, the primaries are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. If you specify a hostname in the URL, you cannot use the domain from the zonefile, because it may not have that when retrieving that data, instead use a plain IP address to avoid a circular dependency on retrieving that IP -address. Avoid dependencies on name lookups by using a notation like "http://192.0.2.1/unbound-master/example.com.zone", with an explicit IP address. +address. Avoid dependencies on name lookups by using a notation like +"http://192.0.2.1/unbound-primaries/example.com.zone", with an explicit IP address. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. -If the notify is from a master, it first attempts that master. Otherwise -other masters are attempted. If there are no masters, but only urls, the -file is downloaded when notified. The masters from master: statements are +If the notify is from a primary, it first attempts that primary. Otherwise +other primaries are attempted. If there are no primaries, but only urls, the +file is downloaded when notified. The primaries from primary: statements are allowed notify by default. .TP .B fallback\-enabled: \fI @@ -1797,7 +1859,7 @@ downstream clients, and use the zone data as a local copy to speed up lookups. .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, unbound will attempt to fetch zone -data (eg. from the master servers). +data (eg. from the primary servers). .SS "View Options" .LP There may be multiple @@ -1964,14 +2026,16 @@ The ECS module must be configured in the \fBmodule\-config:\fR "subnetcache validator iterator" directive and be compiled into the daemon to be enabled. These settings go in the \fBserver:\fR section. .LP -If the destination address is whitelisted with Unbound will add the EDNS0 -option to the query containing the relevant part of the client's address. When -an answer contains the ECS option the response and the option are placed in a -specialized cache. If the authority indicated no support, the response is +If the destination address is allowed in the configuration Unbound will add the +EDNS0 option to the query containing the relevant part of the client's address. +When an answer contains the ECS option the response and the option are placed in +a specialized cache. If the authority indicated no support, the response is stored in the regular cache. .LP Additionally, when a client includes the option in its queries, Unbound will -forward the option to the authority if present in the whitelist, or +forward the option when sending the query to addresses that are explicitly +allowed in the configuration using \fBsend\-client\-subnet\fR. The option will +always be forwarded, regardless the allowed addresses, if \fBclient\-subnet\-always\-forward\fR is set to yes. In this case the lookup in the regular cache is skipped. .LP @@ -1992,12 +2056,13 @@ given multiple times. Zones not listed will not receive edns-subnet information, unless hosted by authority specified in \fBsend\-client\-subnet\fR. .TP .B client\-subnet\-always\-forward: \fI\fR -Specify whether the ECS whitelist check (configured using +Specify whether the ECS address check (configured using \fBsend\-client\-subnet\fR) is applied for all queries, even if the triggering query contains an ECS record, or only for queries for which the ECS record is generated using the querier address (and therefore did not contain ECS data in -the client query). If enabled, the whitelist check is skipped when the client -query contains an ECS record. Default is no. +the client query). If enabled, the address check is skipped when the client +query contains an ECS record. And the lookup in the regular cache is skipped. +Default is no. .TP .B max\-client\-subnet\-ipv6: \fI\fR Specifies the maximum prefix length of the client source address we are willing @@ -2086,10 +2151,13 @@ to yes, the hook will be called and the A/AAAA answer will be returned to the client. If set to no, the hook will not be called and the answer to the A/AAAA query will be SERVFAIL. Mainly used for testing. Defaults to no. .TP -.B ipsecmod\-whitelist: \fI\fR -Whitelist the domain so that the module logic will be executed. Can -be given multiple times, for different domains. If the option is not -specified, all domains are treated as being whitelisted (default). +.B ipsecmod\-allow: \fI\fR +Allow the ipsecmod functionality for the domain so that the module logic will be +executed. Can be given multiple times, for different domains. If the option is +not specified, all domains are treated as being allowed (default). +.TP +.B ipsecmod\-whitelist: \fI +Alternate syntax for \fBipsecmod\-allow\fR. .SS "Cache DB Module Options" .LP The Cache DB module must be configured in the \fBmodule\-config:\fR @@ -2123,7 +2191,7 @@ even if some data have expired in terms of DNS TTL or the Redis server has cached too much data; if necessary the Redis server must be configured to limit the cache size, preferably with some kind of least-recently-used eviction policy. -Additionaly, the \fBredis\-expire\-records\fR option can be used in order to +Additionally, the \fBredis\-expire\-records\fR option can be used in order to set the relative DNS TTL of the message as timeout to the Redis records; keep in mind that some additional memory is used per key and that the expire information is stored as absolute Unix timestamps in Redis (computer time must @@ -2286,33 +2354,36 @@ are applied after .B name: \fI Name of the authority zone. .TP -.B master: \fI +.B primary: \fI Where to download a copy of the zone from, with AXFR and IXFR. Multiple -masters can be specified. They are all tried if one fails. +primaries can be specified. They are all tried if one fails. +.TP +.B master: \fI +Alternate syntax for \fBprimary\fR. .TP .B url: \fI Where to download a zonefile for the zone. With http or https. An example for the url is "http://www.example.com/example.org.zone". Multiple url statements can be given, they are tried in turn. If only urls are given the SOA refresh timer is used to wait for making new downloads. If also -masters are listed, the masters are first probed with UDP SOA queries to +primaries are listed, the primaries are first probed with UDP SOA queries to see if the SOA serial number has changed, reducing the number of downloads. -If none of the urls work, the masters are tried with IXFR and AXFR. +If none of the urls work, the primaries are tried with IXFR and AXFR. For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used to authenticate the connection. .TP .B allow\-notify: \fI With allow\-notify you can specify additional sources of notifies. When notified, the server attempts to first probe and then zone transfer. -If the notify is from a master, it first attempts that master. Otherwise -other masters are attempted. If there are no masters, but only urls, the -file is downloaded when notified. The masters from master: statements are +If the notify is from a primary, it first attempts that primary. Otherwise +other primaries are attempted. If there are no primaries, but only urls, the +file is downloaded when notified. The primaries from primary: statements are allowed notify by default. .TP .B zonefile: \fI The filename where the zone is stored. If not given then no zonefile is used. If the file does not exist or is empty, unbound will attempt to fetch zone -data (eg. from the master servers). +data (eg. from the primary servers). .TP .B rpz\-action\-override: \fI Always use this RPZ action for matching triggers from this zone. Possible action diff --git a/dynlibmod/dynlibmod.c b/dynlibmod/dynlibmod.c index f9751d8c6..ffac7ff30 100644 --- a/dynlibmod/dynlibmod.c +++ b/dynlibmod/dynlibmod.c @@ -5,16 +5,16 @@ * module actions. */ #include "config.h" +#include "dynlibmod/dynlibmod.h" #include "util/module.h" #include "util/config_file.h" -#include "dynlibmod/dynlibmod.h" #if HAVE_WINDOWS_H #include #define __DYNMOD HMODULE #define __DYNSYM FARPROC #define __LOADSYM GetProcAddress -void log_dlerror() { +static void log_dlerror() { DWORD dwLastError = GetLastError(); LPSTR MessageBuffer; DWORD dwBufferLength; @@ -37,11 +37,11 @@ void log_dlerror() { } -HMODULE open_library(const char* fname) { +static HMODULE open_library(const char* fname) { return LoadLibrary(fname); } -void close_library(const char* fname, __DYNMOD handle) { +static void close_library(const char* fname, __DYNMOD handle) { (void)fname; (void)handle; } @@ -50,15 +50,15 @@ void close_library(const char* fname, __DYNMOD handle) { #define __DYNMOD void* #define __DYNSYM void* #define __LOADSYM dlsym -void log_dlerror() { +static void log_dlerror() { log_err("dynlibmod: %s", dlerror()); } -void* open_library(const char* fname) { +static void* open_library(const char* fname) { return dlopen(fname, RTLD_LAZY | RTLD_GLOBAL); } -void close_library(const char* fname, __DYNMOD handle) { +static void close_library(const char* fname, __DYNMOD handle) { if(!handle) return; if(dlclose(handle) != 0) { log_err("dlclose %s: %s", fname, strerror(errno)); @@ -212,10 +212,10 @@ size_t dynlibmod_get_mem(struct module_env* env, int id) { int dynlib_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* callback) { + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback) { struct cb_pair* cb_pair = (struct cb_pair*) callback; - return ((inplace_cb_reply_func_type*) cb_pair->cb)(qinfo, qstate, rep, rcode, edns, opt_list_out, repinfo, region, id, cb_pair->cb_arg); + return ((inplace_cb_reply_func_type*) cb_pair->cb)(qinfo, qstate, rep, rcode, edns, opt_list_out, repinfo, region, start_time, id, cb_pair->cb_arg); } int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags, @@ -242,6 +242,10 @@ int inplace_cb_register_wrapped(void* cb, enum inplace_cb_list_type type, void* cbarg, struct module_env* env, int id) { struct cb_pair* cb_pair = malloc(sizeof(struct cb_pair)); + if(cb_pair == NULL) { + log_err("dynlibmod[%d]: malloc failure", id); + return 0; + } cb_pair->cb = cb; cb_pair->cb_arg = cbarg; if(type >= inplace_cb_reply && type <= inplace_cb_reply_servfail) { @@ -253,6 +257,7 @@ inplace_cb_register_wrapped(void* cb, enum inplace_cb_list_type type, void* cbar } else if(type == inplace_cb_edns_back_parsed) { return inplace_cb_register(&dynlib_inplace_cb_edns_back_parsed, type, (void*) cb_pair, env, id); } else { + free(cb_pair); return 0; } } diff --git a/dynlibmod/dynlibmod.h b/dynlibmod/dynlibmod.h index c34cf0e88..321f4f693 100644 --- a/dynlibmod/dynlibmod.h +++ b/dynlibmod/dynlibmod.h @@ -70,8 +70,8 @@ size_t dynlibmod_get_mem(struct module_env* env, int id); int dynlib_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* callback); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback); int dynlib_inplace_cb_query_generic(struct query_info* qinfo, uint16_t flags, struct module_qstate* qstate, struct sockaddr_storage* addr, diff --git a/dynlibmod/examples/helloworld.c b/dynlibmod/examples/helloworld.c index acb6b5d9b..be2116843 100644 --- a/dynlibmod/examples/helloworld.c +++ b/dynlibmod/examples/helloworld.c @@ -7,8 +7,10 @@ * And to build for windows, first make unbound with the --with-dynlibmod * switch, then use this command: * x86_64-w64-mingw32-gcc -m64 -I../.. -shared -Wall -Werror -fpic - * -o helloworld.dll helloworld.c -L../.. -l:libunbound.a - * to cross-compile a 64-bit Windows DLL. + * -o helloworld.dll helloworld.c -L../.. -l:libunbound.dll.a + * to cross-compile a 64-bit Windows DLL. The libunbound.dll.a is produced + * by the compile step that makes unbound.exe and allows the dynlib dll to + * access definitions in unbound.exe. */ #include "../../config.h" @@ -30,8 +32,8 @@ int reply_callback(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* callback); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback); /* Init is called when the module is first loaded. It should be used to set up * the environment for this module and do any other initialisation required. */ @@ -116,8 +118,8 @@ EXPORT size_t get_mem(struct module_env* env, int id) { int reply_callback(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* callback) { + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback) { log_info("dynlib: hello world from callback"); struct dynlibmod_env* env = qstate->env->modinfo[id]; if (env->dyn_env != NULL) { diff --git a/ipset/ipset.c b/ipset/ipset.c old mode 100755 new mode 100644 diff --git a/ipset/ipset.h b/ipset/ipset.h old mode 100755 new mode 100644 diff --git a/iterator/iterator.c b/iterator/iterator.c index 23b07ea90..99d020117 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -3191,7 +3191,7 @@ processPrimeResponse(struct module_qstate* qstate, int id) /* validate the root or stub after priming (if enabled). * This is the same query as the prime query, but with validation. * Now that we are primed, the additional queries that validation - * may need can be resolved, such as DLV. */ + * may need can be resolved. */ if(qstate->env->cfg->harden_referral_path) { struct module_qstate* subq = NULL; log_nametypeclass(VERB_ALGO, "schedule prime validation", diff --git a/libunbound/context.c b/libunbound/context.c index 6d62e32b5..cff2831a7 100644 --- a/libunbound/context.c +++ b/libunbound/context.c @@ -50,6 +50,7 @@ #include "services/authzone.h" #include "util/data/msgreply.h" #include "util/storage/slabhash.h" +#include "util/edns.h" #include "sldns/sbuffer.h" int @@ -79,6 +80,8 @@ context_finalize(struct ub_ctx* ctx) return UB_INITFAIL; if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1, &is_rpz)) return UB_INITFAIL; + if(!edns_strings_apply_cfg(ctx->env->edns_strings, cfg)) + return UB_INITFAIL; if(!slabhash_is_size(ctx->env->msg_cache, cfg->msg_cache_size, cfg->msg_cache_slabs)) { slabhash_delete(ctx->env->msg_cache); diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 3b30419b3..c9e24ba8d 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -58,6 +58,7 @@ #include "util/net_help.h" #include "util/tube.h" #include "util/ub_event.h" +#include "util/edns.h" #include "services/modstack.h" #include "services/localzone.h" #include "services/cache/infra.h" @@ -153,6 +154,18 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) errno = ENOMEM; return NULL; } + ctx->env->edns_strings = edns_strings_create(); + if(!ctx->env->edns_strings) { + auth_zones_delete(ctx->env->auth_zones); + edns_known_options_delete(ctx->env); + config_delete(ctx->env->cfg); + free(ctx->env); + ub_randfree(ctx->seed_rnd); + free(ctx); + errno = ENOMEM; + return NULL; + } + ctx->env->alloc = &ctx->superalloc; ctx->env->worker = NULL; ctx->env->need_to_validate = 0; @@ -173,6 +186,7 @@ ub_ctx_create(void) config_delete(ctx->env->cfg); modstack_desetup(&ctx->mods, ctx->env); edns_known_options_delete(ctx->env); + edns_strings_delete(ctx->env->edns_strings); free(ctx->env); free(ctx); errno = e; @@ -185,6 +199,7 @@ ub_ctx_create(void) config_delete(ctx->env->cfg); modstack_desetup(&ctx->mods, ctx->env); edns_known_options_delete(ctx->env); + edns_strings_delete(ctx->env->edns_strings); free(ctx->env); free(ctx); errno = e; @@ -323,6 +338,7 @@ ub_ctx_delete(struct ub_ctx* ctx) infra_delete(ctx->env->infra_cache); config_delete(ctx->env->cfg); edns_known_options_delete(ctx->env); + edns_strings_delete(ctx->env->edns_strings); auth_zones_delete(ctx->env->auth_zones); free(ctx->env); } diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 44b8d7905..03bbaf768 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -73,12 +73,15 @@ #include "iterator/iter_hints.h" #include "sldns/sbuffer.h" #include "sldns/str2wire.h" +#ifdef USE_DNSTAP +#include "dnstap/dtstream.h" +#endif #ifdef HAVE_TARGETCONDITIONALS_H #include #endif -#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH) #undef HAVE_FORK #endif @@ -238,7 +241,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) ports, numports, cfg->unwanted_threshold, cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w, cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx, - cfg->delay_close, cfg->tls_use_sni, NULL); + cfg->delay_close, cfg->tls_use_sni, NULL, cfg->udp_connect); w->env->outnet = w->back; if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); diff --git a/libunbound/unbound.h b/libunbound/unbound.h index b53426c76..945c17a8f 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -697,6 +697,8 @@ struct ub_server_stats { long long qtcp_outgoing; /** number of queries over (DNS over) TLS */ long long qtls; + /** number of queries over (DNS over) HTTPS */ + long long qhttps; /** number of queries over IPv6 */ long long qipv6; /** number of queries with QR bit */ @@ -787,6 +789,10 @@ struct ub_server_stats { long long num_query_subnet_cache; /** number of bytes in the stream wait buffers */ long long mem_stream_wait; + /** number of bytes in the HTTP2 query buffers */ + long long mem_http2_query_buffer; + /** number of bytes in the HTTP2 response buffers */ + long long mem_http2_response_buffer; /** number of TLS connection resume */ long long qtls_resume; /** RPZ action stats */ diff --git a/pythonmod/doc/examples/example6.rst b/pythonmod/doc/examples/example6.rst index d294fb8be..fd6caf74d 100644 --- a/pythonmod/doc/examples/example6.rst +++ b/pythonmod/doc/examples/example6.rst @@ -60,7 +60,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh states. :return: True on success, False on failure. @@ -105,8 +104,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -154,8 +151,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -201,8 +196,6 @@ The callback function's prototype is the following: :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. diff --git a/pythonmod/doc/modules/config.rst b/pythonmod/doc/modules/config.rst index 43333bdae..89afbef8a 100644 --- a/pythonmod/doc/modules/config.rst +++ b/pythonmod/doc/modules/config.rst @@ -256,14 +256,6 @@ config_file Files with trusted DNSKEYs in named.conf format, list. - .. attribute:: dlv_anchor_file - - DLV anchor file. - - .. attribute:: dlv_anchor_list - - DLV anchor inline. - .. attribute:: max_ttl The number of seconds maximal TTL used for RRsets and messages. diff --git a/pythonmod/doc/modules/functions.rst b/pythonmod/doc/modules/functions.rst index 43c66eb38..333f696b8 100644 --- a/pythonmod/doc/modules/functions.rst +++ b/pythonmod/doc/modules/functions.rst @@ -89,7 +89,7 @@ EDNS options Inplace callbacks ----------------- -.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region) +.. function:: inplace_cb_reply(qinfo, qstate, rep, rcode, edns, opt_list_out, region, \*\*kwargs) Function prototype for callback functions used in `register_inplace_cb_reply`_, `register_inplace_cb_reply_cache`_, @@ -102,6 +102,9 @@ Inplace callbacks :param edns: :class:`edns_data` :param opt_list_out: :class:`edns_option`. EDNS option list to append options to. :param region: :class:`regional` + :param \*\*kwargs: Dictionary that may contain parameters added in a future + release. Current parameters: + ``repinfo``: :class:`comm_reply`. Reply information for a communication point. .. function:: inplace_cb_query(qinfo, flags, qstate, addr, zone, region) diff --git a/pythonmod/examples/avahi-resolver.py b/pythonmod/examples/avahi-resolver.py index b1d4e36fc..497e1e74f 100644 --- a/pythonmod/examples/avahi-resolver.py +++ b/pythonmod/examples/avahi-resolver.py @@ -59,6 +59,8 @@ # | num-threads: 32 # | cache-max-negative-ttl: 60 # | cache-max-ttl: 60 +# | python: +# | python-script: path/to/this/file # # # The plugin can also be run interactively. Provide the name and diff --git a/pythonmod/examples/inplace_callbacks.py b/pythonmod/examples/inplace_callbacks.py index 768c2d013..de375b4e1 100644 --- a/pythonmod/examples/inplace_callbacks.py +++ b/pythonmod/examples/inplace_callbacks.py @@ -43,7 +43,7 @@ # This query returns SERVFAIL as the txt record of bogus.nlnetlabs.nl is # intentionally bogus. The reply will contain an empty EDNS option # with option code 65003. -# Unbound will also log the source address(es) of the client(s) that made +# Unbound will also log the source address of the client that made # the request. # (unbound needs to be validating for this example to work) @@ -91,8 +91,6 @@ def inplace_reply_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -121,8 +119,6 @@ def inplace_cache_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -173,8 +169,6 @@ def inplace_local_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. @@ -205,13 +199,11 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, :param **kwargs: Dictionary that may contain parameters added in a future release. Current parameters: ``repinfo``: Reply information for a communication point (comm_reply). - It is None when the callback happens in the mesh - states(modules). :return: True on success, False on failure. For demonstration purposes we want to reply with an empty EDNS code '65003' - and log the IP address(es) of the client(s). + and log the IP address of the client. """ log_info("python: called back while servfail.") @@ -219,30 +211,14 @@ def inplace_servfail_callback(qinfo, qstate, rep, rcode, edns, opt_list_out, b = bytearray.fromhex("") edns_opt_list_append(opt_list_out, 65003, b, region) - # Log the client(s) IP address(es) + # Log the client's IP address comm_reply = kwargs['repinfo'] if comm_reply: - # If it is not None this callback was called before the query reached - # the mesh states(modules). There is only one client associated with - # this query. addr = comm_reply.addr port = comm_reply.port addr_family = comm_reply.family log_info("python: Client IP: {}({}), port: {}" "".format(addr, addr_family, port)) - else: - # If it is not None this callback was called while the query is in the - # mesh states(modules). In this case they may be multiple clients - # waiting for this query. - # The following code is the same as with the resip.py example. - rl = qstate.mesh_info.reply_list - while (rl): - if rl.query_reply: - q = rl.query_reply - log_info("python: Client IP: {}({}), port: {}" - "".format(q.addr, q.family, q.port)) - rl = rl.next - return True diff --git a/pythonmod/interface.i b/pythonmod/interface.i index f08b575d7..5dae04aa4 100644 --- a/pythonmod/interface.i +++ b/pythonmod/interface.i @@ -20,6 +20,7 @@ * called to perform operations on queries. */ #include + #include #ifdef HAVE_SYS_SOCKET_H #include #endif @@ -696,6 +697,8 @@ struct edns_data { /* ************************************************************************************ * Structure module_env * ************************************************************************************ */ +%rename(_now) module_env::now; +%rename(_now_tv) module_env::now_tv; struct module_env { struct config_file* cfg; struct slabhash* msg_cache; @@ -739,6 +742,19 @@ struct module_env { size_t edns_known_options_num; }; +%inline %{ + PyObject* _module_env_now_get(struct module_env* env) { + double ts = env->now_tv->tv_sec + env->now_tv->tv_usec / 1e6; + return PyFloat_FromDouble(ts); + } +%} +%extend module_env { + %pythoncode %{ + def _now_get(self): return _module_env_now_get(self) + now = property(_now_get) + %} +} + /* ************************************************************************************ * Structure module_qstate * ************************************************************************************ */ @@ -992,8 +1008,6 @@ struct config_file { struct config_strlist* trust_anchor_file_list; struct config_strlist* trust_anchor_list; struct config_strlist* trusted_keys_file_list; - char* dlv_anchor_file; - struct config_strlist* dlv_anchor_list; int max_ttl; int32_t val_date_override; int bogus_ttl; @@ -1415,6 +1429,19 @@ struct delegpt* find_delegation(struct module_qstate* qstate, char *nm, size_t n /****************************** * Various debugging functions * ******************************/ + +/* rename the variadic functions because python does the formatting already*/ +%rename (unbound_log_info) log_info; +%rename (unbound_log_err) log_err; +%rename (unbound_log_warn) log_warn; +%rename (unbound_verbose) verbose; +/* provide functions that take one string as argument, so python can cook +the string */ +%rename (log_info) pymod_log_info; +%rename (log_warn) pymod_log_warn; +%rename (log_err) pymod_log_err; +%rename (verbose) pymod_verbose; + void verbose(enum verbosity_value level, const char* format, ...); void log_info(const char* format, ...); void log_err(const char* format, ...); @@ -1424,6 +1451,19 @@ void log_dns_msg(const char* str, struct query_info* qinfo, struct reply_info* r void log_query_info(enum verbosity_value v, const char* str, struct query_info* qinf); void regional_log_stats(struct regional *r); +/* the one argument string log functions */ +void pymod_log_info(const char* str); +void pymod_log_err(const char* str); +void pymod_log_warn(const char* str); +void pymod_verbose(enum verbosity_value level, const char* str); +%{ +void pymod_log_info(const char* str) { log_info("%s", str); } +void pymod_log_err(const char* str) { log_err("%s", str); } +void pymod_log_warn(const char* str) { log_warn("%s", str); } +void pymod_verbose(enum verbosity_value level, const char* str) { + verbose(level, "%s", str); } +%} + /*************************************************************************** * Free allocated memory from marked sources returning corresponding types * ***************************************************************************/ @@ -1501,13 +1541,14 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, int python_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* python_callback) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* python_callback) { PyObject *func, *py_edns, *py_qstate, *py_opt_list_out, *py_qinfo; PyObject *py_rep, *py_repinfo, *py_region; PyObject *py_args, *py_kwargs, *result; int res = 0; + double py_start_time = ((double)start_time->tv_sec) + ((double)start_time->tv_usec) / 1.0e6; PyGILState_STATE gstate = PyGILState_Ensure(); func = (PyObject *) python_callback; @@ -1522,7 +1563,8 @@ int edns_opt_list_append(struct edns_option** list, uint16_t code, size_t len, py_region = SWIG_NewPointerObj((void*) region, SWIGTYPE_p_regional, 0); py_args = Py_BuildValue("(OOOiOOO)", py_qinfo, py_qstate, py_rep, rcode, py_edns, py_opt_list_out, py_region); - py_kwargs = Py_BuildValue("{s:O}", "repinfo", py_repinfo); + py_kwargs = Py_BuildValue("{s:O,s:d}", "repinfo", py_repinfo, "start_time", + py_start_time); result = PyObject_Call(func, py_args, py_kwargs); Py_XDECREF(py_edns); Py_XDECREF(py_qstate); diff --git a/pythonmod/pythonmod.h b/pythonmod/pythonmod.h index ae8af27eb..26d74e09f 100644 --- a/pythonmod/pythonmod.h +++ b/pythonmod/pythonmod.h @@ -72,8 +72,8 @@ size_t pythonmod_get_mem(struct module_env* env, int id); int python_inplace_cb_reply_generic(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* python_callback); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* python_callback); /** Declared here for fptr_wlist access. The definition is in interface.i. */ int python_inplace_cb_query_generic( diff --git a/pythonmod/pythonmod_utils.c b/pythonmod/pythonmod_utils.c index 5d70f2b4b..9f7282540 100644 --- a/pythonmod/pythonmod_utils.c +++ b/pythonmod/pythonmod_utils.c @@ -39,6 +39,7 @@ * conversions. */ #include "config.h" +#include "pythonmod/pythonmod_utils.h" #include "util/module.h" #include "util/netevent.h" #include "util/net_help.h" diff --git a/pythonmod/pythonmod_utils.h b/pythonmod/pythonmod_utils.h index 768eb46de..4ea86f9be 100644 --- a/pythonmod/pythonmod_utils.h +++ b/pythonmod/pythonmod_utils.h @@ -43,6 +43,7 @@ #include "util/module.h" struct delegpt_addr; +struct sldns_buffer; /** * Store the reply_info and query_info pair in message cache (qstate->msg_cache) @@ -77,7 +78,7 @@ void invalidateQueryInCache(struct module_qstate* qstate, struct query_info* qin * @param pkt: a sldns_buffer which contains sldns_packet data * @return 0 on failure, out of memory or parse error. */ -int createResponse(struct module_qstate* qstate, sldns_buffer* pkt); +int createResponse(struct module_qstate* qstate, struct sldns_buffer* pkt); /** * Convert reply->addr to string diff --git a/respip/respip.c b/respip/respip.c index dd0bed8be..8fe82cdee 100644 --- a/respip/respip.c +++ b/respip/respip.c @@ -914,7 +914,7 @@ respip_rewrite_reply(const struct query_info* qinfo, int ret = 1; struct ub_packed_rrset_key* redirect_rrset = NULL; struct rpz* r; - struct auth_zone* a; + struct auth_zone* a = NULL; struct ub_packed_rrset_key* data = NULL; int rpz_used = 0; int rpz_log = 0; @@ -1109,7 +1109,7 @@ respip_operate(struct module_qstate* qstate, enum module_ev event, int id, qstate->return_msg && qstate->return_msg->rep) { struct reply_info* new_rep = qstate->return_msg->rep; struct ub_packed_rrset_key* alias_rrset = NULL; - struct respip_action_info actinfo = {0}; + struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; actinfo.action = respip_none; if(!respip_rewrite_reply(&qstate->qinfo, @@ -1170,7 +1170,7 @@ respip_merge_cname(struct reply_info* base_rep, struct ub_packed_rrset_key* alias_rrset = NULL; /* ditto */ uint16_t tgt_rcode; size_t i, j; - struct respip_action_info actinfo = {0}; + struct respip_action_info actinfo = {0, 0, 0, 0, NULL, 0, NULL}; actinfo.action = respip_none; /* If the query for the CNAME target would result in an unusual rcode, diff --git a/services/authzone.c b/services/authzone.c index a26d1003a..3d7f49388 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2331,7 +2331,8 @@ static int az_add_negative_soa(struct auth_zone* z, struct regional* region, struct dns_msg* msg) { - uint32_t minimum; + time_t minimum; + size_t i; struct packed_rrset_data* d; struct auth_rrset* soa; struct auth_data* apex = az_find_name(z, z->name, z->namelen); @@ -2348,9 +2349,11 @@ az_add_negative_soa(struct auth_zone* z, struct regional* region, /* last 4 bytes are minimum ttl in network format */ if(d->count == 0) return 0; if(d->rr_len[0] < 2+4) return 0; - minimum = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4)); - d->ttl = (time_t)minimum; - d->rr_ttl[0] = (time_t)minimum; + minimum = (time_t)sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4)); + minimum = d->ttlttl:minimum; + d->ttl = minimum; + for(i=0; i < d->count + d->rrsig_count; i++) + d->rr_ttl[i] = minimum; msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]); msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl); msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL; @@ -3286,7 +3289,7 @@ auth_answer_encode(struct query_info* qinfo, struct module_env* env, edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep, - (int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp) + (int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, msg->rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), @@ -3310,7 +3313,7 @@ auth_error_encode(struct query_info* qinfo, struct module_env* env, edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, - rcode, edns, repinfo, temp)) + rcode, edns, repinfo, temp, env->now_tv)) edns->opt_list = NULL; error_encode(buf, rcode|BIT_AA, qinfo, *(uint16_t*)sldns_buffer_begin(buf), @@ -5387,6 +5390,7 @@ void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A")); } } + regional_free_all(temp); } else { if(verbosity >= VERB_ALGO) { char zname[255+1]; @@ -6092,7 +6096,7 @@ xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, /* send udp packet */ if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer, - (struct sockaddr*)&addr, addrlen)) { + (struct sockaddr*)&addr, addrlen, 0)) { char zname[255+1], as[256]; dname_str(xfr->name, zname); addr_to_str(&addr, addrlen, as, sizeof(as)); @@ -6444,6 +6448,7 @@ void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A")); } } + regional_free_all(temp); } else { if(verbosity >= VERB_ALGO) { char zname[255+1]; diff --git a/services/cache/dns.c b/services/cache/dns.c index 7b6e142c9..f3149b614 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -890,9 +890,8 @@ dns_cache_lookup(struct module_env* env, lock_rw_unlock(&rrset->entry.lock); } - /* construct DS, DNSKEY, DLV messages from rrset cache. */ - if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY || - qtype == LDNS_RR_TYPE_DLV) && + /* construct DS, DNSKEY messages from rrset cache. */ + if((qtype == LDNS_RR_TYPE_DS || qtype == LDNS_RR_TYPE_DNSKEY) && (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, qtype, qclass, 0, now, 0))) { /* if the rrset is from the additional section, and the diff --git a/services/cache/infra.c b/services/cache/infra.c index c2484a9f1..2d16bcd6e 100644 --- a/services/cache/infra.c +++ b/services/cache/infra.c @@ -244,6 +244,7 @@ infra_create(struct config_file* cfg) return NULL; } infra->host_ttl = cfg->host_ttl; + infra->infra_keep_probing = cfg->infra_keep_probing; infra_dp_ratelimit = cfg->ratelimit; infra->domain_rates = slabhash_create(cfg->ratelimit_slabs, INFRA_HOST_STARTSIZE, cfg->ratelimit_size, @@ -297,6 +298,7 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg) if(!infra) return infra_create(cfg); infra->host_ttl = cfg->host_ttl; + infra->infra_keep_probing = cfg->infra_keep_probing; infra_dp_ratelimit = cfg->ratelimit; infra_ip_ratelimit = cfg->ip_ratelimit; maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+ @@ -445,6 +447,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, if(e && ((struct infra_data*)e->data)->ttl < timenow) { /* it expired, try to reuse existing entry */ int old = ((struct infra_data*)e->data)->rtt.rto; + time_t tprobe = ((struct infra_data*)e->data)->probedelay; uint8_t tA = ((struct infra_data*)e->data)->timeout_A; uint8_t tAAAA = ((struct infra_data*)e->data)->timeout_AAAA; uint8_t tother = ((struct infra_data*)e->data)->timeout_other; @@ -460,6 +463,7 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, if(old >= USEFUL_SERVER_TOP_TIMEOUT) { ((struct infra_data*)e->data)->rtt.rto = USEFUL_SERVER_TOP_TIMEOUT; + ((struct infra_data*)e->data)->probedelay = tprobe; ((struct infra_data*)e->data)->timeout_A = tA; ((struct infra_data*)e->data)->timeout_AAAA = tAAAA; ((struct infra_data*)e->data)->timeout_other = tother; @@ -482,7 +486,8 @@ infra_host(struct infra_cache* infra, struct sockaddr_storage* addr, *edns_vs = data->edns_version; *edns_lame_known = data->edns_lame_known; *to = rtt_timeout(&data->rtt); - if(*to >= PROBE_MAXRTO && rtt_notimeout(&data->rtt)*4 <= *to) { + if(*to >= PROBE_MAXRTO && (infra->infra_keep_probing || + rtt_notimeout(&data->rtt)*4 <= *to)) { /* delay other queries, this is the probe query */ if(!wr) { lock_rw_unlock(&e->lock); @@ -566,18 +571,27 @@ infra_rtt_update(struct infra_cache* infra, struct sockaddr_storage* addr, struct lruhash_entry* e = infra_lookup_nottl(infra, addr, addrlen, nm, nmlen, 1); struct infra_data* data; - int needtoinsert = 0; + int needtoinsert = 0, expired = 0; int rto = 1; + time_t oldprobedelay = 0; if(!e) { if(!(e = new_entry(infra, addr, addrlen, nm, nmlen, timenow))) return 0; needtoinsert = 1; } else if(((struct infra_data*)e->data)->ttl < timenow) { + oldprobedelay = ((struct infra_data*)e->data)->probedelay; data_entry_init(infra, e, timenow); + expired = 1; } /* have an entry, update the rtt */ data = (struct infra_data*)e->data; if(roundtrip == -1) { + if(needtoinsert || expired) { + /* timeout on entry that has expired before the timer + * keep old timeout from the function caller */ + data->rtt.rto = orig_rtt; + data->probedelay = oldprobedelay; + } rtt_lost(&data->rtt, orig_rtt); if(qtype == LDNS_RR_TYPE_A) { if(data->timeout_A < TIMEOUT_COUNT_MAX) @@ -681,7 +695,12 @@ infra_get_lame_rtt(struct infra_cache* infra, return 0; host = (struct infra_data*)e->data; *rtt = rtt_unclamped(&host->rtt); - if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay + if(host->rtt.rto >= PROBE_MAXRTO && timenow >= host->probedelay + && infra->infra_keep_probing) { + /* single probe, keep probing */ + if(*rtt >= USEFUL_SERVER_TOP_TIMEOUT) + *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; + } else if(host->rtt.rto >= PROBE_MAXRTO && timenow < host->probedelay && rtt_notimeout(&host->rtt)*4 <= host->rtt.rto) { /* single probe for this domain, and we are not probing */ /* unless the query type allows a probe to happen */ @@ -704,7 +723,8 @@ infra_get_lame_rtt(struct infra_cache* infra, /* see if this can be a re-probe of an unresponsive server */ /* minus 1000 because that is outside of the RTTBAND, so * blacklisted servers stay blacklisted if this is chosen */ - if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT) { + if(host->rtt.rto >= USEFUL_SERVER_TOP_TIMEOUT || + infra->infra_keep_probing) { lock_rw_unlock(&e->lock); *rtt = USEFUL_SERVER_TOP_TIMEOUT-1000; *lame = 0; diff --git a/services/cache/infra.h b/services/cache/infra.h index e33f2a6c0..14f97c4c6 100644 --- a/services/cache/infra.h +++ b/services/cache/infra.h @@ -114,6 +114,8 @@ struct infra_cache { struct slabhash* hosts; /** TTL value for host information, in seconds */ int host_ttl; + /** the hosts that are down are kept probed for recovery */ + int infra_keep_probing; /** hash table with query rates per name: rate_key, rate_data */ struct slabhash* domain_rates; /** ratelimit settings for domains, struct domain_limit_data */ diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index cc56d3fd3..629d4de72 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -43,6 +43,7 @@ # include #endif #include +#include #ifdef USE_TCP_FASTOPEN #include #endif @@ -53,6 +54,7 @@ #include "util/config_file.h" #include "util/net_help.h" #include "sldns/sbuffer.h" +#include "sldns/parseutil.h" #include "services/mesh.h" #include "util/fptr_wlist.h" #include "util/locks.h" @@ -70,20 +72,36 @@ #include #endif +#ifdef HAVE_IFADDRS_H +#include +#endif +#ifdef HAVE_NET_IF_H +#include +#endif + /** number of queued TCP connections for listen() */ #define TCP_BACKLOG 256 -/** number of simultaneous requests a client can have */ -#define TCP_MAX_REQ_SIMULTANEOUS 32 - #ifndef THREADS_DISABLED /** lock on the counter of stream buffer memory */ static lock_basic_type stream_wait_count_lock; +/** lock on the counter of HTTP2 query buffer memory */ +static lock_basic_type http2_query_buffer_count_lock; +/** lock on the counter of HTTP2 response buffer memory */ +static lock_basic_type http2_response_buffer_count_lock; #endif /** size (in bytes) of stream wait buffers */ static size_t stream_wait_count = 0; /** is the lock initialised for stream wait buffers */ static int stream_wait_lock_inited = 0; +/** size (in bytes) of HTTP2 query buffers */ +static size_t http2_query_buffer_count = 0; +/** is the lock initialised for HTTP2 query buffers */ +static int http2_query_buffer_lock_inited = 0; +/** size (in bytes) of HTTP2 response buffers */ +static size_t http2_response_buffer_count = 0; +/** is the lock initialised for HTTP2 response buffers */ +static int http2_response_buffer_lock_inited = 0; /** * Debug print of the getaddrinfo returned address. @@ -221,16 +239,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, *noproto = 1; return -1; } - log_err("can't create socket: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEAFNOSUPPORT || WSAGetLastError() == WSAEPROTONOSUPPORT) { *noproto = 1; return -1; } - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("can't create socket: %s", sock_strerror(errno)); *noproto = 0; return -1; } @@ -243,9 +259,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #ifdef SO_REUSEADDR if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); + sock_strerror(errno)); +#ifndef USE_WINSOCK if(errno != ENOSYS) { close(s); *noproto = 0; @@ -253,8 +269,6 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, return -1; } #else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); closesocket(s); *noproto = 0; *inuse = 0; @@ -346,16 +360,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { if(errno != EPERM) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_RCVBUFFORCE, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_RCVBUFFORCE, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -363,16 +370,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif /* SO_RCVBUFFORCE */ if(setsockopt(s, SOL_SOCKET, SO_RCVBUF, (void*)&rcv, (socklen_t)sizeof(rcv)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_RCVBUF, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_RCVBUF, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -405,16 +405,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if(setsockopt(s, SOL_SOCKET, SO_SNDBUFFORCE, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { if(errno != EPERM) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_SNDBUFFORCE, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_SNDBUFFORCE, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -422,16 +415,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, # endif /* SO_SNDBUFFORCE */ if(setsockopt(s, SOL_SOCKET, SO_SNDBUF, (void*)&snd, (socklen_t)sizeof(snd)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., SO_SNDBUF, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., SO_SNDBUF, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -461,16 +447,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int val=(v6only==2)?0:1; if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&val, (socklen_t)sizeof(val)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_V6ONLY" - ", ...) failed: %s", strerror(errno)); - close(s); -#else - log_err("setsockopt(..., IPV6_V6ONLY" - ", ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + ", ...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -488,16 +467,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, */ if (setsockopt(s, IPPROTO_IPV6, IPV6_USE_MIN_MTU, (void*)&on, (socklen_t)sizeof(on)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_USE_MIN_MTU, " - "...) failed: %s", strerror(errno)); - close(s); -# else - log_err("setsockopt(..., IPV6_USE_MIN_MTU, " - "...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + "...) failed: %s", sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -510,15 +482,9 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, */ if (setsockopt(s, IPPROTO_IPV6, IPV6_MTU, (void*)&mtu, (socklen_t)sizeof(mtu)) < 0) { -# ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", - strerror(errno)); - close(s); -# else - log_err("setsockopt(..., IPV6_MTU, ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -# endif + sock_strerror(errno)); + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -542,12 +508,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, if (errno != EINVAL) { log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_OMIT...) failed: %s", strerror(errno)); - -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -564,27 +525,21 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, &action, (socklen_t)sizeof(action)) < 0) { log_err("setsockopt(..., IP_MTU_DISCOVER, IP_PMTUDISC_DONT...) failed: %s", strerror(errno)); -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif + sock_close(s); *noproto = 0; *inuse = 0; return -1; } } -# elif defined(IP_DONTFRAG) +# elif defined(IP_DONTFRAG) && !defined(__APPLE__) + /* the IP_DONTFRAG option if defined in the 11.0 OSX headers, + * but does not work on that version, so we exclude it */ int off = 0; if (setsockopt(s, IPPROTO_IP, IP_DONTFRAG, &off, (socklen_t)sizeof(off)) < 0) { log_err("setsockopt(..., IP_DONTFRAG, ...) failed: %s", strerror(errno)); -# ifndef USE_WINSOCK - close(s); -# else - closesocket(s); -# endif + sock_close(s); *noproto = 0; *inuse = 0; return -1; @@ -614,7 +569,6 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, (struct sockaddr_storage*)addr, addrlen); } #endif /* EADDRINUSE */ - close(s); #else /* USE_WINSOCK */ if(WSAGetLastError() != WSAEADDRINUSE && WSAGetLastError() != WSAEADDRNOTAVAIL && @@ -623,18 +577,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr, addrlen); } - closesocket(s); #endif /* USE_WINSOCK */ + sock_close(s); return -1; } if(!fd_set_nonblock(s)) { *noproto = 0; *inuse = 0; -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; } return s; @@ -642,7 +592,8 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp) + int* reuseport, int transparent, int mss, int nodelay, int freebind, + int use_systemd, int dscp) { int s; char* err; @@ -678,29 +629,38 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, *noproto = 1; return -1; } - log_err("can't create socket: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEAFNOSUPPORT || WSAGetLastError() == WSAEPROTONOSUPPORT) { *noproto = 1; return -1; } - log_err("can't create socket: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("can't create socket: %s", sock_strerror(errno)); return -1; } + if(nodelay) { +#if defined(IPPROTO_TCP) && defined(TCP_NODELAY) + if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + #ifndef USE_WINSOCK + log_err(" setsockopt(.. TCP_NODELAY ..) failed: %s", + strerror(errno)); + #else + log_err(" setsockopt(.. TCP_NODELAY ..) failed: %s", + wsa_strerror(WSAGetLastError())); + #endif + } +#else + log_warn(" setsockopt(TCP_NODELAY) unsupported"); +#endif /* defined(IPPROTO_TCP) && defined(TCP_NODELAY) */ + } if (mss > 0) { #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, (void*)&mss, (socklen_t)sizeof(mss)) < 0) { - #ifndef USE_WINSOCK log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", - strerror(errno)); - #else - log_err(" setsockopt(.. TCP_MAXSEG ..) failed: %s", - wsa_strerror(WSAGetLastError())); - #endif + sock_strerror(errno)); } else { verbose(VERB_ALGO, " tcp socket mss set to %d", mss); @@ -717,15 +677,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, #ifdef SO_REUSEADDR if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + sock_strerror(errno)); + sock_close(s); return -1; } #endif /* SO_REUSEADDR */ @@ -760,15 +714,9 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, if(addr->ai_family == AF_INET6 && v6only) { if(setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void*)&on, (socklen_t)sizeof(on)) < 0) { -#ifndef USE_WINSOCK log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", - strerror(errno)); - close(s); -#else - log_err("setsockopt(..., IPV6_V6ONLY, ...) failed: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + sock_strerror(errno)); + sock_close(s); return -1; } } @@ -815,32 +763,22 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, (struct sockaddr_storage*)addr->ai_addr, addr->ai_addrlen); } - close(s); #else log_err_addr("can't bind socket", wsa_strerror(WSAGetLastError()), (struct sockaddr_storage*)addr->ai_addr, addr->ai_addrlen); - closesocket(s); #endif + sock_close(s); return -1; } if(!fd_set_nonblock(s)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; } if(listen(s, TCP_BACKLOG) == -1) { -#ifndef USE_WINSOCK - log_err("can't listen: %s", strerror(errno)); - close(s); -#else - log_err("can't listen: %s", wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + log_err("can't listen: %s", sock_strerror(errno)); + sock_close(s); return -1; } #ifdef USE_TCP_FASTOPEN @@ -895,34 +833,6 @@ set_ip_dscp(int socket, int addrfamily, int dscp) return NULL; } -# ifndef USE_WINSOCK -char* -sock_strerror(int errn) -{ - return strerror(errn); -} - -void -sock_close(int socket) -{ - close(socket); -} - -# else -char* -sock_strerror(int ATTR_UNUSED(errn)) -{ - return wsa_strerror(WSAGetLastError()); -} - -void -sock_close(int socket) -{ - closesocket(socket); -} - -# endif /* USE_WINSOCK */ - int create_local_accept_sock(const char *path, int* noproto, int use_systemd) { @@ -983,11 +893,7 @@ create_local_accept_sock(const char *path, int* noproto, int use_systemd) return s; err: -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return -1; #ifdef HAVE_SYSTEMD @@ -1009,7 +915,8 @@ err: static int make_sock(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp) + int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, + int use_systemd, int dscp) { struct addrinfo *res = NULL; int r, s, inuse, noproto; @@ -1045,7 +952,8 @@ make_sock(int stype, const char* ifname, const char* port, } } else { s = create_tcp_accept_sock(res, v6only, &noproto, reuseport, - transparent, tcp_mss, freebind, use_systemd, dscp); + transparent, tcp_mss, nodelay, freebind, use_systemd, + dscp); if(s == -1 && noproto && hints->ai_family == AF_INET6){ *noip6 = 1; } @@ -1058,7 +966,8 @@ make_sock(int stype, const char* ifname, const char* port, static int make_sock_port(int stype, const char* ifname, const char* port, struct addrinfo *hints, int v6only, int* noip6, size_t rcv, size_t snd, - int* reuseport, int transparent, int tcp_mss, int freebind, int use_systemd, int dscp) + int* reuseport, int transparent, int tcp_mss, int nodelay, int freebind, + int use_systemd, int dscp) { char* s = strchr(ifname, '@'); if(s) { @@ -1079,11 +988,13 @@ make_sock_port(int stype, const char* ifname, const char* port, newif[s-ifname] = 0; (void)strlcpy(p, s+1, sizeof(p)); p[strlen(s+1)]=0; - return make_sock(stype, newif, p, hints, v6only, noip6, - rcv, snd, reuseport, transparent, tcp_mss, freebind, use_systemd, dscp); + return make_sock(stype, newif, p, hints, v6only, noip6, rcv, + snd, reuseport, transparent, tcp_mss, nodelay, freebind, + use_systemd, dscp); } return make_sock(stype, ifname, port, hints, v6only, noip6, rcv, snd, - reuseport, transparent, tcp_mss, freebind, use_systemd, dscp); + reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, + dscp); } /** @@ -1182,6 +1093,18 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, return 0; } +/** see if interface is https, its port number == the https port number */ +static int +if_is_https(const char* ifname, const char* port, int https_port) +{ + char* p = strchr(ifname, '@'); + if(!p && atoi(port) == https_port) + return 1; + if(p && atoi(p+1) == https_port) + return 1; + return 0; +} + /** * Helper for ports_open. Creates one interface (or NULL for default). * @param ifname: The interface ip address. @@ -1196,11 +1119,13 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port, * @param snd: send buffer size for UDP * @param ssl_port: ssl service port number * @param tls_additional_port: list of additional ssl service port numbers. + * @param https_port: DoH service port number * @param reuseport: try to set SO_REUSEPORT if nonNULL and true. * set to false on exit if reuseport failed due to no kernel support. * @param transparent: set IP_TRANSPARENT socket option. * @param tcp_mss: maximum segment size of tcp socket. default if zero. * @param freebind: set IP_FREEBIND socket option. + * @param http2_nodelay: set TCP_NODELAY on HTTP/2 connection * @param use_systemd: if true, fetch sockets from systemd. * @param dnscrypt_port: dnscrypt service port number * @param dscp: DSCP to use. @@ -1210,11 +1135,13 @@ static int ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, struct addrinfo *hints, const char* port, struct listen_port** list, size_t rcv, size_t snd, int ssl_port, - struct config_strlist* tls_additional_port, int* reuseport, - int transparent, int tcp_mss, int freebind, int use_systemd, - int dnscrypt_port, int dscp) + struct config_strlist* tls_additional_port, int https_port, + int* reuseport, int transparent, int tcp_mss, int freebind, + int http2_nodelay, int use_systemd, int dnscrypt_port, int dscp) { int s, noip6=0; + int is_https = if_is_https(ifname, port, https_port); + int nodelay = is_https && http2_nodelay; #ifdef USE_DNSCRYPT int is_dnscrypt = ((strchr(ifname, '@') && atoi(strchr(ifname, '@')+1) == dnscrypt_port) || @@ -1229,7 +1156,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, if(do_auto) { if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1238,27 +1165,19 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } /* getting source addr packet info is highly non-portable */ if(!set_recvpktinfo(s, hints->ai_family)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } if(!port_insert(list, s, is_dnscrypt?listen_type_udpancil_dnscrypt:listen_type_udpancil)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } } else if(do_udp) { /* regular udp socket */ if((s = make_sock_port(SOCK_DGRAM, ifname, port, hints, 1, &noip6, rcv, snd, reuseport, transparent, - tcp_mss, freebind, use_systemd, dscp)) == -1) { + tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { if(noip6) { log_warn("IPv6 protocol not available"); return 1; @@ -1267,19 +1186,24 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } if(!port_insert(list, s, is_dnscrypt?listen_type_udp_dnscrypt:listen_type_udp)) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } } if(do_tcp) { int is_ssl = if_is_ssl(ifname, port, ssl_port, tls_additional_port); + enum listen_type port_type; + if(is_ssl) + port_type = listen_type_ssl; + else if(is_https) + port_type = listen_type_http; + else if(is_dnscrypt) + port_type = listen_type_tcp_dnscrypt; + else + port_type = listen_type_tcp; if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, - &noip6, 0, 0, reuseport, transparent, tcp_mss, + &noip6, 0, 0, reuseport, transparent, tcp_mss, nodelay, freebind, use_systemd, dscp)) == -1) { if(noip6) { /*log_warn("IPv6 protocol not available");*/ @@ -1289,13 +1213,8 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, } if(is_ssl) verbose(VERB_ALGO, "setup TCP for SSL service"); - if(!port_insert(list, s, is_ssl?listen_type_ssl: - (is_dnscrypt?listen_type_tcp_dnscrypt:listen_type_tcp))) { -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + if(!port_insert(list, s, port_type)) { + sock_close(s); return 0; } } @@ -1324,8 +1243,10 @@ listen_cp_insert(struct comm_point* c, struct listen_dnsport* front) struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ports, size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, - struct tcl_list* tcp_conn_limit, void* sslctx, - struct dt_env* dtenv, comm_point_callback_type* cb, void *cb_arg) + int harden_large_queries, uint32_t http_max_streams, + char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit, + void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb, + void *cb_arg) { struct listen_dnsport* front = (struct listen_dnsport*) malloc(sizeof(struct listen_dnsport)); @@ -1344,6 +1265,14 @@ listen_create(struct comm_base* base, struct listen_port* ports, lock_basic_init(&stream_wait_count_lock); stream_wait_lock_inited = 1; } + if(!http2_query_buffer_lock_inited) { + lock_basic_init(&http2_query_buffer_count_lock); + http2_query_buffer_lock_inited = 1; + } + if(!http2_response_buffer_lock_inited) { + lock_basic_init(&http2_response_buffer_count_lock); + http2_response_buffer_lock_inited = 1; + } /* create comm points as needed */ while(ports) { @@ -1356,14 +1285,40 @@ listen_create(struct comm_base* base, struct listen_port* ports, ports->ftype == listen_type_tcp_dnscrypt) cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, + harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, - cb, cb_arg); - else if(ports->ftype == listen_type_ssl) { + ports->ftype, cb, cb_arg); + else if(ports->ftype == listen_type_ssl || + ports->ftype == listen_type_http) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, + harden_large_queries, + http_max_streams, http_endpoint, tcp_conn_limit, bufsize, front->udp_buff, - cb, cb_arg); - cp->ssl = sslctx; + ports->ftype, cb, cb_arg); + if(http_notls && ports->ftype == listen_type_http) + cp->ssl = NULL; + else + cp->ssl = sslctx; + if(ports->ftype == listen_type_http) { + if(!sslctx && !http_notls) { + log_warn("HTTPS port configured, but no TLS " + "tls-service-key or tls-service-pem " + "set"); + } +#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB + if(!http_notls) + log_warn("Unbound is not compiled with an " + "OpenSSL version supporting ALPN " + " (OpenSSL >= 1.0.2). This is required " + "to use DNS-over-HTTPS"); +#endif +#ifndef HAVE_NGHTTP2_NGHTTP2_H + log_warn("Unbound is not compiled with " + "nghttp2. This is required to use " + "DNS-over-HTTPS."); +#endif + } } else if(ports->ftype == listen_type_udpancil || ports->ftype == listen_type_udpancil_dnscrypt) cp = comm_point_create_udp_ancil(base, ports->fd, @@ -1437,10 +1392,178 @@ listen_delete(struct listen_dnsport* front) stream_wait_lock_inited = 0; lock_basic_destroy(&stream_wait_count_lock); } + if(http2_query_buffer_lock_inited) { + http2_query_buffer_lock_inited = 0; + lock_basic_destroy(&http2_query_buffer_count_lock); + } + if(http2_response_buffer_lock_inited) { + http2_response_buffer_lock_inited = 0; + lock_basic_destroy(&http2_response_buffer_count_lock); + } +} + +#ifdef HAVE_GETIFADDRS +static int +resolve_ifa_name(struct ifaddrs *ifas, const char *search_ifa, char ***ip_addresses, int *ip_addresses_size) +{ + struct ifaddrs *ifa; + void *tmpbuf; + int last_ip_addresses_size = *ip_addresses_size; + + for(ifa = ifas; ifa != NULL; ifa = ifa->ifa_next) { + sa_family_t family; + const char* atsign; +#ifdef INET6 /* | address ip | % | ifa name | @ | port | nul */ + char addr_buf[INET6_ADDRSTRLEN + 1 + IF_NAMESIZE + 1 + 16 + 1]; +#else + char addr_buf[INET_ADDRSTRLEN + 1 + 16 + 1]; +#endif + + if((atsign=strrchr(search_ifa, '@')) != NULL) { + if(strlen(ifa->ifa_name) != (size_t)(atsign-search_ifa) + || strncmp(ifa->ifa_name, search_ifa, + atsign-search_ifa) != 0) + continue; + } else { + if(strcmp(ifa->ifa_name, search_ifa) != 0) + continue; + atsign = ""; + } + + if(ifa->ifa_addr == NULL) + continue; + + family = ifa->ifa_addr->sa_family; + if(family == AF_INET) { + char a4[INET_ADDRSTRLEN + 1]; + struct sockaddr_in *in4 = (struct sockaddr_in *) + ifa->ifa_addr; + if(!inet_ntop(family, &in4->sin_addr, a4, sizeof(a4))) { + log_err("inet_ntop failed"); + return 0; + } + snprintf(addr_buf, sizeof(addr_buf), "%s%s", + a4, atsign); + } +#ifdef INET6 + else if(family == AF_INET6) { + struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) + ifa->ifa_addr; + char a6[INET6_ADDRSTRLEN + 1]; + char if_index_name[IF_NAMESIZE + 1]; + if_index_name[0] = 0; + if(!inet_ntop(family, &in6->sin6_addr, a6, sizeof(a6))) { + log_err("inet_ntop failed"); + return 0; + } + if_indextoname(in6->sin6_scope_id, + (char *)if_index_name); + if (strlen(if_index_name) != 0) { + snprintf(addr_buf, sizeof(addr_buf), + "%s%%%s%s", a6, if_index_name, atsign); + } else { + snprintf(addr_buf, sizeof(addr_buf), "%s%s", + a6, atsign); + } + } +#endif + else { + continue; + } + verbose(4, "interface %s has address %s", search_ifa, addr_buf); + + tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); + if(!tmpbuf) { + log_err("realloc failed: out of memory"); + return 0; + } else { + *ip_addresses = tmpbuf; + } + (*ip_addresses)[*ip_addresses_size] = strdup(addr_buf); + if(!(*ip_addresses)[*ip_addresses_size]) { + log_err("strdup failed: out of memory"); + return 0; + } + (*ip_addresses_size)++; + } + + if (*ip_addresses_size == last_ip_addresses_size) { + tmpbuf = realloc(*ip_addresses, sizeof(char *) * (*ip_addresses_size + 1)); + if(!tmpbuf) { + log_err("realloc failed: out of memory"); + return 0; + } else { + *ip_addresses = tmpbuf; + } + (*ip_addresses)[*ip_addresses_size] = strdup(search_ifa); + if(!(*ip_addresses)[*ip_addresses_size]) { + log_err("strdup failed: out of memory"); + return 0; + } + (*ip_addresses_size)++; + } + return 1; +} +#endif /* HAVE_GETIFADDRS */ + +int resolve_interface_names(struct config_file* cfg, char*** resif, + int* num_resif) +{ +#ifdef HAVE_GETIFADDRS + int i; + struct ifaddrs *addrs = NULL; + if(cfg->num_ifs == 0) { + *resif = NULL; + *num_resif = 0; + return 1; + } + if(getifaddrs(&addrs) == -1) { + log_err("failed to list interfaces: getifaddrs: %s", + strerror(errno)); + freeifaddrs(addrs); + return 0; + } + for(i=0; inum_ifs; i++) { + if(!resolve_ifa_name(addrs, cfg->ifs[i], resif, num_resif)) { + freeifaddrs(addrs); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } + } + freeifaddrs(addrs); + return 1; +#else + int i; + if(cfg->num_ifs == 0) { + *resif = NULL; + *num_resif = 0; + return 1; + } + *num_resif = cfg->num_ifs; + *resif = calloc(*num_resif, sizeof(**resif)); + if(!*resif) { + log_err("out of memory"); + return 0; + } + for(i=0; i<*num_resif; i++) { + (*resif)[i] = strdup(cfg->ifs[i]); + if(!((*resif)[i])) { + log_err("out of memory"); + config_del_strarray(*resif, *num_resif); + *resif = NULL; + *num_resif = 0; + return 0; + } + } + return 1; +#endif /* HAVE_GETIFADDRS */ } struct listen_port* -listening_ports_open(struct config_file* cfg, int* reuseport) +listening_ports_open(struct config_file* cfg, char** ifs, int num_ifs, + int* reuseport) { struct listen_port* list = NULL; struct addrinfo hints; @@ -1459,7 +1582,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) memset(&hints, 0, sizeof(hints)); hints.ai_flags = AI_PASSIVE; /* no name lookups on our listening ports */ - if(cfg->num_ifs > 0) + if(num_ifs > 0) hints.ai_flags |= AI_NUMERICHOST; hints.ai_family = AF_UNSPEC; #ifndef INET6 @@ -1469,7 +1592,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport) return NULL; } /* create ip4 and ip6 ports so that return addresses are nice. */ - if(do_auto || cfg->num_ifs == 0) { + if(do_auto || num_ifs == 0) { if(do_ip6) { hints.ai_family = AF_INET6; if(!ports_create_if(do_auto?"::0":"::1", @@ -1477,8 +1600,9 @@ listening_ports_open(struct config_file* cfg, int* reuseport) &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; @@ -1491,24 +1615,26 @@ listening_ports_open(struct config_file* cfg, int* reuseport) &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; } } - } else for(i = 0; inum_ifs; i++) { - if(str_is_ip6(cfg->ifs[i])) { + } else for(i = 0; iifs[i], 0, cfg->do_udp, + if(!ports_create_if(ifs[i], 0, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; @@ -1517,12 +1643,13 @@ listening_ports_open(struct config_file* cfg, int* reuseport) if(!do_ip4) continue; hints.ai_family = AF_INET; - if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, + if(!ports_create_if(ifs[i], 0, cfg->do_udp, do_tcp, &hints, portbuf, &list, cfg->so_rcvbuf, cfg->so_sndbuf, cfg->ssl_port, cfg->tls_additional_port, - reuseport, cfg->ip_transparent, - cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd, + cfg->https_port, reuseport, cfg->ip_transparent, + cfg->tcp_mss, cfg->ip_freebind, + cfg->http_nodelay, cfg->use_systemd, cfg->dnscrypt_port, cfg->ip_dscp)) { listening_ports_free(list); return NULL; @@ -1538,11 +1665,7 @@ void listening_ports_free(struct listen_port* list) while(list) { nx = list->next; if(list->fd != -1) { -#ifndef USE_WINSOCK - close(list->fd); -#else - closesocket(list->fd); -#endif + sock_close(list->fd); } free(list); list = nx; @@ -1691,20 +1814,19 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) if(!req->cp->tcp_is_reading) wr = 1; - if(req->num_open_req + req->num_done_req < TCP_MAX_REQ_SIMULTANEOUS && - !req->read_is_closed) + if(!req->read_is_closed) rd = 1; if(wr) { req->cp->tcp_is_reading = 0; comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); } else if(rd) { req->cp->tcp_is_reading = 1; comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); /* and also read it (from SSL stack buffers), so * no event read event is expected since the remainder of * the TLS frame is sitting in the buffers. */ @@ -1712,7 +1834,7 @@ tcp_req_info_setup_listen(struct tcp_req_info* req) } else { comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); comm_point_listen_for_rw(req->cp, 0, 0); } } @@ -1825,7 +1947,7 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req) send_it: c->tcp_is_reading = 0; comm_point_stop_listening(c); - comm_point_start_listening(c, -1, c->tcp_timeout_msec); + comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); return; } req->in_worker_handle = 0; @@ -1943,7 +2065,7 @@ tcp_req_info_send_reply(struct tcp_req_info* req) /* switch to listen to write events */ comm_point_stop_listening(req->cp); comm_point_start_listening(req->cp, -1, - req->cp->tcp_timeout_msec); + adjusted_tcp_timeout(req->cp)); return; } /* queue up the answer behind the others already pending */ @@ -1964,3 +2086,740 @@ size_t tcp_req_info_get_stream_buffer_size(void) lock_basic_unlock(&stream_wait_count_lock); return s; } + +size_t http2_get_query_buffer_size(void) +{ + size_t s; + if(!http2_query_buffer_lock_inited) + return http2_query_buffer_count; + lock_basic_lock(&http2_query_buffer_count_lock); + s = http2_query_buffer_count; + lock_basic_unlock(&http2_query_buffer_count_lock); + return s; +} + +size_t http2_get_response_buffer_size(void) +{ + size_t s; + if(!http2_response_buffer_lock_inited) + return http2_response_buffer_count; + lock_basic_lock(&http2_response_buffer_count_lock); + s = http2_response_buffer_count; + lock_basic_unlock(&http2_response_buffer_count_lock); + return s; +} + +#ifdef HAVE_NGHTTP2 +/** nghttp2 callback. Used to copy response from rbuffer to nghttp2 session */ +static ssize_t http2_submit_response_read_callback( + nghttp2_session* ATTR_UNUSED(session), + int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, + nghttp2_data_source* source, void* ATTR_UNUSED(cb_arg)) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = source->ptr; + size_t copylen = length; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + verbose(VERB_QUERY, "http2: cannot get stream data, closing " + "stream"); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + if(!h2_stream->rbuffer || + sldns_buffer_remaining(h2_stream->rbuffer) == 0) { + verbose(VERB_QUERY, "http2: cannot submit buffer. No data " + "available in rbuffer"); + /* rbuffer will be free'd in frame close cb */ + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + + if(copylen > sldns_buffer_remaining(h2_stream->rbuffer)) + copylen = sldns_buffer_remaining(h2_stream->rbuffer); + if(copylen > SSIZE_MAX) + copylen = SSIZE_MAX; /* will probably never happen */ + + memcpy(buf, sldns_buffer_current(h2_stream->rbuffer), copylen); + sldns_buffer_skip(h2_stream->rbuffer, copylen); + + if(sldns_buffer_remaining(h2_stream->rbuffer) == 0) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + lock_basic_lock(&http2_response_buffer_count_lock); + http2_response_buffer_count -= + sldns_buffer_capacity(h2_stream->rbuffer); + lock_basic_unlock(&http2_response_buffer_count_lock); + sldns_buffer_free(h2_stream->rbuffer); + h2_stream->rbuffer = NULL; + } + + return copylen; +} + +/** + * Send RST_STREAM frame for stream. + * @param h2_session: http2 session to submit frame to + * @param h2_stream: http2 stream containing frame ID to use in RST_STREAM + * @return 0 on error, 1 otherwise + */ +static int http2_submit_rst_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + int ret = nghttp2_submit_rst_stream(h2_session->session, + NGHTTP2_FLAG_NONE, h2_stream->stream_id, + NGHTTP2_INTERNAL_ERROR); + if(ret) { + verbose(VERB_QUERY, "http2: nghttp2_submit_rst_stream failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} + +/** + * DNS response ready to be submitted to nghttp2, to be prepared for sending + * out. Response is stored in c->buffer. Copy to rbuffer because the c->buffer + * might be used before this will be sent out. + * @param h2_session: http2 session, containing c->buffer which contains answer + * @return 0 on error, 1 otherwise + */ +int http2_submit_dns_response(struct http2_session* h2_session) +{ + int ret; + nghttp2_data_provider data_prd; + char status[4]; + nghttp2_nv headers[3]; + struct http2_stream* h2_stream = h2_session->c->h2_stream; + size_t rlen; + char rlen_str[32]; + + if(h2_stream->rbuffer) { + log_err("http2 submit response error: rbuffer already " + "exists"); + return 0; + } + if(sldns_buffer_remaining(h2_session->c->buffer) == 0) { + log_err("http2 submit response error: c->buffer not complete"); + return 0; + } + + if(snprintf(status, 4, "%d", h2_stream->status) != 3) { + verbose(VERB_QUERY, "http2: submit response error: " + "invalid status"); + return 0; + } + + rlen = sldns_buffer_remaining(h2_session->c->buffer); + snprintf(rlen_str, sizeof(rlen_str), "%u", (unsigned)rlen); + + lock_basic_lock(&http2_response_buffer_count_lock); + if(http2_response_buffer_count + rlen > http2_response_buffer_max) { + lock_basic_unlock(&http2_response_buffer_count_lock); + verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " + "in https-response-buffer-size"); + return http2_submit_rst_stream(h2_session, h2_stream); + } + http2_response_buffer_count += rlen; + lock_basic_unlock(&http2_response_buffer_count_lock); + + if(!(h2_stream->rbuffer = sldns_buffer_new(rlen))) { + lock_basic_lock(&http2_response_buffer_count_lock); + http2_response_buffer_count -= rlen; + lock_basic_unlock(&http2_response_buffer_count_lock); + log_err("http2 submit response error: malloc failure"); + return 0; + } + + headers[0].name = (uint8_t*)":status"; + headers[0].namelen = 7; + headers[0].value = (uint8_t*)status; + headers[0].valuelen = 3; + headers[0].flags = NGHTTP2_NV_FLAG_NONE; + + headers[1].name = (uint8_t*)"content-type"; + headers[1].namelen = 12; + headers[1].value = (uint8_t*)"application/dns-message"; + headers[1].valuelen = 23; + headers[1].flags = NGHTTP2_NV_FLAG_NONE; + + headers[2].name = (uint8_t*)"content-length"; + headers[2].namelen = 14; + headers[2].value = (uint8_t*)rlen_str; + headers[2].valuelen = strlen(rlen_str); + headers[2].flags = NGHTTP2_NV_FLAG_NONE; + + sldns_buffer_write(h2_stream->rbuffer, + sldns_buffer_current(h2_session->c->buffer), + sldns_buffer_remaining(h2_session->c->buffer)); + sldns_buffer_flip(h2_stream->rbuffer); + + data_prd.source.ptr = h2_session; + data_prd.read_callback = http2_submit_response_read_callback; + ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id, + headers, 3, &data_prd); + if(ret) { + verbose(VERB_QUERY, "http2: set_stream_user_data failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} +#else +int http2_submit_dns_response(void* ATTR_UNUSED(v)) +{ + return 0; +} +#endif + +#ifdef HAVE_NGHTTP2 +/** HTTP status to descriptive string */ +static char* http_status_to_str(enum http_status s) +{ + switch(s) { + case HTTP_STATUS_OK: + return "OK"; + case HTTP_STATUS_BAD_REQUEST: + return "Bad Request"; + case HTTP_STATUS_NOT_FOUND: + return "Not Found"; + case HTTP_STATUS_PAYLOAD_TOO_LARGE: + return "Payload Too Large"; + case HTTP_STATUS_URI_TOO_LONG: + return "URI Too Long"; + case HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE: + return "Unsupported Media Type"; + case HTTP_STATUS_NOT_IMPLEMENTED: + return "Not Implemented"; + } + return "Status Unknown"; +} + +/** nghttp2 callback. Used to copy error message to nghttp2 session */ +static ssize_t http2_submit_error_read_callback( + nghttp2_session* ATTR_UNUSED(session), + int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, + nghttp2_data_source* source, void* ATTR_UNUSED(cb_arg)) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = source->ptr; + char* msg; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + verbose(VERB_QUERY, "http2: cannot get stream data, closing " + "stream"); + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + } + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + msg = http_status_to_str(h2_stream->status); + if(length < strlen(msg)) + return 0; /* not worth trying over multiple frames */ + memcpy(buf, msg, strlen(msg)); + return strlen(msg); + +} + +/** + * HTTP error response ready to be submitted to nghttp2, to be prepared for + * sending out. Message body will contain descriptive string for HTTP status. + * @param h2_session: http2 session to submit to + * @param h2_stream: http2 stream containing HTTP status to use for error + * @return 0 on error, 1 otherwise + */ +static int http2_submit_error(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + int ret; + char status[4]; + nghttp2_data_provider data_prd; + nghttp2_nv headers[1]; /* will be copied by nghttp */ + if(snprintf(status, 4, "%d", h2_stream->status) != 3) { + verbose(VERB_QUERY, "http2: submit error failed, " + "invalid status"); + return 0; + } + headers[0].name = (uint8_t*)":status"; + headers[0].namelen = 7; + headers[0].value = (uint8_t*)status; + headers[0].valuelen = 3; + headers[0].flags = NGHTTP2_NV_FLAG_NONE; + + data_prd.source.ptr = h2_session; + data_prd.read_callback = http2_submit_error_read_callback; + + ret = nghttp2_submit_response(h2_session->session, h2_stream->stream_id, + headers, 1, &data_prd); + if(ret) { + verbose(VERB_QUERY, "http2: submit error failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} + +/** + * Start query handling. Query is stored in the stream, and will be free'd here. + * @param h2_session: http2 session, containing comm point + * @param h2_stream: stream containing buffered query + * @return: -1 on error, 1 if answer is stored in c->buffer, 0 if there is no + * reply available (yet). + */ +static int http2_query_read_done(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + log_assert(h2_stream->qbuffer); + + if(h2_session->c->h2_stream) { + verbose(VERB_ALGO, "http2_query_read_done failure: shared " + "buffer already assigned to stream"); + return -1; + } + if(sldns_buffer_remaining(h2_session->c->buffer) < + sldns_buffer_remaining(h2_stream->qbuffer)) { + /* qbuffer will be free'd in frame close cb */ + sldns_buffer_clear(h2_session->c->buffer); + verbose(VERB_ALGO, "http2_query_read_done failure: can't fit " + "qbuffer in c->buffer"); + return -1; + } + + sldns_buffer_write(h2_session->c->buffer, + sldns_buffer_current(h2_stream->qbuffer), + sldns_buffer_remaining(h2_stream->qbuffer)); + + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= sldns_buffer_capacity(h2_stream->qbuffer); + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + + sldns_buffer_flip(h2_session->c->buffer); + h2_session->c->h2_stream = h2_stream; + fptr_ok(fptr_whitelist_comm_point(h2_session->c->callback)); + if((*h2_session->c->callback)(h2_session->c, h2_session->c->cb_arg, + NETEVENT_NOERROR, &h2_session->c->repinfo)) { + return 1; /* answer in c->buffer */ + } + sldns_buffer_clear(h2_session->c->buffer); + h2_session->c->h2_stream = NULL; + return 0; /* mesh state added, or dropped */ +} + +/** nghttp2 callback. Used to check if the received frame indicates the end of a + * stream. Gather collected request data and start query handling. */ +static int http2_req_frame_recv_cb(nghttp2_session* session, + const nghttp2_frame* frame, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + int query_read_done; + + if((frame->hd.type != NGHTTP2_DATA && + frame->hd.type != NGHTTP2_HEADERS) || + !(frame->hd.flags & NGHTTP2_FLAG_END_STREAM)) { + return 0; + } + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + session, frame->hd.stream_id))) + return 0; + + if(h2_stream->invalid_endpoint) { + h2_stream->status = HTTP_STATUS_NOT_FOUND; + goto submit_http_error; + } + + if(h2_stream->invalid_content_type) { + h2_stream->status = HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE; + goto submit_http_error; + } + + if(h2_stream->http_method != HTTP_METHOD_GET && + h2_stream->http_method != HTTP_METHOD_POST) { + h2_stream->status = HTTP_STATUS_NOT_IMPLEMENTED; + goto submit_http_error; + } + + if(h2_stream->query_too_large) { + if(h2_stream->http_method == HTTP_METHOD_POST) + h2_stream->status = HTTP_STATUS_PAYLOAD_TOO_LARGE; + else + h2_stream->status = HTTP_STATUS_URI_TOO_LONG; + goto submit_http_error; + } + + if(!h2_stream->qbuffer) { + h2_stream->status = HTTP_STATUS_BAD_REQUEST; + goto submit_http_error; + } + + if(h2_stream->status) { +submit_http_error: + verbose(VERB_QUERY, "http2 request invalid, returning :status=" + "%d", h2_stream->status); + if(!http2_submit_error(h2_session, h2_stream)) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + h2_stream->status = HTTP_STATUS_OK; + + sldns_buffer_flip(h2_stream->qbuffer); + h2_session->postpone_drop = 1; + query_read_done = http2_query_read_done(h2_session, h2_stream); + if(query_read_done < 0) + return NGHTTP2_ERR_CALLBACK_FAILURE; + else if(!query_read_done) { + if(h2_session->is_drop) { + /* connection needs to be closed. Return failure to make + * sure no other action are taken anymore on comm point. + * failure will result in reclaiming (and closing) + * of comm point. */ + verbose(VERB_QUERY, "http2 query dropped in worker cb"); + h2_session->postpone_drop = 0; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + /* nothing to submit right now, query added to mesh. */ + h2_session->postpone_drop = 0; + return 0; + } + if(!http2_submit_dns_response(h2_session)) { + sldns_buffer_clear(h2_session->c->buffer); + h2_session->c->h2_stream = NULL; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + verbose(VERB_QUERY, "http2 query submitted to session"); + sldns_buffer_clear(h2_session->c->buffer); + h2_session->c->h2_stream = NULL; + return 0; +} + +/** nghttp2 callback. Used to detect start of new streams. */ +static int http2_req_begin_headers_cb(nghttp2_session* session, + const nghttp2_frame* frame, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + int ret; + if(frame->hd.type != NGHTTP2_HEADERS || + frame->headers.cat != NGHTTP2_HCAT_REQUEST) { + /* only interrested in request headers */ + return 0; + } + if(!(h2_stream = http2_stream_create(frame->hd.stream_id))) { + log_err("malloc failure while creating http2 stream"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + http2_session_add_stream(h2_session, h2_stream); + ret = nghttp2_session_set_stream_user_data(session, + frame->hd.stream_id, h2_stream); + if(ret) { + /* stream does not exist */ + verbose(VERB_QUERY, "http2: set_stream_user_data failed, " + "error: %s", nghttp2_strerror(ret)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + return 0; +} + +/** + * base64url decode, store in qbuffer + * @param h2_session: http2 session + * @param h2_stream: http2 stream + * @param start: start of the base64 string + * @param length: length of the base64 string + * @return: 0 on error, 1 otherwise. query will be stored in h2_stream->qbuffer, + * buffer will be NULL is unparseble. + */ +static int http2_buffer_uri_query(struct http2_session* h2_session, + struct http2_stream* h2_stream, const uint8_t* start, size_t length) +{ + size_t expectb64len; + int b64len; + if(h2_stream->http_method == HTTP_METHOD_POST) + return 1; + if(length == 0) + return 1; + if(h2_stream->qbuffer) { + verbose(VERB_ALGO, "http2_req_header fail, " + "qbuffer already set"); + return 0; + } + + /* calculate size, might be a bit bigger than the real + * decoded buffer size */ + expectb64len = sldns_b64_pton_calculate_size(length); + log_assert(expectb64len > 0); + if(expectb64len > + h2_session->c->http2_stream_max_qbuffer_size) { + h2_stream->query_too_large = 1; + return 1; + } + + lock_basic_lock(&http2_query_buffer_count_lock); + if(http2_query_buffer_count + expectb64len > http2_query_buffer_max) { + lock_basic_unlock(&http2_query_buffer_count_lock); + verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " + "in http2-query-buffer-size"); + return http2_submit_rst_stream(h2_session, h2_stream); + } + http2_query_buffer_count += expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + if(!(h2_stream->qbuffer = sldns_buffer_new(expectb64len))) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + log_err("http2_req_header fail, qbuffer " + "malloc failure"); + return 0; + } + + if(!(b64len = sldns_b64url_pton( + (char const *)start, length, + sldns_buffer_current(h2_stream->qbuffer), + expectb64len)) || b64len < 0) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= expectb64len; + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + /* return without error, method can be an + * unknown POST */ + return 1; + } + sldns_buffer_skip(h2_stream->qbuffer, (size_t)b64len); + return 1; +} + +/** nghttp2 callback. Used to parse headers from HEADER frames. */ +static int http2_req_header_cb(nghttp2_session* session, + const nghttp2_frame* frame, const uint8_t* name, size_t namelen, + const uint8_t* value, size_t valuelen, uint8_t ATTR_UNUSED(flags), + void* cb_arg) +{ + struct http2_stream* h2_stream = NULL; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + /* nghttp2 deals with CONTINUATION frames and provides them as part of + * the HEADER */ + if(frame->hd.type != NGHTTP2_HEADERS || + frame->headers.cat != NGHTTP2_HCAT_REQUEST) { + /* only interrested in request headers */ + return 0; + } + if(!(h2_stream = nghttp2_session_get_stream_user_data(session, + frame->hd.stream_id))) + return 0; + + /* earlier checks already indicate we can stop handling this query */ + if(h2_stream->http_method == HTTP_METHOD_UNSUPPORTED || + h2_stream->invalid_content_type || + h2_stream->invalid_endpoint) + return 0; + + + /* nghttp2 performs some sanity checks in the headers, including: + * name and value are guaranteed to be null terminated + * name is guaranteed to be lowercase + * content-length value is guaranteed to contain digits + */ + + if(!h2_stream->http_method && namelen == 7 && + memcmp(":method", name, namelen) == 0) { + /* Case insensitive check on :method value to be on the safe + * side. I failed to find text about case sensitivity in specs. + */ + if(valuelen == 3 && strcasecmp("GET", (const char*)value) == 0) + h2_stream->http_method = HTTP_METHOD_GET; + else if(valuelen == 4 && + strcasecmp("POST", (const char*)value) == 0) { + h2_stream->http_method = HTTP_METHOD_POST; + if(h2_stream->qbuffer) { + /* POST method uses query from DATA frames */ + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= + sldns_buffer_capacity(h2_stream->qbuffer); + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + } + } else + h2_stream->http_method = HTTP_METHOD_UNSUPPORTED; + return 0; + } + if(namelen == 5 && memcmp(":path", name, namelen) == 0) { + /* :path may contain DNS query, depending on method. Method might + * not be known yet here, so check after finishing receiving + * stream. */ +#define HTTP_QUERY_PARAM "?dns=" + size_t el = strlen(h2_session->c->http_endpoint); + size_t qpl = strlen(HTTP_QUERY_PARAM); + + if(valuelen < el || memcmp(h2_session->c->http_endpoint, + value, el) != 0) { + h2_stream->invalid_endpoint = 1; + return 0; + } + /* larger than endpoint only allowed if it is for the query + * parameter */ + if(valuelen <= el+qpl || + memcmp(HTTP_QUERY_PARAM, value+el, qpl) != 0) { + if(valuelen != el) + h2_stream->invalid_endpoint = 1; + return 0; + } + + if(!http2_buffer_uri_query(h2_session, h2_stream, + value+(el+qpl), valuelen-(el+qpl))) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return 0; + } + /* Content type is a SHOULD (rfc7231#section-3.1.1.5) when using POST, + * and not needed when using GET. Don't enfore. + * If set only allow lowercase "application/dns-message". + * + * Clients SHOULD (rfc8484#section-4.1) set an accept header, but MUST + * be able to handle "application/dns-message". Since that is the only + * content-type supported we can ignore the accept header. + */ + if((namelen == 12 && memcmp("content-type", name, namelen) == 0)) { + if(valuelen != 23 || memcmp("application/dns-message", value, + valuelen) != 0) { + h2_stream->invalid_content_type = 1; + } + } + + /* Only interested in content-lentg for POST (on not yet known) method. + */ + if((!h2_stream->http_method || + h2_stream->http_method == HTTP_METHOD_POST) && + !h2_stream->content_length && namelen == 14 && + memcmp("content-length", name, namelen) == 0) { + if(valuelen > 5) { + h2_stream->query_too_large = 1; + return 0; + } + /* guaranteed to only contian digits and be null terminated */ + h2_stream->content_length = atoi((const char*)value); + if(h2_stream->content_length > + h2_session->c->http2_stream_max_qbuffer_size) { + h2_stream->query_too_large = 1; + return 0; + } + } + return 0; +} + +/** nghttp2 callback. Used to get data from DATA frames, which can contain + * queries in POST requests. */ +static int http2_req_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session), + uint8_t ATTR_UNUSED(flags), int32_t stream_id, const uint8_t* data, + size_t len, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + size_t qlen = 0; + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + + if(h2_stream->query_too_large) + return 0; + + if(!h2_stream->qbuffer) { + if(h2_stream->content_length) { + if(h2_stream->content_length < len) + /* getting more data in DATA frame than + * advertised in content-length header. */ + return NGHTTP2_ERR_CALLBACK_FAILURE; + qlen = h2_stream->content_length; + } else if(len <= h2_session->c->http2_stream_max_qbuffer_size) { + /* setting this to msg-buffer-size can result in a lot + * of memory consuption. Most queries should fit in a + * single DATA frame, and most POST queries will + * containt content-length which does not impose this + * limit. */ + qlen = len; + } + } + if(!h2_stream->qbuffer && qlen) { + lock_basic_lock(&http2_query_buffer_count_lock); + if(http2_query_buffer_count + qlen > http2_query_buffer_max) { + lock_basic_unlock(&http2_query_buffer_count_lock); + verbose(VERB_ALGO, "reset HTTP2 stream, no space left, " + "in http2-query-buffer-size"); + return http2_submit_rst_stream(h2_session, h2_stream); + } + http2_query_buffer_count += qlen; + lock_basic_unlock(&http2_query_buffer_count_lock); + if(!(h2_stream->qbuffer = sldns_buffer_new(qlen))) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= qlen; + lock_basic_unlock(&http2_query_buffer_count_lock); + } + } + + if(!h2_stream->qbuffer || + sldns_buffer_remaining(h2_stream->qbuffer) < len) { + verbose(VERB_ALGO, "http2 data_chunck_recv failed. Not enough " + "buffer space for POST query. Can happen on multi " + "frame requests without content-length header"); + h2_stream->query_too_large = 1; + return 0; + } + + sldns_buffer_write(h2_stream->qbuffer, data, len); + + return 0; +} + +void http2_req_stream_clear(struct http2_stream* h2_stream) +{ + if(h2_stream->qbuffer) { + lock_basic_lock(&http2_query_buffer_count_lock); + http2_query_buffer_count -= + sldns_buffer_capacity(h2_stream->qbuffer); + lock_basic_unlock(&http2_query_buffer_count_lock); + sldns_buffer_free(h2_stream->qbuffer); + h2_stream->qbuffer = NULL; + } + if(h2_stream->rbuffer) { + lock_basic_lock(&http2_response_buffer_count_lock); + http2_response_buffer_count -= + sldns_buffer_capacity(h2_stream->rbuffer); + lock_basic_unlock(&http2_response_buffer_count_lock); + sldns_buffer_free(h2_stream->rbuffer); + h2_stream->rbuffer = NULL; + } +} + +nghttp2_session_callbacks* http2_req_callbacks_create(void) +{ + nghttp2_session_callbacks *callbacks; + if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { + log_err("failed to initialize nghttp2 callback"); + return NULL; + } + /* reception of header block started, used to create h2_stream */ + nghttp2_session_callbacks_set_on_begin_headers_callback(callbacks, + http2_req_begin_headers_cb); + /* complete frame received, used to get data from stream if frame + * has end stream flag, and start processing query */ + nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks, + http2_req_frame_recv_cb); + /* get request info from headers */ + nghttp2_session_callbacks_set_on_header_callback(callbacks, + http2_req_header_cb); + /* get data from DATA frames, containing POST query */ + nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, + http2_req_data_chunk_recv_cb); + + /* generic HTTP2 callbacks */ + nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); + nghttp2_session_callbacks_set_send_callback(callbacks, http2_send_cb); + nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, + http2_stream_close_cb); + + return callbacks; +} +#endif /* HAVE_NGHTTP2 */ diff --git a/services/listen_dnsport.h b/services/listen_dnsport.h index ddd1b63a4..f438ff458 100644 --- a/services/listen_dnsport.h +++ b/services/listen_dnsport.h @@ -43,6 +43,9 @@ #define LISTEN_DNSPORT_H #include "util/netevent.h" +#ifdef HAVE_NGHTTP2_NGHTTP2_H +#include +#endif struct listen_list; struct config_file; struct addrinfo; @@ -94,8 +97,9 @@ enum listen_type { /** tcp type + dnscrypt */ listen_type_tcp_dnscrypt, /** udp ipv6 (v4mapped) for use with ancillary data + dnscrypt*/ - listen_type_udpancil_dnscrypt - + listen_type_udpancil_dnscrypt, + /** HTTP(2) over TLS over TCP */ + listen_type_http }; /** @@ -117,19 +121,32 @@ struct listen_port { * interfaces for IP4 and/or IP6, for UDP and/or TCP. * On the given port number. It creates the sockets. * @param cfg: settings on what ports to open. + * @param ifs: interfaces to open, array of IP addresses, "ip[@port]". + * @param num_ifs: length of ifs. * @param reuseport: set to true if you want reuseport, or NULL to not have it, * set to false on exit if reuseport failed to apply (because of no * kernel support). * @return: linked list of ports or NULL on error. */ struct listen_port* listening_ports_open(struct config_file* cfg, - int* reuseport); + char** ifs, int num_ifs, int* reuseport); /** * Close and delete the (list of) listening ports. */ void listening_ports_free(struct listen_port* list); +/** + * Resolve interface names in config and store result IP addresses + * @param cfg: config + * @param resif: string array (malloced array of malloced strings) with + * result. NULL if cfg has none. + * @param num_resif: length of resif. Zero if cfg has zero num_ifs. + * @return 0 on failure. + */ +int resolve_interface_names(struct config_file* cfg, char*** resif, + int* num_resif); + /** * Create commpoints with for this thread for the shared ports. * @param base: the comm_base that provides event functionality. @@ -139,6 +156,10 @@ void listening_ports_free(struct listen_port* list); * @param tcp_accept_count: max number of simultaneous TCP connections * from clients. * @param tcp_idle_timeout: idle timeout for TCP connections in msec. + * @param harden_large_queries: whether query size should be limited. + * @param http_max_streams: maximum number of HTTP/2 streams per connection. + * @param http_endpoint: HTTP endpoint to service queries on + * @param http_notls: no TLS for http downstream * @param tcp_conn_limit: TCP connection limit info. * @param sslctx: nonNULL if ssl context. * @param dtenv: nonNULL if dnstap enabled. @@ -147,11 +168,13 @@ void listening_ports_free(struct listen_port* list); * @param cb_arg: user data argument for callback function. * @return: the malloced listening structure, ready for use. NULL on error. */ -struct listen_dnsport* listen_create(struct comm_base* base, - struct listen_port* ports, size_t bufsize, - int tcp_accept_count, int tcp_idle_timeout, - struct tcl_list* tcp_conn_limit, void* sslctx, - struct dt_env *dtenv, comm_point_callback_type* cb, void* cb_arg); +struct listen_dnsport* +listen_create(struct comm_base* base, struct listen_port* ports, + size_t bufsize, int tcp_accept_count, int tcp_idle_timeout, + int harden_large_queries, uint32_t http_max_streams, + char* http_endpoint, int http_notls, struct tcl_list* tcp_conn_limit, + void* sslctx, struct dt_env* dtenv, comm_point_callback_type* cb, + void *cb_arg); /** * delete the listening structure @@ -221,13 +244,15 @@ int create_udp_sock(int family, int socktype, struct sockaddr* addr, * listening UDP port. Set to false on return if it failed to do so. * @param transparent: set IP_TRANSPARENT socket option. * @param mss: maximum segment size of the socket. if zero, leaves the default. + * @param nodelay: if true set TCP_NODELAY and TCP_QUICKACK socket options. * @param freebind: set IP_FREEBIND socket option. * @param use_systemd: if true, fetch sockets from systemd. * @param dscp: DSCP to use. * @return: the socket. -1 on error. */ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, - int* reuseport, int transparent, int mss, int freebind, int use_systemd, int dscp); + int* reuseport, int transparent, int mss, int nodelay, int freebind, + int use_systemd, int dscp); /** * Create and bind local listening socket @@ -369,7 +394,34 @@ int tcp_req_info_handle_read_close(struct tcp_req_info* req); /** get the size of currently used tcp stream wait buffers (in bytes) */ size_t tcp_req_info_get_stream_buffer_size(void); +/** get the size of currently used HTTP2 query buffers (in bytes) */ +size_t http2_get_query_buffer_size(void); +/** get the size of currently used HTTP2 response buffers (in bytes) */ +size_t http2_get_response_buffer_size(void); + +#ifdef HAVE_NGHTTP2 +/** + * Create nghttp2 callbacks to handle HTTP2 requests. + * @return malloc'ed struct, NULL on failure + */ +nghttp2_session_callbacks* http2_req_callbacks_create(void); + +/** Free http2 stream buffers and decrease buffer counters */ +void http2_req_stream_clear(struct http2_stream* h2_stream); + +/** + * DNS response ready to be submitted to nghttp2, to be prepared for sending + * out. Response is stored in c->buffer. Copy to rbuffer because the c->buffer + * might be used before this will be send out. + * @param h2_session: http2 session, containing c->buffer which contains answer + * @param h2_stream: http2 stream, containing buffer to store answer in + * @return 0 on error, 1 otherwise + */ +int http2_submit_dns_response(struct http2_session* h2_session); +#else +int http2_submit_dns_response(void* v); +#endif /* HAVE_NGHTTP2 */ + char* set_ip_dscp(int socket, int addrfamily, int ds); -char* sock_strerror(int errn); #endif /* LISTEN_DNSPORT_H */ diff --git a/services/localzone.c b/services/localzone.c index 6aaf0c055..fd2ff2bb6 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -157,7 +157,7 @@ local_zone_create(uint8_t* nm, size_t len, int labs, z->namelen = len; z->namelabs = labs; lock_rw_init(&z->lock); - z->region = regional_create_custom(sizeof(struct regional)); + z->region = regional_create_nochunk(sizeof(struct regional)); if(!z->region) { free(z); return NULL; @@ -463,6 +463,48 @@ lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen, return 1; } +/* Mark the SOA record for the zone. This only marks the SOA rrset; the data + * for the RR is entered later on local_zone_enter_rr() as with the other + * records. An artifical soa_negative record with a modified TTL (minimum of + * the TTL and the SOA.MINIMUM) is also created and marked for usage with + * negative answers and to avoid allocations during those answers. */ +static int +lz_mark_soa_for_zone(struct local_zone* z, struct ub_packed_rrset_key* soa_rrset, + uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) +{ + struct packed_rrset_data* pd = (struct packed_rrset_data*) + regional_alloc_zero(z->region, sizeof(*pd)); + struct ub_packed_rrset_key* rrset_negative = (struct ub_packed_rrset_key*) + regional_alloc_zero(z->region, sizeof(*rrset_negative)); + time_t minimum; + if(!rrset_negative||!pd) { + log_err("out of memory"); + return 0; + } + /* Mark the original SOA record and then continue with the negative one. */ + z->soa = soa_rrset; + rrset_negative->entry.key = rrset_negative; + pd->trust = rrset_trust_prim_noglue; + pd->security = sec_status_insecure; + rrset_negative->entry.data = pd; + rrset_negative->rk.dname = soa_rrset->rk.dname; + rrset_negative->rk.dname_len = soa_rrset->rk.dname_len; + rrset_negative->rk.type = soa_rrset->rk.type; + rrset_negative->rk.rrset_class = soa_rrset->rk.rrset_class; + if(!rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr)) + return 0; + /* last 4 bytes are minimum ttl in network format */ + if(pd->count == 0 || pd->rr_len[0] < 2+4) + return 0; + minimum = (time_t)sldns_read_uint32(pd->rr_data[0]+(pd->rr_len[0]-4)); + minimum = ttlttl = minimum; + pd->rr_ttl[0] = minimum; + + z->soa_negative = rrset_negative; + return 1; +} + int local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs, uint16_t rrtype, uint16_t rrclass, time_t ttl, @@ -502,8 +544,10 @@ local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, if(query_dname_compare(node->name, z->name) == 0) { if(rrtype == LDNS_RR_TYPE_NSEC) rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX; - if(rrtype == LDNS_RR_TYPE_SOA) - z->soa = rrset->rrset; + if(rrtype == LDNS_RR_TYPE_SOA && + !lz_mark_soa_for_zone(z, rrset->rrset, rdata, rdata_len, ttl, + rrstr)) + return 0; } } pd = (struct packed_rrset_data*)rrset->rrset->entry.data; @@ -1215,7 +1259,7 @@ local_encode(struct query_info* qinfo, struct module_env* env, edns->ext_rcode = 0; edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, - repinfo, temp) || !reply_info_answer_encode(qinfo, &rep, + repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) { error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, @@ -1237,7 +1281,7 @@ local_error_encode(struct query_info* qinfo, struct module_env* env, edns->bits &= EDNS_DO; if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, - rcode, edns, repinfo, temp)) + rcode, edns, repinfo, temp, env->now_tv)) edns->opt_list = NULL; error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), edns); @@ -1548,9 +1592,9 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, lz_type == local_zone_inform_redirect || lz_type == local_zone_always_nodata)? LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; - if(z->soa) + if(z->soa && z->soa_negative) return local_encode(qinfo, env, edns, repinfo, buf, temp, - z->soa, 0, rcode); + z->soa_negative, 0, rcode); local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode, (rcode|BIT_AA)); return 1; @@ -1558,6 +1602,46 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, || lz_type == local_zone_always_transparent) { /* no NODATA or NXDOMAINS for this zone type */ return 0; + } else if(lz_type == local_zone_always_null) { + /* 0.0.0.0 or ::0 or noerror/nodata for this zone type, + * used for blocklists. */ + if(qinfo->qtype == LDNS_RR_TYPE_A || + qinfo->qtype == LDNS_RR_TYPE_AAAA) { + struct ub_packed_rrset_key lrr; + struct packed_rrset_data d; + time_t rr_ttl = 3600; + size_t rr_len = 0; + uint8_t rr_data[2+16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + uint8_t* rr_datas = rr_data; + memset(&lrr, 0, sizeof(lrr)); + memset(&d, 0, sizeof(d)); + lrr.entry.data = &d; + lrr.rk.dname = qinfo->qname; + lrr.rk.dname_len = qinfo->qname_len; + lrr.rk.type = htons(qinfo->qtype); + lrr.rk.rrset_class = htons(qinfo->qclass); + if(qinfo->qtype == LDNS_RR_TYPE_A) { + rr_len = 4; + sldns_write_uint16(rr_data, rr_len); + rr_len += 2; + } else { + rr_len = 16; + sldns_write_uint16(rr_data, rr_len); + rr_len += 2; + } + d.ttl = rr_ttl; + d.count = 1; + d.rr_len = &rr_len; + d.rr_data = &rr_datas; + d.rr_ttl = &rr_ttl; + return local_encode(qinfo, env, edns, repinfo, buf, temp, + &lrr, 1, LDNS_RCODE_NOERROR); + } else { + local_error_encode(qinfo, env, edns, repinfo, buf, + temp, LDNS_RCODE_NOERROR, + (LDNS_RCODE_NOERROR|BIT_AA)); + } + return 1; } /* else lz_type == local_zone_transparent */ @@ -1565,9 +1649,9 @@ local_zones_zone_answer(struct local_zone* z, struct module_env* env, * does not, then we should make this noerror/nodata */ if(ld && ld->rrsets) { int rcode = LDNS_RCODE_NOERROR; - if(z->soa) + if(z->soa && z->soa_negative) return local_encode(qinfo, env, edns, repinfo, buf, temp, - z->soa, 0, rcode); + z->soa_negative, 0, rcode); local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode, (rcode|BIT_AA)); return 1; @@ -1762,6 +1846,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_always_nxdomain: return "always_nxdomain"; case local_zone_always_nodata: return "always_nodata"; case local_zone_always_deny: return "always_deny"; + case local_zone_always_null: return "always_null"; case local_zone_noview: return "noview"; case local_zone_invalid: return "invalid"; } @@ -1798,6 +1883,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_always_nodata; else if(strcmp(type, "always_deny") == 0) *t = local_zone_always_deny; + else if(strcmp(type, "always_null") == 0) + *t = local_zone_always_null; else if(strcmp(type, "noview") == 0) *t = local_zone_noview; else if(strcmp(type, "nodefault") == 0) @@ -2000,8 +2087,10 @@ void local_zones_del_data(struct local_zones* zones, /* no memory recycling for zone deletions ... */ d->rrsets = NULL; /* did we delete the soa record ? */ - if(query_dname_compare(d->name, z->name) == 0) + if(query_dname_compare(d->name, z->name) == 0) { z->soa = NULL; + z->soa_negative = NULL; + } /* cleanup the empty nonterminals for this name */ del_empty_term(z, d, name, len, labs); diff --git a/services/localzone.h b/services/localzone.h index bb3593936..3da5c8754 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -96,6 +96,9 @@ enum localzone_type { local_zone_always_nodata, /** drop query, even when there is local data */ local_zone_always_deny, + /** answer with 0.0.0.0 or ::0 or noerror/nodata, even when there is + * local data */ + local_zone_always_null, /** answer not from the view, but global or no-answer */ local_zone_noview, /** Invalid type, cannot be used to generate answer */ @@ -155,6 +158,10 @@ struct local_zone { rbtree_type data; /** if data contains zone apex SOA data, this is a ptr to it. */ struct ub_packed_rrset_key* soa; + /** if data contains zone apex SOA data, this is a prt to an + * artificial negative SOA rrset (TTL is the minimum of the TTL and the + * SOA.MINIMUM). */ + struct ub_packed_rrset_key* soa_negative; }; /** diff --git a/services/mesh.c b/services/mesh.c index 4b0c5db41..69f4d75e3 100644 --- a/services/mesh.c +++ b/services/mesh.c @@ -498,7 +498,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, if(!s) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, NULL, - LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch)) + LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); @@ -514,7 +514,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, if(!s->s.edns_opts_front_in) { log_err("mesh_state_create: out of memory; SERVFAIL"); if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, NULL, - NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch)) + NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); @@ -551,6 +551,9 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, goto servfail_mem; } } + if(rep->c->use_h2) { + http2_stream_add_meshstate(rep->c->h2_stream, mesh, s); + } /* add serve expired timer if required and not already there */ if(timeout && !mesh_serve_expired_init(s, timeout)) { log_err("mesh_new_client: out of memory initializing serve expired"); @@ -584,7 +587,7 @@ void mesh_new_client(struct mesh_area* mesh, struct query_info* qinfo, servfail_mem: if(!inplace_cb_reply_servfail_call(mesh->env, qinfo, &s->s, - NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch)) + NULL, LDNS_RCODE_SERVFAIL, edns, rep, mesh->env->scratch, mesh->env->now_tv)) edns->opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, qinfo, qid, qflags, edns); @@ -1109,10 +1112,12 @@ int mesh_state_attachment(struct mesh_state* super, struct mesh_state* sub) * @param rcode: if not 0, error code. * @param rep: reply to send (or NULL if rcode is set). * @param r: callback entry + * @param start_time: the time to pass to callback functions, it is 0 or + * a value from one of the packets if the mesh state had packets. */ static void mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, - struct mesh_cb* r) + struct mesh_cb* r, struct timeval* start_time) { int secure; char* reason = NULL; @@ -1133,11 +1138,11 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, if(rcode) { if(rcode == LDNS_RCODE_SERVFAIL) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, rcode, &r->edns, NULL, m->s.region)) + rep, rcode, &r->edns, NULL, m->s.region, start_time)) r->edns.opt_list = NULL; } else { if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, - &r->edns, NULL, m->s.region)) + &r->edns, NULL, m->s.region, start_time)) r->edns.opt_list = NULL; } fptr_ok(fptr_whitelist_mesh_cb(r->cb)); @@ -1152,7 +1157,7 @@ mesh_do_callback(struct mesh_state* m, int rcode, struct reply_info* rep, r->edns.bits &= EDNS_DO; if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, - LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) || + LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region, start_time) || !reply_info_answer_encode(&m->s.qinfo, rep, r->qid, r->qflags, r->buf, 0, 1, m->s.env->scratch, udp_size, &r->edns, @@ -1193,6 +1198,12 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, /* Copy the client's EDNS for later restore, to make sure the edns * compare is with the correct edns options. */ struct edns_data edns_bak = r->edns; + /* briefly set the replylist to null in case the + * meshsendreply calls tcpreqinfo sendreply that + * comm_point_drops because of size, and then the + * null stops the mesh state remove and thus + * reply_list modification and accounting */ + struct mesh_reply* rlist = m->reply_list; /* examine security status */ if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) || m->s.env->cfg->ignore_cd) && rep && @@ -1207,16 +1218,29 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; + if(r->query_reply.c->use_h2) { + r->query_reply.c->h2_stream = r->h2_stream; + /* Mesh reply won't exist for long anymore. Make it impossible + * for HTTP/2 stream to refer to mesh state, in case + * connection gets cleanup before HTTP/2 stream close. */ + r->h2_stream->mesh_state = NULL; + } /* send the reply */ - /* We don't reuse the encoded answer if either the previous or current - * response has a local alias. We could compare the alias records - * and still reuse the previous answer if they are the same, but that - * would be complicated and error prone for the relatively minor case. - * So we err on the side of safety. */ - if(prev && prev_buffer && prev->qflags == r->qflags && + /* We don't reuse the encoded answer if: + * - either the previous or current response has a local alias. We could + * compare the alias records and still reuse the previous answer if they + * are the same, but that would be complicated and error prone for the + * relatively minor case. So we err on the side of safety. + * - there are registered callback functions for the given rcode, as these + * need to be called for each reply. */ + if(((rcode != LDNS_RCODE_SERVFAIL && + !m->s.env->inplace_cb_lists[inplace_cb_reply]) || + (rcode == LDNS_RCODE_SERVFAIL && + !m->s.env->inplace_cb_lists[inplace_cb_reply_servfail])) && + prev && prev_buffer && prev->qflags == r->qflags && !prev->local_alias && !r->local_alias && - prev->edns.edns_present == r->edns.edns_present && - prev->edns.bits == r->edns.bits && + prev->edns.edns_present == r->edns.edns_present && + prev->edns.bits == r->edns.bits && prev->edns.udp_size == r->edns.udp_size && edns_opt_list_compare(prev->edns.opt_list, r->edns.opt_list) == 0) { @@ -1226,22 +1250,26 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, sldns_buffer_write_at(r_buffer, 0, &r->qid, sizeof(uint16_t)); sldns_buffer_write_at(r_buffer, 12, r->qname, m->s.qinfo.qname_len); + m->reply_list = NULL; comm_point_send_reply(&r->query_reply); + m->reply_list = rlist; } else if(rcode) { m->s.qinfo.qname = r->qname; m->s.qinfo.local_alias = r->local_alias; if(rcode == LDNS_RCODE_SERVFAIL) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, rcode, &r->edns, NULL, m->s.region)) + rep, rcode, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list = NULL; } else { if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, rcode, - &r->edns, NULL, m->s.region)) + &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list = NULL; } error_encode(r_buffer, rcode, &m->s.qinfo, r->qid, r->qflags, &r->edns); + m->reply_list = NULL; comm_point_send_reply(&r->query_reply); + m->reply_list = rlist; } else { size_t udp_size = r->edns.udp_size; r->edns.edns_version = EDNS_ADVERTISED_VERSION; @@ -1251,7 +1279,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, m->s.qinfo.qname = r->qname; m->s.qinfo.local_alias = r->local_alias; if(!inplace_cb_reply_call(m->s.env, &m->s.qinfo, &m->s, rep, - LDNS_RCODE_NOERROR, &r->edns, NULL, m->s.region) || + LDNS_RCODE_NOERROR, &r->edns, &r->query_reply, m->s.region, &r->start_time) || !apply_edns_options(&r->edns, &edns_bak, m->s.env->cfg, r->query_reply.c, m->s.region) || @@ -1261,13 +1289,15 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep, secure)) { if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s, - rep, LDNS_RCODE_SERVFAIL, &r->edns, NULL, m->s.region)) + rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time)) r->edns.opt_list = NULL; error_encode(r_buffer, LDNS_RCODE_SERVFAIL, &m->s.qinfo, r->qid, r->qflags, &r->edns); } r->edns = edns_bak; + m->reply_list = NULL; comm_point_send_reply(&r->query_reply); + m->reply_list = rlist; } /* account */ log_assert(m->s.env->mesh->num_reply_addrs > 0); @@ -1302,6 +1332,7 @@ void mesh_query_done(struct mesh_state* mstate) struct mesh_cb* c; struct reply_info* rep = (mstate->s.return_msg? mstate->s.return_msg->rep:NULL); + struct timeval tv = {0, 0}; /* No need for the serve expired timer anymore; we are going to reply. */ if(mstate->s.serve_expired_data) { comm_timer_delete(mstate->s.serve_expired_data->timer); @@ -1321,6 +1352,8 @@ void mesh_query_done(struct mesh_state* mstate) } } for(r = mstate->reply_list; r; r = r->next) { + tv = r->start_time; + /* if a response-ip address block has been stored the * information should be logged for each client. */ if(mstate->s.respip_action_info && @@ -1355,20 +1388,12 @@ void mesh_query_done(struct mesh_state* mstate) mstate->reply_list = reply_list; } else { struct sldns_buffer* r_buffer = r->query_reply.c->buffer; - struct mesh_reply* rlist = mstate->reply_list; if(r->query_reply.c->tcp_req_info) { r_buffer = r->query_reply.c->tcp_req_info->spool_buffer; prev_buffer = NULL; } - /* briefly set the replylist to null in case the - * meshsendreply calls tcpreqinfo sendreply that - * comm_point_drops because of size, and then the - * null stops the mesh state remove and thus - * reply_list modification and accounting */ - mstate->reply_list = NULL; mesh_send_reply(mstate, mstate->s.return_rcode, rep, r, r_buffer, prev, prev_buffer); - mstate->reply_list = rlist; if(r->query_reply.c->tcp_req_info) { tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); r_buffer = NULL; @@ -1401,7 +1426,7 @@ void mesh_query_done(struct mesh_state* mstate) if(!mstate->reply_list && !mstate->cb_list && mstate->super_set.count == 0) mstate->s.env->mesh->num_detached_states++; - mesh_do_callback(mstate, mstate->s.return_rcode, rep, c); + mesh_do_callback(mstate, mstate->s.return_rcode, rep, c, &tv); } } @@ -1495,6 +1520,8 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, s->s.qinfo.qname_len); if(!r->qname) return 0; + if(rep->c->use_h2) + r->h2_stream = rep->c->h2_stream; /* Data related to local alias stored in 'qinfo' (if any) is ephemeral * and can be different for different original queries (even if the @@ -1882,7 +1909,7 @@ mesh_serve_expired_callback(void* arg) { struct mesh_state* mstate = (struct mesh_state*) arg; struct module_qstate* qstate = &mstate->s; - struct mesh_reply* r, *rlist; + struct mesh_reply* r; struct mesh_area* mesh = qstate->env->mesh; struct dns_msg* msg; struct mesh_cb* c; @@ -1895,6 +1922,7 @@ mesh_serve_expired_callback(void* arg) struct respip_action_info actinfo; struct query_info* lookup_qinfo = &qstate->qinfo; struct query_info qinfo_tmp; + struct timeval tv = {0, 0}; int must_validate = (!(qstate->query_flags&BIT_CD) || qstate->env->cfg->ignore_cd) && qstate->env->need_to_validate; if(!qstate->serve_expired_data) return; @@ -1966,6 +1994,8 @@ mesh_serve_expired_callback(void* arg) log_dns_msg("Serve expired lookup", &qstate->qinfo, msg->rep); for(r = mstate->reply_list; r; r = r->next) { + tv = r->start_time; + /* If address info is returned, it means the action should be an * 'inform' variant and the information should be logged. */ if(actinfo.addrinfo) { @@ -1987,15 +2017,8 @@ mesh_serve_expired_callback(void* arg) r_buffer = r->query_reply.c->buffer; if(r->query_reply.c->tcp_req_info) r_buffer = r->query_reply.c->tcp_req_info->spool_buffer; - /* briefly set the replylist to null in case the meshsendreply - * calls tcpreqinfo sendreply that comm_point_drops because - * of size, and then the null stops the mesh state remove and - * thus reply_list modification and accounting */ - rlist = mstate->reply_list; - mstate->reply_list = NULL; mesh_send_reply(mstate, LDNS_RCODE_NOERROR, msg->rep, r, r_buffer, prev, prev_buffer); - mstate->reply_list = rlist; if(r->query_reply.c->tcp_req_info) tcp_req_info_remove_mesh_state(r->query_reply.c->tcp_req_info, mstate); prev = r; @@ -2027,6 +2050,6 @@ mesh_serve_expired_callback(void* arg) if(!mstate->reply_list && !mstate->cb_list && mstate->super_set.count == 0) qstate->env->mesh->num_detached_states++; - mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c); + mesh_do_callback(mstate, LDNS_RCODE_NOERROR, msg->rep, c, &tv); } } diff --git a/services/mesh.h b/services/mesh.h index df2972ac3..d0a4b5fb3 100644 --- a/services/mesh.h +++ b/services/mesh.h @@ -230,6 +230,8 @@ struct mesh_reply { uint8_t* qname; /** same as that in query_info. */ struct local_rrset* local_alias; + /** send query to this http2 stream, if set */ + struct http2_stream* h2_stream; }; /** diff --git a/services/outside_network.c b/services/outside_network.c index 44e01d745..d8f9874e6 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -58,6 +58,7 @@ #include "util/net_help.h" #include "util/random.h" #include "util/fptr_wlist.h" +#include "util/edns.h" #include "sldns/sbuffer.h" #include "dnstap/dnstap.h" #ifdef HAVE_OPENSSL_SSL_H @@ -131,6 +132,52 @@ serviced_cmp(const void* key1, const void* key2) return sockaddr_cmp(&q1->addr, q1->addrlen, &q2->addr, q2->addrlen); } +/** compare if the reuse element has the same address, port and same ssl-is + * used-for-it characteristic */ +static int +reuse_cmp_addrportssl(const void* key1, const void* key2) +{ + struct reuse_tcp* r1 = (struct reuse_tcp*)key1; + struct reuse_tcp* r2 = (struct reuse_tcp*)key2; + int r; + /* compare address and port */ + r = sockaddr_cmp(&r1->addr, r1->addrlen, &r2->addr, r2->addrlen); + if(r != 0) + return r; + + /* compare if SSL-enabled */ + if(r1->is_ssl && !r2->is_ssl) + return 1; + if(!r1->is_ssl && r2->is_ssl) + return -1; + return 0; +} + +int +reuse_cmp(const void* key1, const void* key2) +{ + int r; + r = reuse_cmp_addrportssl(key1, key2); + if(r != 0) + return r; + + /* compare ptr value */ + if(key1 < key2) return -1; + if(key1 > key2) return 1; + return 0; +} + +int reuse_id_cmp(const void* key1, const void* key2) +{ + struct waiting_tcp* w1 = (struct waiting_tcp*)key1; + struct waiting_tcp* w2 = (struct waiting_tcp*)key2; + if(w1->id < w2->id) + return -1; + if(w1->id > w2->id) + return 1; + return 0; +} + /** delete waiting_tcp entry. Does not unlink from waiting list. * @param w: to delete. */ @@ -165,11 +212,7 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) if(num == 0) { log_err("no TCP outgoing interfaces of family"); log_addr(VERB_OPS, "for addr", &w->addr, w->addrlen); -#ifndef USE_WINSOCK - close(s); -#else - closesocket(s); -#endif + sock_close(s); return 0; } #ifdef INET6 @@ -188,14 +231,8 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0; else ((struct sockaddr_in*)&pi->addr)->sin_port = 0; if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) { -#ifndef USE_WINSOCK - log_err("outgoing tcp: bind: %s", strerror(errno)); - close(s); -#else - log_err("outgoing tcp: bind: %s", - wsa_strerror(WSAGetLastError())); - closesocket(s); -#endif + log_err("outgoing tcp: bind: %s", sock_strerror(errno)); + sock_close(s); return 0; } log_addr(VERB_ALGO, "tcp bound to src", &pi->addr, pi->addrlen); @@ -225,13 +262,8 @@ outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, s = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); } if(s == -1) { -#ifndef USE_WINSOCK - log_err_addr("outgoing tcp: socket", strerror(errno), + log_err_addr("outgoing tcp: socket", sock_strerror(errno), addr, addrlen); -#else - log_err_addr("outgoing tcp: socket", - wsa_strerror(WSAGetLastError()), addr, addrlen); -#endif return -1; } @@ -294,15 +326,234 @@ outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen) return 1; } +/** log reuse item addr and ptr with message */ +static void +log_reuse_tcp(enum verbosity_value v, const char* msg, struct reuse_tcp* reuse) +{ + uint16_t port; + char addrbuf[128]; + if(verbosity < v) return; + addr_to_str(&reuse->addr, reuse->addrlen, addrbuf, sizeof(addrbuf)); + port = ntohs(((struct sockaddr_in*)&reuse->addr)->sin_port); + verbose(v, "%s %s#%u fd %d", msg, addrbuf, (unsigned)port, + reuse->pending->c->fd); +} + +/** pop the first element from the writewait list */ +static struct waiting_tcp* reuse_write_wait_pop(struct reuse_tcp* reuse) +{ + struct waiting_tcp* w = reuse->write_wait_first; + if(!w) + return NULL; + log_assert(w->write_wait_queued); + log_assert(!w->write_wait_prev); + reuse->write_wait_first = w->write_wait_next; + if(w->write_wait_next) + w->write_wait_next->write_wait_prev = NULL; + else reuse->write_wait_last = NULL; + w->write_wait_queued = 0; + return w; +} + +/** remove the element from the writewait list */ +static void reuse_write_wait_remove(struct reuse_tcp* reuse, + struct waiting_tcp* w) +{ + if(!w) + return; + if(!w->write_wait_queued) + return; + if(w->write_wait_prev) + w->write_wait_prev->write_wait_next = w->write_wait_next; + else reuse->write_wait_first = w->write_wait_next; + if(w->write_wait_next) + w->write_wait_next->write_wait_prev = w->write_wait_prev; + else reuse->write_wait_last = w->write_wait_prev; + w->write_wait_queued = 0; +} + +/** push the element after the last on the writewait list */ +static void reuse_write_wait_push_back(struct reuse_tcp* reuse, + struct waiting_tcp* w) +{ + if(!w) return; + log_assert(!w->write_wait_queued); + if(reuse->write_wait_last) { + reuse->write_wait_last->write_wait_next = w; + w->write_wait_prev = reuse->write_wait_last; + } else { + reuse->write_wait_first = w; + } + reuse->write_wait_last = w; + w->write_wait_queued = 1; +} + +/** insert element in tree by id */ +void +reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w) +{ + log_assert(w->id_node.key == NULL); + w->id_node.key = w; + rbtree_insert(&reuse->tree_by_id, &w->id_node); +} + +/** find element in tree by id */ +struct waiting_tcp* +reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id) +{ + struct waiting_tcp key_w; + rbnode_type* n; + memset(&key_w, 0, sizeof(key_w)); + key_w.id_node.key = &key_w; + key_w.id = id; + n = rbtree_search(&reuse->tree_by_id, &key_w); + if(!n) return NULL; + return (struct waiting_tcp*)n->key; +} + +/** return ID value of rbnode in tree_by_id */ +static uint16_t +tree_by_id_get_id(rbnode_type* node) +{ + struct waiting_tcp* w = (struct waiting_tcp*)node->key; + return w->id; +} + +/** insert into reuse tcp tree and LRU, false on failure (duplicate) */ +static int +reuse_tcp_insert(struct outside_network* outnet, struct pending_tcp* pend_tcp) +{ + log_reuse_tcp(VERB_CLIENT, "reuse_tcp_insert", &pend_tcp->reuse); + if(pend_tcp->reuse.item_on_lru_list) + return 1; + pend_tcp->reuse.node.key = &pend_tcp->reuse; + pend_tcp->reuse.pending = pend_tcp; + if(!rbtree_insert(&outnet->tcp_reuse, &pend_tcp->reuse.node)) { + /* this is a duplicate connection, close this one */ + verbose(VERB_CLIENT, "reuse_tcp_insert: duplicate connection"); + pend_tcp->reuse.node.key = NULL; + return 0; + } + /* insert into LRU, first is newest */ + pend_tcp->reuse.lru_prev = NULL; + if(outnet->tcp_reuse_first) { + pend_tcp->reuse.lru_next = outnet->tcp_reuse_first; + outnet->tcp_reuse_first->lru_prev = &pend_tcp->reuse; + } else { + pend_tcp->reuse.lru_next = NULL; + outnet->tcp_reuse_last = &pend_tcp->reuse; + } + outnet->tcp_reuse_first = &pend_tcp->reuse; + pend_tcp->reuse.item_on_lru_list = 1; + return 1; +} + +/** find reuse tcp stream to destination for query, or NULL if none */ +static struct reuse_tcp* +reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr, + socklen_t addrlen, int use_ssl) +{ + struct waiting_tcp key_w; + struct pending_tcp key_p; + struct comm_point c; + rbnode_type* result = NULL, *prev; + verbose(VERB_CLIENT, "reuse_tcp_find"); + memset(&key_w, 0, sizeof(key_w)); + memset(&key_p, 0, sizeof(key_p)); + memset(&c, 0, sizeof(c)); + key_p.query = &key_w; + key_p.c = &c; + key_p.reuse.pending = &key_p; + key_p.reuse.node.key = &key_p.reuse; + if(use_ssl) + key_p.reuse.is_ssl = 1; + if(addrlen > (socklen_t)sizeof(key_p.reuse.addr)) + return NULL; + memmove(&key_p.reuse.addr, addr, addrlen); + key_p.reuse.addrlen = addrlen; + + verbose(VERB_CLIENT, "reuse_tcp_find: num reuse streams %u", + (unsigned)outnet->tcp_reuse.count); + if(outnet->tcp_reuse.root == NULL || + outnet->tcp_reuse.root == RBTREE_NULL) + return NULL; + if(rbtree_find_less_equal(&outnet->tcp_reuse, &key_p.reuse.node, + &result)) { + /* exact match */ + /* but the key is on stack, and ptr is compared, impossible */ + log_assert(&key_p.reuse != (struct reuse_tcp*)result); + log_assert(&key_p != ((struct reuse_tcp*)result)->pending); + } + /* not found, return null */ + if(!result || result == RBTREE_NULL) + return NULL; + verbose(VERB_CLIENT, "reuse_tcp_find check inexact match"); + /* inexact match, find one of possibly several connections to the + * same destination address, with the correct port, ssl, and + * also less than max number of open queries, or else, fail to open + * a new one */ + /* rewind to start of sequence of same address,port,ssl */ + prev = rbtree_previous(result); + while(prev && prev != RBTREE_NULL && + reuse_cmp_addrportssl(prev->key, &key_p.reuse) == 0) { + result = prev; + prev = rbtree_previous(result); + } + + /* loop to find first one that has correct characteristics */ + while(result && result != RBTREE_NULL && + reuse_cmp_addrportssl(result->key, &key_p.reuse) == 0) { + if(((struct reuse_tcp*)result)->tree_by_id.count < + MAX_REUSE_TCP_QUERIES) { + /* same address, port, ssl-yes-or-no, and has + * space for another query */ + return (struct reuse_tcp*)result; + } + result = rbtree_next(result); + } + return NULL; +} + +/** use the buffer to setup writing the query */ +static void +outnet_tcp_take_query_setup(int s, struct pending_tcp* pend, + struct waiting_tcp* w) +{ + struct timeval tv; + verbose(VERB_CLIENT, "outnet_tcp_take_query_setup: setup packet to write " + "len %d timeout %d msec", + (int)w->pkt_len, w->timeout); + pend->c->tcp_write_pkt = w->pkt; + pend->c->tcp_write_pkt_len = w->pkt_len; + pend->c->tcp_write_and_read = 1; + pend->c->tcp_write_byte_count = 0; + pend->c->tcp_is_reading = 0; + comm_point_start_listening(pend->c, s, -1); + /* set timer on the waiting_tcp entry, this is the write timeout + * for the written packet. The timer on pend->c is the timer + * for when there is no written packet and we have readtimeouts */ +#ifndef S_SPLINT_S + tv.tv_sec = w->timeout/1000; + tv.tv_usec = (w->timeout%1000)*1000; +#endif + /* if the waiting_tcp was previously waiting for a buffer in the + * outside_network.tcpwaitlist, then the timer is reset now that + * we start writing it */ + comm_timer_set(w->timer, &tv); +} + /** use next free buffer to service a tcp query */ static int -outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) +outnet_tcp_take_into_use(struct waiting_tcp* w) { struct pending_tcp* pend = w->outnet->tcp_free; int s; log_assert(pend); - log_assert(pkt); + log_assert(w->pkt); + log_assert(w->pkt_len > 0); log_assert(w->addrlen > 0); + pend->c->tcp_do_toggle_rw = 0; + pend->c->tcp_do_close = 0; /* open socket */ s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp); @@ -397,24 +648,65 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) return 0; } } - w->pkt = NULL; w->next_waiting = (void*)pend; - pend->id = LDNS_ID_WIRE(pkt); w->outnet->num_tcp_outgoing++; w->outnet->tcp_free = pend->next_free; pend->next_free = NULL; pend->query = w; + pend->reuse.outnet = w->outnet; pend->c->repinfo.addrlen = w->addrlen; + pend->c->tcp_more_read_again = &pend->reuse.cp_more_read_again; + pend->c->tcp_more_write_again = &pend->reuse.cp_more_write_again; + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; memcpy(&pend->c->repinfo.addr, &w->addr, w->addrlen); - sldns_buffer_clear(pend->c->buffer); - sldns_buffer_write(pend->c->buffer, pkt, pkt_len); - sldns_buffer_flip(pend->c->buffer); - pend->c->tcp_is_reading = 0; - pend->c->tcp_byte_count = 0; - comm_point_start_listening(pend->c, s, -1); + pend->reuse.pending = pend; + if(pend->c->ssl) + pend->reuse.is_ssl = 1; + else pend->reuse.is_ssl = 0; + /* insert in reuse by address tree if not already inserted there */ + (void)reuse_tcp_insert(w->outnet, pend); + reuse_tree_by_id_insert(&pend->reuse, w); + outnet_tcp_take_query_setup(s, pend, w); return 1; } +/** Touch the lru of a reuse_tcp element, it is in use. + * This moves it to the front of the list, where it is not likely to + * be closed. Items at the back of the list are closed to make space. */ +static void +reuse_tcp_lru_touch(struct outside_network* outnet, struct reuse_tcp* reuse) +{ + if(!reuse->item_on_lru_list) + return; /* not on the list, no lru to modify */ + if(!reuse->lru_prev) + return; /* already first in the list */ + /* remove at current position */ + /* since it is not first, there is a previous element */ + reuse->lru_prev->lru_next = reuse->lru_next; + if(reuse->lru_next) + reuse->lru_next->lru_prev = reuse->lru_prev; + else outnet->tcp_reuse_last = reuse->lru_prev; + /* insert at the front */ + reuse->lru_prev = NULL; + reuse->lru_next = outnet->tcp_reuse_first; + /* since it is not first, it is not the only element and + * lru_next is thus not NULL and thus reuse is now not the last in + * the list, so outnet->tcp_reuse_last does not need to be modified */ + outnet->tcp_reuse_first = reuse; +} + +/** call callback on waiting_tcp, if not NULL */ +static void +waiting_tcp_callback(struct waiting_tcp* w, struct comm_point* c, int error, + struct comm_reply* reply_info) +{ + if(w->cb) { + fptr_ok(fptr_whitelist_pending_tcp(w->cb)); + (void)(*w->cb)(c, w->cb_arg, error, reply_info); + } +} + /** see if buffers can be used to service TCP queries */ static void use_free_buffer(struct outside_network* outnet) @@ -422,25 +714,198 @@ use_free_buffer(struct outside_network* outnet) struct waiting_tcp* w; while(outnet->tcp_free && outnet->tcp_wait_first && !outnet->want_to_quit) { + struct reuse_tcp* reuse = NULL; w = outnet->tcp_wait_first; outnet->tcp_wait_first = w->next_waiting; if(outnet->tcp_wait_last == w) outnet->tcp_wait_last = NULL; - if(!outnet_tcp_take_into_use(w, w->pkt, w->pkt_len)) { - comm_point_callback_type* cb = w->cb; - void* cb_arg = w->cb_arg; - waiting_tcp_delete(w); - fptr_ok(fptr_whitelist_pending_tcp(cb)); - (void)(*cb)(NULL, cb_arg, NETEVENT_CLOSED, NULL); + w->on_tcp_waiting_list = 0; + reuse = reuse_tcp_find(outnet, &w->addr, w->addrlen, + w->ssl_upstream); + if(reuse) { + log_reuse_tcp(VERB_CLIENT, "use free buffer for waiting tcp: " + "found reuse", reuse); + reuse_tcp_lru_touch(outnet, reuse); + comm_timer_disable(w->timer); + w->next_waiting = (void*)reuse->pending; + reuse_tree_by_id_insert(reuse, w); + if(reuse->pending->query) { + /* on the write wait list */ + reuse_write_wait_push_back(reuse, w); + } else { + /* write straight away */ + /* stop the timer on read of the fd */ + comm_point_stop_listening(reuse->pending->c); + reuse->pending->query = w; + outnet_tcp_take_query_setup( + reuse->pending->c->fd, reuse->pending, + w); + } + } else { + struct pending_tcp* pend = w->outnet->tcp_free; + rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); + pend->reuse.pending = pend; + memcpy(&pend->reuse.addr, &w->addr, w->addrlen); + pend->reuse.addrlen = w->addrlen; + if(!outnet_tcp_take_into_use(w)) { + waiting_tcp_callback(w, NULL, NETEVENT_CLOSED, + NULL); + waiting_tcp_delete(w); + } } } } +/** add waiting_tcp element to the outnet tcp waiting list */ +static void +outnet_add_tcp_waiting(struct outside_network* outnet, struct waiting_tcp* w) +{ + struct timeval tv; + if(w->on_tcp_waiting_list) + return; + w->next_waiting = NULL; + if(outnet->tcp_wait_last) + outnet->tcp_wait_last->next_waiting = w; + else outnet->tcp_wait_first = w; + outnet->tcp_wait_last = w; + w->on_tcp_waiting_list = 1; +#ifndef S_SPLINT_S + tv.tv_sec = w->timeout/1000; + tv.tv_usec = (w->timeout%1000)*1000; +#endif + comm_timer_set(w->timer, &tv); +} + +/** delete element from tree by id */ +static void +reuse_tree_by_id_delete(struct reuse_tcp* reuse, struct waiting_tcp* w) +{ + log_assert(w->id_node.key != NULL); + rbtree_delete(&reuse->tree_by_id, w); + w->id_node.key = NULL; +} + +/** move writewait list to go for another connection. */ +static void +reuse_move_writewait_away(struct outside_network* outnet, + struct pending_tcp* pend) +{ + /* the writewait list has not been written yet, so if the + * stream was closed, they have not actually been failed, only + * the queries written. Other queries can get written to another + * stream. For upstreams that do not support multiple queries + * and answers, the stream can get closed, and then the queries + * can get written on a new socket */ + struct waiting_tcp* w; + if(pend->query && pend->query->error_count == 0 && + pend->c->tcp_write_pkt == pend->query->pkt && + pend->c->tcp_write_pkt_len == pend->query->pkt_len) { + /* since the current query is not written, it can also + * move to a free buffer */ + if(verbosity >= VERB_CLIENT && pend->query->pkt_len > 12+2+2 && + LDNS_QDCOUNT(pend->query->pkt) > 0 && + dname_valid(pend->query->pkt+12, pend->query->pkt_len-12)) { + char buf[LDNS_MAX_DOMAINLEN+1]; + dname_str(pend->query->pkt+12, buf); + verbose(VERB_CLIENT, "reuse_move_writewait_away current %s %d bytes were written", + buf, (int)pend->c->tcp_write_byte_count); + } + pend->c->tcp_write_pkt = NULL; + pend->c->tcp_write_pkt_len = 0; + pend->c->tcp_write_and_read = 0; + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; + pend->c->tcp_is_reading = 1; + w = pend->query; + pend->query = NULL; + /* increase error count, so that if the next socket fails too + * the server selection is run again with this query failed + * and it can select a different server (if possible), or + * fail the query */ + w->error_count ++; + reuse_tree_by_id_delete(&pend->reuse, w); + outnet_add_tcp_waiting(outnet, w); + } + while((w = reuse_write_wait_pop(&pend->reuse)) != NULL) { + if(verbosity >= VERB_CLIENT && w->pkt_len > 12+2+2 && + LDNS_QDCOUNT(w->pkt) > 0 && + dname_valid(w->pkt+12, w->pkt_len-12)) { + char buf[LDNS_MAX_DOMAINLEN+1]; + dname_str(w->pkt+12, buf); + verbose(VERB_CLIENT, "reuse_move_writewait_away item %s", buf); + } + reuse_tree_by_id_delete(&pend->reuse, w); + outnet_add_tcp_waiting(outnet, w); + } +} + +/** remove reused element from tree and lru list */ +static void +reuse_tcp_remove_tree_list(struct outside_network* outnet, + struct reuse_tcp* reuse) +{ + verbose(VERB_CLIENT, "reuse_tcp_remove_tree_list"); + if(reuse->node.key) { + /* delete it from reuse tree */ + (void)rbtree_delete(&outnet->tcp_reuse, &reuse->node); + reuse->node.key = NULL; + } + /* delete from reuse list */ + if(reuse->item_on_lru_list) { + if(reuse->lru_prev) { + /* assert that members of the lru list are waiting + * and thus have a pending pointer to the struct */ + log_assert(reuse->lru_prev->pending); + reuse->lru_prev->lru_next = reuse->lru_next; + } else { + log_assert(!reuse->lru_next || reuse->lru_next->pending); + outnet->tcp_reuse_first = reuse->lru_next; + } + if(reuse->lru_next) { + /* assert that members of the lru list are waiting + * and thus have a pending pointer to the struct */ + log_assert(reuse->lru_next->pending); + reuse->lru_next->lru_prev = reuse->lru_prev; + } else { + log_assert(!reuse->lru_prev || reuse->lru_prev->pending); + outnet->tcp_reuse_last = reuse->lru_prev; + } + reuse->item_on_lru_list = 0; + } +} + +/** helper function that deletes an element from the tree of readwait + * elements in tcp reuse structure */ +static void reuse_del_readwait_elem(rbnode_type* node, void* ATTR_UNUSED(arg)) +{ + struct waiting_tcp* w = (struct waiting_tcp*)node->key; + waiting_tcp_delete(w); +} + +/** delete readwait waiting_tcp elements, deletes the elements in the list */ +void reuse_del_readwait(rbtree_type* tree_by_id) +{ + if(tree_by_id->root == NULL || + tree_by_id->root == RBTREE_NULL) + return; + traverse_postorder(tree_by_id, &reuse_del_readwait_elem, NULL); + rbtree_init(tree_by_id, reuse_id_cmp); +} + /** decommission a tcp buffer, closes commpoint and frees waiting_tcp entry */ static void decommission_pending_tcp(struct outside_network* outnet, struct pending_tcp* pend) { + verbose(VERB_CLIENT, "decommission_pending_tcp"); + pend->next_free = outnet->tcp_free; + outnet->tcp_free = pend; + if(pend->reuse.node.key) { + /* needs unlink from the reuse tree to get deleted */ + reuse_tcp_remove_tree_list(outnet, &pend->reuse); + } + /* free SSL structure after remove from outnet tcp reuse tree, + * because the c->ssl null or not is used for sorting in the tree */ if(pend->c->ssl) { #ifdef HAVE_SSL SSL_shutdown(pend->c->ssl); @@ -449,11 +914,68 @@ decommission_pending_tcp(struct outside_network* outnet, #endif } comm_point_close(pend->c); - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; - waiting_tcp_delete(pend->query); + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; + /* unlink the query and writewait list, it is part of the tree + * nodes and is deleted */ pend->query = NULL; - use_free_buffer(outnet); + pend->reuse.write_wait_first = NULL; + pend->reuse.write_wait_last = NULL; + reuse_del_readwait(&pend->reuse.tree_by_id); +} + +/** perform failure callbacks for waiting queries in reuse read rbtree */ +static void reuse_cb_readwait_for_failure(rbtree_type* tree_by_id, int err) +{ + rbnode_type* node; + if(tree_by_id->root == NULL || + tree_by_id->root == RBTREE_NULL) + return; + node = rbtree_first(tree_by_id); + while(node && node != RBTREE_NULL) { + struct waiting_tcp* w = (struct waiting_tcp*)node->key; + waiting_tcp_callback(w, NULL, err, NULL); + node = rbtree_next(node); + } +} + +/** perform callbacks for failure and also decommission pending tcp. + * the callbacks remove references in sq->pending to the waiting_tcp + * members of the tree_by_id in the pending tcp. The pending_tcp is + * removed before the callbacks, so that the callbacks do not modify + * the pending_tcp due to its reference in the outside_network reuse tree */ +static void reuse_cb_and_decommission(struct outside_network* outnet, + struct pending_tcp* pend, int error) +{ + rbtree_type store; + store = pend->reuse.tree_by_id; + pend->query = NULL; + rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); + pend->reuse.write_wait_first = NULL; + pend->reuse.write_wait_last = NULL; + decommission_pending_tcp(outnet, pend); + reuse_cb_readwait_for_failure(&store, error); + reuse_del_readwait(&store); +} + +/** set timeout on tcp fd and setup read event to catch incoming dns msgs */ +static void +reuse_tcp_setup_timeout(struct pending_tcp* pend_tcp) +{ + log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_timeout", &pend_tcp->reuse); + comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT); +} + +/** set timeout on tcp fd and setup read event to catch incoming dns msgs */ +static void +reuse_tcp_setup_read_and_timeout(struct pending_tcp* pend_tcp) +{ + log_reuse_tcp(VERB_CLIENT, "reuse_tcp_setup_readtimeout", &pend_tcp->reuse); + sldns_buffer_clear(pend_tcp->c->buffer); + pend_tcp->c->tcp_is_reading = 1; + pend_tcp->c->tcp_byte_count = 0; + comm_point_stop_listening(pend_tcp->c); + comm_point_start_listening(pend_tcp->c, -1, REUSE_TIMEOUT); } int @@ -461,24 +983,116 @@ outnet_tcp_cb(struct comm_point* c, void* arg, int error, struct comm_reply *reply_info) { struct pending_tcp* pend = (struct pending_tcp*)arg; - struct outside_network* outnet = pend->query->outnet; + struct outside_network* outnet = pend->reuse.outnet; + struct waiting_tcp* w = NULL; verbose(VERB_ALGO, "outnettcp cb"); - if(error != NETEVENT_NOERROR) { + if(error == NETEVENT_TIMEOUT) { + if(pend->c->tcp_write_and_read) { + verbose(VERB_QUERY, "outnettcp got tcp timeout " + "for read, ignored because write underway"); + /* if we are writing, ignore readtimer, wait for write timer + * or write is done */ + return 0; + } else { + verbose(VERB_QUERY, "outnettcp got tcp timeout %s", + (pend->reuse.tree_by_id.count?"for reading pkt": + "for keepalive for reuse")); + } + /* must be timeout for reading or keepalive reuse, + * close it. */ + reuse_tcp_remove_tree_list(outnet, &pend->reuse); + } else if(error == NETEVENT_PKT_WRITTEN) { + /* the packet we want to write has been written. */ + verbose(VERB_ALGO, "outnet tcp pkt was written event"); + log_assert(c == pend->c); + log_assert(pend->query->pkt == pend->c->tcp_write_pkt); + log_assert(pend->query->pkt_len == pend->c->tcp_write_pkt_len); + pend->c->tcp_write_pkt = NULL; + pend->c->tcp_write_pkt_len = 0; + /* the pend.query is already in tree_by_id */ + log_assert(pend->query->id_node.key); + pend->query = NULL; + /* setup to write next packet or setup read timeout */ + if(pend->reuse.write_wait_first) { + verbose(VERB_ALGO, "outnet tcp setup next pkt"); + /* we can write it straight away perhaps, set flag + * because this callback called after a tcp write + * succeeded and likely more buffer space is available + * and we can write some more. */ + pend->reuse.cp_more_write_again = 1; + pend->query = reuse_write_wait_pop(&pend->reuse); + comm_point_stop_listening(pend->c); + outnet_tcp_take_query_setup(pend->c->fd, pend, + pend->query); + } else { + verbose(VERB_ALGO, "outnet tcp writes done, wait"); + pend->c->tcp_write_and_read = 0; + pend->reuse.cp_more_read_again = 0; + pend->reuse.cp_more_write_again = 0; + pend->c->tcp_is_reading = 1; + comm_point_stop_listening(pend->c); + reuse_tcp_setup_timeout(pend); + } + return 0; + } else if(error != NETEVENT_NOERROR) { verbose(VERB_QUERY, "outnettcp got tcp error %d", error); + reuse_move_writewait_away(outnet, pend); /* pass error below and exit */ } else { /* check ID */ - if(sldns_buffer_limit(c->buffer) < sizeof(uint16_t) || - LDNS_ID_WIRE(sldns_buffer_begin(c->buffer))!=pend->id) { + if(sldns_buffer_limit(c->buffer) < sizeof(uint16_t)) { log_addr(VERB_QUERY, - "outnettcp: bad ID in reply, from:", - &pend->query->addr, pend->query->addrlen); + "outnettcp: bad ID in reply, too short, from:", + &pend->reuse.addr, pend->reuse.addrlen); error = NETEVENT_CLOSED; + } else { + uint16_t id = LDNS_ID_WIRE(sldns_buffer_begin( + c->buffer)); + /* find the query the reply is for */ + w = reuse_tcp_by_id_find(&pend->reuse, id); } } - fptr_ok(fptr_whitelist_pending_tcp(pend->query->cb)); - (void)(*pend->query->cb)(c, pend->query->cb_arg, error, reply_info); - decommission_pending_tcp(outnet, pend); + if(error == NETEVENT_NOERROR && !w) { + /* no struct waiting found in tree, no reply to call */ + log_addr(VERB_QUERY, "outnettcp: bad ID in reply, from:", + &pend->reuse.addr, pend->reuse.addrlen); + error = NETEVENT_CLOSED; + } + if(error == NETEVENT_NOERROR) { + /* add to reuse tree so it can be reused, if not a failure. + * This is possible if the state machine wants to make a tcp + * query again to the same destination. */ + if(outnet->tcp_reuse.count < outnet->tcp_reuse_max) { + (void)reuse_tcp_insert(outnet, pend); + } + } + if(w) { + reuse_tree_by_id_delete(&pend->reuse, w); + verbose(VERB_CLIENT, "outnet tcp callback query err %d buflen %d", + error, (int)sldns_buffer_limit(c->buffer)); + waiting_tcp_callback(w, c, error, reply_info); + waiting_tcp_delete(w); + } + verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb"); + if(error == NETEVENT_NOERROR && pend->reuse.node.key) { + verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: keep it"); + /* it is in the reuse_tcp tree, with other queries, or + * on the empty list. do not decommission it */ + /* if there are more outstanding queries, we could try to + * read again, to see if it is on the input, + * because this callback called after a successful read + * and there could be more bytes to read on the input */ + if(pend->reuse.tree_by_id.count != 0) + pend->reuse.cp_more_read_again = 1; + reuse_tcp_setup_read_and_timeout(pend); + return 0; + } + verbose(VERB_CLIENT, "outnet_tcp_cb reuse after cb: decommission it"); + /* no queries on it, no space to keep it. or timeout or closed due + * to error. Close it */ + reuse_cb_and_decommission(outnet, pend, (error==NETEVENT_TIMEOUT? + NETEVENT_TIMEOUT:NETEVENT_CLOSED)); + use_free_buffer(outnet); return 0; } @@ -737,7 +1351,8 @@ outside_network_create(struct comm_base *base, size_t bufsize, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv) + void* sslctx, int delayclose, int tls_use_sni, struct dt_env* dtenv, + int udp_connect) { struct outside_network* outnet = (struct outside_network*) calloc(1, sizeof(struct outside_network)); @@ -775,6 +1390,9 @@ outside_network_create(struct comm_base *base, size_t bufsize, outnet->delay_tv.tv_usec = (delayclose%1000)*1000; } #endif + if(udp_connect) { + outnet->udp_connect = 1; + } if(numavailports == 0 || num_ports == 0) { log_err("no outgoing ports available"); outside_network_delete(outnet); @@ -809,6 +1427,8 @@ outside_network_create(struct comm_base *base, size_t bufsize, outside_network_delete(outnet); return NULL; } + rbtree_init(&outnet->tcp_reuse, reuse_cmp); + outnet->tcp_reuse_max = num_tcp; /* allocate commpoints */ for(k=0; knum_tcp; i++) if(outnet->tcp_conns[i]) { + if(outnet->tcp_conns[i]->query && + !outnet->tcp_conns[i]->query-> + on_tcp_waiting_list) { + /* delete waiting_tcp elements that + * the tcp conn is working on */ + struct pending_tcp* pend = + (struct pending_tcp*)outnet-> + tcp_conns[i]->query-> + next_waiting; + decommission_pending_tcp(outnet, pend); + } comm_point_delete(outnet->tcp_conns[i]->c); waiting_tcp_delete(outnet->tcp_conns[i]->query); free(outnet->tcp_conns[i]); @@ -986,6 +1617,10 @@ outside_network_delete(struct outside_network* outnet) p = np; } } + /* was allocated in struct pending that was deleted above */ + rbtree_init(&outnet->tcp_reuse, reuse_cmp); + outnet->tcp_reuse_first = NULL; + outnet->tcp_reuse_last = NULL; if(outnet->udp_wait_first) { struct pending* p = outnet->udp_wait_first, *np; while(p) { @@ -1110,6 +1745,33 @@ select_id(struct outside_network* outnet, struct pending* pend, return 1; } +/** return true is UDP connect error needs to be logged */ +static int udp_connect_needs_log(int err) +{ + switch(err) { + case ECONNREFUSED: +# ifdef ENETUNREACH + case ENETUNREACH: +# endif +# ifdef EHOSTDOWN + case EHOSTDOWN: +# endif +# ifdef EHOSTUNREACH + case EHOSTUNREACH: +# endif +# ifdef ENETDOWN + case ENETDOWN: +# endif + if(verbosity >= VERB_ALGO) + return 1; + return 0; + default: + break; + } + return 1; +} + + /** Select random interface and port */ static int select_ifport(struct outside_network* outnet, struct pending* pend, @@ -1129,13 +1791,26 @@ select_ifport(struct outside_network* outnet, struct pending* pend, my_if = ub_random_max(outnet->rnd, num_if); pif = &ifs[my_if]; #ifndef DISABLE_EXPLICIT_PORT_RANDOMISATION - my_port = ub_random_max(outnet->rnd, pif->avail_total); - if(my_port < pif->inuse) { - /* port already open */ - pend->pc = pif->out[my_port]; - verbose(VERB_ALGO, "using UDP if=%d port=%d", - my_if, pend->pc->number); - break; + if(outnet->udp_connect) { + /* if we connect() we cannot reuse fds for a port */ + if(pif->inuse >= pif->avail_total) { + tries++; + if(tries < MAX_PORT_RETRY) + continue; + log_err("failed to find an open port, drop msg"); + return 0; + } + my_port = pif->inuse + ub_random_max(outnet->rnd, + pif->avail_total - pif->inuse); + } else { + my_port = ub_random_max(outnet->rnd, pif->avail_total); + if(my_port < pif->inuse) { + /* port already open */ + pend->pc = pif->out[my_port]; + verbose(VERB_ALGO, "using UDP if=%d port=%d", + my_if, pend->pc->number); + break; + } } /* try to open new port, if fails, loop to try again */ log_assert(pif->inuse < pif->maxout); @@ -1152,6 +1827,19 @@ select_ifport(struct outside_network* outnet, struct pending* pend, if(fd != -1) { verbose(VERB_ALGO, "opened UDP if=%d port=%d", my_if, portno); + if(outnet->udp_connect) { + /* connect() to the destination */ + if(connect(fd, (struct sockaddr*)&pend->addr, + pend->addrlen) < 0) { + if(udp_connect_needs_log(errno)) { + log_err_addr("udp connect failed", + strerror(errno), &pend->addr, + pend->addrlen); + } + sock_close(fd); + return 0; + } + } /* grab fd */ pend->pc = outnet->unused_fds; outnet->unused_fds = pend->pc->next; @@ -1211,8 +1899,8 @@ randomize_and_send_udp(struct pending* pend, sldns_buffer* packet, int timeout) log_assert(pend->pc && pend->pc->cp); /* send it over the commlink */ - if(!comm_point_send_udp_msg(pend->pc->cp, packet, - (struct sockaddr*)&pend->addr, pend->addrlen)) { + if(!comm_point_send_udp_msg(pend->pc->cp, packet, + (struct sockaddr*)&pend->addr, pend->addrlen, outnet->udp_connect)) { portcomm_loweruse(outnet, pend->pc); return 0; } @@ -1287,45 +1975,152 @@ outnet_tcptimer(void* arg) { struct waiting_tcp* w = (struct waiting_tcp*)arg; struct outside_network* outnet = w->outnet; - comm_point_callback_type* cb; - void* cb_arg; - if(w->pkt) { + verbose(VERB_CLIENT, "outnet_tcptimer"); + if(w->on_tcp_waiting_list) { /* it is on the waiting list */ waiting_list_remove(outnet, w); + waiting_tcp_callback(w, NULL, NETEVENT_TIMEOUT, NULL); + waiting_tcp_delete(w); } else { /* it was in use */ struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting; - if(pend->c->ssl) { -#ifdef HAVE_SSL - SSL_shutdown(pend->c->ssl); - SSL_free(pend->c->ssl); - pend->c->ssl = NULL; -#endif - } - comm_point_close(pend->c); - pend->query = NULL; - pend->next_free = outnet->tcp_free; - outnet->tcp_free = pend; + reuse_cb_and_decommission(outnet, pend, NETEVENT_TIMEOUT); } - cb = w->cb; - cb_arg = w->cb_arg; - waiting_tcp_delete(w); - fptr_ok(fptr_whitelist_pending_tcp(cb)); - (void)(*cb)(NULL, cb_arg, NETEVENT_TIMEOUT, NULL); use_free_buffer(outnet); } +/** close the oldest reuse_tcp connection to make a fd and struct pend + * available for a new stream connection */ +static void +reuse_tcp_close_oldest(struct outside_network* outnet) +{ + struct pending_tcp* pend; + verbose(VERB_CLIENT, "reuse_tcp_close_oldest"); + if(!outnet->tcp_reuse_last) return; + pend = outnet->tcp_reuse_last->pending; + + /* snip off of LRU */ + log_assert(pend->reuse.lru_next == NULL); + if(pend->reuse.lru_prev) { + outnet->tcp_reuse_last = pend->reuse.lru_prev; + pend->reuse.lru_prev->lru_next = NULL; + } else { + outnet->tcp_reuse_last = NULL; + outnet->tcp_reuse_first = NULL; + } + pend->reuse.item_on_lru_list = 0; + + /* free up */ + reuse_cb_and_decommission(outnet, pend, NETEVENT_CLOSED); +} + +/** find spare ID value for reuse tcp stream. That is random and also does + * not collide with an existing query ID that is in use or waiting */ +uint16_t +reuse_tcp_select_id(struct reuse_tcp* reuse, struct outside_network* outnet) +{ + uint16_t id = 0, curid, nextid; + const int try_random = 2000; + int i; + unsigned select, count, space; + rbnode_type* node; + + /* make really sure the tree is not empty */ + if(reuse->tree_by_id.count == 0) { + id = ((unsigned)ub_random(outnet->rnd)>>8) & 0xffff; + return id; + } + + /* try to find random empty spots by picking them */ + for(i = 0; irnd)>>8) & 0xffff; + if(!reuse_tcp_by_id_find(reuse, id)) { + return id; + } + } + + /* equally pick a random unused element from the tree that is + * not in use. Pick a the n-th index of an ununused number, + * then loop over the empty spaces in the tree and find it */ + log_assert(reuse->tree_by_id.count < 0xffff); + select = ub_random_max(outnet->rnd, 0xffff - reuse->tree_by_id.count); + /* select value now in 0 .. num free - 1 */ + + count = 0; /* number of free spaces passed by */ + node = rbtree_first(&reuse->tree_by_id); + log_assert(node && node != RBTREE_NULL); /* tree not empty */ + /* see if select is before first node */ + if(select < tree_by_id_get_id(node)) + return select; + count += tree_by_id_get_id(node); + /* perhaps select is between nodes */ + while(node && node != RBTREE_NULL) { + rbnode_type* next = rbtree_next(node); + if(next && next != RBTREE_NULL) { + curid = tree_by_id_get_id(node); + nextid = tree_by_id_get_id(next); + log_assert(curid < nextid); + if(curid != 0xffff && curid + 1 < nextid) { + /* space between nodes */ + space = nextid - curid - 1; + log_assert(select >= count); + if(select < count + space) { + /* here it is */ + return curid + 1 + (select - count); + } + count += space; + } + } + node = next; + } + + /* select is after the last node */ + /* count is the number of free positions before the nodes in the + * tree */ + node = rbtree_last(&reuse->tree_by_id); + log_assert(node && node != RBTREE_NULL); /* tree not empty */ + curid = tree_by_id_get_id(node); + log_assert(count + (0xffff-curid) + reuse->tree_by_id.count == 0xffff); + return curid + 1 + (select - count); +} + struct waiting_tcp* pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, int timeout, comm_point_callback_type* callback, void* callback_arg) { struct pending_tcp* pend = sq->outnet->tcp_free; + struct reuse_tcp* reuse = NULL; struct waiting_tcp* w; - struct timeval tv; - uint16_t id; - /* if no buffer is free allocate space to store query */ + + verbose(VERB_CLIENT, "pending_tcp_query"); + if(sldns_buffer_limit(packet) < sizeof(uint16_t)) { + verbose(VERB_ALGO, "pending tcp query with too short buffer < 2"); + return NULL; + } + + /* find out if a reused stream to the target exists */ + /* if so, take it into use */ + reuse = reuse_tcp_find(sq->outnet, &sq->addr, sq->addrlen, + sq->ssl_upstream); + if(reuse) { + log_reuse_tcp(VERB_CLIENT, "pending_tcp_query: found reuse", reuse); + log_assert(reuse->pending); + pend = reuse->pending; + reuse_tcp_lru_touch(sq->outnet, reuse); + } + + /* if !pend but we have reuse streams, close a reuse stream + * to be able to open a new one to this target, no use waiting + * to reuse a file descriptor while another query needs to use + * that buffer and file descriptor now. */ + if(!pend) { + reuse_tcp_close_oldest(sq->outnet); + pend = sq->outnet->tcp_free; + } + + /* allocate space to store query */ w = (struct waiting_tcp*)malloc(sizeof(struct waiting_tcp) - + (pend?0:sldns_buffer_limit(packet))); + + sldns_buffer_limit(packet)); if(!w) { return NULL; } @@ -1333,47 +2128,76 @@ pending_tcp_query(struct serviced_query* sq, sldns_buffer* packet, free(w); return NULL; } - w->pkt = NULL; - w->pkt_len = 0; - id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff; - LDNS_ID_SET(sldns_buffer_begin(packet), id); + w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp); + w->pkt_len = sldns_buffer_limit(packet); + memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len); + if(reuse) + w->id = reuse_tcp_select_id(reuse, sq->outnet); + else w->id = ((unsigned)ub_random(sq->outnet->rnd)>>8) & 0xffff; + LDNS_ID_SET(w->pkt, w->id); memcpy(&w->addr, &sq->addr, sq->addrlen); w->addrlen = sq->addrlen; w->outnet = sq->outnet; + w->on_tcp_waiting_list = 0; + w->next_waiting = NULL; w->cb = callback; w->cb_arg = callback_arg; w->ssl_upstream = sq->ssl_upstream; w->tls_auth_name = sq->tls_auth_name; -#ifndef S_SPLINT_S - tv.tv_sec = timeout/1000; - tv.tv_usec = (timeout%1000)*1000; -#endif - comm_timer_set(w->timer, &tv); + w->timeout = timeout; + w->id_node.key = NULL; + w->write_wait_prev = NULL; + w->write_wait_next = NULL; + w->write_wait_queued = 0; + w->error_count = 0; if(pend) { /* we have a buffer available right now */ - if(!outnet_tcp_take_into_use(w, sldns_buffer_begin(packet), - sldns_buffer_limit(packet))) { - waiting_tcp_delete(w); - return NULL; + if(reuse) { + /* reuse existing fd, write query and continue */ + /* store query in tree by id */ + verbose(VERB_CLIENT, "pending_tcp_query: reuse, store"); + w->next_waiting = (void*)pend; + reuse_tree_by_id_insert(&pend->reuse, w); + /* can we write right now? */ + if(pend->query == NULL) { + /* write straight away */ + /* stop the timer on read of the fd */ + comm_point_stop_listening(pend->c); + pend->query = w; + outnet_tcp_take_query_setup(pend->c->fd, pend, + w); + } else { + /* put it in the waiting list for + * this stream */ + reuse_write_wait_push_back(&pend->reuse, w); + } + } else { + /* create new fd and connect to addr, setup to + * write query */ + verbose(VERB_CLIENT, "pending_tcp_query: new fd, connect"); + rbtree_init(&pend->reuse.tree_by_id, reuse_id_cmp); + pend->reuse.pending = pend; + memcpy(&pend->reuse.addr, &sq->addr, sq->addrlen); + pend->reuse.addrlen = sq->addrlen; + if(!outnet_tcp_take_into_use(w)) { + waiting_tcp_delete(w); + return NULL; + } } -#ifdef USE_DNSTAP - if(sq->outnet->dtenv && - (sq->outnet->dtenv->log_resolver_query_messages || - sq->outnet->dtenv->log_forwarder_query_messages)) - dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, - comm_tcp, sq->zone, sq->zonelen, packet); -#endif } else { /* queue up */ - w->pkt = (uint8_t*)w + sizeof(struct waiting_tcp); - w->pkt_len = sldns_buffer_limit(packet); - memmove(w->pkt, sldns_buffer_begin(packet), w->pkt_len); - w->next_waiting = NULL; - if(sq->outnet->tcp_wait_last) - sq->outnet->tcp_wait_last->next_waiting = w; - else sq->outnet->tcp_wait_first = w; - sq->outnet->tcp_wait_last = w; + /* waiting for a buffer on the outside network buffer wait + * list */ + verbose(VERB_CLIENT, "pending_tcp_query: queue to wait"); + outnet_add_tcp_waiting(sq->outnet, w); } +#ifdef USE_DNSTAP + if(sq->outnet->dtenv && + (sq->outnet->dtenv->log_resolver_query_messages || + sq->outnet->dtenv->log_forwarder_query_messages)) + dt_msg_send_outside_query(sq->outnet->dtenv, &sq->addr, + comm_tcp, sq->zone, sq->zonelen, packet); +#endif return w; } @@ -1491,6 +2315,7 @@ static void waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w) { struct waiting_tcp* p = outnet->tcp_wait_first, *prev = NULL; + w->on_tcp_waiting_list = 0; while(p) { if(p == w) { /* remove w */ @@ -1506,10 +2331,53 @@ waiting_list_remove(struct outside_network* outnet, struct waiting_tcp* w) } } +/** reuse tcp stream, remove serviced query from stream, + * return true if the stream is kept, false if it is to be closed */ +static int +reuse_tcp_remove_serviced_keep(struct waiting_tcp* w, + struct serviced_query* sq) +{ + struct pending_tcp* pend_tcp = (struct pending_tcp*)w->next_waiting; + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep"); + /* remove the callback. let query continue to write to not cancel + * the stream itself. also keep it as an entry in the tree_by_id, + * in case the answer returns (that we no longer want), but we cannot + * pick the same ID number meanwhile */ + w->cb = NULL; + /* see if can be entered in reuse tree + * for that the FD has to be non-1 */ + if(pend_tcp->c->fd == -1) { + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep: -1 fd"); + return 0; + } + /* if in tree and used by other queries */ + if(pend_tcp->reuse.node.key) { + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep: in use by other queries"); + /* do not reset the keepalive timer, for that + * we'd need traffic, and this is where the serviced is + * removed due to state machine internal reasons, + * eg. iterator no longer interested in this query */ + return 1; + } + /* if still open and want to keep it open */ + if(pend_tcp->c->fd != -1 && sq->outnet->tcp_reuse.count < + sq->outnet->tcp_reuse_max) { + verbose(VERB_CLIENT, "reuse_tcp_remove_serviced_keep: keep open"); + /* set a keepalive timer on it */ + if(!reuse_tcp_insert(sq->outnet, pend_tcp)) { + return 0; + } + reuse_tcp_setup_timeout(pend_tcp); + return 1; + } + return 0; +} + /** cleanup serviced query entry */ static void serviced_delete(struct serviced_query* sq) { + verbose(VERB_CLIENT, "serviced_delete"); if(sq->pending) { /* clear up the pending query */ if(sq->status == serviced_query_UDP_EDNS || @@ -1517,6 +2385,7 @@ serviced_delete(struct serviced_query* sq) sq->status == serviced_query_UDP_EDNS_FRAG || sq->status == serviced_query_UDP_EDNS_fallback) { struct pending* p = (struct pending*)sq->pending; + verbose(VERB_CLIENT, "serviced_delete: UDP"); if(p->pc) portcomm_loweruse(sq->outnet, p->pc); pending_delete(sq->outnet, p); @@ -1524,14 +2393,32 @@ serviced_delete(struct serviced_query* sq) * mesh */ outnet_send_wait_udp(sq->outnet); } else { - struct waiting_tcp* p = (struct waiting_tcp*) + struct waiting_tcp* w = (struct waiting_tcp*) sq->pending; - if(p->pkt == NULL) { - decommission_pending_tcp(sq->outnet, - (struct pending_tcp*)p->next_waiting); + verbose(VERB_CLIENT, "serviced_delete: TCP"); + /* if on stream-write-waiting list then + * remove from waiting list and waiting_tcp_delete */ + if(w->write_wait_queued) { + struct pending_tcp* pend = + (struct pending_tcp*)w->next_waiting; + verbose(VERB_CLIENT, "serviced_delete: writewait"); + reuse_tree_by_id_delete(&pend->reuse, w); + reuse_write_wait_remove(&pend->reuse, w); + waiting_tcp_delete(w); + } else if(!w->on_tcp_waiting_list) { + struct pending_tcp* pend = + (struct pending_tcp*)w->next_waiting; + verbose(VERB_CLIENT, "serviced_delete: tcpreusekeep"); + if(!reuse_tcp_remove_serviced_keep(w, sq)) { + reuse_cb_and_decommission(sq->outnet, + pend, NETEVENT_CLOSED); + use_free_buffer(sq->outnet); + } + sq->pending = NULL; } else { - waiting_list_remove(sq->outnet, p); - waiting_tcp_delete(p); + verbose(VERB_CLIENT, "serviced_delete: tcpwait"); + waiting_list_remove(sq->outnet, w); + waiting_tcp_delete(w); } } } @@ -2111,9 +2998,20 @@ outnet_serviced_query(struct outside_network* outnet, { struct serviced_query* sq; struct service_callback* cb; + struct edns_string_addr* client_string_addr; + if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen, qstate, qstate->region)) return NULL; + + if((client_string_addr = edns_string_addr_lookup( + &env->edns_strings->client_strings, addr, addrlen))) { + edns_opt_list_append(&qstate->edns_opts_back_out, + env->edns_strings->client_string_opcode, + client_string_addr->string_len, + client_string_addr->string, qstate->region); + } + serviced_gen_query(buff, qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, flags); sq = lookup_serviced(outnet, buff, dnssec, addr, addrlen, diff --git a/services/outside_network.h b/services/outside_network.h index c8f6d5724..2fe97fa6c 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -52,6 +52,7 @@ struct ub_randstate; struct pending_tcp; struct waiting_tcp; struct waiting_udp; +struct reuse_tcp; struct infra_cache; struct port_comm; struct port_if; @@ -106,6 +107,9 @@ struct outside_network { int delayclose; /** timeout for delayclose */ struct timeval delay_tv; + /** if we perform udp-connect, connect() for UDP socket to mitigate + * ICMP side channel leakage */ + int udp_connect; /** array of outgoing IP4 interfaces */ struct port_if* ip4_ifs; @@ -154,6 +158,21 @@ struct outside_network { size_t num_tcp; /** number of tcp communication points in use. */ size_t num_tcp_outgoing; + /** + * tree of still-open and waiting tcp connections for reuse. + * can be closed and reopened to get a new tcp connection. + * or reused to the same destination again. with timeout to close. + * Entries are of type struct reuse_tcp. + * The entries are both active and empty connections. + */ + rbtree_type tcp_reuse; + /** max number of tcp_reuse entries we want to keep open */ + size_t tcp_reuse_max; + /** first and last(oldest) in lru list of reuse connections. + * the oldest can be closed to get a new free pending_tcp if needed + * The list contains empty connections, that wait for timeout or + * a new query that can use the existing connection. */ + struct reuse_tcp* tcp_reuse_first, *tcp_reuse_last; /** list of tcp comm points that are free for use */ struct pending_tcp* tcp_free; /** list of tcp queries waiting for a buffer */ @@ -211,6 +230,76 @@ struct port_comm { struct comm_point* cp; }; +/** + * Reuse TCP connection, still open can be used again. + */ +struct reuse_tcp { + /** rbtree node with links in tcp_reuse tree. key is NULL when not + * in tree. Both active and empty connections are in the tree. + * key is a pointer to this structure, the members used to compare + * are the sockaddr and and then is-ssl bool, and then ptr value is + * used in case the same address exists several times in the tree + * when there are multiple connections to the same destination to + * make the rbtree items unique. */ + rbnode_type node; + /** the key for the tcp_reuse tree. address of peer, ip4 or ip6, + * and port number of peer */ + struct sockaddr_storage addr; + /** length of addr */ + socklen_t addrlen; + /** also key for tcp_reuse tree, if ssl is used */ + int is_ssl; + /** lru chain, so that the oldest can be removed to get a new + * connection when all are in (re)use. oldest is last in list. + * The lru only contains empty connections waiting for reuse, + * the ones with active queries are not on the list because they + * do not need to be closed to make space for others. They already + * service a query so the close for another query does not help + * service a larger number of queries. */ + struct reuse_tcp* lru_next, *lru_prev; + /** true if the reuse_tcp item is on the lru list with empty items */ + int item_on_lru_list; + /** the connection to reuse, the fd is non-1 and is open. + * the addr and port determine where the connection is going, + * and is key to the rbtree. The SSL ptr determines if it is + * a TLS connection or a plain TCP connection there. And TLS + * or not is also part of the key to the rbtree. + * There is a timeout and read event on the fd, to close it. */ + struct pending_tcp* pending; + /** + * The more read again value pointed to by the commpoint + * tcp_more_read_again pointer, so that it exists after commpoint + * delete + */ + int cp_more_read_again; + /** + * The more write again value pointed to by the commpoint + * tcp_more_write_again pointer, so that it exists after commpoint + * delete + */ + int cp_more_write_again; + /** rbtree with other queries waiting on the connection, by ID number, + * of type struct waiting_tcp. It is for looking up received + * answers to the structure for callback. And also to see if ID + * numbers are unused and can be used for a new query. + * The write_wait elements are also in the tree, so that ID numbers + * can be looked up also for them. They are bool write_wait_queued. */ + rbtree_type tree_by_id; + /** list of queries waiting to be written on the channel, + * if NULL no queries are waiting to be written and the pending->query + * is the query currently serviced. The first is the next in line. + * They are also in the tree_by_id. Once written, the are removed + * from this list, but stay in the tree. */ + struct waiting_tcp* write_wait_first, *write_wait_last; + /** the outside network it is part of */ + struct outside_network* outnet; +}; + +/** max number of queries on a reuse connection */ +#define MAX_REUSE_TCP_QUERIES 200 +/** timeout for REUSE entries in milliseconds. */ +#define REUSE_TIMEOUT 60000 + /** * A query that has an answer pending for it. */ @@ -255,12 +344,15 @@ struct pending { struct pending_tcp { /** next in list of free tcp comm points, or NULL. */ struct pending_tcp* next_free; - /** the ID for the query; checked in reply */ - uint16_t id; /** tcp comm point it was sent on (and reply must come back on). */ struct comm_point* c; /** the query being serviced, NULL if the pending_tcp is unused. */ struct waiting_tcp* query; + /** the pre-allocated reuse tcp structure. if ->pending is nonNULL + * it is in use and the connection is waiting for reuse. + * It is here for memory pre-allocation, and used to make this + * pending_tcp wait for reuse. */ + struct reuse_tcp reuse; }; /** @@ -269,12 +361,27 @@ struct pending_tcp { struct waiting_tcp { /** * next in waiting list. - * if pkt==0, this points to the pending_tcp structure. + * if on_tcp_waiting_list==0, this points to the pending_tcp structure. */ struct waiting_tcp* next_waiting; + /** if true the item is on the tcp waiting list and next_waiting + * is used for that. If false, the next_waiting points to the + * pending_tcp */ + int on_tcp_waiting_list; + /** next and prev in query waiting list for stream connection */ + struct waiting_tcp* write_wait_prev, *write_wait_next; + /** true if the waiting_tcp structure is on the write_wait queue */ + int write_wait_queued; + /** entry in reuse.tree_by_id, if key is NULL, not in tree, otherwise, + * this struct is key and sorted by ID (from waiting_tcp.id). */ + rbnode_type id_node; + /** the ID for the query; checked in reply */ + uint16_t id; /** timeout event; timer keeps running whether the query is * waiting for a buffer or the tcp reply is pending */ struct comm_timer* timer; + /** timeout in msec */ + int timeout; /** the outside network it is part of */ struct outside_network* outnet; /** remote address. */ @@ -284,13 +391,14 @@ struct waiting_tcp { /** * The query itself, the query packet to send. * allocated after the waiting_tcp structure. - * set to NULL when the query is serviced and it part of pending_tcp. - * if this is NULL, the next_waiting points to the pending_tcp. */ uint8_t* pkt; /** length of query packet. */ size_t pkt_len; - /** callback for the timeout, error or reply to the message */ + /** callback for the timeout, error or reply to the message, + * or NULL if no user is waiting. the entry uses an ID number. + * a query that was written is no longer needed, but the ID number + * and a reply will come back and can be ignored if NULL */ comm_point_callback_type* cb; /** callback user argument */ void* cb_arg; @@ -298,6 +406,8 @@ struct waiting_tcp { int ssl_upstream; /** ref to the tls_auth_name from the serviced_query */ char* tls_auth_name; + /** the packet was involved in an error, to stop looping errors */ + int error_count; }; /** @@ -421,6 +531,7 @@ struct serviced_query { * msec to wait on timeouted udp sockets. * @param tls_use_sni: if SNI is used for TLS connections. * @param dtenv: environment to send dnstap events with (if enabled). + * @param udp_connect: if the udp_connect option is enabled. * @return: the new structure (with no pending answers) or NULL on error. */ struct outside_network* outside_network_create(struct comm_base* base, @@ -429,7 +540,8 @@ struct outside_network* outside_network_create(struct comm_base* base, struct ub_randstate* rnd, int use_caps_for_id, int* availports, int numavailports, size_t unwanted_threshold, int tcp_mss, void (*unwanted_action)(void*), void* unwanted_param, int do_udp, - void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv); + void* sslctx, int delayclose, int tls_use_sni, struct dt_env *dtenv, + int udp_connect); /** * Delete outside_network structure. @@ -546,6 +658,19 @@ size_t outnet_get_mem(struct outside_network* outnet); */ size_t serviced_get_mem(struct serviced_query* sq); +/** Pick random ID value for a tcp stream, avoids existing IDs. */ +uint16_t reuse_tcp_select_id(struct reuse_tcp* reuse, + struct outside_network* outnet); + +/** find element in tree by id */ +struct waiting_tcp* reuse_tcp_by_id_find(struct reuse_tcp* reuse, uint16_t id); + +/** insert element in tree by id */ +void reuse_tree_by_id_insert(struct reuse_tcp* reuse, struct waiting_tcp* w); + +/** delete readwait waiting_tcp elements, deletes the elements in the list */ +void reuse_del_readwait(rbtree_type* tree_by_id); + /** get TCP file descriptor for address, returns -1 on failure, * tcp_mss is 0 or maxseg size to set for TCP packets. */ int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss, int dscp); @@ -643,4 +768,10 @@ int pending_cmp(const void* key1, const void* key2); /** compare function of serviced query rbtree */ int serviced_cmp(const void* key1, const void* key2); +/** compare function of reuse_tcp rbtree in outside_network struct */ +int reuse_cmp(const void* key1, const void* key2); + +/** compare function of reuse_tcp tree_by_id rbtree */ +int reuse_id_cmp(const void* key1, const void* key2); + #endif /* OUTSIDE_NETWORK_H */ diff --git a/services/rpz.c b/services/rpz.c index 105f238d0..d7dd17f7e 100644 --- a/services/rpz.c +++ b/services/rpz.c @@ -440,6 +440,8 @@ err: respip_set_delete(r->respip_set); if(r->taglist) free(r->taglist); + if(r->region) + regional_destroy(r->region); free(r); } return NULL; @@ -597,8 +599,18 @@ rpz_insert_rr(struct rpz* r, uint8_t* azname, size_t aznamelen, uint8_t* dname, uint8_t* policydname; if(!dname_subdomain_c(dname, azname)) { - log_err("RPZ: name of record to insert into RPZ is not a " - "subdomain of the configured name of the RPZ zone"); + char* dname_str = sldns_wire2str_dname(dname, dnamelen); + char* azname_str = sldns_wire2str_dname(azname, aznamelen); + if(dname_str && azname_str) { + log_err("RPZ: name of record (%s) to insert into RPZ is not a " + "subdomain of the configured name of the RPZ zone (%s)", + dname_str, azname_str); + } else { + log_err("RPZ: name of record to insert into RPZ is not a " + "subdomain of the configured name of the RPZ zone"); + } + free(dname_str); + free(azname_str); return 0; } @@ -951,8 +963,8 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, for(a = az->rpz_first; a; a = a->rpz_az_next) { lock_rw_rdlock(&a->lock); r = a->rpz; - if(!r->taglist || taglist_intersect(r->taglist, - r->taglistlen, taglist, taglen)) { + if(!r->disabled && (!r->taglist || taglist_intersect(r->taglist, + r->taglistlen, taglist, taglen))) { z = rpz_find_zone(r, qinfo->qname, qinfo->qname_len, qinfo->qclass, 0, 0, 0); if(z && r->action_override == RPZ_DISABLED_ACTION) { @@ -1032,3 +1044,17 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env, return ret; } + +void rpz_enable(struct rpz* r) +{ + if(!r) + return; + r->disabled = 0; +} + +void rpz_disable(struct rpz* r) +{ + if(!r) + return; + r->disabled = 1; +} diff --git a/services/rpz.h b/services/rpz.h index 77a2db55c..d5996a6cf 100644 --- a/services/rpz.h +++ b/services/rpz.h @@ -99,6 +99,7 @@ struct rpz { int log; char* log_name; struct regional* region; + int disabled; }; /** @@ -198,4 +199,16 @@ void rpz_finish_config(struct rpz* r); enum respip_action rpz_action_to_respip_action(enum rpz_action a); +/** + * Enable RPZ + * @param r: RPZ struct to enable + */ +void rpz_enable(struct rpz* r); + +/** + * Disable RPZ + * @param r: RPZ struct to disable + */ +void rpz_disable(struct rpz* r); + #endif /* SERVICES_RPZ_H */ diff --git a/sldns/parseutil.c b/sldns/parseutil.c index 3515d64c5..9f289d359 100644 --- a/sldns/parseutil.c +++ b/sldns/parseutil.c @@ -619,13 +619,18 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize) * * This routine does not insert spaces or linebreaks after 76 characters. */ -int sldns_b64_ntop(uint8_t const *src, size_t srclength, - char *target, size_t targsize) +static int sldns_b64_ntop_base(uint8_t const *src, size_t srclength, + char *target, size_t targsize, int base64url, int padding) { - const char* b64 = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + char* b64; const char pad64 = '='; size_t i = 0, o = 0; + if(base64url) + b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123" + "456789-_"; + else + b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123" + "456789+/"; if(targsize < sldns_b64_ntop_calculate_size(srclength)) return -1; /* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */ @@ -645,18 +650,26 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength, target[o] = b64[src[i] >> 2]; target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ]; target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ]; - target[o+3] = pad64; - /* i += 2; */ - o += 4; + if(padding) { + target[o+3] = pad64; + /* i += 2; */ + o += 4; + } else { + o += 3; + } break; case 1: /* one at end, converted into A B = = */ target[o] = b64[src[i] >> 2]; target[o+1] = b64[ ((src[i]&0x03)<<4) ]; - target[o+2] = pad64; - target[o+3] = pad64; - /* i += 1; */ - o += 4; + if(padding) { + target[o+2] = pad64; + target[o+3] = pad64; + /* i += 1; */ + o += 4; + } else { + o += 2; + } break; case 0: default: @@ -669,19 +682,36 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength, return (int)o; } +int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize) +{ + return sldns_b64_ntop_base(src, srclength, target, targsize, + 0 /* no base64url */, 1 /* padding */); +} + +int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize) +{ + return sldns_b64_ntop_base(src, srclength, target, targsize, + 1 /* base64url */, 0 /* no padding */); +} + size_t sldns_b64_pton_calculate_size(size_t srcsize) { return (((((srcsize + 3) / 4) * 3)) + 1); } -int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) +/* padding not required if srcsize is set */ +static int sldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target, + size_t targsize, int base64url) { const uint8_t pad64 = 64; /* is 64th in the b64 array */ const char* s = src; uint8_t in[4]; size_t o = 0, incount = 0; + int check_padding = (srcsize) ? 0 : 1; - while(*s) { + while(*s && (check_padding || srcsize)) { /* skip any character that is not base64 */ /* conceptually we do: const char* b64 = pad'=' is appended to array @@ -690,30 +720,43 @@ int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) and use d-b64; */ char d = *s++; + srcsize--; if(d <= 'Z' && d >= 'A') d -= 'A'; else if(d <= 'z' && d >= 'a') d = d - 'a' + 26; else if(d <= '9' && d >= '0') d = d - '0' + 52; - else if(d == '+') + else if(!base64url && d == '+') d = 62; - else if(d == '/') + else if(base64url && d == '-') + d = 62; + else if(!base64url && d == '/') d = 63; - else if(d == '=') + else if(base64url && d == '_') + d = 63; + else if(d == '=') { + if(!check_padding) + continue; d = 64; - else continue; + } else continue; + in[incount++] = (uint8_t)d; - if(incount != 4) + /* work on block of 4, unless padding is not used and there are + * less than 4 chars left */ + if(incount != 4 && (check_padding || srcsize)) continue; + assert(!check_padding || incount==4); /* process whole block of 4 characters into 3 output bytes */ - if(in[3] == pad64 && in[2] == pad64) { /* A B = = */ + if((incount == 2 || + (incount == 4 && in[3] == pad64 && in[2] == pad64))) { /* A B = = */ if(o+1 > targsize) return -1; target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); o += 1; break; /* we are done */ - } else if(in[3] == pad64) { /* A B C = */ + } else if(incount == 3 || + (incount == 4 && in[3] == pad64)) { /* A B C = */ if(o+2 > targsize) return -1; target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); @@ -721,7 +764,7 @@ int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) o += 2; break; /* we are done */ } else { - if(o+3 > targsize) + if(incount != 4 || o+3 > targsize) return -1; /* write xxxxxxyy yyyyzzzz zzwwwwww */ target[o] = (in[0]<<2) | ((in[1]&0x30)>>4); @@ -733,3 +776,17 @@ int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) } return (int)o; } + +int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize) +{ + return sldns_b64_pton_base(src, 0, target, targsize, 0); +} + +int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, + size_t targsize) +{ + if(!srcsize) { + return 0; + } + return sldns_b64_pton_base(src, srcsize, target, targsize, 1); +} diff --git a/sldns/parseutil.h b/sldns/parseutil.h index 10a2630a9..7eb23317f 100644 --- a/sldns/parseutil.h +++ b/sldns/parseutil.h @@ -92,13 +92,16 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize); int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize); +int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target, + size_t targsize); /** * calculates the size needed to store the result of sldns_b64_pton */ size_t sldns_b64_pton_calculate_size(size_t srcsize); - int sldns_b64_pton(char const *src, uint8_t *target, size_t targsize); +int sldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target, + size_t targsize); /** * calculates the size needed to store the result of b32_ntop diff --git a/sldns/rrdef.h b/sldns/rrdef.h index 4e7fef574..e084f354a 100644 --- a/sldns/rrdef.h +++ b/sldns/rrdef.h @@ -426,7 +426,8 @@ enum sldns_enum_edns_option LDNS_EDNS_N3U = 7, /* RFC6975 */ LDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */ LDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/ - LDNS_EDNS_PADDING = 12 /* RFC7830 */ + LDNS_EDNS_PADDING = 12, /* RFC7830 */ + LDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */ }; typedef enum sldns_enum_edns_option sldns_edns_option; diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index 0cf348add..b1b7ae7ef 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -624,8 +624,6 @@ morechecks(struct config_file* cfg) cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg); check_chroot_filelist_wild("trusted-keys-file", cfg->trusted_keys_file_list, cfg->chrootdir, cfg); - check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file, - cfg->chrootdir, cfg); #ifdef USE_IPSECMOD if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) { /* only check hook if enabled */ diff --git a/smallapp/unbound-control-setup.sh.in b/smallapp/unbound-control-setup.sh.in index 3e506e84e..eaf1d082c 100644 --- a/smallapp/unbound-control-setup.sh.in +++ b/smallapp/unbound-control-setup.sh.in @@ -120,12 +120,19 @@ if [ ! -f "$SVR_BASE.key" ]; then fi cat >server.cnf <mem.dnscrypt_nonce); #endif PR_LL("mem.streamwait", s->svr.mem_stream_wait); + PR_LL("mem.http.query_buffer", s->svr.mem_http2_query_buffer); + PR_LL("mem.http.response_buffer", s->svr.mem_http2_response_buffer); } /** print histogram */ @@ -342,6 +350,7 @@ static void print_extended(struct ub_stats_info* s) PR_UL("num.query.tls", s->svr.qtls); PR_UL("num.query.tls_resume", s->svr.qtls_resume); PR_UL("num.query.ipv6", s->svr.qipv6); + PR_UL("num.query.https", s->svr.qhttps); /* flags */ PR_UL("num.query.flags.QR", s->svr.qbit_QR); @@ -542,6 +551,30 @@ setup_ctx(struct config_file* cfg) return ctx; } +/** check connect error */ +static void +checkconnecterr(int err, const char* svr, struct sockaddr_storage* addr, + socklen_t addrlen, int statuscmd, int useport) +{ +#ifndef USE_WINSOCK + if(!useport) log_err("connect: %s for %s", strerror(err), svr); + else log_err_addr("connect", strerror(err), addr, addrlen); + if(err == ECONNREFUSED && statuscmd) { + printf("unbound is stopped\n"); + exit(3); + } +#else + int wsaerr = err; + if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr); + else log_err_addr("connect", wsa_strerror(wsaerr), addr, addrlen); + if(wsaerr == WSAECONNREFUSED && statuscmd) { + printf("unbound is stopped\n"); + exit(3); + } +#endif + exit(1); +} + /** contact the server with TCP connect */ static int contact_server(const char* svr, struct config_file* cfg, int statuscmd) @@ -593,32 +626,77 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd) addrfamily = addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET; fd = socket(addrfamily, SOCK_STREAM, proto); if(fd == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } + fd_set_nonblock(fd); if(connect(fd, (struct sockaddr*)&addr, addrlen) < 0) { #ifndef USE_WINSOCK - int err = errno; - if(!useport) log_err("connect: %s for %s", strerror(err), svr); - else log_err_addr("connect", strerror(err), &addr, addrlen); - if(err == ECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); - } -#else - int wsaerr = WSAGetLastError(); - if(!useport) log_err("connect: %s for %s", wsa_strerror(wsaerr), svr); - else log_err_addr("connect", wsa_strerror(wsaerr), &addr, addrlen); - if(wsaerr == WSAECONNREFUSED && statuscmd) { - printf("unbound is stopped\n"); - exit(3); +#ifdef EINPROGRESS + if(errno != EINPROGRESS) { + checkconnecterr(errno, svr, &addr, + addrlen, statuscmd, useport); + } +#endif +#else + if(WSAGetLastError() != WSAEINPROGRESS && + WSAGetLastError() != WSAEWOULDBLOCK) { + checkconnecterr(WSAGetLastError(), svr, &addr, + addrlen, statuscmd, useport); } #endif - exit(1); } + while(1) { + fd_set rset, wset, eset; + struct timeval tv; + FD_ZERO(&rset); + FD_SET(FD_SET_T fd, &rset); + FD_ZERO(&wset); + FD_SET(FD_SET_T fd, &wset); + FD_ZERO(&eset); + FD_SET(FD_SET_T fd, &eset); + tv.tv_sec = UNBOUND_CONTROL_CONNECT_TIMEOUT/1000; + tv.tv_usec= (UNBOUND_CONTROL_CONNECT_TIMEOUT%1000)*1000; + if(select(fd+1, &rset, &wset, &eset, &tv) == -1) { + fatal_exit("select: %s", sock_strerror(errno)); + } + if(!FD_ISSET(fd, &rset) && !FD_ISSET(fd, &wset) && + !FD_ISSET(fd, &eset)) { + fatal_exit("timeout: could not connect to server"); + } else { + /* check nonblocking connect error */ + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0) { +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else + error = WSAGetLastError(); +#endif + } + if(error != 0) { +#ifndef USE_WINSOCK +#ifdef EINPROGRESS + if(error == EINPROGRESS) + continue; /* try again later */ +#endif +#ifdef EWOULDBLOCK + if(error == EWOULDBLOCK) + continue; /* try again later */ +#endif +#else + if(error == WSAEINPROGRESS) + continue; /* try again later */ + if(error == WSAEWOULDBLOCK) + continue; /* try again later */ +#endif + checkconnecterr(error, svr, &addr, addrlen, + statuscmd, useport); + } + } + break; + } + fd_set_block(fd); return fd; } @@ -681,11 +759,7 @@ remote_read(SSL* ssl, int fd, char* buf, size_t len) /* EOF */ return 0; } -#ifndef USE_WINSOCK - fatal_exit("could not recv: %s", strerror(errno)); -#else - fatal_exit("could not recv: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("could not recv: %s", sock_strerror(errno)); } buf[rr] = 0; } @@ -701,11 +775,7 @@ remote_write(SSL* ssl, int fd, const char* buf, size_t len) ssl_err("could not SSL_write"); } else { if(send(fd, buf, len, 0) < (ssize_t)len) { -#ifndef USE_WINSOCK - fatal_exit("could not send: %s", strerror(errno)); -#else - fatal_exit("could not send: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("could not send: %s", sock_strerror(errno)); } } } @@ -824,11 +894,7 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[]) ret = go_cmd(ssl, fd, quiet, argc, argv); if(ssl) SSL_free(ssl); -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif + sock_close(fd); if(ctx) SSL_CTX_free(ctx); config_delete(cfg); return ret; @@ -886,7 +952,7 @@ int main(int argc, char* argv[]) if(argc == 0) usage(); if(argc >= 1 && strcmp(argv[0], "start")==0) { -#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#if (defined(TARGET_OS_TV) && TARGET_OS_TV) || (defined(TARGET_OS_WATCH) && TARGET_OS_WATCH) fatal_exit("could not exec unbound: %s", strerror(ENOSYS)); #else diff --git a/smallapp/worker_cb.c b/smallapp/worker_cb.c index 78d921a3c..cdf855dc3 100644 --- a/smallapp/worker_cb.c +++ b/smallapp/worker_cb.c @@ -46,6 +46,9 @@ #include "util/fptr_wlist.h" #include "util/log.h" #include "services/mesh.h" +#ifdef USE_DNSTAP +#include "dnstap/dtstream.h" +#endif void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube), uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len), diff --git a/testcode/delayer.c b/testcode/delayer.c index ebf883926..54175dbe3 100644 --- a/testcode/delayer.c +++ b/testcode/delayer.c @@ -372,11 +372,7 @@ service_send(struct ringbuf* ring, struct timeval* now, sldns_buffer* pkt, sldns_buffer_limit(pkt), 0, (struct sockaddr*)srv_addr, srv_len); if(sent == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("sendto: %s", sock_strerror(errno)); } else if(sent != (ssize_t)sldns_buffer_limit(pkt)) { log_err("sendto: partial send"); } @@ -398,13 +394,12 @@ do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt) #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return; - log_err("recv: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAEWOULDBLOCK) return; - log_err("recv: %s", wsa_strerror(WSAGetLastError())); #endif + log_err("recv: %s", sock_strerror(errno)); return; } sldns_buffer_set_limit(pkt, (size_t)r); @@ -414,11 +409,7 @@ do_proxy(struct proxy* p, int retsock, sldns_buffer* pkt) r = sendto(retsock, (void*)sldns_buffer_begin(pkt), (size_t)r, 0, (struct sockaddr*)&p->addr, p->addr_len); if(r == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("sendto: %s", sock_strerror(errno)); } } } @@ -469,11 +460,7 @@ find_create_proxy(struct sockaddr_storage* from, socklen_t from_len, if(!p) fatal_exit("out of memory"); p->s = socket(serv_ip6?AF_INET6:AF_INET, SOCK_DGRAM, 0); if(p->s == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } fd_set_nonblock(p->s); memmove(&p->addr, from, from_len); @@ -507,14 +494,12 @@ service_recv(int s, struct ringbuf* ring, sldns_buffer* pkt, #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return; - fatal_exit("recvfrom: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEWOULDBLOCK || WSAGetLastError() == WSAEINPROGRESS) return; - fatal_exit("recvfrom: %s", - wsa_strerror(WSAGetLastError())); #endif + fatal_exit("recvfrom: %s", sock_strerror(errno)); } sldns_buffer_set_limit(pkt, (size_t)len); /* find its proxy element */ @@ -550,15 +535,9 @@ tcp_proxy_delete(struct tcp_proxy* p) free(s); s = sn; } -#ifndef USE_WINSOCK - close(p->client_s); + sock_close(p->client_s); if(p->server_s != -1) - close(p->server_s); -#else - closesocket(p->client_s); - if(p->server_s != -1) - closesocket(p->server_s); -#endif + sock_close(p->server_s); free(p); } @@ -577,14 +556,13 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return; - fatal_exit("accept: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEWOULDBLOCK || WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAECONNRESET) return; - fatal_exit("accept: %s", wsa_strerror(WSAGetLastError())); #endif + fatal_exit("accept: %s", sock_strerror(errno)); } p = (struct tcp_proxy*)calloc(1, sizeof(*p)); if(!p) fatal_exit("out of memory"); @@ -595,11 +573,7 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, p->server_s = socket(addr_is_ip6(srv_addr, srv_len)?AF_INET6:AF_INET, SOCK_STREAM, 0); if(p->server_s == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp socket: %s", strerror(errno)); -#else - fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp socket: %s", sock_strerror(errno)); } fd_set_nonblock(p->client_s); fd_set_nonblock(p->server_s); @@ -607,16 +581,14 @@ service_tcp_listen(int s, fd_set* rorig, int* max, struct tcp_proxy** proxies, #ifndef USE_WINSOCK if(errno != EINPROGRESS) { log_err("tcp connect: %s", strerror(errno)); - close(p->server_s); - close(p->client_s); #else if(WSAGetLastError() != WSAEWOULDBLOCK && WSAGetLastError() != WSAEINPROGRESS) { log_err("tcp connect: %s", wsa_strerror(WSAGetLastError())); - closesocket(p->server_s); - closesocket(p->client_s); #endif + sock_close(p->server_s); + sock_close(p->client_s); free(p); return; } @@ -650,13 +622,12 @@ tcp_relay_read(int s, struct tcp_send_list** first, #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err("tcp read: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAEWOULDBLOCK) return 1; - log_err("tcp read: %s", wsa_strerror(WSAGetLastError())); #endif + log_err("tcp read: %s", sock_strerror(errno)); return 0; } else if(r == 0) { /* connection closed */ @@ -708,14 +679,12 @@ tcp_relay_write(int s, struct tcp_send_list** first, #ifndef USE_WINSOCK if(errno == EAGAIN || errno == EINTR) return 1; - log_err("tcp write: %s", strerror(errno)); #else if(WSAGetLastError() == WSAEWOULDBLOCK || WSAGetLastError() == WSAEINPROGRESS) return 1; - log_err("tcp write: %s", - wsa_strerror(WSAGetLastError())); #endif + log_err("tcp write: %s", sock_strerror(errno)); return 0; } else if(r == 0) { /* closed */ @@ -769,11 +738,7 @@ service_tcp_relay(struct tcp_proxy** tcp_proxies, struct timeval* now, log_addr(1, "read tcp answer", &p->addr, p->addr_len); if(!tcp_relay_read(p->server_s, &p->answerlist, &p->answerlast, now, delay, pkt)) { -#ifndef USE_WINSOCK - close(p->server_s); -#else - closesocket(p->server_s); -#endif + sock_close(p->server_s); FD_CLR(FD_SET_T p->server_s, worig); FD_CLR(FD_SET_T p->server_s, rorig); p->server_s = -1; @@ -901,11 +866,7 @@ proxy_list_clear(struct proxy* p) "%u returned\n", i++, from, port, (int)p->numreuse+1, (unsigned)p->numwait, (unsigned)p->numsent, (unsigned)p->numreturn); -#ifndef USE_WINSOCK - close(p->s); -#else - closesocket(p->s); -#endif + sock_close(p->s); free(p); p = np; } @@ -1034,11 +995,7 @@ service(const char* bind_str, int bindport, const char* serv_str, /* bind UDP port */ if((s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET, SOCK_DGRAM, 0)) == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } i=0; if(bindport == 0) { @@ -1051,11 +1008,7 @@ service(const char* bind_str, int bindport, const char* serv_str, exit(1); } if(bind(s, (struct sockaddr*)&bind_addr, bind_len) == -1) { -#ifndef USE_WINSOCK - log_err("bind: %s", strerror(errno)); -#else - log_err("bind: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("bind: %s", sock_strerror(errno)); if(i--==0) fatal_exit("cannot bind any port"); bindport = 1024 + ((int)arc4random())%64000; @@ -1065,39 +1018,22 @@ service(const char* bind_str, int bindport, const char* serv_str, /* and TCP port */ if((listen_s = socket(str_is_ip6(bind_str)?AF_INET6:AF_INET, SOCK_STREAM, 0)) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp socket: %s", strerror(errno)); -#else - fatal_exit("tcp socket: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp socket: %s", sock_strerror(errno)); } #ifdef SO_REUSEADDR if(1) { int on = 1; if(setsockopt(listen_s, SOL_SOCKET, SO_REUSEADDR, (void*)&on, (socklen_t)sizeof(on)) < 0) -#ifndef USE_WINSOCK fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s", - strerror(errno)); -#else - fatal_exit("setsockopt(.. SO_REUSEADDR ..) failed: %s", - wsa_strerror(WSAGetLastError())); -#endif + sock_strerror(errno)); } #endif if(bind(listen_s, (struct sockaddr*)&bind_addr, bind_len) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp bind: %s", strerror(errno)); -#else - fatal_exit("tcp bind: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp bind: %s", sock_strerror(errno)); } if(listen(listen_s, 5) == -1) { -#ifndef USE_WINSOCK - fatal_exit("tcp listen: %s", strerror(errno)); -#else - fatal_exit("tcp listen: %s", wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("tcp listen: %s", sock_strerror(errno)); } fd_set_nonblock(listen_s); printf("listening on port: %d\n", bindport); @@ -1109,13 +1045,8 @@ service(const char* bind_str, int bindport, const char* serv_str, /* cleanup */ verbose(1, "cleanup"); -#ifndef USE_WINSOCK - close(s); - close(listen_s); -#else - closesocket(s); - closesocket(listen_s); -#endif + sock_close(s); + sock_close(listen_s); sldns_buffer_free(pkt); ring_delete(ring); } diff --git a/testcode/do-tests.sh b/testcode/do-tests.sh index 5439f0f28..effb7c16a 100755 --- a/testcode/do-tests.sh +++ b/testcode/do-tests.sh @@ -29,6 +29,9 @@ else HAVE_MINGW=no fi +# stop tests from notifying systemd, if that is compiled in. +export -n NOTIFY_SOCKET + cd testdata; sh ../testcode/mini_tdir.sh clean rm -f .perfstats.txt diff --git a/testcode/dohclient.c b/testcode/dohclient.c new file mode 100644 index 000000000..263418049 --- /dev/null +++ b/testcode/dohclient.c @@ -0,0 +1,638 @@ +/* + * testcode/dohclient.c - debug program. Perform multiple DNS queries using DoH. + * + * Copyright (c) 2020, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * Simple DNS-over-HTTPS client. For testing and debugging purposes. + * No authentication of TLS cert. + */ + +#include "config.h" +#ifdef HAVE_GETOPT_H +#include +#endif +#include "sldns/wire2str.h" +#include "sldns/sbuffer.h" +#include "sldns/str2wire.h" +#include "sldns/parseutil.h" +#include "util/data/msgencode.h" +#include "util/data/msgreply.h" +#include "util/data/msgparse.h" +#include "util/net_help.h" +#include +#include +#ifdef HAVE_NGHTTP2 +#include + +struct http2_session { + nghttp2_session* session; + SSL* ssl; + int fd; + int query_count; + /* Use POST :method if 1 */ + int post; + int block_select; + const char* authority; + const char* endpoint; + const char* content_type; +}; + +struct http2_stream { + int32_t stream_id; + int res_status; + struct sldns_buffer* buf; + char* path; +}; + +static void usage(char* argv[]) +{ + printf("usage: %s [options] name type class ...\n", argv[0]); + printf(" sends the name-type-class queries over " + "DNS-over-HTTPS.\n"); + printf("-s server IP address to send the queries to, " + "default: 127.0.0.1\n"); + printf("-p Port to connect to, default: %d\n", + UNBOUND_DNS_OVER_HTTPS_PORT); + printf("-P Use POST method instead of default GET\n"); + printf("-e HTTP endpoint, default: /dns-query\n"); + printf("-c Content-type in request, default: " + "application/dns-message\n"); + printf("-n no-tls, TLS is disabled\n"); + printf("-h This help text\n"); + exit(1); +} + +/** open TCP socket to svr */ +static int +open_svr(const char* svr, int port) +{ + struct sockaddr_storage addr; + socklen_t addrlen; + int fd = -1; + int r; + if(!ipstrtoaddr(svr, port, &addr, &addrlen)) { + printf("fatal: bad server specs '%s'\n", svr); + exit(1); + } + + fd = socket(addr_is_ip6(&addr, addrlen)?PF_INET6:PF_INET, + SOCK_STREAM, 0); + if(fd == -1) { + perror("socket() error"); + exit(1); + } + r = connect(fd, (struct sockaddr*)&addr, addrlen); + if(r < 0 && r != EINPROGRESS) { + perror("connect() error"); + exit(1); + } + return fd; +} + +static ssize_t http2_submit_request_read_cb( + nghttp2_session* ATTR_UNUSED(session), + int32_t ATTR_UNUSED(stream_id), uint8_t* buf, size_t length, + uint32_t* data_flags, nghttp2_data_source* source, + void* ATTR_UNUSED(cb_arg)) +{ + if(length > sldns_buffer_remaining(source->ptr)) + length = sldns_buffer_remaining(source->ptr); + + memcpy(buf, sldns_buffer_current(source->ptr), length); + sldns_buffer_skip(source->ptr, length); + + if(sldns_buffer_remaining(source->ptr) == 0) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + } + + return length; +} + +static void +submit_query(struct http2_session* h2_session, struct sldns_buffer* buf) +{ + int32_t stream_id; + struct http2_stream* h2_stream; + nghttp2_nv headers[5]; + char* qb64; + size_t qb64_size; + size_t qb64_expected_size; + size_t i; + nghttp2_data_provider data_prd; + + h2_stream = calloc(1, sizeof(*h2_stream)); + if(!h2_stream) + fatal_exit("could not malloc http2 stream"); + h2_stream->buf = buf; + + if(h2_session->post) { + data_prd.source.ptr = buf; + data_prd.read_callback = http2_submit_request_read_cb; + h2_stream->path = (char*)h2_session->endpoint; + } else { + qb64_expected_size = sldns_b64_ntop_calculate_size( + sldns_buffer_remaining(buf)); + qb64 = malloc(qb64_expected_size); + if(!qb64) fatal_exit("out of memory"); + qb64_size = sldns_b64url_ntop(sldns_buffer_begin(buf), + sldns_buffer_remaining(buf), qb64, qb64_expected_size); + h2_stream->path = malloc(strlen( + h2_session->endpoint)+strlen("?dns=")+qb64_size+1); + if(!h2_stream->path) fatal_exit("out of memory"); + snprintf(h2_stream->path, strlen(h2_session->endpoint)+ + strlen("?dns=")+qb64_size+1, "%s?dns=%s", + h2_session->endpoint, qb64); + free(qb64); + } + + headers[0].name = (uint8_t*)":method"; + if(h2_session->post) + headers[0].value = (uint8_t*)"POST"; + else + headers[0].value = (uint8_t*)"GET"; + headers[1].name = (uint8_t*)":path"; + headers[1].value = (uint8_t*)h2_stream->path; + headers[2].name = (uint8_t*)":scheme"; + if(h2_session->ssl) + headers[2].value = (uint8_t*)"https"; + else + headers[2].value = (uint8_t*)"http"; + headers[3].name = (uint8_t*)":authority"; + headers[3].value = (uint8_t*)h2_session->authority; + headers[4].name = (uint8_t*)"content-type"; + headers[4].value = (uint8_t*)h2_session->content_type; + + printf("Request headers\n"); + for(i=0; isession, NULL, headers, + sizeof(headers)/sizeof(headers[0]), + (h2_session->post) ? &data_prd : NULL, h2_stream); + if(stream_id < 0) { + printf("Failed to submit nghttp2 request"); + exit(1); + } + h2_session->query_count++; + h2_stream->stream_id = stream_id; +} + +static sldns_buffer* +make_query(char* qname, char* qtype, char* qclass) +{ + struct query_info qinfo; + struct edns_data edns; + sldns_buffer* buf = sldns_buffer_new(65553); + if(!buf) fatal_exit("out of memory"); + qinfo.qname = sldns_str2wire_dname(qname, &qinfo.qname_len); + if(!qinfo.qname) { + printf("cannot parse query name: '%s'\n", qname); + exit(1); + } + + qinfo.qtype = sldns_get_rr_type_by_name(qtype); + qinfo.qclass = sldns_get_rr_class_by_name(qclass); + qinfo.local_alias = NULL; + + qinfo_query_encode(buf, &qinfo); /* flips buffer */ + free(qinfo.qname); + sldns_buffer_write_u16_at(buf, 0, 0x0000); + sldns_buffer_write_u16_at(buf, 2, BIT_RD); + memset(&edns, 0, sizeof(edns)); + edns.edns_present = 1; + edns.bits = EDNS_DO; + edns.udp_size = 4096; + if(sldns_buffer_capacity(buf) >= + sldns_buffer_limit(buf)+calc_edns_field_size(&edns)) + attach_edns_record(buf, &edns); + return buf; +} + +static ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), + uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + int r; + ssize_t ret; + struct timeval tv, *waittv; + fd_set rfd; + ERR_clear_error(); + + memset(&tv, 0, sizeof(tv)); + + if(h2_session->block_select && h2_session->query_count <= 0) { + return NGHTTP2_ERR_WOULDBLOCK; + } + if(h2_session->block_select) + waittv = NULL; + else + waittv = &tv; + memset(&rfd, 0, sizeof(rfd)); + FD_ZERO(&rfd); + FD_SET(h2_session->fd, &rfd); + r = select(h2_session->fd+1, &rfd, NULL, NULL, waittv); + if(r <= 0) { + return NGHTTP2_ERR_WOULDBLOCK; + } + + if(h2_session->ssl) { + r = SSL_read(h2_session->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_EOF; + } + log_crypto_err("could not SSL_read"); + return NGHTTP2_ERR_EOF; + } + return r; + } + + ret = read(h2_session->fd, buf, len); + if(ret == 0) { + return NGHTTP2_ERR_EOF; + } else if(ret < 0) { + log_err("could not http2 read: %s", strerror(errno)); + return NGHTTP2_ERR_EOF; + } + return ret; +} + +static ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), + const uint8_t* buf, size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + ssize_t ret; + + if(h2_session->ssl) { + int r; + ERR_clear_error(); + r = SSL_write(h2_session->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + log_crypto_err("could not SSL_write"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return r; + } + + ret = write(h2_session->fd, buf, len); + if(ret == 0) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } else if(ret < 0) { + log_err("could not http2 write: %s", strerror(errno)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return ret; +} + +static int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session), + int32_t ATTR_UNUSED(stream_id), + nghttp2_error_code ATTR_UNUSED(error_code), void *cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + h2_session->query_count--; + sldns_buffer_free(h2_stream->buf); + if(!h2_session->post) + free(h2_stream->path); + free(h2_stream); + h2_stream = NULL; + return 0; +} + +static int http2_data_chunk_recv_cb(nghttp2_session* ATTR_UNUSED(session), + uint8_t ATTR_UNUSED(flags), int32_t stream_id, const uint8_t* data, + size_t len, void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + struct http2_stream* h2_stream; + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + + if(sldns_buffer_remaining(h2_stream->buf) < len) { + log_err("received data chunck does not fit into buffer"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + sldns_buffer_write(h2_stream->buf, data, len); + + return 0; +} + +static int http2_frame_recv_cb(nghttp2_session *session, + const nghttp2_frame *frame, void* ATTR_UNUSED(cb_arg)) +{ + struct http2_stream* h2_stream; + + if(!(h2_stream = nghttp2_session_get_stream_user_data( + session, frame->hd.stream_id))) + return 0; + if(frame->hd.type == NGHTTP2_HEADERS && + frame->headers.cat == NGHTTP2_HCAT_RESPONSE) { + sldns_buffer_clear(h2_stream->buf); + } + if(((frame->hd.type != NGHTTP2_DATA && + frame->hd.type != NGHTTP2_HEADERS) || + frame->hd.flags & NGHTTP2_FLAG_END_STREAM) && + h2_stream->res_status == 200) { + char* pktstr; + sldns_buffer_flip(h2_stream->buf); + pktstr = sldns_wire2str_pkt( + sldns_buffer_begin(h2_stream->buf), + sldns_buffer_limit(h2_stream->buf)); + printf("%s\n", pktstr); + free(pktstr); + return 0; + } + return 0; +} +static int http2_header_cb(nghttp2_session* ATTR_UNUSED(session), + const nghttp2_frame* frame, const uint8_t* name, size_t namelen, + const uint8_t* value, size_t ATTR_UNUSED(valuelen), + uint8_t ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + printf("%s %s\n", name, value); + if(namelen == 7 && memcmp(":status", name, namelen) == 0) { + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, frame->hd.stream_id))) { + return 0; + } + h2_stream->res_status = atoi((char*)value); + } + return 0; +} + +static struct http2_session* +http2_session_create() +{ + struct http2_session* h2_session = calloc(1, + sizeof(struct http2_session)); + nghttp2_session_callbacks* callbacks; + if(!h2_session) + fatal_exit("out of memory"); + + if(nghttp2_session_callbacks_new(&callbacks) == NGHTTP2_ERR_NOMEM) { + log_err("failed to initialize nghttp2 callback"); + return NULL; + } + nghttp2_session_callbacks_set_recv_callback(callbacks, http2_recv_cb); + nghttp2_session_callbacks_set_send_callback(callbacks, http2_send_cb); + nghttp2_session_callbacks_set_on_stream_close_callback(callbacks, + http2_stream_close_cb); + nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks, + http2_data_chunk_recv_cb); + nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks, + http2_frame_recv_cb); + nghttp2_session_callbacks_set_on_header_callback(callbacks, + http2_header_cb); + nghttp2_session_client_new(&h2_session->session, callbacks, h2_session); + nghttp2_session_callbacks_del(callbacks); + return h2_session; +} + +static void +http2_session_delete(struct http2_session* h2_session) +{ + nghttp2_session_del(h2_session->session); + free(h2_session); +} + +static void +http2_submit_setting(struct http2_session* h2_session) +{ + int ret; + nghttp2_settings_entry settings[1] = { + {NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, + 100}}; + + ret = nghttp2_submit_settings(h2_session->session, NGHTTP2_FLAG_NONE, + settings, 1); + if(ret) { + printf("http2: submit_settings failed, " + "error: %s\n", nghttp2_strerror(ret)); + exit(1); + } +} + +static void +http2_write(struct http2_session* h2_session) +{ + if(nghttp2_session_want_write(h2_session->session)) { + if(nghttp2_session_send(h2_session->session)) { + printf("nghttp2 session send failed\n"); + exit(1); + } + } +} + +static void +http2_read(struct http2_session* h2_session) +{ + if(nghttp2_session_want_read(h2_session->session)) { + if(nghttp2_session_recv(h2_session->session)) { + printf("nghttp2 session mem_recv failed\n"); + exit(1); + } + } +} + +static void +run(struct http2_session* h2_session, int port, int no_tls, int count, char** q) +{ + int i; + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + int fd; + struct sldns_buffer* buf = NULL; + + fd = open_svr(h2_session->authority, port); + h2_session->fd = fd; + + if(!no_tls) { + ctx = connect_sslctx_create(NULL, NULL, NULL, 0); + if(!ctx) fatal_exit("cannot create ssl ctx"); + SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3); + ssl = outgoing_ssl_fd(ctx, fd); + if(!ssl) { + printf("cannot create ssl\n"); + exit(1); + } + h2_session->ssl = ssl; + while(1) { + int r; + ERR_clear_error(); + if( (r=SSL_do_handshake(ssl)) == 1) + break; + r = SSL_get_error(ssl, r); + if(r != SSL_ERROR_WANT_READ && + r != SSL_ERROR_WANT_WRITE) { + log_crypto_err("could not ssl_handshake"); + exit(1); + } + } + } + + http2_submit_setting(h2_session); + http2_write(h2_session); + http2_read(h2_session); /* Read setting from remote peer */ + + h2_session->block_select = 1; + + /* hande query */ + for(i=0; iquery_count) { + http2_read(h2_session); + http2_write(h2_session); + } + + /* shutdown */ + http2_session_delete(h2_session); + if(ssl) { + SSL_shutdown(ssl); + SSL_free(ssl); + } + if(ctx) { + SSL_CTX_free(ctx); + } + close(fd); +} + +/** getopt global, in case header files fail to declare it. */ +extern int optind; +/** getopt global, in case header files fail to declare it. */ +extern char* optarg; +int main(int argc, char** argv) +{ + int c; + int port = UNBOUND_DNS_OVER_HTTPS_PORT, no_tls = 0; + struct http2_session* h2_session; + +#ifdef USE_WINSOCK + WSADATA wsa_data; + if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) { + printf("WSAStartup failed\n"); + return 1; + } +#endif + log_init(0, 0, 0); + checklock_start(); + + h2_session = http2_session_create(); + if(!h2_session) fatal_exit("out of memory"); + if(argc == 1) { + usage(argv); + } + + h2_session->authority = "127.0.0.1"; + h2_session->post = 0; + h2_session->endpoint = "/dns-query"; + h2_session->content_type = "application/dns-message"; + + while((c=getopt(argc, argv, "c:e:hns:p:P")) != -1) { + switch(c) { + case 'c': + h2_session->content_type = optarg; + break; + case 'e': + h2_session->endpoint = optarg; + break; + case 'n': + no_tls = 1; + break; + case 'p': + if(atoi(optarg)==0 && strcmp(optarg,"0")!=0) { + printf("error parsing port, " + "number expected: %s\n", optarg); + return 1; + } + port = atoi(optarg); + break; + case 'P': + h2_session->post = 1; + break; + case 's': + h2_session->authority = optarg; + break; + case 'h': + case '?': + default: + usage(argv); + } + } + argc -= optind; + argv += optind; + if(argc%3!=0) { + printf("Invalid input. Specify qname, qtype, and qclass.\n"); + return 1; + } + + + run(h2_session, port, no_tls, argc, argv); + + checklock_stop(); +#ifdef USE_WINSOCK + WSACleanup(); +#endif + return 0; +} +#else +int main(int ATTR_UNUSED(argc), char** ATTR_UNUSED(argv)) +{ + printf("Compiled without nghttp2, cannot run test.\n"); + return 1; +} +#endif /* HAVE_NGHTTP2 */ diff --git a/testcode/fake_event.c b/testcode/fake_event.c index d89eedce8..5164332c0 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -52,6 +52,7 @@ #include "util/data/msgreply.h" #include "util/data/msgencode.h" #include "util/data/dname.h" +#include "util/edns.h" #include "util/config_file.h" #include "services/listen_dnsport.h" #include "services/outside_network.h" @@ -63,6 +64,7 @@ #include "sldns/sbuffer.h" #include "sldns/wire2str.h" #include "sldns/str2wire.h" +#include "daemon/remote.h" #include struct worker; struct daemon_remote; @@ -868,9 +870,13 @@ struct listen_dnsport* listen_create(struct comm_base* base, struct listen_port* ATTR_UNUSED(ports), size_t bufsize, int ATTR_UNUSED(tcp_accept_count), int ATTR_UNUSED(tcp_idle_timeout), + int ATTR_UNUSED(harden_large_queries), + uint32_t ATTR_UNUSED(http_max_streams), + char* ATTR_UNUSED(http_endpoint), + int ATTR_UNUSED(http_notls), struct tcl_list* ATTR_UNUSED(tcp_conn_limit), void* ATTR_UNUSED(sslctx), struct dt_env* ATTR_UNUSED(dtenv), - comm_point_callback_type* cb, void* cb_arg) + comm_point_callback_type* cb, void *cb_arg) { struct replay_runtime* runtime = (struct replay_runtime*)base; struct listen_dnsport* l= calloc(1, sizeof(struct listen_dnsport)); @@ -1040,7 +1046,7 @@ outside_network_create(struct comm_base* base, size_t bufsize, void (*unwanted_action)(void*), void* ATTR_UNUSED(unwanted_param), int ATTR_UNUSED(do_udp), void* ATTR_UNUSED(sslctx), int ATTR_UNUSED(delayclose), int ATTR_UNUSED(tls_use_sni), - struct dt_env* ATTR_UNUSED(dtenv)) + struct dt_env* ATTR_UNUSED(dtenv), int ATTR_UNUSED(udp_connect)) { struct replay_runtime* runtime = (struct replay_runtime*)base; struct outside_network* outnet = calloc(1, @@ -1180,7 +1186,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, socklen_t addrlen, uint8_t* zone, size_t zonelen, struct module_qstate* qstate, comm_point_callback_type* callback, void* callback_arg, sldns_buffer* ATTR_UNUSED(buff), - struct module_env* ATTR_UNUSED(env)) + struct module_env* env) { struct replay_runtime* runtime = (struct replay_runtime*)outnet->base; struct fake_pending* pend = (struct fake_pending*)calloc(1, @@ -1209,6 +1215,7 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, sldns_buffer_flip(pend->buffer); if(1) { struct edns_data edns; + struct edns_string_addr* client_string_addr; if(!inplace_cb_query_call(env, qinfo, flags, addr, addrlen, zone, zonelen, qstate, qstate->region)) { free(pend); @@ -1220,9 +1227,17 @@ struct serviced_query* outnet_serviced_query(struct outside_network* outnet, edns.edns_version = EDNS_ADVERTISED_VERSION; edns.udp_size = EDNS_ADVERTISED_SIZE; edns.bits = 0; - edns.opt_list = qstate->edns_opts_back_out; if(dnssec) edns.bits = EDNS_DO; + if((client_string_addr = edns_string_addr_lookup( + &env->edns_strings->client_strings, + addr, addrlen))) { + edns_opt_list_append(&qstate->edns_opts_back_out, + env->edns_strings->client_string_opcode, + client_string_addr->string_len, + client_string_addr->string, qstate->region); + } + edns.opt_list = qstate->edns_opts_back_out; attach_edns_record(pend->buffer, &edns); } memcpy(&pend->addr, addr, addrlen); @@ -1290,7 +1305,14 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) log_info("double delete of pending serviced query"); } +int resolve_interface_names(struct config_file* ATTR_UNUSED(cfg), + char*** ATTR_UNUSED(resif), int* ATTR_UNUSED(num_resif)) +{ + return 1; +} + struct listen_port* listening_ports_open(struct config_file* ATTR_UNUSED(cfg), + char** ATTR_UNUSED(ifs), int ATTR_UNUSED(num_ifs), int* ATTR_UNUSED(reuseport)) { return calloc(1, 1); @@ -1490,6 +1512,18 @@ int serviced_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) return 0; } +int reuse_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) +{ + log_assert(0); + return 0; +} + +int reuse_id_cmp(const void* ATTR_UNUSED(a), const void* ATTR_UNUSED(b)) +{ + log_assert(0); + return 0; +} + /* timers in testbound for autotrust. statistics tested in tdir. */ struct comm_timer* comm_timer_create(struct comm_base* base, void (*cb)(void*), void* cb_arg) @@ -1732,7 +1766,7 @@ struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, } int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen) + struct sockaddr* addr, socklen_t addrlen, int ATTR_UNUSED(is_connected)) { struct fake_commpoint* fc = (struct fake_commpoint*)c; struct replay_runtime* runtime = fc->runtime; @@ -1825,4 +1859,21 @@ tcp_req_info_get_stream_buffer_size(void) return 0; } +size_t +http2_get_query_buffer_size(void) +{ + return 0; +} + +size_t +http2_get_response_buffer_size(void) +{ + return 0; +} + +void http2_stream_add_meshstate(struct http2_stream* ATTR_UNUSED(h2_stream), + struct mesh_area* ATTR_UNUSED(mesh), struct mesh_state* ATTR_UNUSED(m)) +{ +} + /*********** End of Dummy routines ***********/ diff --git a/testcode/perf.c b/testcode/perf.c index 5b170ca57..b13eca6d3 100644 --- a/testcode/perf.c +++ b/testcode/perf.c @@ -233,12 +233,7 @@ perfsetup(struct perfinfo* info) addr_is_ip6(&info->dest, info->destlen)? AF_INET6:AF_INET, SOCK_DGRAM, 0); if(info->io[i].fd == -1) { -#ifndef USE_WINSOCK - fatal_exit("socket: %s", strerror(errno)); -#else - fatal_exit("socket: %s", - wsa_strerror(WSAGetLastError())); -#endif + fatal_exit("socket: %s", sock_strerror(errno)); } if(info->io[i].fd > info->maxfd) info->maxfd = info->io[i].fd; @@ -260,11 +255,7 @@ perffree(struct perfinfo* info) if(!info) return; if(info->io) { for(i=0; iio_num; i++) { -#ifndef USE_WINSOCK - close(info->io[i].fd); -#else - closesocket(info->io[i].fd); -#endif + sock_close(info->io[i].fd); } free(info->io); } @@ -285,11 +276,7 @@ perfsend(struct perfinfo* info, size_t n, struct timeval* now) /*log_hex("send", info->qlist_data[info->qlist_idx], info->qlist_len[info->qlist_idx]);*/ if(r == -1) { -#ifndef USE_WINSOCK - log_err("sendto: %s", strerror(errno)); -#else - log_err("sendto: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("sendto: %s", sock_strerror(errno)); } else if(r != (ssize_t)info->qlist_len[info->qlist_idx]) { log_err("partial sendto"); } @@ -309,11 +296,7 @@ perfreply(struct perfinfo* info, size_t n, struct timeval* now) r = recv(info->io[n].fd, (void*)sldns_buffer_begin(info->buf), sldns_buffer_capacity(info->buf), 0); if(r == -1) { -#ifndef USE_WINSOCK - log_err("recv: %s", strerror(errno)); -#else - log_err("recv: %s", wsa_strerror(WSAGetLastError())); -#endif + log_err("recv: %s", sock_strerror(errno)); } else { info->by_rcode[LDNS_RCODE_WIRE(sldns_buffer_begin( info->buf))]++; diff --git a/testcode/run_vm.sh b/testcode/run_vm.sh index 5f599e144..363a32b52 100644 --- a/testcode/run_vm.sh +++ b/testcode/run_vm.sh @@ -40,6 +40,8 @@ cleanup() { exit 0 } trap cleanup INT +# stop tests from notifying systemd, if that is compiled in. +export -n NOTIFY_SOCKET for t in $RUNLIST do diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c index c49159d33..ffdddbe9d 100644 --- a/testcode/streamtcp.c +++ b/testcode/streamtcp.c @@ -388,11 +388,7 @@ send_em(const char* svr, int udp, int usessl, int noanswer, int onarrival, SSL_free(ssl); SSL_CTX_free(ctx); } -#ifndef USE_WINSOCK - close(fd); -#else - closesocket(fd); -#endif + sock_close(fd); sldns_buffer_free(buf); printf("orderly exit\n"); } diff --git a/testcode/testbound.c b/testcode/testbound.c index 602dffaff..5e10779fc 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -42,16 +42,22 @@ #ifdef HAVE_TIME_H # include #endif +#include #include "testcode/testpkts.h" #include "testcode/replay.h" #include "testcode/fake_event.h" #include "daemon/remote.h" +#include "libunbound/worker.h" #include "util/config_file.h" #include "sldns/keyraw.h" -#include +#ifdef UB_ON_WINDOWS +#include "winrc/win_svc.h" +#endif /** signal that this is a testbound compile */ #define unbound_testbound 1 +/** renamed main routine */ +int daemon_main(int argc, char* argv[]); /** * include the main program from the unbound daemon. * rename main to daemon_main to call it @@ -333,7 +339,7 @@ setup_playback(const char* filename, int* pass_argc, char* pass_argv[]) } /** remove config file at exit */ -void remove_configfile(void) +static void remove_configfile(void) { struct config_strlist* p; for(p=cfgfiles; p; p=p->next) @@ -362,6 +368,10 @@ main(int argc, char* argv[]) /* we do not want the test to depend on the timezone */ (void)putenv("TZ=UTC"); memset(pass_argv, 0, sizeof(pass_argv)); +#ifdef HAVE_SYSTEMD + /* we do not want the test to use systemd daemon startup notification*/ + (void)unsetenv("NOTIFY_SOCKET"); +#endif /* HAVE_SYSTEMD */ log_init(NULL, 0, NULL); /* determine commandline options for the daemon */ @@ -547,22 +557,28 @@ void remote_get_opt_ssl(char* ATTR_UNUSED(str), void* ATTR_UNUSED(arg)) log_assert(0); } +#ifdef UB_ON_WINDOWS void wsvc_command_option(const char* ATTR_UNUSED(wopt), const char* ATTR_UNUSED(cfgfile), int ATTR_UNUSED(v), int ATTR_UNUSED(c)) { log_assert(0); } +#endif +#ifdef UB_ON_WINDOWS void wsvc_setup_worker(struct worker* ATTR_UNUSED(worker)) { /* do nothing */ } +#endif +#ifdef UB_ON_WINDOWS void wsvc_desetup_worker(struct worker* ATTR_UNUSED(worker)) { /* do nothing */ } +#endif #ifdef UB_ON_WINDOWS void worker_win_stop_cb(int ATTR_UNUSED(fd), short ATTR_UNUSED(ev), diff --git a/testcode/testpkts.c b/testcode/testpkts.c index 82c143967..dee451761 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -501,7 +501,7 @@ add_edns(uint8_t* pktbuf, size_t pktsize, int do_flag, uint8_t *ednsdata, { uint8_t edns[] = {0x00, /* root label */ 0x00, LDNS_RR_TYPE_OPT, /* type */ - 0x10, 0x00, /* class is UDPSIZE 4096 */ + 0x04, 0xD0, /* class is UDPSIZE 1232 */ 0x00, /* TTL[0] is ext rcode */ 0x00, /* TTL[1] is edns version */ (uint8_t)(do_flag?0x80:0x00), 0x00, /* TTL[2-3] is edns flags, DO */ diff --git a/testcode/unitldns.c b/testcode/unitldns.c index 66f756170..22c9ed945 100644 --- a/testcode/unitldns.c +++ b/testcode/unitldns.c @@ -44,6 +44,7 @@ #include "sldns/sbuffer.h" #include "sldns/str2wire.h" #include "sldns/wire2str.h" +#include "sldns/parseutil.h" /** verbose this unit test */ static int vbmp = 0; @@ -220,9 +221,60 @@ rr_tests(void) SRCDIRSTR "/testdata/test_ldnsrr.c5"); } +/** test various base64 decoding options */ +static void +b64_test(void) +{ + /* "normal" b64 alphabet, with padding */ + char* p1 = "aGVsbG8="; /* "hello" */ + char* p2 = "aGVsbG8+"; /* "hello>" */ + char* p3 = "aGVsbG8/IQ=="; /* "hello?!" */ + char* p4 = "aGVsbG8"; /* "hel" + extra garbage */ + + /* base64 url, without padding */ + char* u1 = "aGVsbG8"; /* "hello" */ + char* u2 = "aGVsbG8-"; /* "hello>" */ + char* u3 = "aGVsbG8_IQ"; /* "hello?!" */ + char* u4 = "aaaaa"; /* garbage */ + + char target[128]; + size_t tarsize = 128; + int result; + + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p1, (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello") && strcmp(target, "hello") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p2, (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello>") && strcmp(target, "hello>") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p3, (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello?!") && strcmp(target, "hello?!") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64_pton(p4, (uint8_t*)target, tarsize); + /* when padding is used everything that is not a block of 4 will be + * ignored */ + unit_assert(result == strlen("hel") && strcmp(target, "hel") == 0); + + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u1, strlen(u1), (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello") && strcmp(target, "hello") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u2, strlen(u2), (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello>") && strcmp(target, "hello>") == 0); + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u3, strlen(u3), (uint8_t*)target, tarsize); + unit_assert(result == strlen("hello+/") && strcmp(target, "hello?!") == 0); + /* one item in block of four is not allowed */ + memset(target, 0, sizeof(target)); + result = sldns_b64url_pton(u4, strlen(u4), (uint8_t*)target, tarsize); + unit_assert(result == -1); +} + void ldns_test(void) { unit_show_feature("sldns"); rr_tests(); + b64_test(); } diff --git a/testcode/unitmain.c b/testcode/unitmain.c index a42be424e..c61026f26 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -839,6 +839,52 @@ static void respip_test(void) respip_conf_actions_test(); } +#include "services/outside_network.h" +/** add number of new IDs to the reuse tree, randomly chosen */ +static void tcpid_addmore(struct reuse_tcp* reuse, + struct outside_network* outnet, unsigned int addnum) +{ + unsigned int i; + struct waiting_tcp* w; + for(i=0; iid = id; + w->outnet = outnet; + w->next_waiting = (void*)reuse->pending; + reuse_tree_by_id_insert(reuse, w); + } +} + +/** fill up the reuse ID tree and test assertions */ +static void tcpid_fillup(struct reuse_tcp* reuse, + struct outside_network* outnet) +{ + int t, numtest=3; + for(t=0; ttree_by_id, reuse_id_cmp); + tcpid_addmore(reuse, outnet, 65535); + reuse_del_readwait(&reuse->tree_by_id); + } +} + +/** test TCP ID selection */ +static void tcpid_test(void) +{ + struct pending_tcp pend; + struct outside_network outnet; + unit_show_func("services/outside_network.c", "reuse_tcp_select_id"); + memset(&pend, 0, sizeof(pend)); + pend.reuse.pending = &pend; + memset(&outnet, 0, sizeof(outnet)); + outnet.rnd = ub_initstate(NULL); + rbtree_init(&pend.reuse.tree_by_id, reuse_id_cmp); + tcpid_fillup(&pend.reuse, &outnet); + ub_randfree(outnet.rnd); +} + void unit_show_func(const char* file, const char* func) { printf("test %s:%s\n", file, func); @@ -907,6 +953,7 @@ main(int argc, char* argv[]) infra_test(); ldns_test(); msgparse_test(); + tcpid_test(); #ifdef CLIENT_SUBNET ecs_test(); #endif /* CLIENT_SUBNET */ diff --git a/testdata/auth_zonefile_down.rpl b/testdata/auth_zonefile_down.rpl index 09e7fd061..9c5ecbb1c 100644 --- a/testdata/auth_zonefile_down.rpl +++ b/testdata/auth_zonefile_down.rpl @@ -1,6 +1,12 @@ ; config options server: target-fetch-policy: "0 0 0 0 0" + ; Options for signed zone. The zone is partially copied from val_negcache_nxdomain.rpl + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + qname-minimisation: "no" + trust-anchor-signaling: no + aggressive-nsec: yes auth-zone: name: "example.com." @@ -41,6 +47,50 @@ ns1 3600 IN A 1.2.3.4 ns2 3600 IN AAAA ::2 TEMPFILE_END +auth-zone: + name: "soa.high.com." + for-downstream: yes + for-upstream: no + zonefile: +TEMPFILE_NAME soa.high.com +TEMPFILE_CONTENTS soa.high.com +$ORIGIN high.com. +soa 500 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 200 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +TEMPFILE_END + +auth-zone: + name: "soa.low.com." + for-downstream: yes + for-upstream: no + zonefile: +TEMPFILE_NAME soa.low.com +TEMPFILE_CONTENTS soa.low.com +$ORIGIN low.com. +soa 200 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 500 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +TEMPFILE_END + +auth-zone: + name: "testzone.nlnetlabs.nl." + for-downstream: yes + for-upstream: no + zonefile: +TEMPFILE_NAME testzone.nlnetlabs.nl +TEMPFILE_CONTENTS testzone.nlnetlabs.nl +$ORIGIN testzone.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +TEMPFILE_END + stub-zone: name: "." stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. @@ -50,7 +100,7 @@ SCENARIO_BEGIN Test authority zone with zonefile for downstream responses ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 + ADDRESS 193.0.14.129 ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -182,4 +232,109 @@ SECTION ANSWER www.example.com. IN A 1.2.3.4 ENTRY_END +; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nonexistent.soa.high.com. IN A +ENTRY_END +STEP 31 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +nonexistent.soa.high.com IN A +SECTION AUTHORITY +soa.high.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 +ENTRY_END +; check that the original SOA is also returned +STEP 32 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +soa.high.com. IN SOA +ENTRY_END +STEP 33 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NOERROR +SECTION QUESTION +soa.high.com. IN SOA +SECTION ANSWER +soa.high.com. 500 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 200 +ENTRY_END + +; check SOA TTL to be the minimum of the SOA.minimum and the SOA TTL +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nonexistent.soa.low.com. IN A +ENTRY_END +STEP 41 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NXDOMAIN +SECTION QUESTION +nonexistent.soa.low.com. IN A +SECTION AUTHORITY +soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 +ENTRY_END +; check that the original SOA is also returned +STEP 42 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +soa.low.com. IN SOA +ENTRY_END +STEP 43 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NOERROR +SECTION QUESTION +soa.low.com. IN SOA +SECTION ANSWER +soa.low.com. 200 IN SOA dns.example.de. hostmaster.dns.example.de. 1379078166 28800 7200 604800 500 +ENTRY_END + +; check SOA TTL to be minimum of the SOA.minimum and the SOA TTL for DNSSEC +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN A +ENTRY_END +STEP 51 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD DO RA AA NXDOMAIN +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN A +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +ENTRY_END +; check that the original SOA is also returned +STEP 52 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +testzone.nlnetlabs.nl. IN SOA +ENTRY_END +STEP 53 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD DO RA AA NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN SOA +SECTION ANSWER +testzone.nlnetlabs.nl. 4600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 4600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + SCENARIO_END diff --git a/testdata/dlv_anchor.rpl b/testdata/dlv_anchor.rpl deleted file mode 100644 index 81547454e..000000000 --- a/testdata/dlv_anchor.rpl +++ /dev/null @@ -1,279 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor -; positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_ask_higher.rpl b/testdata/dlv_ask_higher.rpl deleted file mode 100644 index fad8355c8..000000000 --- a/testdata/dlv_ask_higher.rpl +++ /dev/null @@ -1,354 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV where it needs to ask higher up in dlv. -; at first negative DLV response, it needs to ask higher. -; the SOA record in that negative response has a big span (if interpreted as NSEC) -; then a positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; failed DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NXDOMAIN -SECTION QUESTION -sub.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.net.example.com IN NSEC not.example.com. RRSIG NSEC DLV -example.net.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AKz/e6KOw8gCx6wnpIatBwKb0WOPBTWmNNMg91XR/wlJQ9Z2+qICPmA= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN A -SECTION ANSWER -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -sub.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. nM5HAlRsrLurc5mUNKwCye5X6LSH53pLgSeyni4wb6Jd2J48ZRWwrVvy7IpyvI75+Wlu3aGOjv/kEyVaizChRQ== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ENTRY_END - -RANGE_END - -; ns.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; DS -; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN DNSKEY -SECTION ANSWER -sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. 3600 IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. 3600 IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_below_ta.rpl b/testdata/dlv_below_ta.rpl deleted file mode 100644 index f5d630dfb..000000000 --- a/testdata/dlv_below_ta.rpl +++ /dev/null @@ -1,355 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator, use DLV for nonDSed zone below trustanchor. -; DLV example.com. -; trust anchor at example.net but no secure delegation to -; sub.example.net signed with DLV but not by parent. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net.example.com. IN DLV -SECTION ANSWER -sub.example.net.example.com. 3600 IN DLV 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -sub.example.net.example.com. 3600 IN RRSIG DLV 3 5 3600 20070926135752 20070829135752 2854 example.com. AAdhy87nuDEaxmc+k9pJHYnhKiEYL++OLPxzOdwEQOtsHi7jeD3lRDU= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; no DS to sub.example.net, securely insecure. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN DS -SECTION ANSWER -SECTION AUTHORITY -example.net. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ELVULZHTRc0Qk06rSBRnB/T6sm1+AbAtdEJHN6PCsz2Z3s3E5A8NH7Krz0VzRaYIEUStnbAtuE3oP8XHWHBnyQ== ;{id = 30899} -sub.example.net. IN NSEC tut.example.net. NS NSEC -sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. eNJ2OPjMhGKvg70aYT9l9Uo1lJsqmDqVRMlHibv6t+CNjljytI9Vwbao17oV0cjIksmESAewReb73x9fmVIgEQ== ;{id = 30899} -SECTION ADDITIONAL -ENTRY_END - -; delegation to sub.example.net, securely insecure. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. IN NSEC tut.example.net. NS NSEC -sub.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. eNJ2OPjMhGKvg70aYT9l9Uo1lJsqmDqVRMlHibv6t+CNjljytI9Vwbao17oV0cjIksmESAewReb73x9fmVIgEQ== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ENTRY_END - - -RANGE_END - -; ns.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; DS is -; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN DNSKEY -SECTION ANSWER -sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_delegation.rpl b/testdata/dlv_delegation.rpl deleted file mode 100644 index 53074c8e2..000000000 --- a/testdata/dlv_delegation.rpl +++ /dev/null @@ -1,335 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with delegation in DLV repository -; positive response for DLV. -; but the DLV repository has a (secure) delegation inside it. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; referral to the net.example.com DLV server -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN DS 2854 3 1 24d80cd822bc4083cf491b7f055890345a77dd9b ; xenat-myfat-memir-sabym-fefig-nakol-zucyh-megef-gakel-lolyn-ruxox -net.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. AA0APyTN12wzj1XmDEZe+wrPE1hkLAINKT8cT9zGup7zX3O8R4Ki2N8= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AJEvfI+tX6Y1OF0h1CNHERJjXaaTsmLWTMLgXk4UYJl8JjAikCpsf9Q= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.net.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN NS -SECTION ANSWER -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854} -ENTRY_END - -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DNSKEY -SECTION ANSWER -net.example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -net.example.com. 3600 IN RRSIG DNSKEY 3 3 3600 20070926134150 20070829134150 2854 net.example.com. ADgKDV1Yi2iFOXFUN1XkvBU7KW/rdtGcOEdc9VMIxfIKDo5h24E5fqs= ;{id = 2854} -SECTION AUTHORITY -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854} -ENTRY_END - -; DLV apex -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -net.example.com. SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -net.example.com. 3600 IN RRSIG SOA 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AKAjedAeGWRHaqhDhNhbTvVUQMgCspiD4GNC7dMVbEZSd87AFcqwg1Y= ;{id = 2854} -net.example.com. NSEC example.net.example.com. SOA NS DNSKEY RRSIG NSEC -net.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AAHqj3xDqng7ZuNFn89sTjTo2qfuXTv0yR6v8mZ1+L5mCsOwjpGXrJw= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -; DLV of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AIZmoTbAlXYwLknm84i7sbglbHr1Iq7t0yyTENO/MsPj7K/mvEQAI/g= ;{id = 2854} -SECTION AUTHORITY -net.example.com. NS ns.net.example.com. -net.example.com. 3600 IN RRSIG NS 3 3 3600 20070926134150 20070829134150 2854 net.example.com. AHjTvB20SzZVV9P3LXJ6lVzFWCoDk7T71VHllOwmom3a/EutlUpsgNM= ;{id = 2854} -SECTION ADDITIONAL -ns.net.example.com. A 1.2.3.6 -ns.net.example.com. 3600 IN RRSIG A 3 4 3600 20070926134150 20070829134150 2854 net.example.com. AE2wjNCJayCBi6e8QAGwgujdMC2LbVWQVbQCuQx+grjoQJXQxxpFB5I= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_ds_lookup.rpl b/testdata/dlv_ds_lookup.rpl deleted file mode 100644 index 663cd9c36..000000000 --- a/testdata/dlv_ds_lookup.rpl +++ /dev/null @@ -1,281 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor for a DS lookup. -; positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DS -SECTION AUTHORITY -net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -example.net. IN DS -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -example.net. IN DS -SECTION AUTHORITY -net. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1251367385 1800 900 604800 86400 -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_insecure.rpl b/testdata/dlv_insecure.rpl deleted file mode 100644 index e6515a9fb..000000000 --- a/testdata/dlv_insecure.rpl +++ /dev/null @@ -1,254 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - harden-referral-path: no - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with insecure zone with no DLV - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -; could be picked out of the negative cache due to NS queries in between. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_insecure_negcache.rpl b/testdata/dlv_insecure_negcache.rpl deleted file mode 100644 index 8408870b9..000000000 --- a/testdata/dlv_insecure_negcache.rpl +++ /dev/null @@ -1,311 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - harden-referral-path: no - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with insecure zone, no DLV from negative cache - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 300 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -; could be picked out of the negative cache due to NS queries in between. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -zoink.name.example.com IN NSEC zazz.net.example.com. RRSIG NSEC DLV -zoink.name.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AHipxvshRHglCEN4nZCT4m/4RIj8TrCOE2AsqEoH9e+6OYSo+yuNzzo= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -zoink.name.example.com IN NSEC zazz.net.example.com. RRSIG NSEC DLV -zoink.name.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AHipxvshRHglCEN4nZCT4m/4RIj8TrCOE2AsqEoH9e+6OYSo+yuNzzo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC frump.aqua.example.com. SOA NS RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AAscY9DfNm3Uy8f8Q4WX6AzR0flHYNSr3fKfgQ0Xc20fzj1lGP9ebfk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 300 - ADDRESS 1.2.3.5 -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 10 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 10 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -STEP 150 TIME_PASSES ELAPSE 30 - -; no more DLV authority reachable -STEP 200 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -STEP 210 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 10 IN A 10.20.30.40 -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END - -STEP 220 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -net. IN NS -ENTRY_END - -STEP 230 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_keyretry.rpl b/testdata/dlv_keyretry.rpl deleted file mode 100644 index 8d477b5a5..000000000 --- a/testdata/dlv_keyretry.rpl +++ /dev/null @@ -1,287 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor and subsequently key retries -; positive response for DLV. But the DNSKEY for the target fails validation. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -; expired signature -example.net. 3600 IN RRSIG DNSKEY 5 2 3600 20050926134150 20050829134150 30899 example.net. ydM0/eWMqFn4RxMTbscdSLU7bJNoPuzjCa0eI7HSV/r/54slSGvkl0fmwqrROl1tpc0YMV6kAzgB1T5lJbvdsA== ;{id = 30899} -; good signature: -;example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; AAAA for nameserver (for dnssec retry) query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -ns.example.net. IN AAAA -SECTION AUTHORITY -example.net. IN SOA . . 2007091300 28800 7200 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. MrpP4svNpbN/YKhuYRlNbvNg0yVxn4ywW1tyEFA9v6F7BR6k1pP8iPfN5XV+XWPAmbss9h3fwKq8zNs4F/SPkg== ;{id = 30899} -ns.example.net. IN NSEC ppp.example.net. A RRSIG NSEC -ns.example.net. 3600 IN RRSIG NSEC 5 3 3600 20070926134150 20070829134150 30899 example.net. freWP6rXWsU5iyRE2gIM9rICuBxCYlQSW01GkLPez5czqtEL0hHN8vtjTlfoNxjJjiZj3vAavZDIQGgOOOMIsA== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_negnx.rpl b/testdata/dlv_negnx.rpl deleted file mode 100644 index 03edf1a47..000000000 --- a/testdata/dlv_negnx.rpl +++ /dev/null @@ -1,405 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor for negcache nxdomain proof -; put a DLV in the negcache. -; then test ask-higher with that in the cache. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; under example.net in DLV -ENTRY_BEGIN -MATCH opcode qtype subdomain -ADJUST copy_id copy_query -REPLY QR NXDOMAIN -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.net.example.com. 3600 IN NSEC fru.net.example.com. RRSIG NSEC DLV -example.net.example.com. 3600 IN RRSIG NSEC 3 4 3600 20070926134150 20070829134150 2854 example.com. AI6NNKt4dGcAdCrW73GYwyoqelsdj1dd8mBNPpHRQIL0yp7yYFZ7kXU= ;{id = 2854} -example.com. IN SOA . . 1 2 3 4 5 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AIkRPbv+kZaiG61pH/wQy8fX2UqQS5YRwHaxe4yjEUXk59fgO71Db3s= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -; have it flushed out of the cache quickly. -example.net. 0 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 0 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; subzone -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub1.example.net. IN A -SECTION ANSWER -SECTION AUTHORITY -sub1.example.net. 3600 IN DS 30899 5 1 8916603e54c6f7edcfd885602e3b7b8dc475ba5c ; xodec-komif-vehis-kotav-tefot-mecyk-biryf-rivym-ticol-huvyh-saxox -sub1.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. A3vVrEY3+oIUqdbAa3tkKaU3o47eBD01hVXfAEAue1M+Uci2PA5YyiulLzStyiP75XUXkvubLQ2+ltKMTtfdag== ;{id = 30899} -sub1.example.net. IN NS ns.sub1.example.net. -SECTION ADDITIONAL -ns.sub1.example.net. IN A 1.2.3.10 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub2.example.net. IN A -SECTION ANSWER -SECTION AUTHORITY -sub2.example.net. 3600 IN DS 30899 5 1 627f7a51f1545133fec3ecbd19b85b92b15679c9 ; ximil-zovah-casuh-gygef-fyzas-farir-tikir-mukon-disih-kavus-nyxex -sub2.example.net. 3600 IN RRSIG DS 5 3 3600 20070926134150 20070829134150 30899 example.net. azMXKt4VPHj2hk5MDU6h8E/HOtNnHnIVS6Le3BV43wtJcHG5wlCxOksOZBOpXMkpbWLvbCJOOMPOnh31nlbjgg== ;{id = 30899} -sub2.example.net. IN NS ns.sub2.example.net. -SECTION ADDITIONAL -ns.sub2.example.net. IN A 1.2.3.12 -ENTRY_END -RANGE_END - -; sub1.example.net. -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.10 -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub1.example.net. IN DNSKEY -SECTION ANSWER -sub1.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub1.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub1.example.net. E200eTdRnkL7/fk54i1nXEE9a/rC2GxZfVkWMU044tpwV6d4XRxVhlFBzY4FytbRFFBUDhz7L3B0qC6BXJM8rg== ;{id = 30899} -ENTRY_END - -; www query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.sub1.example.net. IN A -SECTION ANSWER -www.sub1.example.net. IN A 192.168.1.1 -www.sub1.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub1.example.net. JKxcjPjc/TsQmUmCYHLQa3cBk1c+SbDPtVml69nDWC167NNWG8OLjLrLtUBVCfbTzCmqOWXq2qhrGPxjO65GCQ== ;{id = 30899} -ENTRY_END - -RANGE_END - -; sub2.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.12 -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub2.example.net. IN DNSKEY -SECTION ANSWER -sub2.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub2.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub2.example.net. VcNaPuz9Mmjj5ofZqOa4FsixBomFJTjd/9wxhZOVdxf1LsNR5L++8k09gQvnjtCvqSPfNer/uv0xl+9sRr8Wmw== ;{id = 30899} -ENTRY_END - -; www query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.sub2.example.net. IN A -SECTION ANSWER -www.sub2.example.net. IN A 192.168.1.12 -www.sub2.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub2.example.net. PsWY6+5/0+hsTOhNak/jdSeG44hvHgX5az1Q5XY/YkIchsflH9rmvP1EruFhflNhRR+22M7POiljYOoD5ylQXQ== ;{id = 30899} -ENTRY_END - -RANGE_END - - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub1.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub1.example.net. IN A -SECTION ANSWER -www.sub1.example.net. IN A 192.168.1.1 -www.sub1.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub1.example.net. JKxcjPjc/TsQmUmCYHLQa3cBk1c+SbDPtVml69nDWC167NNWG8OLjLrLtUBVCfbTzCmqOWXq2qhrGPxjO65GCQ== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; have example.net DNSKEY time out -STEP 14 TIME_PASSES ELAPSE 1.0 - -STEP 20 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.sub2.example.net. IN A -ENTRY_END - -STEP 30 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.sub2.example.net. IN A -SECTION ANSWER -www.sub2.example.net. IN A 192.168.1.12 -www.sub2.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub2.example.net. PsWY6+5/0+hsTOhNak/jdSeG44hvHgX5az1Q5XY/YkIchsflH9rmvP1EruFhflNhRR+22M7POiljYOoD5ylQXQ== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - - -SCENARIO_END diff --git a/testdata/dlv_optout.rpl b/testdata/dlv_optout.rpl deleted file mode 100644 index e5a8fdd62..000000000 --- a/testdata/dlv_optout.rpl +++ /dev/null @@ -1,440 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator, DLV to zone below optout, check negative cache. -; DLV example.com. -; trust anchor at example.net but no secure delegation to -; sub.example.net signed with DLV but not by parent. -; parent uses optout NSEC3. -; then a signed delegation to down.sub.example.net. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net.example.com. IN DLV -SECTION ANSWER -sub.example.net.example.com. 3600 IN DLV 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -sub.example.net.example.com. 3600 IN RRSIG DLV 3 5 3600 20070926135752 20070829135752 2854 example.com. AAdhy87nuDEaxmc+k9pJHYnhKiEYL++OLPxzOdwEQOtsHi7jeD3lRDU= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -down.sub.example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -sub.example.net.example.com. IN NSEC zzz.example.net.example.com. RRSIG NSEC DLV -sub.example.net.example.com. 3600 IN RRSIG NSEC 3 5 3600 20070926134150 20070829134150 2854 example.com. AG/M+H/lex1CMTIuO+JpdmTjCzt7XBsLtRLPDfYTykhxnnECzZwkMnQ= ;{id = 2854} -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC sub.example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. ALITtZY03PDWnuAeEL/5VwMIXY3iC2y7Qkeq5DgAHmPbNyWiOmJNEKg= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; no DS to sub.example.net, optout NSEC3. -; NSEC3PARAM 1 1 31 DE15C001 -; example.net. -> hk4jq0lg6q3bt992urc88dqten1k2be8. -; sub.example.net. -> ecs17hqd0kf7dk9g1cjvevj25pginrf2. -; *.example.net. -> 1tgbedpeeuubbsejh2dqvso62f8n4dk1. -; down.sub.example.net. -> 9j1r8re9b1238vd907tilclgat1i0fre. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN DS -SECTION ANSWER -SECTION AUTHORITY -example.net. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.net. 3600 IN RRSIG SOA 5 2 3600 20070926134150 20070829134150 30899 example.net. ELVULZHTRc0Qk06rSBRnB/T6sm1+AbAtdEJHN6PCsz2Z3s3E5A8NH7Krz0VzRaYIEUStnbAtuE3oP8XHWHBnyQ== ;{id = 30899} -; CE is example.net -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. IN NSEC3 1 1 31 DE15C001 hl4jq0lg6q3bt992urc88dqten1k2be8 NS SOA NAPTR RRSIG DNSKEY NSEC3PARAM -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. n1dQKbRoB+X4K003RAhdUp6ZUP5dCiwQi+apGfLII8wmCUmw/cKiz7/Ijhs/+88hZwq/7yhlZM0D/yqAUKUiAA== ;{id = 30899} -; NC covers sub.example.net -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. IN NSEC3 1 1 31 de15c001 efs17hqd0kf7dk9g1cjvevj25pginrf2 A RRSIG -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. oSVB7Dyp7/yaOlT8AFwBJZdqwRRSQ8XFzCpu1AP51JPIuhCg5byepdvY6UC3xXc7YVO6h74tpxFCGqLpRXwDoQ== ;{id = 30899} -SECTION ADDITIONAL -ENTRY_END - -; delegation to sub.example.net, optout NSEC3. -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. IN NSEC3 1 1 31 DE15C001 hl4jq0lg6q3bt992urc88dqten1k2be8 NS SOA NAPTR RRSIG DNSKEY NSEC3PARAM -hk4jq0lg6q3bt992urc88dqten1k2be8.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. n1dQKbRoB+X4K003RAhdUp6ZUP5dCiwQi+apGfLII8wmCUmw/cKiz7/Ijhs/+88hZwq/7yhlZM0D/yqAUKUiAA== ;{id = 30899} -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. IN NSEC3 1 1 31 de15c001 efs17hqd0kf7dk9g1cjvevj25pginrf2 A RRSIG -ebs17hqd0kf7dk9g1cjvevj25pginrf2.example.net. 3600 IN RRSIG NSEC3 5 3 3600 20070926134150 20070829134150 30899 example.net. oSVB7Dyp7/yaOlT8AFwBJZdqwRRSQ8XFzCpu1AP51JPIuhCg5byepdvY6UC3xXc7YVO6h74tpxFCGqLpRXwDoQ== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ENTRY_END - - -RANGE_END - -; ns.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.6 -; DS is -; sub.example.net. 3600 IN DS 30899 5 1 36b39460f94a807cbbbf3b31cc9db955081b2b36 ; xetir-fahok-bovug-pebyl-sovur-zyvaf-cufan-tivih-hadec-rypof-kixox -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN DNSKEY -SECTION ANSWER -sub.example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -sub.example.net. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. PATh0K1jz9QeN02C79noX9gwK+Nr5VznWPQwygm/pYDsOb0z3EsaiOrzyoreegDKgoNn3kN0CywS+usCWM6hrw== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -sub.example.net. IN NS -SECTION ANSWER -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; www.sub.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.sub.example.net. IN A -SECTION ANSWER -www.sub.example.net. IN A 10.20.30.40 -www.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. Q+88AIM3K8q6S0bHeFVT742EepZFxOxgtaL1V68DEkP4NePKzL4zttWQD3uI/5ALw/fIrC7G43Eo+epWn2ZGCA== ;{id = 30899} -SECTION AUTHORITY -sub.example.net. IN NS ns.sub.example.net. -sub.example.net. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.net. JZUK303aE7R428S5XXLaowpM79YSc2g7wy2rDOH+6Ts2UefZInv6X5cjJU4+qBrS8i9XhdllqG7SEnPKZ0GtAw== ;{id = 30899} -SECTION ADDITIONAL -ns.sub.example.net. IN A 1.2.3.6 -ns.sub.example.net. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AluXPa4XdlCysQMVrt0YairoOug4GMvy8rNUeKLCfQ5xVqRMqkTisbzJXBQPgYEVA0DJR74eEpgLrcz5ztb1aA== ;{id = 30899} -ENTRY_END - -; DS for down.sub.example.net -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -down.sub.example.net. IN DS -SECTION ANSWER -down.sub.example.net. 3600 IN DS 60946 5 1 c636304ab7cdb6272215aceac95a8d312ac7a4f6 -down.sub.example.net. 3600 IN RRSIG DS 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AMc8J534UF2+0PtPSNBw6RzN4Q5gXfnBXiUfpuT/MR1YtOE/5AP/0dTgvqvKRiFZx3NjOPeZmRnaabxkw0Qzrw== ;{id = 30899} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; delegation to down.sub.example.net -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -down.sub.example.net. IN NS -SECTION ANSWER -SECTION AUTHORITY -down.sub.example.net. IN NS ns.down.sub.example.net. -; the DS record is not given (like it was parent and child hosted on the same -; server) -;down.sub.example.net. 3600 IN DS 60946 5 1 c636304ab7cdb6272215aceac95a8d312ac7a4f6 -;down.sub.example.net. 3600 IN RRSIG DS 5 4 3600 20070926134150 20070829134150 30899 sub.example.net. AMc8J534UF2+0PtPSNBw6RzN4Q5gXfnBXiUfpuT/MR1YtOE/5AP/0dTgvqvKRiFZx3NjOPeZmRnaabxkw0Qzrw== ;{id = 30899} -SECTION ADDITIONAL -ns.down.sub.example.net. IN A 1.2.3.7 -ENTRY_END - -RANGE_END - -; ns.down.sub.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.7 -; DNSKEY query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -down.sub.example.net. IN DNSKEY -SECTION ANSWER -down.sub.example.net. 3600 IN DNSKEY 257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} -down.sub.example.net. 3600 IN RRSIG DNSKEY 5 4 3600 20070926134150 20070829134150 60946 down.sub.example.net. lK5HNva/IPw0CS9BfBd16fqm5y9bgCSwGsBLBAA1d5SCcKep6AVrv6NFuXl12d1G3MdQ4ruHi6eDDO5dhtkfrw== ;{id = 60946} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -; www.down.sub.example.net. -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR AA NOERROR -SECTION QUESTION -www.down.sub.example.net. IN A -SECTION ANSWER -www.down.sub.example.net. IN A 10.20.30.44 -www.down.sub.example.net. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 60946 down.sub.example.net. Hg5WF/xW8PRth2rl1mZcYK8/pgGpM73e/fD+mH/XElEKgL9zq0ou8psA0I6OvMLGBN6RQeknQHRAy3D2/5k/Wg== ;{id = 60946} -SECTION AUTHORITY -SECTION ADDITIONAL -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.down.sub.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.down.sub.example.net. IN A -SECTION ANSWER -www.down.sub.example.net. IN A 10.20.30.44 -www.down.sub.example.net. 3600 IN RRSIG A 5 5 3600 20070926134150 20070829134150 60946 down.sub.example.net. Hg5WF/xW8PRth2rl1mZcYK8/pgGpM73e/fD+mH/XElEKgL9zq0ou8psA0I6OvMLGBN6RQeknQHRAy3D2/5k/Wg== ;{id = 60946} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove.rpl b/testdata/dlv_remove.rpl deleted file mode 100644 index d503148c7..000000000 --- a/testdata/dlv_remove.rpl +++ /dev/null @@ -1,198 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV anchor but DLV domain is down -; so DLV has been decommissioned. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 - -ENTRY_BEGIN -MATCH opcode -ADJUST copy_id copy_query -REPLY QR SERVFAIL -SECTION QUESTION -example.com. IN NS -ENTRY_END -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO SERVFAIL -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove_empty.rpl b/testdata/dlv_remove_empty.rpl deleted file mode 100644 index 11b825bc2..000000000 --- a/testdata/dlv_remove_empty.rpl +++ /dev/null @@ -1,272 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV and DLV repository is empty. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query, everything is NXDOMAIN -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR AA NXDOMAIN -SECTION QUESTION -example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. 3600 IN NSEC example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AH++lP1qhsBw6zO1g3JVPZeQIpDhL9xT8V9xdgjXvCjIGQ1BUUlfQkA= -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove_nodel.rpl b/testdata/dlv_remove_nodel.rpl deleted file mode 100644 index 1abe5a32f..000000000 --- a/testdata/dlv_remove_nodel.rpl +++ /dev/null @@ -1,276 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "dlv.example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV and DLV is removed and not delegated -; so the response is that the dlv domain itself does not exist, but it's -; parent domain does exist (securely). - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query, everything is NXDOMAIN -; thus, no delegation to the dlv repository in dlv.example.com -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR AA NXDOMAIN -SECTION QUESTION -example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. 3600 IN NSEC example.com. NS SOA RRSIG NSEC DNSKEY -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AH++lP1qhsBw6zO1g3JVPZeQIpDhL9xT8V9xdgjXvCjIGQ1BUUlfQkA= -SECTION ADDITIONAL -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_remove_pos.rpl b/testdata/dlv_remove_pos.rpl deleted file mode 100644 index 892ffa3c0..000000000 --- a/testdata/dlv_remove_pos.rpl +++ /dev/null @@ -1,167 +0,0 @@ -; config options -; The island of trust is at example.com -server: - dlv-anchor: "dlv.example.net. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with DLV removed for positive anchored response -; So the destination has a valid DNSSEC chain of trust to the root, -; but the configured dlv anchor fails. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -; this covers dlv.example.net and thus makes it servfail (unusable). -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR SERVFAIL -SECTION QUESTION -net. IN NS -ENTRY_END - -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.com. IN A -SECTION ANSWER -www.example.com. IN A 10.20.30.40 -www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dlv_unused.rpl b/testdata/dlv_unused.rpl deleted file mode 100644 index aa7d04c1e..000000000 --- a/testdata/dlv_unused.rpl +++ /dev/null @@ -1,277 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - trust-anchor: "example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator, DLV anchor unused because trustanchor works. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC zazz.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926135752 20070829135752 2854 example.com. AAi21jQpno6gXnrPrtK0NvNgX9B8E9U5RvTd47QiCWLF7KdtKxB7Xz0= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/dnstap.tdir/dnstap.pre b/testdata/dnstap.tdir/dnstap.pre index 95216949c..6561d77e9 100644 --- a/testdata/dnstap.tdir/dnstap.pre +++ b/testdata/dnstap.tdir/dnstap.pre @@ -45,7 +45,7 @@ fi # make config file sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < dnstap.conf > ub.conf # start unbound in the background -$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +$PRE/unbound -d -c ub.conf -vvvv >unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test diff --git a/testdata/dnstap.tdir/dnstap.test b/testdata/dnstap.tdir/dnstap.test index 04db17b27..fbf8565ff 100644 --- a/testdata/dnstap.tdir/dnstap.test +++ b/testdata/dnstap.tdir/dnstap.test @@ -24,6 +24,8 @@ else exit 1 fi +echo "> wait for log to happen on timer" +sleep 3 echo "> check tap.log for dnstap info" # see if it logged the information in tap.log # wait for a moment for filesystem to catch up. @@ -57,6 +59,8 @@ dig @127.0.0.1 -p $UNBOUND_PORT q7.example.net. dig @127.0.0.1 -p $UNBOUND_PORT q8.example.net. dig @127.0.0.1 -p $UNBOUND_PORT q9.example.net. dig @127.0.0.1 -p $UNBOUND_PORT q10.example.net. +echo "> wait for log to happen on timer" +sleep 3 for x in q1 q2 q3 q4 5 q6 q7 q8 q9 q10; do if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi if grep "$x.example.net" tap.log >/dev/null; then :; else sleep 1; fi diff --git a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post index 8474b3a02..0056a20d9 100644 --- a/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post +++ b/testdata/dnstap_reconnect.tdir/dnstap_reconnect.post @@ -13,4 +13,6 @@ kill_pid $FWD_PID kill $UNBOUND_PID kill $UNBOUND_PID >/dev/null 2>&1 cat unbound.log +cat tap.log +cat tap.errlog exit 0 diff --git a/testdata/doh_downstream.tdir/doh_downstream.conf b/testdata/doh_downstream.tdir/doh_downstream.conf new file mode 100644 index 000000000..f0857bb58 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.conf @@ -0,0 +1,27 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream.tdir/doh_downstream.dsc b/testdata/doh_downstream.tdir/doh_downstream.dsc new file mode 100644 index 000000000..66b84284e --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream +Version: 1.0 +Description: Test DNS-over-HTTPS query processing +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream.pre +Post: doh_downstream.post +Test: doh_downstream.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream.tdir/doh_downstream.post b/testdata/doh_downstream.tdir/doh_downstream.post new file mode 100644 index 000000000..0e3c00b05 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.post @@ -0,0 +1,13 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream.tdir/doh_downstream.pre b/testdata/doh_downstream.tdir/doh_downstream.pre new file mode 100644 index 000000000..29bb805a1 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.pre @@ -0,0 +1,33 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream.tdir/doh_downstream.test b/testdata/doh_downstream.tdir/doh_downstream.test new file mode 100644 index 000000000..d66168fba --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.test @@ -0,0 +1,339 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l ) +if test "$num_ans" -ne 90; then + echo "number of answers not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream.tdir/doh_downstream.testns b/testdata/doh_downstream.tdir/doh_downstream.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream.tdir/doh_downstream.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream.tdir/unbound_server.key b/testdata/doh_downstream.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream.tdir/unbound_server.pem b/testdata/doh_downstream.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf new file mode 100644 index 000000000..30d8e2a4f --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.conf @@ -0,0 +1,17 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-response-buffer-size: 500 + + local-zone: "example.net" redirect + local-data: "example.net. IN A 1.2.3.1" diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc new file mode 100644 index 000000000..c271fcdc1 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_buffer_size +Version: 1.0 +Description: Test DNS-over-HTTPS http-response-buffer-size +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_buffer_size.pre +Post: doh_downstream_buffer_size.post +Test: doh_downstream_buffer_size.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post new file mode 100644 index 000000000..881970a77 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.post @@ -0,0 +1,12 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +. ../common.sh +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre new file mode 100644 index 000000000..a58780ab3 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.pre @@ -0,0 +1,24 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 1 +UNBOUND_PORT=$RND_PORT +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_buffer_size.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test new file mode 100644 index 000000000..78c46081d --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/doh_downstream_buffer_size.test @@ -0,0 +1,39 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +echo "> query www.example.net. endpoint /dns-query" +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT 1.example.net. A IN 2.example.net. A IN 3.example.net. A IN 4.example.net. A IN 5.example.net. A IN 6.example.net. A IN 7.example.net. A IN 8.example.net. A IN 9.example.net. A IN 10.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +num=$(grep "ANSWER SEC" outfile | wc -l) +# 58 byte answers, 500 byte max response buffer -> 8 answers +if [ $num -eq 8 ]; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +exit 0 diff --git a/testdata/doh_downstream_buffer_size.tdir/unbound_server.key b/testdata/doh_downstream_buffer_size.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem b/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_buffer_size.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf new file mode 100644 index 000000000..3ec5ed4a1 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.conf @@ -0,0 +1,17 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-endpoint: "/abc" + + local-zone: "example.net" static + local-data: "www.example.net. IN A 1.2.3.1" diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc new file mode 100644 index 000000000..ef36a1968 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream +Version: 1.0 +Description: Test DNS-over-HTTPS query processing, endpoint setting +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_endpoint.pre +Post: doh_downstream_endpoint.post +Test: doh_downstream_endpoint.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post new file mode 100644 index 000000000..dcdf8627e --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.post @@ -0,0 +1,12 @@ +# #-- doh_downstream.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre new file mode 100644 index 000000000..cd0d11fd4 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.pre @@ -0,0 +1,23 @@ +# #-- doh_downstream.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_random_port 1 +UNBOUND_PORT=$RND_PORT +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_endpoint.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test new file mode 100644 index 000000000..2a6954cab --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/doh_downstream_endpoint.test @@ -0,0 +1,59 @@ +# #-- doh_downstream.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +echo "> query www.example.net. endpoint /dns-query" +$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "status 404" outfile; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +echo "> query www.example.net. endpoint /abc" +$PRE/dohclient -e /abc -s 127.0.0.1 -p $UNBOUND_PORT www.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep ":status 200" outfile; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_endpoint.tdir/unbound_server.key b/testdata/doh_downstream_endpoint.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_endpoint.tdir/unbound_server.pem b/testdata/doh_downstream_endpoint.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_endpoint.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf new file mode 100644 index 000000000..bdca45645 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.conf @@ -0,0 +1,28 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + http-notls-downstream: yes + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc new file mode 100644 index 000000000..4b908e052 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_notls +Version: 1.0 +Description: Test DNS-over-HTTP query processing with no-tls +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_notls.pre +Post: doh_downstream_notls.post +Test: doh_downstream_notls.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post new file mode 100644 index 000000000..3ceaeade8 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.post @@ -0,0 +1,13 @@ +# #-- doh_downstream_notls.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre new file mode 100644 index 000000000..e1f30a575 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.pre @@ -0,0 +1,33 @@ +# #-- doh_downstream_notls.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi + +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream_notls.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_notls.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test new file mode 100644 index 000000000..87ff560d3 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.test @@ -0,0 +1,339 @@ +# #-- doh_downstream_notls.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -n -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l ) +if test "$num_ans" -ne 90; then + echo "number of answers not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/doh_downstream_notls.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream_notls.tdir/unbound_server.key b/testdata/doh_downstream_notls.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_notls.tdir/unbound_server.pem b/testdata/doh_downstream_notls.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_notls.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.conf b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf new file mode 100644 index 000000000..f0857bb58 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf @@ -0,0 +1,27 @@ +server: + verbosity: 2 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + https-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + http-query-buffer-size: 1G + http-response-buffer-size: 1G + http-max-streams: 200 + + local-zone: "example.net" static + local-data: "www1.example.net. IN A 1.2.3.1" + local-data: "www2.example.net. IN A 1.2.3.2" + local-data: "www3.example.net. IN A 1.2.3.3" + local-zone: "drop.net" deny + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc new file mode 100644 index 000000000..70de7502f --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc @@ -0,0 +1,16 @@ +BaseName: doh_downstream_post +Version: 1.0 +Description: Test DNS-over-HTTPS query processing, using POST method +CreationDate: Mon Jun 12 12:00:00 CET 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: doh_downstream_post.pre +Post: doh_downstream_post.post +Test: doh_downstream_post.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.post b/testdata/doh_downstream_post.tdir/doh_downstream_post.post new file mode 100644 index 000000000..98034a32c --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.post @@ -0,0 +1,13 @@ +# #-- doh_downstream_post.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +kill_pid $FWD_PID +kill_pid $UNBOUND_PID +cat unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.pre b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre new file mode 100644 index 000000000..34df83d4b --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre @@ -0,0 +1,31 @@ +# #-- doh_downstream_post.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT doh_downstream_post.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_post.conf > ub.conf +# start unbound in the background +$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.test b/testdata/doh_downstream_post.tdir/doh_downstream_post.test new file mode 100644 index 000000000..6442d1e12 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.test @@ -0,0 +1,340 @@ +# #-- doh_downstream_post.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +if grep "define HAVE_NGHTTP2 1" $PRE/config.h; then echo test enabled; else echo test skipped; exit 0; fi +get_make +(cd $PRE; $MAKE dohclient) + + +# this test query should just work (server is up) +echo "> query www1.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +echo "OK" + +# multiple requests (from localdata) +echo "> query www1.example.net. www2.example.net. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www.example.com" outfile | grep "10.20.30.40"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +# out of order requests, the example.com elements take 2 seconds to wait. +# www3.example.com present twice, answered twice. +echo "" +echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.net" outfile | grep "1.2.3.1"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www2.example.net" outfile | grep "1.2.3.2"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www3.example.com" outfile | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + +echo "" +echo "> query www4.example.com. www3.example.net." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.net" outfile | grep "1.2.3.3"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi +if grep "www4.example.com" outfile | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "result contents not OK" + exit 1 +fi + + +echo "" +echo "> query a1.example.com. - a90.example.com." +$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +num_ans=$(grep -B 3 "a.example.com. IN A" outfile | grep "rcode: NOERROR" | wc -l ) +if test "$num_ans" -ne 90; then + echo "number of answers not OK" + echo "> cat logfiles" + cat outfile + cat fwd.log + cat unbound.log + echo "Not OK" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.testns b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns new file mode 100644 index 000000000..c53941b67 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns @@ -0,0 +1,74 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www2 IN A +SECTION ANSWER +www2 IN A 10.20.30.42 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www3 IN A +SECTION ANSWER +www3 IN A 10.20.30.43 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www4 IN A +SECTION ANSWER +www4 IN A 10.20.30.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www5 IN A +SECTION ANSWER +www5 IN A 10.20.30.45 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id sleep=2 +SECTION QUESTION +www6 IN A +SECTION ANSWER +www6 IN A 10.20.30.46 +ENTRY_END + +; lots of noerror/nodata answers for other queries (a.. queries) +ENTRY_BEGIN +MATCH opcode qtype subdomain +REPLY QR AA NOERROR +ADJUST copy_id copy_query +SECTION QUESTION +a.example.com. IN A +SECTION AUTHORITY +example.com. IN SOA ns hostmaster 2019 28800 7200 604800 3600 +ENTRY_END diff --git a/testdata/doh_downstream_post.tdir/unbound_server.key b/testdata/doh_downstream_post.tdir/unbound_server.key new file mode 100644 index 000000000..4256c421d --- /dev/null +++ b/testdata/doh_downstream_post.tdir/unbound_server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA +3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s +RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB +AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS +6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds +sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi +XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3 +fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL +CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP +0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2 +oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l +In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S +LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg== +-----END RSA PRIVATE KEY----- diff --git a/testdata/doh_downstream_post.tdir/unbound_server.pem b/testdata/doh_downstream_post.tdir/unbound_server.pem new file mode 100644 index 000000000..aeda3ff11 --- /dev/null +++ b/testdata/doh_downstream_post.tdir/unbound_server.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1 +bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE +AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS +y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/ +/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu +g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ +9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG +l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH +Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg== +-----END CERTIFICATE----- diff --git a/testdata/domain_insec_dlv.rpl b/testdata/domain_insec_dlv.rpl deleted file mode 100644 index c8bd98344..000000000 --- a/testdata/domain_insec_dlv.rpl +++ /dev/null @@ -1,277 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - domain-insecure: "example.net" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with domain-insecure below a DLV -; positive response for DLV. - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/testdata/edns_client_string.rpl b/testdata/edns_client_string.rpl new file mode 100644 index 000000000..1822f7898 --- /dev/null +++ b/testdata/edns_client_string.rpl @@ -0,0 +1,152 @@ +; config options +server: + edns-client-string: 10.0.0.0/24 "abc d" + edns-client-string: 10.0.0.10/32 "123AbC!" + +stub-zone: + name: "edns-string-abc." + stub-addr: 10.0.0.1 + +stub-zone: + name: "edns-string-123." + stub-addr: 10.0.0.10 + +stub-zone: + name: "notag." + stub-addr: 10.10.0.1 + +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.10.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-abc. IN A +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-abc. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + fd e9 ; Opcode 65001 + 00 05 ; Length 5 + 61 62 63 20 64 ; "abc d" + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +ENTRY_END + +STEP 110 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-123. IN A +ENTRY_END + +STEP 120 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-123. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + fd e9 ; Opcode 65001 + 00 07 ; Length 7 + 31 32 33 41 62 ; "123Ab" + 43 21 ; "C!" + HEX_EDNSDATA_END +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +ENTRY_END + +STEP 210 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +notag. IN A +ENTRY_END + +STEP 220 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +notag. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END + +STEP 230 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +ENTRY_END + +SCENARIO_END diff --git a/testdata/edns_client_string_opcode.rpl b/testdata/edns_client_string_opcode.rpl new file mode 100644 index 000000000..3bd6dda4e --- /dev/null +++ b/testdata/edns_client_string_opcode.rpl @@ -0,0 +1,153 @@ +; config options +server: + edns-client-string: 10.0.0.0/24 "abc d" + edns-client-string: 10.0.0.10/32 "123AbC!" + edns-client-string-opcode: 65432 + +stub-zone: + name: "edns-string-abc." + stub-addr: 10.0.0.1 + +stub-zone: + name: "edns-string-123." + stub-addr: 10.0.0.10 + +stub-zone: + name: "notag." + stub-addr: 10.10.0.1 + +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.0.0.10 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +RANGE_BEGIN 0 1000 + ADDRESS 10.10.0.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-abc. IN A +ENTRY_END + +STEP 20 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-abc. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ff 98 ; Opcode 65432 + 00 05 ; Length 5 + 61 62 63 20 64 ; "abc d" + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-abc. IN A +SECTION ANSWER +edns-string-abc. IN A 10.20.30.40 +ENTRY_END + +STEP 110 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +edns-string-123. IN A +ENTRY_END + +STEP 120 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +edns-string-123. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + ff 98 ; Opcode 65432 + 00 07 ; Length 7 + 31 32 33 41 62 ; "123Ab" + 43 21 ; "C!" + HEX_EDNSDATA_END +ENTRY_END + +STEP 130 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +edns-string-123. IN A +SECTION ANSWER +edns-string-123. IN A 10.20.30.40 +ENTRY_END + +STEP 210 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +notag. IN A +ENTRY_END + +STEP 220 CHECK_OUT_QUERY +ENTRY_BEGIN +MATCH qname qtype opcode ednsdata +SECTION QUESTION +notag. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END + +STEP 230 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +notag. IN A +SECTION ANSWER +notag. IN A 10.20.30.40 +ENTRY_END + +SCENARIO_END diff --git a/testdata/fwd_oneport.tdir/fwd_oneport.conf b/testdata/fwd_oneport.tdir/fwd_oneport.conf index f3427fece..21ebc9fed 100644 --- a/testdata/fwd_oneport.tdir/fwd_oneport.conf +++ b/testdata/fwd_oneport.tdir/fwd_oneport.conf @@ -13,6 +13,7 @@ server: num-queries-per-thread: 1024 use-syslog: no do-not-query-localhost: no + udp-connect: no forward-zone: name: "." forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/fwddlv_parse.rpl b/testdata/fwddlv_parse.rpl deleted file mode 100644 index 8b8a9613f..000000000 --- a/testdata/fwddlv_parse.rpl +++ /dev/null @@ -1,134 +0,0 @@ -; config options -; The island of trust is at example.com -server: - trust-anchor: "dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw==" - val-override-date: "20090617133009" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test parse of packet when forwarding and dlv are in use - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -org. IN NS -SECTION AUTHORITY -org. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. (for ORG) -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -org. IN NS -SECTION ANSWER -org. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -dlv.isc.org. IN NS -SECTION AUTHORITY -dlv.isc.org. IN NS ns.org. -SECTION ADDITIONAL -ns.org. IN A 1.2.3.4 -ENTRY_END -RANGE_END - -; ns.org for dlv.isc.org -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -dlv.isc.org. IN DNSKEY -SECTION ANSWER -dlv.isc.org. 5072 IN DNSKEY 256 3 5 BEAAAAOlYGw53D+f01yCL5JsP0SB6EjYrnd0JYRBooAaGPT+Q0kpiN+7GviFh+nIazoB8e2Yv7mupgqkmIjObdcbGstYpUltdECdNpNmBvASKB9SBdtGeRvXXpORi3Qyxb9kHGG7SpzyYbc+KDVKnzYHB94pvqu3ZZpPFPBFtCibp/mkhw== ;{id = 64263 (zsk), size = 1024b} -dlv.isc.org. 5072 IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh ;{id = 19297 (ksk), size = 2048b} -dlv.isc.org. 5072 IN RRSIG DNSKEY 5 3 7200 20090717133009 20090617133009 19297 dlv.isc.org. iqGOzsIQKFHcPLbJHLb/kNzcm7TlHiyT4kzTknCjKsC7DCB86YCOhnZZjvZQyA+D0N0KDgNWY8v5czbyX57qR6qORciT2zmPSTGj7CIOe4zrq60n8HzsChKgvk+RSYQrzf6vRfnZhce6Y1waXQd4wh1buPAUw/l46Ovt74ALXzcWSgfMNyx6PBz7rbusuePKeSv0GZL9+M2qhXKe9LJmnzD9uCwnbV/Y5yu+xLfxLdm9q4IKp6Rn50CeHYKf3tO2jI9dkWqFR94XHSTNGfhC02i5UsfP1HRPnk49bX7OMstuuCq9zMX+qTt602MVFYdTSHTy/5+Yw5DvOA9JgOqO4w== ;{id = 19297} -dlv.isc.org. 5072 IN RRSIG DNSKEY 5 3 7200 20090717133009 20090617133009 64263 dlv.isc.org. W1KX1PagXsaWWmxkaOfnLetnw1hhSw7ym91S4rSu14QfFbYi5iN9ZkSuKa21M7Do52S9om/2hDllMF7EFfnv9l4e4/rMOc59vKGVojpHOvZyRVhIiMyh1H9NfLTYUovORRvKO0Cnp65gBXspVf1WhzoY3pC1NZ+5pscPWLeD1rw= ;{id = 64263} -ENTRY_END - -; response to query of interest -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -www.example.com.dlv.isc.org. IN DLV -SECTION ANSWER -SECTION AUTHORITY -dlv.isc.org. 2776 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009061702 7200 3600 2419200 3600 -dlv.isc.org. 2776 IN RRSIG SOA 5 3 3600 20090717133009 20090617133009 64263 dlv.isc.org. S5iTFqF8k9XWoGq4Wajo1GQF6Oc1e5lI1kGFWyaKf3oM2asbzCbVk2aZLtyDCGjYA4euZWXD0q2vol7/1cPB5Ds4SteCuo5Jkpa/mw7mPAcbNu8mYexq1RaodVCbWrW8KSxEyVd8X5mZx2OBaSyK8zns/W5I3ZPNNLf4Kz6Zpo0= ;{id = 64263} -seatex.com.cn.dlv.isc.org. 2776 IN RRSIG NSEC 5 6 3600 20090717133009 20090617133009 64263 dlv.isc.org. Rxv7gVdu8rpWbJ3fJm7cY66IKV+C94I4/HYiDQke1m2P7hXo5bpDBBShKpIvME34ANN8Lb0cZQK9XT7NYpWjE5rjW7CaMiVjiR6U1LyDGQyK4X3wdkbv3aJcHLSg7sWsxyZXj5iVUxkU5JO3JBjo412oKQ3bh+RGi1BxTIIq09g= ;{id = 64263} -seatex.com.cn.dlv.isc.org. 2776 IN NSEC absolight.com.dlv.isc.org. RRSIG NSEC DLV -ericgermann.com.dlv.isc.org. 2776 IN RRSIG NSEC 5 5 3600 20090717133009 20090617133009 64263 dlv.isc.org. OEUizWAXsWFBzt4rN5+AUTaND8phZc4ezux06LA/Ua5N/B/LQQ1cb42eEqCQHwnGK8BsRhbsRiVywPNgnnPlL1Gy8n25gi+0qWOpA27fOwZJbO3n944gKvPDWZoDeCbdJr6AQG5Z9/Ka0ERRtHC6uI2Xn6KCQPjgTEihqhoayYg= ;{id = 64263} -ericgermann.com.dlv.isc.org. 2776 IN NSEC fayengineering.com.dlv.isc.org. RRSIG NSEC DLV -SECTION ADDITIONAL -ENTRY_END -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.com.dlv.isc.org. IN DLV -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA AD DO NXDOMAIN -SECTION QUESTION -www.example.com.dlv.isc.org. IN DLV -SECTION ANSWER -SECTION AUTHORITY -dlv.isc.org. 2776 IN SOA ns-int.isc.org. hostmaster.isc.org. 2009061702 7200 3600 2419200 3600 -dlv.isc.org. 2776 IN RRSIG SOA 5 3 3600 20090717133009 20090617133009 64263 dlv.isc.org. S5iTFqF8k9XWoGq4Wajo1GQF6Oc1e5lI1kGFWyaKf3oM2asbzCbVk2aZLtyDCGjYA4euZWXD0q2vol7/1cPB5Ds4SteCuo5Jkpa/mw7mPAcbNu8mYexq1RaodVCbWrW8KSxEyVd8X5mZx2OBaSyK8zns/W5I3ZPNNLf4Kz6Zpo0= ;{id = 64263} -seatex.com.cn.dlv.isc.org. 2776 IN NSEC absolight.com.dlv.isc.org. RRSIG NSEC DLV -seatex.com.cn.dlv.isc.org. 2776 IN RRSIG NSEC 5 6 3600 20090717133009 20090617133009 64263 dlv.isc.org. Rxv7gVdu8rpWbJ3fJm7cY66IKV+C94I4/HYiDQke1m2P7hXo5bpDBBShKpIvME34ANN8Lb0cZQK9XT7NYpWjE5rjW7CaMiVjiR6U1LyDGQyK4X3wdkbv3aJcHLSg7sWsxyZXj5iVUxkU5JO3JBjo412oKQ3bh+RGi1BxTIIq09g= ;{id = 64263} -ericgermann.com.dlv.isc.org. 2776 IN NSEC fayengineering.com.dlv.isc.org. RRSIG NSEC DLV -ericgermann.com.dlv.isc.org. 2776 IN RRSIG NSEC 5 5 3600 20090717133009 20090617133009 64263 dlv.isc.org. OEUizWAXsWFBzt4rN5+AUTaND8phZc4ezux06LA/Ua5N/B/LQQ1cb42eEqCQHwnGK8BsRhbsRiVywPNgnnPlL1Gy8n25gi+0qWOpA27fOwZJbO3n944gKvPDWZoDeCbdJr6AQG5Z9/Ka0ERRtHC6uI2Xn6KCQPjgTEihqhoayYg= ;{id = 64263} -ENTRY_END - -SCENARIO_END diff --git a/testdata/localdata.rpl b/testdata/localdata.rpl index a2e7eeba2..047fbeeba 100644 --- a/testdata/localdata.rpl +++ b/testdata/localdata.rpl @@ -35,6 +35,9 @@ server: local-zone: "redirect.top." redirect local-data: "redirect.top. A 20.30.40.54" + ; null zone + local-zone: "null.top." always_null + ; create implicit data in the IN domain as well local-data: "a.a.implicit. A 20.30.41.50" local-data: "b.a.implicit. A 20.30.42.50" @@ -85,12 +88,12 @@ local. IN A ENTRY_END STEP 6 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION local. IN A SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; positive SOA @@ -101,7 +104,7 @@ local. IN SOA ENTRY_END STEP 8 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION local. IN SOA @@ -133,12 +136,12 @@ serv.local. IN MX ENTRY_END STEP 12 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION serv.local. IN MX SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; no such type, empty nonterminal @@ -149,12 +152,12 @@ bla.local. IN MX ENTRY_END STEP 14 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA SECTION QUESTION bla.local. IN MX SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; nxdomain with SOA @@ -165,12 +168,12 @@ doing.local. IN MX ENTRY_END STEP 16 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RA AA NXDOMAIN SECTION QUESTION doing.local. IN MX SECTION AUTHORITY -local. 3600 IN SOA nobody nobody 1 2 3 4 5 +local. 5 IN SOA nobody nobody 1 2 3 4 5 ENTRY_END ; nxdomain without SOA @@ -355,4 +358,36 @@ SECTION ANSWER www.redirect.top. IN A 20.30.40.54 ENTRY_END +; always_null zone +STEP 60 QUERY +ENTRY_BEGIN +SECTION QUESTION +null.top. IN A +ENTRY_END +STEP 61 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NOERROR +SECTION QUESTION +null.top. IN A +SECTION ANSWER +null.top. IN A 0.0.0.0 +ENTRY_END + +; always_null zone AAAA +STEP 62 QUERY +ENTRY_BEGIN +SECTION QUESTION +foo.null.top. IN AAAA +ENTRY_END +STEP 63 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RA AA NOERROR +SECTION QUESTION +foo.null.top. IN AAAA +SECTION ANSWER +foo.null.top. IN AAAA ::0 +ENTRY_END + SCENARIO_END diff --git a/testdata/nsid_ascii.rpl b/testdata/nsid_ascii.rpl new file mode 100644 index 000000000..f357db5ae --- /dev/null +++ b/testdata/nsid_ascii.rpl @@ -0,0 +1,54 @@ +; config options +server: + nsid: "ascii_hopsa kidee" + +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 0b ; Length 11 + 68 6F 70 73 61 20 ; "hopsa " + 6B 69 64 65 65 ; "kidee" + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/nsid_hex.rpl b/testdata/nsid_hex.rpl new file mode 100644 index 000000000..0d5e8f40d --- /dev/null +++ b/testdata/nsid_hex.rpl @@ -0,0 +1,54 @@ +; config options +server: + nsid: "0123456789abcdef" + +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 08 ; Length 8 + 01 23 45 67 ; + 89 ab cd ef ; + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/nsid_not_set.rpl b/testdata/nsid_not_set.rpl new file mode 100644 index 000000000..06abe5985 --- /dev/null +++ b/testdata/nsid_not_set.rpl @@ -0,0 +1,47 @@ +; config options +stub-zone: + name: "example." + stub-addr: 192.0.2.1 +CONFIG_END + +SCENARIO_BEGIN Test EDNS string tag option + +RANGE_BEGIN 0 1000 + ADDRESS 192.0.2.1 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 10 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +example. IN A +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + 00 03 ; Opcode NSID (3) + 00 00 ; Length 0 + HEX_EDNSDATA_END +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +example. IN A +SECTION ANSWER +example. IN A 198.51.100.1 +SECTION ADDITIONAL + HEX_EDNSDATA_BEGIN + HEX_EDNSDATA_END +ENTRY_END +SCENARIO_END diff --git a/testdata/ssl_req_order.tdir/ssl_req_order.test b/testdata/ssl_req_order.tdir/ssl_req_order.test index 65981d16c..360a09922 100644 --- a/testdata/ssl_req_order.tdir/ssl_req_order.test +++ b/testdata/ssl_req_order.tdir/ssl_req_order.test @@ -11,12 +11,14 @@ get_make # this test query should just work (server is up) echo "> query www1.example.net." -$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -28,6 +30,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -37,12 +40,14 @@ echo "OK" # multiple requests (from localdata) echo "> query www1.example.net. www2.example.net. www3.example.net." -$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -54,6 +59,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -65,6 +71,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -76,6 +83,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -85,12 +93,14 @@ fi # out of order requests, the example.com elements take 2 seconds to wait. echo "" echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -102,6 +112,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -113,6 +124,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -124,6 +136,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -135,6 +148,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -146,6 +160,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -156,12 +171,14 @@ fi # www.example.com present twice, answered twice. echo "" echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -173,6 +190,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -184,6 +202,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -195,6 +214,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -206,6 +226,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -216,12 +237,14 @@ fi # www3.example.com present twice, answered twice. echo "" echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -233,6 +256,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -244,6 +268,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -255,6 +280,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -266,6 +292,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -274,12 +301,14 @@ fi echo "" echo "> query www4.example.com. www3.example.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -291,6 +320,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -302,6 +332,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -310,12 +341,14 @@ fi echo "" echo "> query a1.example.com. - a100.example.com." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN a91.a.example.com. A IN a92.a.example.com. A IN a93.a.example.com. A IN a94.a.example.com. A IN a95.a.example.com. A IN a96.a.example.com. A IN a97.a.example.com. A IN a98.a.example.com. A IN a99.a.example.com. A IN a100.a.example.com. A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN a91.a.example.com. A IN a92.a.example.com. A IN a93.a.example.com. A IN a94.a.example.com. A IN a95.a.example.com. A IN a96.a.example.com. A IN a97.a.example.com. A IN a98.a.example.com. A IN a99.a.example.com. A IN a100.a.example.com. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -325,12 +358,14 @@ grep "a.example.com. IN A" outfile echo "" echo "> query www5.example.net. www3.example.net. www.drop.net." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" diff --git a/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test b/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test index 5223fc985..7f6527e0d 100644 --- a/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test +++ b/testdata/ssl_req_timeout.tdir/ssl_req_timeout.test @@ -17,12 +17,14 @@ fi # this test query should just work (server is up) echo "> query www1.example.net." -$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -34,6 +36,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -43,12 +46,14 @@ echo "OK" # multiple requests that are answered immediately and then the timeout echo "> query www1.example.net. www2.example.net. www3.example.net. www.example.com." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN www.example.com. A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN www.example.com. A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -60,6 +65,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -71,6 +77,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -82,6 +89,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -93,6 +101,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" @@ -101,12 +110,14 @@ fi # multiple requests that are waiting for answers and then the timeout echo "> query www2.example.com. www2.example.com. www3.example.com." -$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN www2.example.com A IN www3.example.com A IN >outfile 2>&1 +$PRE/streamtcp -a -s -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN www2.example.com A IN www3.example.com A IN >outfile 2>outerr cat outfile +cat outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "Not OK" @@ -118,6 +129,7 @@ else echo "result contents not OK" echo "> cat logfiles" cat outfile + cat outerr cat fwd.log cat unbound.log echo "result contents not OK" diff --git a/testdata/stat_values.tdir/stat_values.conf b/testdata/stat_values.tdir/stat_values.conf new file mode 100644 index 000000000..5cec691f5 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.conf @@ -0,0 +1,31 @@ +server: + verbosity: 2 + num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + extended-statistics: yes + identity: "stat_values" + + local-zone: local.zone static + local-data: "www.local.zone A 192.0.2.1" +remote-control: + control-enable: yes + control-interface: 127.0.0.1 + # control-interface: ::1 + control-port: @CONTROL_PORT@ + server-key-file: "unbound_server.key" + server-cert-file: "unbound_server.pem" + control-key-file: "unbound_control.key" + control-cert-file: "unbound_control.pem" +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" +forward-zone: + name: "expired." + forward-addr: "127.0.0.1@@EXPIREDPORT@" diff --git a/testdata/stat_values.tdir/stat_values.dsc b/testdata/stat_values.tdir/stat_values.dsc new file mode 100644 index 000000000..5112dbcf9 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.dsc @@ -0,0 +1,16 @@ +BaseName: stat_values +Version: 1.0 +Description: Test unbound statistics +CreationDate: Mon Sep 09 14:48:03 CEST 2020 +Maintainer: +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: stat_values.pre +Post: stat_values.post +Test: stat_values.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/stat_values.tdir/stat_values.post b/testdata/stat_values.tdir/stat_values.post new file mode 100644 index 000000000..8656b599f --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.post @@ -0,0 +1,14 @@ +# #-- stat_values.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill $FWD_EXPIRED_PID >/dev/null 2>&1 # This is killed during testing. +# it was stopped with unbound-control (if the test succeeded) +kill $UNBOUND_PID >/dev/null 2>&1 +kill $UNBOUND_PID >/dev/null 2>&1 +exit 0 diff --git a/testdata/stat_values.tdir/stat_values.pre b/testdata/stat_values.tdir/stat_values.pre new file mode 100644 index 000000000..2db4a17e0 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.pre @@ -0,0 +1,41 @@ +# #-- stat_values.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 4 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +FWD_EXPIRED_PORT=$(($RND_PORT + 2)) +CONTROL_PORT=$(($RND_PORT + 3)) +FWD_EXPIRED_PORT=$(($RND_PORT + 4)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test +echo "FWD_EXPIRED_PORT=$FWD_EXPIRED_PORT" >> .tpkg.var.test +echo "CONTROL_PORT=$CONTROL_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT stat_values.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# start expired forwarder +$LDNS_TESTNS -p $FWD_EXPIRED_PORT stat_values.testexpiredns >fwd_expired.log 2>&1 & +FWD_EXPIRED_PID=$! +echo "FWD_EXPIRED_PID=$FWD_EXPIRED_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' -e 's/@EXPIREDPORT\@/'$FWD_EXPIRED_PORT'/' -e 's/@CONTROL_PORT\@/'$CONTROL_PORT'/' < stat_values.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_ldns_testns_up fwd_expired.log +wait_unbound_up unbound.log diff --git a/testdata/stat_values.tdir/stat_values.test b/testdata/stat_values.tdir/stat_values.test new file mode 100644 index 000000000..1cd19fa2b --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.test @@ -0,0 +1,411 @@ +# #-- stat_values.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test +# We need kill_pid for the serve-expired-client-timeout test +. ../common.sh + +PRE="../.." + +# Individual thread stats. +STATS_IGNORE_THREAD="\ +^thread" + +# Histogram stats. +STATS_IGNORE_HISTOGRAM="\ +^histogram" + +# Time dependent stats. +STATS_IGNORE_TIME_SPECIFIC="\ +^total.recursion.time.avg= +^total.recursion.time.median= +^time.now= +^time.up= +^time.elapsed=" + +# Usage dependent stats. +STATS_IGNORE_USAGE_SPECIFIC="\ +^total.requestlist.avg= +^total.requestlist.max= +^total.requestlist.overwritten= +^total.requestlist.exceeded= +^total.requestlist.current.all= +^total.requestlist.current.user= +^total.tcpusage= +^mem\." + +# Stats to ignore by default. +STATS_IGNORE_DEFAULT="\ +$STATS_IGNORE_THREAD +$STATS_IGNORE_HISTOGRAM +$STATS_IGNORE_TIME_SPECIFIC +$STATS_IGNORE_USAGE_SPECIFIC" + +# Various files to be used while testing. +STATS_FILE=stats.$$ +EXPECTED_STATS_FILE=expected_stats.$$ +IGNORE_REGEX_FILE=ignore_regex.$$ +FILTERED_STATS_FILE=filtered_stats.$$ +FOUND_STATS_FILE=found_stats.$$ +REST_STATS_FILE=rest_stats.$$ + +DEBUG=0 + +# Write stats to $STATS_FILE. +# Call this when you want to get stats from unbound. +get_stats () { + echo "> Getting stats" + echo "$PRE/unbound-control -c ub.conf stats" + $PRE/unbound-control -c ub.conf stats > $STATS_FILE + if test $? -ne 0; then + echo "wrong exit value after success" + exit 1 + fi +} + +# Set the expected stat values by writing to $EXPECTED_STATS_FILE. +# sort is used for proper diff later. +set_expected_stats () { + echo "$1" | sort > $EXPECTED_STATS_FILE +} + +# Set the regex to ignore stats by writing to $IGNORE_REGEX_FILE. +set_ignore_regex_stats () { + echo "$1" > $IGNORE_REGEX_FILE +} + +# Filter the stats by removing any matched regex from $IGNORE_REGEX_FILE, +# sorts and writes the left over stats to $FILTERED_STATS_FILE. +filter_stats () { + grep -v -f $IGNORE_REGEX_FILE $STATS_FILE | sort > $FILTERED_STATS_FILE +} + +# Check that the stats in $FILTERED_STATS_FILE include the expected stats in +# $EXPECTED_STATS_FILE. +check_expected_stats () { + echo "> Checking expected stats" + grep -F -x -f $EXPECTED_STATS_FILE $FILTERED_STATS_FILE > $FOUND_STATS_FILE + if test $DEBUG -ne 0; then + echo "Found:" + cat $FOUND_STATS_FILE + fi + if diff $EXPECTED_STATS_FILE $FOUND_STATS_FILE; then + echo "OK" + else + echo "! bad expected stats:" + cat $FILTERED_STATS_FILE + exit 1 + fi +} + +# Check that the rest (unspecified) stats are all 0 (no surprises). +check_rest_stats () { + echo "> Checking rest stats" + grep -F -x -v -f $EXPECTED_STATS_FILE $FILTERED_STATS_FILE > $REST_STATS_FILE + if test $DEBUG -ne 0; then + echo "Rest:" + cat $REST_STATS_FILE + fi + if grep -v "=0$" $REST_STATS_FILE; then + echo "! bad rest stats" + exit 1 + else + echo "OK" + fi +} + +# Main function to check stats by: +# - Getting stats from unbound +# - Filtering out the stats we are not interested in +# - Checking that the expected stats are part of the filtered stats +# - The rest of the stats have 0 values. +check_stats () { + set_expected_stats "$1" + if test $DEBUG -ne 0; then + echo "Expected:" + cat $EXPECTED_STATS_FILE + fi + get_stats + filter_stats + if test $DEBUG -ne 0; then + echo "Filtered:" + cat $FILTERED_STATS_FILE + fi + check_expected_stats + check_rest_stats +} + +# Convenient function to set an option through unbound-control. +set_ub_option () { + name=$1 + value=$2 + echo "$PRE/unbound-control -c ub.conf set_option $name: $value" + $PRE/unbound-control -c ub.conf set_option $name: $value + if test $? -ne 0; then + echo "wrong exit value after success" + exit 1 + fi +} + +# Convenient function to exit the test. +end () { + echo "> cat logfiles" + cat fwd.log + cat unbound.log + if test $1 -eq 1; then + echo "Not OK" + else + echo "> OK" + fi + exit $1 +} + +# Ignore all run specific stats. +set_ignore_regex_stats "$STATS_IGNORE_DEFAULT" + +# Check if the server is up. +echo "> dig 1ttl.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT 1ttl.example.com. | tee outfile +echo "> check answer" +if grep "1.1.1.1" outfile; then + echo "OK" +else + end 1 +fi + +echo +echo "[ Check initial stats based on first query. ]" +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1 +num.answer.rcode.NOERROR=1" + +echo +echo "[ Check stat reset. ]" +check_stats "\ +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1" + + +echo +echo "[ Enable serve-expired and check. ]" +set_ub_option serve-expired yes +sleep 2 # make sure the TTL has expired. +echo "> dig 1ttl.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT 1ttl.example.com. | tee outfile +echo "> check answer" +if grep "1.1.1.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.expired=1 +total.num.cachehits=1 +total.num.prefetch=1 +num.answer.rcode.NOERROR=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +msg.cache.count=1 +rrset.cache.count=1 +infra.cache.count=1" + + +echo +echo "[ Enable serve-expired-client-timeout and check. ]" +set_ub_option serve-expired-client-timeout 1 +echo "> dig servfail.expired." +dig @127.0.0.1 -p $UNBOUND_PORT servfail.expired. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.cachemiss=1 +total.num.recursivereplies=1 +num.query.type.A=1 +num.query.class.IN=1 +num.query.opcode.QUERY=1 +num.query.flags.RD=1 +num.query.flags.AD=1 +num.query.edns.present=1 +msg.cache.count=2 +rrset.cache.count=2 +infra.cache.count=2 +num.answer.rcode.NOERROR=1" +kill_pid $FWD_EXPIRED_PID # kill the expired forwarder to force a servfail from upstream. +sleep 2 # make sure the TTL has expired. +echo "> dig servfail.expired." +dig @127.0.0.1 -p $UNBOUND_PORT servfail.expired. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +total.num.queries=1 +total.num.expired=1 +total.num.recursivereplies=1 +num.answer.rcode.NOERROR=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.cachemiss=1 +msg.cache.count=2 +rrset.cache.count=2 +infra.cache.count=2" + + +# Disable serve-expired +set_ub_option serve-expired no + + +echo +echo "[ Check REFUSED; try without RD flag. ]" +echo "> dig somethingelse.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT +nordflag somethingelse.example.com. | tee outfile +echo "> check answer" +if grep "REFUSED" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.answer.rcode.REFUSED=1 +total.num.cachehits=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +msg.cache.count=2 +rrset.cache.count=2 +infra.cache.count=2" + + +echo +echo "[ Check the AD flag. ]" +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT +noadflag www.example.com. | tee outfile +echo "> check answer" +if grep "10.20.30.40" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.query.flags.AD=0 +total.num.cachemiss=1 +num.answer.rcode.NOERROR=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +total.num.recursivereplies=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + +echo +echo "[ Check local zone. ]" +echo "> dig www.local.zone." +dig @127.0.0.1 -p $UNBOUND_PORT www.local.zone. | tee outfile +echo "> check answer" +if grep "192.0.2.1" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.answer.rcode.NOERROR=1 +total.num.cachehits=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + + +echo +echo "[ Check NXDOMAIN (with local data). ]" +echo "> dig mail.local.zone." +dig @127.0.0.1 -p $UNBOUND_PORT mail.local.zone. | tee outfile +echo "> check answer" +if grep "NXDOMAIN" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.answer.rcode.NXDOMAIN=1 +total.num.cachehits=1 +num.query.class.IN=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.A=1 +total.num.queries=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + + +echo +echo "[ Check CHAOS. ]" +echo "> dig id.server. ch txt" +dig @127.0.0.1 -p $UNBOUND_PORT id.server. ch txt | tee outfile +echo "> check answer" +if grep "stat_values" outfile; then + echo "OK" +else + end 1 +fi +check_stats "\ +num.query.class.CH=1 +total.num.cachehits=1 +num.answer.rcode.NOERROR=1 +num.query.edns.present=1 +num.query.flags.AD=1 +num.query.flags.RD=1 +num.query.opcode.QUERY=1 +num.query.type.TXT=1 +total.num.queries=1 +msg.cache.count=3 +rrset.cache.count=3 +infra.cache.count=2" + + +end 0 diff --git a/testdata/stat_values.tdir/stat_values.testexpiredns b/testdata/stat_values.tdir/stat_values.testexpiredns new file mode 100644 index 000000000..a737a4a79 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.testexpiredns @@ -0,0 +1,13 @@ +; nameserver test file +$ORIGIN expired. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +servfail IN A +SECTION ANSWER +servfail 1 IN A 192.0.2.1 +ENTRY_END diff --git a/testdata/stat_values.tdir/stat_values.testns b/testdata/stat_values.tdir/stat_values.testns new file mode 100644 index 000000000..6691b0199 --- /dev/null +++ b/testdata/stat_values.tdir/stat_values.testns @@ -0,0 +1,23 @@ +; nameserver test file +$ORIGIN example.com. +$TTL 3600 + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +www IN A +SECTION ANSWER +www IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +REPLY QR AA NOERROR +ADJUST copy_id +SECTION QUESTION +1ttl IN A +SECTION ANSWER +1ttl 1 IN A 1.1.1.1 +ENTRY_END diff --git a/testdata/stat_values.tdir/unbound_control.key b/testdata/stat_values.tdir/unbound_control.key new file mode 100644 index 000000000..753a4ef61 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/stat_values.tdir/unbound_control.pem b/testdata/stat_values.tdir/unbound_control.pem new file mode 100644 index 000000000..a1edf7017 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/stat_values.tdir/unbound_server.key b/testdata/stat_values.tdir/unbound_server.key new file mode 100644 index 000000000..370a7bbb2 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/stat_values.tdir/unbound_server.pem b/testdata/stat_values.tdir/unbound_server.pem new file mode 100644 index 000000000..986807310 --- /dev/null +++ b/testdata/stat_values.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/stream_ssl.tdir/stream_ssl.test b/testdata/stream_ssl.tdir/stream_ssl.test index 08bbcdee9..b5bc2d911 100644 --- a/testdata/stream_ssl.tdir/stream_ssl.test +++ b/testdata/stream_ssl.tdir/stream_ssl.test @@ -11,11 +11,12 @@ get_make # first test streamtcp against the server unbound. echo "> streamtcp -s www.example.com A IN" -$PRE/streamtcp -s -f 127.0.0.1@$SERV_PORT www.example.com. A IN >outfile 2>&1 +$PRE/streamtcp -s -f 127.0.0.1@$SERV_PORT www.example.com. A IN >outfile 2>outerr if test "$?" -ne 0; then echo "exit status not OK" echo "> cat logfiles" cat outfile + cat outerr echo "SSLSERVICE" cat unboundserv.log echo "SSLCLIENT" @@ -27,6 +28,7 @@ else fi echo "> cat logfiles" cat outfile +cat outerr echo "SSLSERVICE" cat unboundserv.log echo "SSLCLIENT" diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.conf b/testdata/tcp_reuse.tdir/tcp_reuse.conf new file mode 100644 index 000000000..e8de8d3f8 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.conf @@ -0,0 +1,17 @@ +server: + verbosity: 5 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + + tcp-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.conf2 b/testdata/tcp_reuse.tdir/tcp_reuse.conf2 new file mode 100644 index 000000000..55985c83f --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.conf2 @@ -0,0 +1,39 @@ +# this is the upstream server that has pipelining and responds to queries. +server: + verbosity: 1 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound2.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tcp-idle-timeout: 10000 + + log-queries: yes + log-replies: yes + log-identity: "upstream" + + local-zone: "." refuse + local-zone: "example.com" static + local-data: "www.example.com A 10.20.30.40" + local-data: "www1.example.com A 10.20.30.41" + local-data: "www2.example.com A 10.20.30.42" + local-data: "www3.example.com A 10.20.30.43" + local-data: "www4.example.com A 10.20.30.44" + local-data: "www5.example.com A 10.20.30.45" + local-data: "www6.example.com A 10.20.30.46" + local-data: "www7.example.com A 10.20.30.47" + + local-zone: "drop.net" deny + local-zone: "refuse.net" refuse + + local-zone: "more.net" redirect + local-data: "more.net A 10.20.30.40" + +# if queries escape, send them to localhost +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.dsc b/testdata/tcp_reuse.tdir/tcp_reuse.dsc new file mode 100644 index 000000000..8a780480d --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.dsc @@ -0,0 +1,16 @@ +BaseName: tcp_reuse +Version: 1.0 +Description: Test tcp stream reuse. +CreationDate: Wed Jun 03 09:37:00 CET 2020 +Maintainer: Wouter Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: tcp_reuse.pre +Post: tcp_reuse.post +Test: tcp_reuse.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.post b/testdata/tcp_reuse.tdir/tcp_reuse.post new file mode 100644 index 000000000..ca7535471 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.post @@ -0,0 +1,19 @@ +# #-- tcp_reuse.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid `cat unbound2.pid` +if test -f unbound2.log; then + echo ">>> upstream log" + cat unbound2.log +fi +#kill_pid $UNBOUND_PID +kill_pid `cat unbound.pid` +if test -f unbound.log; then + echo ">>> unbound log" + cat unbound.log +fi diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.pre b/testdata/tcp_reuse.tdir/tcp_reuse.pre new file mode 100644 index 000000000..511dbc6f7 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.pre @@ -0,0 +1,34 @@ +# #-- tcp_reuse.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +UPSTREAM_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf > ub.conf +# start unbound in the background +#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +# make upstream config file +sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tcp_reuse.conf2 > ub2.conf +# start upstream unbound in the background +#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 & +$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log & +UPSTREAM_PID=$! +echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test +wait_unbound_up unbound2.log + +cat .tpkg.var.test + diff --git a/testdata/tcp_reuse.tdir/tcp_reuse.test b/testdata/tcp_reuse.tdir/tcp_reuse.test new file mode 100644 index 000000000..b62ec0d19 --- /dev/null +++ b/testdata/tcp_reuse.tdir/tcp_reuse.test @@ -0,0 +1,309 @@ +# #-- tcp_reuse.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +get_make +(cd $PRE; $MAKE streamtcp) + +echo "> query www1.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.com" outfile | grep "10.20.30.41"; then + echo "content OK" +else + echo "result contents not OK, for www1.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www1.example.com" + exit 1 +fi +echo "OK" +echo "" + +# this should be reused on the same tcp stream: +echo "> query www2.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK, for www2.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www2.example.com" + exit 1 +fi + +echo "> query refuse.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for refuse.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for refuse.net" + exit 1 +fi + +echo "> query www3.example.com." +echo "> query www4.example.com." +echo "> query www5.example.com." +echo "> query www6.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK, for www3.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www3.example.com" + exit 1 +fi +if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK, for www4.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www4.example.com" + exit 1 +fi +if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then + echo "content OK" +else + echo "result contents not OK, for www5.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www5.example.com" + exit 1 +fi +if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then + echo "content OK" +else + echo "result contents not OK, for www6.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www6.example.com" + exit 1 +fi + +echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# make the server timeout to drop the upstream connection +echo "> sleep 15" +sleep 15 +# see if we are still up. +echo "> query a7.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a7.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# dropconn.drop.net make the server drop the connection. +echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +# cannot really check outfile, because it may or may not have answers depending +# on how fast the other server responds or the drop happens, but there are +# a bunch of connection drops, whilst resolving the other queries. + +echo "> query drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for drop.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for drop.net" + exit 1 +fi + + +# timeouts at the end. (so that the server is not marked as failed for +# the other tests). +echo "> query q1.drop.net." +echo "> query q2.drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile1 +cat outfile2 +if grep "rcode: SERVFAIL" outfile1; then + echo "content OK" +else + echo "result contents not OK, for q1.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q1.drop.net" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile2; then + echo "content OK" +else + echo "result contents not OK, for q2.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q2.drop.net" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/tls_reuse.tdir/tls_reuse.conf b/testdata/tls_reuse.tdir/tls_reuse.conf new file mode 100644 index 000000000..e8200b28b --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.conf @@ -0,0 +1,18 @@ +server: + verbosity: 5 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + + tls-cert-bundle: "unbound_server.pem" + tls-upstream: yes + +forward-zone: + name: "." + forward-addr: "127.0.0.1@@TOPORT@#unbound" diff --git a/testdata/tls_reuse.tdir/tls_reuse.conf2 b/testdata/tls_reuse.tdir/tls_reuse.conf2 new file mode 100644 index 000000000..0b452558d --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.conf2 @@ -0,0 +1,43 @@ +# this is the upstream server that has pipelining and responds to queries. +server: + verbosity: 1 + # num-threads: 1 + interface: 127.0.0.1@@PORT@ + port: @PORT@ + use-syslog: no + directory: . + pidfile: "unbound2.pid" + chroot: "" + username: "" + do-not-query-localhost: no + tls-port: @PORT@ + tls-service-key: "unbound_server.key" + tls-service-pem: "unbound_server.pem" + tcp-idle-timeout: 10000 + + log-queries: yes + log-replies: yes + log-identity: "upstream" + + local-zone: "." refuse + local-zone: "example.com" static + local-data: "www.example.com A 10.20.30.40" + local-data: "www1.example.com A 10.20.30.41" + local-data: "www2.example.com A 10.20.30.42" + local-data: "www3.example.com A 10.20.30.43" + local-data: "www4.example.com A 10.20.30.44" + local-data: "www5.example.com A 10.20.30.45" + local-data: "www6.example.com A 10.20.30.46" + local-data: "www7.example.com A 10.20.30.47" + + local-zone: "drop.net" deny + local-zone: "refuse.net" refuse + + local-zone: "more.net" redirect + local-data: "more.net A 10.20.30.40" + +# if queries escape, send them to localhost +forward-zone: + name: "." + forward-tls-upstream: yes + forward-addr: "127.0.0.1@@TOPORT@" diff --git a/testdata/tls_reuse.tdir/tls_reuse.dsc b/testdata/tls_reuse.tdir/tls_reuse.dsc new file mode 100644 index 000000000..76a80cdad --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.dsc @@ -0,0 +1,16 @@ +BaseName: tls_reuse +Version: 1.0 +Description: Test tls stream reuse. +CreationDate: Wed Jun 30 16:37:00 CET 2020 +Maintainer: Wouter Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: tls_reuse.pre +Post: tls_reuse.post +Test: tls_reuse.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/tls_reuse.tdir/tls_reuse.post b/testdata/tls_reuse.tdir/tls_reuse.post new file mode 100644 index 000000000..2eef0da96 --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.post @@ -0,0 +1,19 @@ +# #-- tls_reuse.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid `cat unbound2.pid` +if test -f unbound2.log; then + echo ">>> upstream log" + cat unbound2.log +fi +#kill_pid $UNBOUND_PID +kill_pid `cat unbound.pid` +if test -f unbound.log; then + echo ">>> unbound log" + cat unbound.log +fi diff --git a/testdata/tls_reuse.tdir/tls_reuse.pre b/testdata/tls_reuse.tdir/tls_reuse.pre new file mode 100644 index 000000000..f4ba26372 --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.pre @@ -0,0 +1,34 @@ +# #-- tls_reuse.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +UPSTREAM_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf > ub.conf +# start unbound in the background +#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test +wait_unbound_up unbound.log + +# make upstream config file +sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse.conf2 > ub2.conf +# start upstream unbound in the background +#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 & +$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log & +UPSTREAM_PID=$! +echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test +wait_unbound_up unbound2.log + +cat .tpkg.var.test + diff --git a/testdata/tls_reuse.tdir/tls_reuse.test b/testdata/tls_reuse.tdir/tls_reuse.test new file mode 100644 index 000000000..0f392fba8 --- /dev/null +++ b/testdata/tls_reuse.tdir/tls_reuse.test @@ -0,0 +1,308 @@ +# #-- tls_reuse.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +get_make +(cd $PRE; $MAKE streamtcp) + +echo "> query www1.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www1.example.com" outfile | grep "10.20.30.41"; then + echo "content OK" +else + echo "result contents not OK, for www1.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www1.example.com" + exit 1 +fi +echo "OK" +echo "" + +# this should be reused on the same tcp stream: +echo "> query www2.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www2.example.com" outfile | grep "10.20.30.42"; then + echo "content OK" +else + echo "result contents not OK, for www2.example.com" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www2.example.com" + exit 1 +fi + +echo "> query refuse.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT refuse.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for refuse.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for refuse.net" + exit 1 +fi + +echo "> query www3.example.com." +echo "> query www4.example.com." +echo "> query www5.example.com." +echo "> query www6.example.com." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www3.example.com. A IN >outfile3 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www4.example.com. A IN >outfile4 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www5.example.com. A IN >outfile5 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www6.example.com. A IN >outfile6 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "www3.example.com" outfile3 | grep "10.20.30.43"; then + echo "content OK" +else + echo "result contents not OK, for www3.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www3.example.com" + exit 1 +fi +if grep "www4.example.com" outfile4 | grep "10.20.30.44"; then + echo "content OK" +else + echo "result contents not OK, for www4.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www4.example.com" + exit 1 +fi +if grep "www5.example.com" outfile5 | grep "10.20.30.45"; then + echo "content OK" +else + echo "result contents not OK, for www5.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www5.example.com" + exit 1 +fi +if grep "www6.example.com" outfile6 | grep "10.20.30.46"; then + echo "content OK" +else + echo "result contents not OK, for www6.example.com" + echo "> cat logfiles" + cat outfile3 + cat outfile4 + cat outfile5 + cat outfile6 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for www6.example.com" + exit 1 +fi + +echo "> query a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a1.more.net A IN a2.more.net A IN a3.more.net A IN a4.more.net A IN a5.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a1.more.net a2.more.net a3.more.net a4.more.net a5.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# make the server timeout to drop the upstream connection +echo "> sleep 15" +sleep 15 +# see if we are still up. +echo "> query a7.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a7.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +for x in a7.more.net; do + if grep "$x" outfile | grep "10.20.30.40"; then + echo "content OK for $x" + else + echo "result contents not OK, for $x" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for $x" + exit 1 + fi +done + +# dropconn.drop.net make the server drop the connection. +echo "> query a11.more.net a12.more.net dropconn.drop.net a14.more.net a15.more.net" +$PRE/streamtcp -a -f 127.0.0.1@$UNBOUND_PORT a11.more.net A IN a12.more.net A IN dropconn.drop.net A IN a14.more.net A IN a15.more.net A IN >outfile 2>&1 +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile +# cannot really check outfile, because it may or may not have answers depending +# on how fast the other server responds or the drop happens, but there are +# a bunch of connection drops, whilst resolving the other queries. + +echo "> query drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT drop.net. A IN >outfile 2>&1 +cat outfile +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile; then + echo "content OK" +else + echo "result contents not OK, for drop.net" + echo "> cat logfiles" + cat outfile + cat unbound2.log + cat unbound.log + echo "result contents not OK, for drop.net" + exit 1 +fi + +# timeouts at the end. (so that the server is not marked as failed for +# the other tests). +echo "> query q1.drop.net." +echo "> query q2.drop.net." +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q1.drop.net. A IN >outfile1 2>&1 & +$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT q2.drop.net. A IN >outfile2 2>&1 & +wait +if test "$?" -ne 0; then + echo "exit status not OK" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "Not OK" + exit 1 +fi +cat outfile1 +cat outfile2 +if grep "rcode: SERVFAIL" outfile1; then + echo "content OK" +else + echo "result contents not OK, for q1.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q1.drop.net" + exit 1 +fi +if grep "rcode: SERVFAIL" outfile2; then + echo "content OK" +else + echo "result contents not OK, for q2.drop.net" + echo "> cat logfiles" + cat outfile1 + cat outfile2 + cat unbound2.log + cat unbound.log + echo "result contents not OK, for q2.drop.net" + exit 1 +fi + +echo "OK" +exit 0 diff --git a/testdata/tls_reuse.tdir/unbound_control.key b/testdata/tls_reuse.tdir/unbound_control.key new file mode 100644 index 000000000..753a4ef61 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_control.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA +1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ +F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR +ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm +vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb +IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL +cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr +lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov +15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf +LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+ +Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57 +YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9 +whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c +lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax +tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ +U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9 +Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc +Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3 +ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+ +1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN +b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz +ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C +TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF +tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y +aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0 +A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU +LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U +R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy +7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj +7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw +jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1 +BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar +kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR +qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3 +VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9 +MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa +C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g= +-----END RSA PRIVATE KEY----- diff --git a/testdata/tls_reuse.tdir/unbound_control.pem b/testdata/tls_reuse.tdir/unbound_control.pem new file mode 100644 index 000000000..a1edf7017 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_control.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw +WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv +OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj +1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl +NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht +A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/ +Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB +TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/ +nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My ++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj +4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83 +hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU +9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn +ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ +pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD +72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ +muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP +uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte +-----END CERTIFICATE----- diff --git a/testdata/tls_reuse.tdir/unbound_server.key b/testdata/tls_reuse.tdir/unbound_server.key new file mode 100644 index 000000000..370a7bbb2 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_server.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI +0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq +GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z +uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K +WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5 +FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP +q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL +A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP +7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf +XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6 +iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7 +2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo +MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj +WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz +O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI +IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN +qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU +dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs +bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr +YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km +7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr +gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z +5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG +ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN +oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+ +s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW +zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx +ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1 +oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3 +BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS +mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8 +kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93 +7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8 +RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O +jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp +O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre +MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A== +-----END RSA PRIVATE KEY----- diff --git a/testdata/tls_reuse.tdir/unbound_server.pem b/testdata/tls_reuse.tdir/unbound_server.pem new file mode 100644 index 000000000..986807310 --- /dev/null +++ b/testdata/tls_reuse.tdir/unbound_server.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx +EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5 +WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB +igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32 +a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2 +4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot +aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4 +TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ +uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4 ++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz +XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx +dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW +84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7 +JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca +fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg +XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF +qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25 +sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD +yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe +CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ== +-----END CERTIFICATE----- diff --git a/testdata/val_cnametocnamewctoposwc.rpl b/testdata/val_cnametocnamewctoposwc.rpl index f17f5aafc..c290026ba 100644 --- a/testdata/val_cnametocnamewctoposwc.rpl +++ b/testdata/val_cnametocnamewctoposwc.rpl @@ -186,7 +186,7 @@ ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA AD DO NOERROR +REPLY QR TC RD RA AD DO NOERROR SECTION QUESTION start.example.com. IN A SECTION ANSWER @@ -201,11 +201,7 @@ SECTION AUTHORITY *.wc.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131853 20121029131853 64050 example.com. YrmCLu0uGgD2gcU4p12BGnUGYcrKmfg82MJHSF5OnVmmJxXiSbSBnZPahbJNGA/kPLt+SlDyBTcssZKXWxM6bW7WF57OwffOj7rMyr5vhx7J6OsuWKotPVqnUFDx9j/rOum24yCKqoBWvpW/RYUHLuX1Wm05WMCgNWhuN4wqwiU= *.end.example.com. 86400 IN NSEC escapedtext.example.com. A RRSIG NSEC *.end.example.com. 86400 IN RRSIG NSEC 8 3 86400 20121126131826 20121029131826 64050 example.com. P6uJSImaee+5NHlTP06pMxgO69qxjJc0Uo1+htjVyE8f15MhG8A7NttvzggbtyzmfLMPr7TilM+Mm7hC3pIk/TeBEdH8p+8qypnY0NzPntz5z1+6C6ZTjDXp6NxDwMz7th31r3B3u4xo/K4qMnXmrAFOIE5Lopk0uDGXfjKPCKE= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20121126131826 20121029131826 64050 example.com. NgY7UAdkXprnCi/O6c5XoB82tqLBd1bY9LmDG9wwN0zEUR5aHQcOmX9waHyqXQI86SOFQbGCvO2wDLqdqWniw1IYf4S66Vf9KrpaH2gVbvHKiEpGJPeDYQcD5xkv50Lsp4ktcLyuO/dk8ORCP7E2yC5IQVNeFgUfaqttZcJoxuQ= SECTION ADDITIONAL -ns.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= ENTRY_END SCENARIO_END diff --git a/testdata/val_nsec3_cnametocnamewctoposwc.rpl b/testdata/val_nsec3_cnametocnamewctoposwc.rpl index 23d2b6a89..0fba0e2e1 100644 --- a/testdata/val_nsec3_cnametocnamewctoposwc.rpl +++ b/testdata/val_nsec3_cnametocnamewctoposwc.rpl @@ -184,7 +184,7 @@ ENTRY_END STEP 10 CHECK_ANSWER ENTRY_BEGIN MATCH all -REPLY QR RD RA AD DO NOERROR +REPLY QR TC RD RA AD DO NOERROR SECTION QUESTION start.example.com. IN A SECTION ANSWER @@ -199,11 +199,7 @@ isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN NSEC3 1 0 1 abcd isoaarj isjq5aarcp8p5sukc56g961cccjus5u2.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123259 20121029123259 64050 example.com. Cxwzq1DUQvhkTVHEJHlb92c511Y+uJy/C0yL9br6W/5lB/usuSiK2DjW58ibPh2kLH1P3SpGqd1Y7LigptdXoPBDFakcNcimPWCN93R3J80+vrHHPkPyIsBaywwYI3SNGgfnHfPF+wmH+tZ1vfEHbigOxqPFK+T0ntKq7dkSndg= a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN NSEC3 1 0 1 abcd a64lt5ij9a1up15h5cdsn1u2071901hu A RRSIG a61sejfu6am5a36p628t4s089s309o44.example.com. 86400 IN RRSIG NSEC3 8 3 86400 20121126123315 20121029123315 64050 example.com. gfBu4oqo9cVxJbqrw2Ly7mK638kGPOF8l8eh7ovalniwkU3F+PNYJyfSE9yGX8tMGbXrkEW9mAzAh39igr2+Bbzi9WPTRp4RDVM0qw+eyMmQRPWKt7FeanDtP+OcdVp0Hf2aPzsgmgTdS6s0AboUq1rX53H2M6F8xAiwPrBJXDQ= -example.com. 3600 IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 8 2 3600 20121126123249 20121029123249 64050 example.com. cpLjgKPacNxVIGo59tYMZ98GVYpH28WHRWj3AeIHK0StYFcAlflGLdkae1LEgMwfUmzrayrA5GMe3AH8LyuTgA2Dn1oNFxGfuShQvK2MFQ+LxvQfiuoqlAlL5Aa94IWcSoU/wLrr66I1K8oSB2yK1Tyyv73c2N40D1mBbzIE70U= SECTION ADDITIONAL -ns.example.com. 3600 IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 8 2 3600 20121126123249 20121029123249 64050 example.com. zxGyimwFsd39j8T7jJ+tSAQPwZ7tjk6HHmzosTMCRePM4k4newbLb5HbrpucSiW/plaEZvjRTDTJ6bPkw0msPXjPCI/22Zh236XO5vhGtMOlxDgAEazuhifVF6UsM7GZwONPBCvw705HgWQyCR1YlTK2w9ffH3GopU9f4oP7Pmk= ENTRY_END SCENARIO_END diff --git a/testdata/val_stub_noroot.rpl b/testdata/val_stub_noroot.rpl index 4235bcc52..07113bef7 100644 --- a/testdata/val_stub_noroot.rpl +++ b/testdata/val_stub_noroot.rpl @@ -3,8 +3,6 @@ server: target-fetch-policy: "0 0 0 0 0" trust-anchor: "lp0.eu. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" val-override-date: "20100913111500" - ; the dlv anchor is completely ignored, but here to test that. - dlv-anchor: "dlv.isc.org. IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3" fake-sha1: yes trust-anchor-signaling: no minimal-responses: no diff --git a/testdata/val_unalgo_dlv.rpl b/testdata/val_unalgo_dlv.rpl deleted file mode 100644 index 142beae8d..000000000 --- a/testdata/val_unalgo_dlv.rpl +++ /dev/null @@ -1,284 +0,0 @@ -; config options -; The island of trust is at example.com (the DLV repository) -server: - dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" - val-override-date: "20070916134226" - target-fetch-policy: "0 0 0 0 0" - qname-minimisation: "no" - fake-sha1: yes - trust-anchor-signaling: no - minimal-responses: no - -stub-zone: - name: "." - stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. -CONFIG_END - -SCENARIO_BEGIN Test validator with unknown algorithm DLV anchor -; positive response for DLV. -; but only has unknown algos -; have to treat zone as insecure - -; K.ROOT-SERVERS.NET. -RANGE_BEGIN 0 100 - ADDRESS 193.0.14.129 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -. IN NS -SECTION ANSWER -. IN NS K.ROOT-SERVERS.NET. -SECTION ADDITIONAL -K.ROOT-SERVERS.NET. IN A 193.0.14.129 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -com. IN A -SECTION AUTHORITY -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -net. IN A -SECTION AUTHORITY -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END -RANGE_END - -; a.gtld-servers.net. -RANGE_BEGIN 0 100 - ADDRESS 192.5.6.30 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -com. IN NS -SECTION ANSWER -com. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net. IN NS -SECTION ANSWER -net. IN NS a.gtld-servers.net. -SECTION ADDITIONAL -a.gtld-servers.net. IN A 192.5.6.30 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.com. IN A -SECTION AUTHORITY -example.com. IN NS ns.example.com. -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ENTRY_END - -ENTRY_BEGIN -MATCH opcode subdomain -ADJUST copy_id copy_query -REPLY QR NOERROR -SECTION QUESTION -example.net. IN A -SECTION AUTHORITY -example.net. IN NS ns.example.net. -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ENTRY_END -RANGE_END - -; ns.example.com. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.4 -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN NS -SECTION ANSWER -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; response to DNSKEY priming query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.com. IN DNSKEY -SECTION ANSWER -example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} -example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -; DLV query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net.example.com. IN DLV -SECTION ANSWER -; algo 208 is unknown -example.net.example.com. 3600 IN DLV 30899 208 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. AFBU1dN/KstcLfQQzy7ZKvPq+2hQg7D6QynqgwI3f8envPQGj782/NA= ;{id = 2854} -;example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -;example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854} -SECTION AUTHORITY -example.com. IN NS ns.example.com. -example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} -SECTION ADDITIONAL -ns.example.com. IN A 1.2.3.4 -ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -net.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NXDOMAIN -SECTION QUESTION -com.example.com. IN DLV -SECTION ANSWER -SECTION AUTHORITY -example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600 -example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854} -example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC -example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854} -ENTRY_END - -RANGE_END - -; ns.example.net. -RANGE_BEGIN 0 100 - ADDRESS 1.2.3.5 -; DS RR is -; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix -; DNSKEY prime query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN DNSKEY -SECTION ANSWER -example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} -example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; NS query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -example.net. IN NS -SECTION ANSWER -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -; www.example.net query -ENTRY_BEGIN -MATCH opcode qtype qname -ADJUST copy_id -REPLY QR NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - - -RANGE_END - -STEP 1 QUERY -ENTRY_BEGIN -REPLY RD DO -SECTION QUESTION -www.example.net. IN A -ENTRY_END - -; recursion happens here. -STEP 10 CHECK_ANSWER -ENTRY_BEGIN -MATCH all -REPLY QR RD RA DO NOERROR -SECTION QUESTION -www.example.net. IN A -SECTION ANSWER -www.example.net. 3600 IN A 10.20.30.40 -www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899} -SECTION AUTHORITY -example.net. IN NS ns.example.net. -example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899} -SECTION ADDITIONAL -ns.example.net. IN A 1.2.3.5 -ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899} -ENTRY_END - -SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index c47ccf31b..4826f9774 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -78,6 +78,8 @@ gid_t cfg_gid = (gid_t)-1; int autr_permit_small_holddown = 0; /** size (in bytes) of stream wait buffers max */ size_t stream_wait_max = 4 * 1024 * 1024; +size_t http2_query_buffer_max = 4 * 1024 * 1024; +size_t http2_response_buffer_max = 4 * 1024 * 1024; /** global config during parsing */ struct config_parser_state* cfg_parser = 0; @@ -117,6 +119,12 @@ config_create(void) cfg->tls_cert_bundle = NULL; cfg->tls_win_cert = 0; cfg->tls_use_sni = 1; + cfg->https_port = UNBOUND_DNS_OVER_HTTPS_PORT; + if(!(cfg->http_endpoint = strdup("/dns-query"))) goto error_exit; + cfg->http_max_streams = 100; + cfg->http_query_buffer_size = 4*1024*1024; + cfg->http_response_buffer_size = 4*1024*1024; + cfg->http_nodelay = 1; cfg->use_syslog = 1; cfg->log_identity = NULL; /* changed later with argv[0] */ cfg->log_time_ascii = 0; @@ -144,7 +152,7 @@ config_create(void) cfg->incoming_num_tcp = 2; #endif cfg->stream_wait_size = 4 * 1024 * 1024; - cfg->edns_buffer_size = 4096; /* 4k from rfc recommendation */ + cfg->edns_buffer_size = 1232; /* from DNS flagday recommendation */ cfg->msg_buffer_size = 65552; /* 64 k + a small margin */ cfg->msg_cache_size = 4 * 1024 * 1024; cfg->msg_cache_slabs = 4; @@ -162,7 +170,9 @@ config_create(void) cfg->infra_cache_slabs = 4; cfg->infra_cache_numhosts = 10000; cfg->infra_cache_min_rtt = 50; + cfg->infra_keep_probing = 0; cfg->delay_close = 0; + cfg->udp_connect = 1; if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int)))) goto error_exit; init_outgoing_availports(cfg->outgoing_avail_ports, 65536); @@ -210,7 +220,7 @@ config_create(void) cfg->views = NULL; cfg->acls = NULL; cfg->tcp_connection_limits = NULL; - cfg->harden_short_bufsize = 0; + cfg->harden_short_bufsize = 1; cfg->harden_large_queries = 0; cfg->harden_glue = 1; cfg->harden_dnssec_stripped = 1; @@ -227,14 +237,15 @@ config_create(void) cfg->hide_trustanchor = 0; cfg->identity = NULL; cfg->version = NULL; + cfg->nsid_cfg_str = NULL; + cfg->nsid = NULL; + cfg->nsid_len = 0; cfg->auto_trust_anchor_file_list = NULL; cfg->trust_anchor_file_list = NULL; cfg->trust_anchor_list = NULL; cfg->trusted_keys_file_list = NULL; cfg->trust_anchor_signaling = 1; cfg->root_key_sentinel = 1; - cfg->dlv_anchor_file = NULL; - cfg->dlv_anchor_list = NULL; cfg->domain_insecure = NULL; cfg->val_date_override = 0; cfg->val_sig_skew_min = 3600; /* at least daylight savings trouble */ @@ -316,6 +327,8 @@ config_create(void) cfg->qname_minimisation_strict = 0; cfg->shm_enable = 0; cfg->shm_key = 11777; + cfg->edns_client_strings = NULL; + cfg->edns_client_string_opcode = 65001; cfg->dnscrypt = 0; cfg->dnscrypt_port = 0; cfg->dnscrypt_provider = NULL; @@ -379,6 +392,7 @@ struct config_file* config_create_forlib(void) cfg->val_log_level = 2; /* to fill why_bogus with */ cfg->val_log_squelch = 1; cfg->minimal_responses = 0; + cfg->harden_short_bufsize = 1; return cfg; } @@ -491,6 +505,8 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("do-ip6:", do_ip6) else S_YNO("do-udp:", do_udp) else S_YNO("do-tcp:", do_tcp) + else S_YNO("prefer-ip4:", prefer_ip4) + else S_YNO("prefer-ip6:", prefer_ip6) else S_YNO("tcp-upstream:", tcp_upstream) else S_YNO("udp-upstream-without-downstream:", udp_upstream_without_downstream) @@ -512,6 +528,13 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("tls-ciphers:", tls_ciphers) else S_STR("tls-ciphersuites:", tls_ciphersuites) else S_YNO("tls-use-sni:", tls_use_sni) + else S_NUMBER_NONZERO("https-port:", https_port) + else S_STR("http-endpoint:", http_endpoint) + else S_NUMBER_NONZERO("http-max-streams:", http_max_streams) + else S_MEMSIZE("http-query-buffer-size:", http_query_buffer_size) + else S_MEMSIZE("http-response-buffer-size:", http_response_buffer_size) + else S_YNO("http-nodelay:", http_nodelay) + else S_YNO("http-notls-downstream:", http_notls_downstream) else S_YNO("interface-automatic:", if_automatic) else S_YNO("use-systemd:", use_systemd) else S_YNO("do-daemonize:", do_daemonize) @@ -547,10 +570,12 @@ int config_set_option(struct config_file* cfg, const char* opt, IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val); RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt; } + else S_YNO("infra-keep-probing:", infra_keep_probing) else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl) else S_POW2("infra-cache-slabs:", infra_cache_slabs) else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts) else S_NUMBER_OR_ZERO("delay-close:", delay_close) + else S_YNO("udp-connect:", udp_connect) else S_STR("chroot:", chrootdir) else S_STR("username:", username) else S_STR("directory:", directory) @@ -560,6 +585,20 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("hide-trustanchor:", hide_trustanchor) else S_STR("identity:", identity) else S_STR("version:", version) + else if(strcmp(opt, "nsid:") == 0) { + free(cfg->nsid_cfg_str); + if (!(cfg->nsid_cfg_str = strdup(val))) + return 0; + /* Empty string is just validly unsetting nsid */ + if (*val == 0) { + free(cfg->nsid); + cfg->nsid = NULL; + cfg->nsid_len = 0; + return 1; + } + cfg->nsid = cfg_parse_nsid(val, &cfg->nsid_len); + return cfg->nsid != NULL; + } else S_STRLIST("root-hints:", root_hints) else S_STR("target-fetch-policy:", target_fetch_policy) else S_YNO("harden-glue:", harden_glue) @@ -582,8 +621,6 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STRLIST("trusted-keys-file:", trusted_keys_file_list) else S_YNO("trust-anchor-signaling:", trust_anchor_signaling) else S_YNO("root-key-sentinel:", root_key_sentinel) - else S_STR("dlv-anchor-file:", dlv_anchor_file) - else S_STRLIST("dlv-anchor:", dlv_anchor_list) else S_STRLIST("domain-insecure:", domain_insecure) else S_NUMBER_OR_ZERO("val-bogus-ttl:", bogus_ttl) else S_YNO("val-clean-additional:", val_clean_additional) @@ -946,12 +983,16 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "infra-host-ttl", host_ttl) else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs) else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt) + else O_YNO(opt, "infra-keep-probing", infra_keep_probing) else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts) else O_UNS(opt, "delay-close", delay_close) + else O_YNO(opt, "udp-connect", udp_connect) else O_YNO(opt, "do-ip4", do_ip4) else O_YNO(opt, "do-ip6", do_ip6) else O_YNO(opt, "do-udp", do_udp) else O_YNO(opt, "do-tcp", do_tcp) + else O_YNO(opt, "prefer-ip4", prefer_ip4) + else O_YNO(opt, "prefer-ip6", prefer_ip6) else O_YNO(opt, "tcp-upstream", tcp_upstream) else O_YNO(opt, "udp-upstream-without-downstream", udp_upstream_without_downstream) else O_DEC(opt, "tcp-mss", tcp_mss) @@ -970,6 +1011,13 @@ config_get_option(struct config_file* cfg, const char* opt, else O_STR(opt, "tls-ciphers", tls_ciphers) else O_STR(opt, "tls-ciphersuites", tls_ciphersuites) else O_YNO(opt, "tls-use-sni", tls_use_sni) + else O_DEC(opt, "https-port", https_port) + else O_STR(opt, "http-endpoint", http_endpoint) + else O_UNS(opt, "http-max-streams", http_max_streams) + else O_MEM(opt, "http-query-buffer-size", http_query_buffer_size) + else O_MEM(opt, "http-response-buffer-size", http_response_buffer_size) + else O_YNO(opt, "http-nodelay", http_nodelay) + else O_YNO(opt, "http-notls-downstream", http_notls_downstream) else O_YNO(opt, "use-systemd", use_systemd) else O_YNO(opt, "do-daemonize", do_daemonize) else O_STR(opt, "chroot", chrootdir) @@ -987,6 +1035,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "hide-trustanchor", hide_trustanchor) else O_STR(opt, "identity", identity) else O_STR(opt, "version", version) + else O_STR(opt, "nsid", nsid_cfg_str) else O_STR(opt, "target-fetch-policy", target_fetch_policy) else O_YNO(opt, "harden-short-bufsize", harden_short_bufsize) else O_YNO(opt, "harden-large-queries", harden_large_queries) @@ -1000,7 +1049,6 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "unwanted-reply-threshold", unwanted_threshold) else O_YNO(opt, "do-not-query-localhost", donotquery_localhost) else O_STR(opt, "module-config", module_conf) - else O_STR(opt, "dlv-anchor-file", dlv_anchor_file) else O_DEC(opt, "val-bogus-ttl", bogus_ttl) else O_YNO(opt, "val-clean-additional", val_clean_additional) else O_DEC(opt, "val-log-level", val_log_level) @@ -1039,7 +1087,6 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LST(opt, "trusted-keys-file", trusted_keys_file_list) else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling) else O_YNO(opt, "root-key-sentinel", root_key_sentinel) - else O_LST(opt, "dlv-anchor", dlv_anchor_list) else O_LST(opt, "control-interface", control_ifs.first) else O_LST(opt, "domain-insecure", domain_insecure) else O_UNS(opt, "val-override-date", val_date_override) @@ -1133,6 +1180,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_LS3(opt, "access-control-tag-action", acl_tag_actions) else O_LS3(opt, "access-control-tag-data", acl_tag_datas) else O_LS2(opt, "access-control-view", acl_view) + else O_LS2(opt, "edns-client-strings", edns_client_strings) #ifdef USE_IPSECMOD else O_YNO(opt, "ipsecmod-enabled", ipsecmod_enabled) else O_YNO(opt, "ipsecmod-ignore-bogus", ipsecmod_ignore_bogus) @@ -1394,8 +1442,8 @@ config_delviews(struct config_view* p) p = np; } } -/** delete string array */ -static void + +void config_del_strarray(char** array, int num) { int i; @@ -1437,6 +1485,7 @@ config_delete(struct config_file* cfg) config_delstrlist(cfg->tls_session_ticket_keys.first); free(cfg->tls_ciphers); free(cfg->tls_ciphersuites); + free(cfg->http_endpoint); if(cfg->log_identity) { log_ident_revert_to_default(); free(cfg->log_identity); @@ -1455,6 +1504,8 @@ config_delete(struct config_file* cfg) #endif free(cfg->identity); free(cfg->version); + free(cfg->nsid_cfg_str); + free(cfg->nsid); free(cfg->module_conf); free(cfg->outgoing_avail_ports); config_delstrlist(cfg->caps_whitelist); @@ -1465,8 +1516,6 @@ config_delete(struct config_file* cfg) config_delstrlist(cfg->trusted_keys_file_list); config_delstrlist(cfg->trust_anchor_list); config_delstrlist(cfg->domain_insecure); - free(cfg->dlv_anchor_file); - config_delstrlist(cfg->dlv_anchor_list); config_deldblstrlist(cfg->acls); config_deldblstrlist(cfg->tcp_connection_limits); free(cfg->val_nsec3_key_iterations); @@ -1502,6 +1551,7 @@ config_delete(struct config_file* cfg) config_deldblstrlist(cfg->ratelimit_below_domain); config_delstrlist(cfg->python_script); config_delstrlist(cfg->dynlib_file); + config_deldblstrlist(cfg->edns_client_strings); #ifdef USE_IPSECMOD free(cfg->ipsecmod_hook); config_delstrlist(cfg->ipsecmod_whitelist); @@ -1994,6 +2044,37 @@ uint8_t* config_parse_taglist(struct config_file* cfg, char* str, return taglist; } +uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len) +{ + uint8_t* nsid = NULL; + + if (strncasecmp(str, "ascii_", 6) == 0) { + if ((nsid = (uint8_t *)strdup(str + 6))) + *nsid_len = strlen(str + 6); + + } else if (strlen(str) % 2) + ; /* hex string has even number of characters */ + + else if (*str && (nsid = calloc(1, strlen(str) / 2))) { + const char *ch; + uint8_t *dp; + + for ( ch = str, dp = nsid + ; isxdigit(ch[0]) && isxdigit(ch[1]) + ; ch += 2, dp++) { + *dp = (uint8_t)sldns_hexdigit_to_int(ch[0]) * 16; + *dp += (uint8_t)sldns_hexdigit_to_int(ch[1]); + } + if (*ch) { + free(nsid); + nsid = NULL; + } else + *nsid_len = strlen(str) / 2; + } + return nsid; +} + + char* config_taglist2str(struct config_file* cfg, uint8_t* taglist, size_t taglen) { @@ -2047,6 +2128,8 @@ config_apply(struct config_file* config) log_set_time_asc(config->log_time_ascii); autr_permit_small_holddown = config->permit_small_holddown; stream_wait_max = config->stream_wait_size; + http2_query_buffer_max = config->http_query_buffer_size; + http2_response_buffer_max = config->http_response_buffer_size; } void config_lookup_uid(struct config_file* cfg) diff --git a/util/config_file.h b/util/config_file.h index a18f0e79c..5405f30e4 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -131,6 +131,21 @@ struct config_file { /** if SNI is to be used */ int tls_use_sni; + /** port on which to provide DNS over HTTPS service */ + int https_port; + /** endpoint for HTTP service */ + char* http_endpoint; + /** MAX_CONCURRENT_STREAMS HTTP/2 setting */ + uint32_t http_max_streams; + /** maximum size of all HTTP2 query buffers combined. */ + size_t http_query_buffer_size; + /** maximum size of all HTTP2 response buffers combined. */ + size_t http_response_buffer_size; + /** set TCP_NODELAY option for http sockets */ + int http_nodelay; + /** Disable TLS for http sockets downstream */ + int http_notls_downstream; + /** outgoing port range number of ports (per thread) */ int outgoing_num_ports; /** number of outgoing tcp buffers per (per thread) */ @@ -166,8 +181,12 @@ struct config_file { size_t infra_cache_numhosts; /** min value for infra cache rtt */ int infra_cache_min_rtt; + /** keep probing hosts that are down */ + int infra_keep_probing; /** delay close of udp-timeouted ports, if 0 no delayclose. in msec */ int delay_close; + /** udp_connect enable uses UDP connect to mitigate ICMP side channel */ + int udp_connect; /** the target fetch policy for the iterator */ char* target_fetch_policy; @@ -319,6 +338,10 @@ struct config_file { char* identity; /** version, package version returned if "". */ char* version; + /** nsid */ + char *nsid_cfg_str; + uint8_t *nsid; + uint16_t nsid_len; /** the module configuration string */ char* module_conf; @@ -331,10 +354,6 @@ struct config_file { struct config_strlist* auto_trust_anchor_file_list; /** files with trusted DNSKEYs in named.conf format, list */ struct config_strlist* trusted_keys_file_list; - /** DLV anchor file */ - char* dlv_anchor_file; - /** DLV anchor inline */ - struct config_strlist* dlv_anchor_list; /** insecure domain list */ struct config_strlist* domain_insecure; /** send key tag query */ @@ -555,6 +574,11 @@ struct config_file { /** SHM data - key for the shm */ int shm_key; + /** list of EDNS client string entries, linked list */ + struct config_str2list* edns_client_strings; + /** EDNS opcode to use for EDNS client strings */ + uint16_t edns_client_string_opcode; + /** DNSCrypt */ /** true to enable dnscrypt */ int dnscrypt; @@ -627,6 +651,10 @@ extern gid_t cfg_gid; extern int autr_permit_small_holddown; /** size (in bytes) of stream wait buffers max */ extern size_t stream_wait_max; +/** size (in bytes) of all total HTTP2 query buffers max */ +extern size_t http2_query_buffer_max; +/** size (in bytes) of all total HTTP2 response buffers max */ +extern size_t http2_response_buffer_max; /** * Stub config options @@ -972,6 +1000,9 @@ void config_deldblstrlist(struct config_str2list* list); */ void config_deltrplstrlist(struct config_str3list* list); +/** delete string array */ +void config_del_strarray(char** array, int num); + /** delete stringbytelist */ void config_del_strbytelist(struct config_strbytelist* list); @@ -1045,6 +1076,16 @@ int cfg_count_numbers(const char* str); */ int cfg_parse_memsize(const char* str, size_t* res); +/** + * Parse nsid from string into binary nsid. nsid is either a hexidecimal + * string or an ascii string prepended with ascii_ in which case the + * characters after ascii_ are simply copied. + * @param str: the string to parse. + * @param nsid_len: returns length of nsid in bytes. + * @return malloced bytes or NULL on parse error or malloc failure. + */ +uint8_t* cfg_parse_nsid(const char* str, uint16_t* nsid_len); + /** * Add a tag name to the config. It is added at the end with a new ID value. * @param cfg: the config structure. diff --git a/util/configlexer.c b/util/configlexer.c index 3b62e9334..7c0500a19 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -354,8 +354,8 @@ static void yynoreturn yy_fatal_error ( const char* msg ); (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 324 -#define YY_END_OF_BUFFER 325 +#define YY_NUM_RULES 339 +#define YY_END_OF_BUFFER 340 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -363,354 +363,372 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static const flex_int16_t yy_accept[3150] = +static const flex_int16_t yy_accept[3309] = { 0, - 1, 1, 298, 298, 302, 302, 306, 306, 310, 310, - 1, 1, 314, 314, 318, 318, 325, 322, 1, 296, - 296, 323, 2, 323, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 298, 299, 299, 300, - 323, 302, 303, 303, 304, 323, 309, 306, 307, 307, - 308, 323, 310, 311, 311, 312, 323, 321, 297, 2, - 301, 323, 321, 317, 314, 315, 315, 316, 323, 318, - 319, 319, 320, 323, 322, 0, 1, 2, 2, 2, - 2, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 1, 1, 313, 313, 317, 317, 321, 321, 325, 325, + 1, 1, 329, 329, 333, 333, 340, 337, 1, 311, + 311, 338, 2, 338, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 313, 314, 314, 315, + 338, 317, 318, 318, 319, 338, 324, 321, 322, 322, + 323, 338, 325, 326, 326, 327, 338, 336, 312, 2, + 316, 338, 336, 332, 329, 330, 330, 331, 338, 333, + 334, 334, 335, 338, 337, 0, 1, 2, 2, 2, + 2, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 298, 0, 302, 0, - 309, 0, 306, 310, 0, 321, 0, 2, 2, 321, - 317, 0, 314, 318, 0, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 313, 0, + 317, 0, 324, 0, 321, 325, 0, 336, 0, 2, + 2, 336, 332, 0, 329, 333, 0, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 321, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 336, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 115, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 123, - 322, 322, 322, 322, 322, 322, 322, 321, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 125, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 134, 337, 337, 337, + 337, 337, 337, 337, 336, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 99, 322, 322, 322, 322, 322, - 322, 8, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 116, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 109, 337, 310, 337, 337, 337, 337, + 337, 8, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 128, 322, 321, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 291, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 126, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 139, 337, 336, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 321, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 57, 322, 322, 322, 322, + 337, 337, 303, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 228, 322, 14, 15, 322, 19, 18, 322, 322, 212, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 122, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 210, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 336, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 64, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 239, 337, 14, 15, 337, 19, 18, + 337, 337, 223, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 132, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 3, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 321, 322, - 322, 322, 322, 322, 322, 322, 285, 322, 322, 284, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 221, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 3, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 336, 337, 337, 337, 337, 337, 337, 337, 297, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 305, 322, - 322, 322, 322, 322, 322, 322, 56, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 60, 322, 259, 322, 322, 322, 322, - 322, 322, 322, 322, 292, 293, 322, 322, 322, 322, - 322, 61, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 119, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 199, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 296, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 320, 337, 337, 337, 337, 337, 337, 337, 337, 63, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 67, 337, 270, 337, + 337, 337, 337, 337, 337, 337, 337, 304, 305, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 21, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 147, 322, - 322, 321, 305, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 97, 322, 322, 322, 322, 322, 322, - 322, 267, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 171, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 68, 337, 337, 133, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 129, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 210, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 21, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 158, 337, 337, 336, 320, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 146, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 96, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 32, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 107, + 337, 337, 337, 337, 337, 337, 337, 278, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 182, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 157, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 33, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 58, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 121, 321, 322, - 322, 322, 322, 322, 114, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 59, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 232, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 172, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 106, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 32, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 33, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 65, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 131, 336, 337, 337, 337, 337, 337, + 124, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 47, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 250, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 51, 322, 52, 322, 322, - 322, 322, 322, 100, 322, 101, 322, 322, 322, 322, - 98, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 66, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 243, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 183, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 54, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 7, - 322, 321, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 221, - 322, 322, 322, 322, 149, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 233, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 48, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 261, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 58, 337, 59, 337, 337, 337, 337, 337, + 110, 337, 111, 337, 337, 337, 337, 108, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 7, 337, 336, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 191, 322, 190, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 16, 17, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 62, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 198, 322, 322, 322, 322, 322, 322, 103, 322, 102, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 232, 337, + 337, 337, 337, 160, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 244, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 45, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 55, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 202, 337, 201, 337, 337, 337, 337, 337, - 322, 182, 322, 322, 322, 322, 322, 322, 322, 322, - 129, 321, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 81, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 211, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 85, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 55, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 16, 17, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 69, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 209, + 337, 337, 337, 337, 337, 337, 113, 337, 112, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 193, 337, 337, 337, 337, 337, 337, 337, 337, + 140, 336, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 185, 186, - 322, 322, 322, 261, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 6, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 265, 322, - 322, 322, 322, 322, 322, 286, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 42, 322, 322, - 322, 322, 44, 322, 322, 322, 322, 322, 322, 322, - 322, 45, 322, 322, 322, 322, 322, 322, 322, 321, + 337, 337, 101, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 89, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 222, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 94, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 62, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 196, 197, - 322, 178, 322, 322, 322, 124, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 203, 322, 179, 322, - 322, 322, 218, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 46, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 126, 108, 322, 109, 322, 322, 322, - 107, 322, 322, 322, 322, 322, 322, 322, 322, 144, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 249, 322, 322, 322, 322, 322, 322, 322, - 322, 180, 322, 322, 322, 322, 322, 183, 322, 189, + 337, 337, 337, 272, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 6, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 276, 337, + 337, 337, 337, 337, 337, 298, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 42, 337, 337, + 337, 337, 44, 337, 337, 337, 90, 337, 337, 337, + 337, 337, 52, 337, 337, 337, 337, 337, 337, 337, + 336, 337, 189, 337, 337, 337, 135, 337, 337, 337, - 322, 322, 322, 322, 322, 217, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 95, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 120, - 322, 322, 322, 322, 322, 322, 322, 53, 322, 322, - 322, 26, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 20, 322, 322, 322, 322, 322, 322, 27, 36, - 322, 154, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 321, 322, 322, 322, 322, - 322, 322, 70, 72, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 214, 337, 190, + 337, 337, 337, 229, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 53, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 137, 118, 337, 119, 337, + 337, 337, 117, 337, 337, 337, 337, 337, 337, 337, + 337, 155, 337, 337, 50, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 260, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 191, 337, 337, 337, 337, 337, 194, 337, 200, - 322, 322, 322, 322, 322, 322, 322, 269, 322, 322, - 322, 322, 229, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 110, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 143, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 280, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 148, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 209, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 228, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 105, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 130, + 337, 337, 337, 337, 337, 337, 337, 60, 337, 337, + 337, 26, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 20, 337, 337, 337, 337, 337, 337, 27, 36, + 337, 165, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 336, 337, 337, 337, 337, + 337, 337, 77, 79, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 289, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 165, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 104, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 160, 322, 173, 322, - 322, 322, 322, 321, 322, 132, 322, 322, 322, 322, - 322, 91, 322, 322, 322, 322, 201, 322, 322, 322, - 322, 322, 322, 219, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 241, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 280, 337, 337, + 337, 337, 240, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 120, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 154, 337, 46, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 291, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 159, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 125, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 164, 322, 322, 322, 322, 322, 322, 73, 74, - 322, 322, 322, 322, 322, 54, 322, 322, 322, 322, - 322, 80, 174, 322, 192, 322, 222, 322, 322, 184, - 262, 322, 322, 322, 322, 322, 66, 322, 176, 322, - 322, 322, 322, 322, 9, 322, 322, 322, 94, 322, - 322, 322, 322, 254, 322, 322, 322, 322, 200, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 220, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 301, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 176, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 114, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 171, 337, 184, 337, 337, 337, + 337, 336, 337, 143, 337, 337, 337, 337, 337, 100, + 337, 337, 337, 337, 212, 337, 337, 337, 337, 337, + 337, 230, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 252, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 321, 322, 322, 322, 322, - 163, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 150, 322, 268, 322, 322, 322, 322, 322, 240, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 213, 322, 322, 322, 322, 260, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 283, 322, 175, 322, 322, 322, 322, 322, - 322, 322, 65, 67, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 136, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 175, 337, 337, 337, 337, 337, + 337, 80, 337, 81, 337, 337, 337, 337, 337, 61, + 294, 337, 337, 337, 337, 337, 88, 185, 337, 203, + 337, 233, 337, 337, 195, 273, 337, 337, 337, 337, + 337, 73, 337, 187, 337, 337, 337, 337, 337, 9, + 337, 337, 337, 104, 337, 337, 337, 337, 265, 337, + 337, 337, 337, 211, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 93, 322, 322, 322, 322, 252, 322, 322, 322, - 322, 264, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 205, 34, 28, 30, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 35, 322, 29, - 31, 322, 322, 322, 322, 322, 322, 322, 322, 90, - 322, 322, 322, 322, 322, 322, 321, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 207, 204, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 64, 322, - 322, 127, 322, 111, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 336, 337, 337, 337, 337, 174, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 161, 337, 279, 337, + 337, 337, 337, 337, 251, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 224, 337, 337, 337, + 337, 337, 271, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 145, 313, 13, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 278, 322, 281, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 12, 322, 322, - 22, 322, 322, 322, 258, 322, 322, 322, 322, 266, - 322, 322, 322, 68, 322, 215, 322, 322, 322, 322, - 322, 206, 322, 322, 63, 322, 322, 322, 322, 23, - 322, 43, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 159, 158, 313, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 208, 202, 322, 220, - 322, 322, 270, 322, 322, 322, 322, 322, 322, 322, + 337, 337, 337, 295, 337, 186, 337, 337, 337, 337, + 337, 337, 337, 72, 74, 337, 337, 337, 337, 337, + 337, 337, 103, 337, 337, 337, 337, 263, 337, 337, + 337, 337, 275, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 216, 34, 28, 30, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 35, 337, + 29, 31, 337, 337, 337, 337, 337, 337, 337, 337, + 99, 337, 337, 337, 337, 337, 337, 336, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 218, + 215, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 75, 322, 322, 322, 253, 322, 322, 322, 322, - 188, 322, 322, 322, 322, 214, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 287, 288, 156, 322, 322, - 69, 322, 322, 322, 322, 166, 322, 322, 322, 105, - 106, 322, 322, 322, 322, 151, 322, 153, 322, 193, - 322, 322, 322, 322, 157, 322, 322, 223, 322, 322, - 322, 322, 322, 322, 322, 134, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 231, 322, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 71, + 337, 337, 337, 138, 337, 121, 337, 337, 337, 337, + 337, 337, 337, 337, 156, 47, 337, 337, 337, 328, + 13, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 289, 337, 292, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 12, 337, 337, 22, 337, 337, + 337, 269, 337, 337, 337, 337, 277, 337, 337, 337, + 75, 337, 226, 337, 337, 337, 337, 337, 217, 337, + 337, 70, 337, 337, 337, 337, 23, 337, 43, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 24, 322, 263, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 194, 322, 322, 251, 322, 282, 322, 187, 322, 322, - 322, 322, 49, 322, 322, 322, 322, 4, 322, 322, - 322, 322, 118, 133, 322, 322, 322, 170, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 226, 37, 38, 322, 322, 322, 322, - 322, 322, 322, 271, 322, 322, 322, 322, 322, 322, - 322, 239, 322, 322, 322, 322, 322, 322, 322, 197, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 78, + 337, 170, 169, 328, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 219, 213, 337, 231, 337, 337, 281, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 82, 337, 337, 337, 337, 264, 337, 337, + 337, 337, 199, 337, 337, 337, 337, 225, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 299, 300, 167, + 337, 337, 76, 337, 337, 337, 337, 177, 337, 337, + 337, 115, 116, 337, 337, 337, 337, 162, 337, 164, - 322, 50, 257, 322, 227, 322, 322, 322, 322, 11, - 322, 322, 322, 322, 322, 322, 117, 322, 322, 322, - 322, 195, 82, 322, 40, 322, 322, 322, 322, 322, - 322, 322, 322, 162, 322, 322, 322, 322, 322, 136, - 322, 322, 322, 322, 230, 322, 322, 322, 322, 322, - 238, 322, 322, 322, 322, 130, 322, 322, 112, 113, - 322, 322, 322, 84, 88, 83, 322, 76, 322, 322, - 322, 322, 322, 10, 322, 322, 322, 255, 290, 322, - 322, 322, 322, 295, 39, 322, 322, 322, 322, 322, - 161, 322, 322, 322, 322, 322, 322, 322, 322, 322, + 337, 204, 337, 337, 337, 337, 168, 337, 337, 234, + 337, 337, 337, 337, 337, 337, 337, 145, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 242, 337, 337, 337, 337, 337, 337, 337, 308, 337, + 24, 337, 274, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 86, 205, 337, + 337, 262, 337, 293, 337, 198, 337, 337, 337, 337, + 56, 337, 337, 337, 337, 4, 337, 337, 337, 337, + 128, 144, 337, 337, 337, 181, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 89, 87, 322, 77, 279, 322, 322, - 322, 322, 322, 322, 322, 181, 322, 322, 322, 322, - 322, 196, 322, 322, 322, 322, 322, 322, 322, 322, - 152, 71, 322, 322, 322, 322, 322, 272, 322, 322, - 322, 322, 322, 322, 322, 235, 322, 322, 234, 131, - 322, 86, 137, 138, 141, 142, 139, 140, 79, 322, - 256, 322, 322, 322, 322, 155, 322, 322, 322, 322, - 322, 225, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 168, + 337, 237, 37, 38, 337, 337, 337, 337, 337, 337, + 337, 282, 337, 337, 337, 337, 337, 337, 337, 250, + 337, 337, 337, 337, 337, 337, 337, 337, 208, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 85, 337, 57, 268, 337, 238, 337, 337, 337, + 337, 11, 337, 337, 337, 337, 337, 337, 127, 337, + 337, 337, 337, 206, 91, 337, 40, 337, 337, 337, + 337, 337, 337, 337, 337, 173, 337, 337, 337, 337, + 337, 147, 337, 337, 337, 337, 241, 337, 337, 337, + 337, 337, 249, 337, 337, 337, 337, 141, 337, 337, - 167, 41, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 92, 322, 224, 322, - 248, 276, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 5, 322, 322, 216, 322, 322, - 277, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 236, 25, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 237, 322, 322, 322, 135, 322, - 322, 322, 322, 322, 322, 322, 322, 169, 322, 177, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 273, + 337, 122, 123, 337, 337, 337, 93, 97, 92, 337, + 337, 337, 337, 83, 337, 337, 337, 337, 337, 10, + 337, 337, 337, 266, 302, 337, 337, 337, 337, 307, + 39, 337, 337, 337, 337, 337, 172, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 98, 96, 337, 51, 337, 337, 84, 290, 337, 337, + 337, 337, 337, 337, 337, 192, 337, 337, 337, 337, + 337, 207, 337, 337, 337, 337, 337, 337, 337, 337, + 163, 78, 337, 337, 337, 337, 337, 283, 337, 337, - 322, 322, 322, 322, 322, 322, 322, 322, 322, 322, - 322, 322, 322, 322, 322, 322, 322, 294, 322, 322, - 244, 322, 322, 322, 322, 322, 274, 322, 322, 322, - 322, 322, 322, 275, 322, 322, 322, 242, 322, 245, - 246, 322, 322, 322, 322, 322, 243, 247, 0 + 337, 337, 337, 337, 337, 246, 337, 337, 245, 142, + 337, 337, 95, 48, 337, 148, 149, 152, 153, 150, + 151, 87, 337, 267, 337, 337, 337, 337, 166, 337, + 337, 337, 337, 337, 236, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 179, 178, 41, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 102, 337, 235, 337, 259, 287, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + + 309, 337, 49, 5, 337, 337, 227, 337, 337, 288, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 247, + 25, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 248, 337, 337, 337, 146, 337, 337, + 337, 337, 337, 337, 337, 337, 180, 337, 188, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 284, 337, + 337, 337, 337, 337, 337, 337, 337, 337, 337, 337, + 337, 337, 337, 337, 337, 337, 306, 337, 337, 255, + 337, 337, 337, 337, 337, 285, 337, 337, 337, 337, + 337, 337, 286, 337, 337, 337, 253, 337, 256, 257, + + 337, 337, 337, 337, 337, 254, 258, 0 } ; static const YY_CHAR yy_ec[256] = @@ -753,711 +771,747 @@ static const YY_CHAR yy_meta[41] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static const flex_int16_t yy_base[3168] = +static const flex_int16_t yy_base[3327] = { 0, 0, 0, 38, 41, 44, 46, 59, 65, 71, 77, - 90, 112, 96, 118, 124, 136, 3343, 3249, 81, 6165, - 6165, 6165, 129, 52, 130, 63, 131, 152, 70, 140, - 144, 156, 57, 88, 76, 173, 175, 95, 184, 135, - 185, 205, 147, 204, 178, 123, 3065, 6165, 6165, 6165, - 107, 3000, 6165, 6165, 6165, 178, 2747, 2708, 6165, 6165, - 6165, 224, 2394, 6165, 6165, 6165, 204, 2282, 6165, 238, - 6165, 242, 197, 2041, 1960, 6165, 6165, 6165, 246, 1911, - 6165, 6165, 6165, 216, 1831, 252, 166, 0, 256, 0, - 0, 216, 248, 162, 241, 250, 254, 258, 92, 259, + 90, 112, 96, 118, 124, 136, 2450, 2388, 81, 6463, + 6463, 6463, 129, 52, 130, 63, 131, 152, 70, 140, + 149, 156, 57, 88, 76, 173, 175, 95, 184, 145, + 185, 205, 211, 217, 178, 123, 2001, 6463, 6463, 6463, + 107, 1751, 6463, 6463, 6463, 154, 1700, 1660, 6463, 6463, + 6463, 249, 1531, 6463, 6463, 6463, 163, 1451, 6463, 253, + 6463, 257, 148, 1354, 1226, 6463, 6463, 6463, 261, 1170, + 6463, 6463, 6463, 207, 1091, 267, 203, 0, 271, 0, + 0, 165, 204, 215, 206, 207, 216, 265, 92, 263, - 262, 263, 260, 264, 265, 272, 267, 273, 271, 282, - 280, 288, 292, 290, 283, 299, 309, 289, 307, 310, - 311, 300, 316, 191, 321, 315, 323, 304, 325, 327, - 326, 337, 329, 338, 340, 348, 341, 345, 347, 350, - 357, 227, 351, 354, 358, 362, 369, 359, 373, 379, - 374, 377, 383, 385, 387, 384, 1479, 403, 1352, 406, - 814, 416, 740, 688, 410, 600, 420, 424, 0, 416, - 501, 430, 464, 442, 435, 422, 434, 429, 430, 431, - 433, 397, 432, 435, 436, 437, 440, 454, 438, 453, - 459, 462, 466, 461, 467, 471, 472, 473, 474, 476, + 269, 273, 256, 267, 276, 284, 277, 280, 282, 288, + 286, 290, 226, 292, 228, 296, 303, 311, 298, 313, + 321, 301, 315, 234, 319, 314, 332, 331, 333, 316, + 334, 337, 335, 342, 343, 348, 345, 354, 355, 350, + 356, 366, 359, 368, 371, 360, 379, 374, 377, 364, + 382, 389, 387, 388, 392, 395, 401, 394, 962, 412, + 919, 417, 872, 426, 749, 518, 430, 357, 434, 438, + 0, 415, 293, 442, 244, 181, 446, 434, 446, 405, + 441, 442, 443, 444, 445, 447, 448, 449, 451, 465, + 458, 463, 470, 467, 474, 475, 480, 473, 478, 482, - 477, 490, 485, 487, 480, 493, 495, 496, 498, 499, - 505, 512, 500, 502, 521, 526, 522, 530, 519, 535, - 537, 532, 540, 533, 542, 547, 543, 544, 545, 548, - 549, 552, 554, 556, 558, 561, 560, 564, 559, 572, - 573, 565, 577, 567, 582, 584, 591, 586, 587, 588, - 593, 594, 604, 605, 595, 613, 596, 597, 609, 616, - 623, 624, 619, 620, 622, 625, 626, 628, 629, 630, - 631, 639, 640, 642, 646, 650, 648, 652, 653, 655, - 656, 632, 665, 658, 660, 667, 673, 672, 674, 676, - 678, 680, 679, 681, 683, 684, 697, 686, 702, 687, + 486, 476, 490, 498, 499, 500, 493, 501, 502, 504, + 506, 507, 508, 522, 520, 511, 514, 533, 534, 538, + 543, 529, 545, 547, 536, 552, 548, 560, 551, 564, + 559, 550, 561, 562, 565, 568, 569, 570, 573, 575, + 572, 576, 574, 586, 588, 579, 591, 589, 602, 598, + 605, 600, 601, 409, 603, 607, 610, 615, 608, 618, + 613, 619, 623, 629, 632, 636, 635, 621, 634, 631, + 638, 640, 641, 642, 645, 652, 655, 651, 653, 665, + 660, 662, 663, 664, 666, 667, 677, 669, 680, 683, + 673, 679, 685, 687, 689, 691, 690, 694, 695, 699, - 704, 699, 705, 707, 714, 701, 709, 710, 711, 715, - 719, 717, 725, 713, 718, 733, 723, 737, 726, 745, - 743, 730, 758, 744, 747, 749, 759, 748, 750, 756, - 769, 761, 779, 766, 773, 781, 784, 792, 789, 795, - 785, 797, 787, 798, 801, 803, 810, 808, 6165, 805, - 807, 819, 822, 823, 826, 816, 832, 806, 836, 839, - 841, 838, 846, 868, 824, 842, 845, 847, 850, 6165, - 854, 852, 892, 861, 856, 878, 874, 858, 881, 870, - 888, 882, 896, 883, 893, 898, 916, 899, 903, 905, - 902, 914, 915, 924, 926, 921, 928, 929, 937, 932, + 702, 700, 707, 709, 716, 713, 718, 715, 727, 728, + 703, 712, 724, 725, 731, 726, 733, 735, 736, 740, + 741, 743, 746, 744, 754, 750, 752, 767, 759, 757, + 760, 769, 770, 778, 771, 792, 799, 777, 763, 788, + 781, 797, 800, 802, 807, 803, 810, 813, 814, 815, + 816, 817, 818, 826, 822, 6463, 821, 824, 836, 838, + 839, 842, 832, 848, 831, 852, 855, 857, 854, 862, + 884, 858, 860, 861, 873, 866, 6463, 874, 868, 908, + 879, 886, 897, 892, 904, 870, 899, 906, 890, 918, + 902, 901, 916, 932, 929, 913, 917, 931, 935, 938, - 933, 934, 938, 942, 944, 945, 950, 946, 951, 952, - 954, 965, 955, 963, 959, 967, 968, 970, 972, 983, - 976, 977, 993, 984, 989, 994, 996, 997, 991, 1000, - 1003, 1007, 1004, 1008, 1012, 1020, 1015, 1010, 1017, 1018, - 1022, 1028, 1024, 1026, 1030, 1031, 1032, 1040, 1033, 1041, - 1034, 1047, 1049, 752, 6165, 1051, 1053, 1054, 1055, 1056, - 1057, 6165, 1059, 1058, 1061, 1066, 1063, 1071, 1080, 1067, - 1082, 1070, 1083, 1084, 1092, 1087, 1088, 1095, 1094, 1096, - 947, 1098, 1100, 1105, 1102, 1106, 1109, 1103, 1114, 1128, - 6165, 1112, 1115, 1116, 1118, 1123, 1131, 1140, 1126, 1133, + 945, 941, 943, 944, 947, 954, 949, 950, 955, 967, + 951, 957, 959, 958, 968, 976, 977, 980, 982, 969, + 985, 986, 987, 989, 992, 993, 997, 995, 1008, 990, + 1009, 1021, 1016, 1017, 1020, 1019, 1025, 1026, 1027, 1029, + 1032, 1033, 1034, 1035, 1045, 1040, 1041, 1043, 1048, 1049, + 1050, 1055, 1052, 1057, 1058, 1060, 1061, 1062, 1068, 1066, + 1073, 1076, 1078, 6463, 1079, 6463, 1081, 1082, 1083, 1084, + 1085, 6463, 1087, 1088, 1089, 1096, 1099, 1086, 1114, 1098, + 1101, 1111, 1113, 1112, 1117, 1124, 1120, 1125, 1127, 1123, + 1129, 1130, 1133, 1131, 1136, 1138, 1139, 1142, 1143, 1146, - 1143, 1146, 1156, 1151, 1121, 1152, 1153, 1157, 1160, 1163, - 1165, 1166, 1168, 1169, 1170, 1171, 1172, 1174, 1179, 1184, - 6165, 1177, 1187, 1195, 1196, 1182, 1198, 1199, 1200, 1201, - 1202, 1203, 1205, 1204, 1210, 1220, 1211, 1224, 1221, 1222, - 1226, 1227, 1229, 1228, 1230, 1232, 1244, 1237, 1236, 1252, - 1247, 1254, 1256, 1263, 1265, 1245, 1258, 1262, 1260, 1268, - 1269, 1270, 1271, 1273, 1274, 1283, 1280, 1281, 1282, 1285, - 1295, 1286, 1288, 1298, 1290, 1296, 1293, 1300, 1304, 1307, - 1303, 1313, 6165, 1320, 1315, 1318, 1319, 1322, 1326, 1325, - 1331, 1332, 1333, 1335, 1334, 1336, 1338, 1342, 1341, 1343, + 1163, 6463, 1147, 1150, 1151, 1149, 1156, 1157, 1175, 1166, + 1173, 1174, 1176, 1192, 1187, 1188, 1191, 1195, 1196, 1198, + 1200, 1205, 1207, 1148, 1208, 1201, 1209, 1210, 1203, 1211, + 1213, 1221, 6463, 1217, 1229, 1238, 1224, 1219, 1235, 1237, + 1240, 1239, 1241, 1243, 1242, 1246, 1250, 1248, 1259, 1249, + 1266, 1252, 1262, 1263, 1267, 1268, 1269, 1271, 1275, 1284, + 1276, 1286, 1293, 1294, 1296, 1298, 1305, 1307, 1279, 1302, + 1308, 1304, 1303, 1310, 1312, 1316, 1313, 1319, 1320, 1323, + 1325, 1326, 1327, 1328, 1330, 1333, 1334, 1335, 1337, 1339, + 1347, 1345, 1343, 1358, 1346, 1351, 1349, 1356, 1360, 1363, - 1344, 1346, 1355, 1357, 1361, 1368, 1367, 1369, 1354, 1362, - 1377, 1373, 1381, 1379, 1380, 1389, 1384, 1386, 1387, 1396, - 1391, 1393, 1395, 1394, 1403, 1398, 1408, 1415, 1401, 1412, - 1422, 1418, 1420, 1423, 1424, 1428, 1429, 1431, 1432, 1433, - 1434, 1441, 1436, 1437, 1438, 1442, 1444, 1439, 1448, 1451, - 1461, 1456, 1459, 1463, 1464, 1465, 1467, 1468, 1472, 1473, - 1474, 1475, 1481, 1476, 1494, 1478, 875, 1486, 1496, 1487, - 1488, 1489, 1499, 1504, 1505, 1508, 1510, 1511, 1514, 1516, - 1517, 1518, 1520, 1519, 1523, 1530, 1522, 1528, 1533, 1535, - 1538, 1540, 1541, 1544, 1545, 6165, 1546, 1553, 1551, 1552, + 1362, 1371, 6463, 1379, 1374, 1375, 1377, 1380, 1384, 1388, + 1382, 1389, 782, 1391, 1390, 1392, 1397, 1399, 1394, 1400, + 1401, 1402, 1411, 1409, 1417, 1421, 1422, 1423, 1406, 1426, + 1433, 1429, 1436, 1432, 1431, 1437, 1444, 1439, 1441, 1445, + 1453, 1448, 1446, 1457, 1449, 1458, 1274, 1460, 1472, 1461, + 1470, 1477, 1479, 1468, 1481, 1482, 1484, 1474, 1487, 1488, + 1489, 1490, 1497, 1494, 1495, 1496, 1499, 1500, 1502, 1503, + 1507, 1519, 1509, 1512, 1516, 1517, 1525, 1520, 1526, 1527, + 1528, 1530, 1532, 1534, 1539, 1550, 1541, 1533, 1551, 1543, + 1553, 1544, 1556, 1559, 1561, 1564, 1563, 1566, 1573, 1565, - 1555, 1557, 1558, 1566, 1561, 1563, 1562, 1564, 1568, 1590, - 6165, 1572, 6165, 6165, 1574, 6165, 6165, 1575, 1573, 6165, - 1577, 1578, 1581, 1596, 1600, 1593, 1598, 1603, 1586, 1611, - 1618, 1608, 1607, 1614, 1615, 1621, 1635, 1626, 1638, 1627, - 1643, 1641, 1645, 1647, 1650, 1651, 1654, 1655, 1656, 1657, - 1659, 1623, 1661, 1658, 1665, 1663, 1667, 1668, 1669, 1676, - 1681, 1672, 1688, 6165, 1684, 1696, 1698, 1694, 1701, 1697, - 1702, 1675, 1704, 1706, 1707, 1693, 1709, 1710, 1712, 1719, - 1713, 1716, 1726, 1721, 6165, 1723, 1725, 1727, 1728, 1729, - 1736, 1730, 1741, 1737, 1743, 1744, 1748, 1745, 1749, 1750, + 1567, 1576, 1577, 1579, 1580, 1581, 1584, 1589, 1582, 1590, + 1594, 1597, 1595, 1601, 1603, 1606, 1602, 1608, 6463, 1610, + 1619, 1598, 1620, 1614, 1615, 1621, 1628, 1623, 1625, 1627, + 1630, 1633, 1656, 6463, 1634, 6463, 6463, 1635, 6463, 6463, + 1637, 1636, 6463, 1638, 1641, 1643, 1647, 1662, 1666, 1660, + 1654, 1669, 1657, 1670, 1684, 1674, 1673, 1680, 1689, 1681, + 1695, 1682, 1690, 1692, 1697, 1701, 1712, 1710, 1713, 1708, + 1716, 1718, 1720, 1724, 1726, 1729, 1730, 1733, 1734, 1735, + 1736, 1738, 1740, 1741, 1737, 1744, 1746, 1743, 1750, 1749, + 1760, 1759, 1766, 1769, 6463, 1767, 1776, 1779, 1775, 1783, - 1754, 1753, 1756, 1765, 6165, 1758, 1767, 1759, 1770, 1761, - 1771, 1772, 1773, 1778, 1779, 1781, 1783, 1784, 1786, 1796, - 1785, 1789, 1793, 1797, 1800, 1799, 1803, 1810, 1807, 1814, - 1815, 1816, 1817, 1818, 1819, 1821, 1826, 1828, 1825, 1836, - 1829, 1848, 1850, 1843, 1832, 1833, 1852, 1834, 1858, 1860, - 1861, 1856, 1862, 1869, 1846, 1868, 1865, 1871, 1878, 1870, - 1880, 1881, 1873, 1879, 1886, 1887, 6165, 1888, 1889, 6165, - 1890, 1892, 1914, 1893, 1896, 1901, 1898, 1902, 1904, 1905, - 1907, 1924, 1918, 1934, 1922, 1926, 1937, 1936, 1939, 1938, - 1942, 1943, 1945, 1946, 1949, 1909, 1961, 1962, 1964, 1970, + 1778, 1782, 1784, 1786, 1790, 1787, 1791, 1793, 1794, 1755, + 1797, 1799, 1802, 1804, 1806, 1805, 6463, 1807, 1811, 1812, + 1813, 1814, 1819, 1821, 1815, 1817, 1825, 1827, 1838, 1830, + 1828, 1833, 1835, 1839, 1841, 1845, 6463, 1847, 1851, 1846, + 1853, 1854, 1857, 1860, 1861, 1862, 1855, 1865, 1866, 1868, + 1871, 1878, 1876, 1869, 1873, 1879, 1889, 1884, 1891, 1900, + 1874, 1897, 1887, 1901, 1902, 1903, 1904, 1908, 1911, 1916, + 1912, 1919, 1915, 1914, 1924, 1927, 1931, 1917, 1920, 1933, + 1930, 1941, 1943, 1944, 1939, 1945, 1952, 1948, 1950, 1953, + 1954, 1961, 1962, 1963, 1964, 1956, 1966, 1969, 1970, 6463, - 1973, 1952, 1959, 1968, 1987, 1969, 1971, 1975, 1972, 1979, - 1977, 1983, 1985, 1990, 1992, 1997, 1994, 2000, 6165, 2008, - 2012, 2003, 2004, 2016, 2014, 2005, 6165, 2018, 2021, 2023, - 2031, 2026, 2028, 2029, 2032, 2036, 2033, 2037, 2042, 2045, - 2038, 2040, 2061, 6165, 2043, 6165, 2046, 2048, 2056, 2058, - 2062, 2063, 2064, 2065, 6165, 6165, 2066, 2067, 2073, 2083, - 2079, 6165, 2081, 2088, 2085, 2090, 2084, 2091, 2094, 2095, - 2096, 2099, 2106, 2101, 2108, 2103, 2107, 2105, 6165, 2117, - 2104, 2122, 2123, 2115, 2124, 2129, 2130, 2126, 6165, 2136, - 2116, 2137, 2145, 2141, 2144, 2146, 2147, 2148, 2151, 2152, + 1972, 1973, 6463, 1975, 1979, 1976, 2000, 1980, 1990, 1983, + 1985, 1982, 1991, 1993, 1992, 2010, 2004, 2020, 2013, 2012, + 2023, 2002, 2025, 2024, 2028, 2029, 2031, 2032, 2035, 2041, + 2037, 2051, 2054, 2050, 2058, 2061, 2034, 2038, 2059, 2078, + 2060, 2062, 2066, 2063, 2064, 2068, 2074, 2069, 2070, 2071, + 2085, 2087, 2088, 2091, 2076, 2095, 2096, 2100, 2102, 2105, + 6463, 2113, 2109, 2108, 2110, 2116, 2123, 2119, 2118, 6463, + 2121, 2122, 2120, 2132, 2133, 2128, 2134, 2135, 2138, 2140, + 2141, 2145, 2148, 2143, 2144, 2156, 6463, 2146, 6463, 2151, + 2158, 2163, 2159, 2166, 2164, 2167, 2169, 6463, 6463, 2170, - 2154, 2155, 2157, 2162, 2165, 2161, 2163, 2167, 2179, 6165, - 2160, 2175, 2182, 2180, 2184, 2177, 2181, 2187, 2188, 2189, - 2191, 2193, 2196, 2197, 2198, 2206, 2208, 2201, 2210, 2212, - 2199, 2213, 2219, 2224, 2203, 2223, 2222, 2225, 6165, 2226, - 2229, 2233, 391, 2230, 2234, 2235, 2237, 2239, 2252, 2236, - 2246, 2260, 2238, 2255, 2258, 2259, 2261, 2262, 2264, 2265, - 2269, 2266, 2268, 6165, 2271, 2272, 2274, 2278, 2277, 2280, - 2285, 6165, 2291, 2288, 2297, 2306, 2296, 2294, 2307, 2298, - 2309, 2311, 2313, 2312, 2314, 2316, 2319, 2315, 6165, 2323, - 2324, 2328, 2325, 2332, 2335, 2338, 2336, 2340, 2341, 2342, + 2168, 2180, 2189, 2185, 6463, 2171, 2192, 6463, 2193, 2196, + 2176, 2188, 2195, 2200, 2201, 2202, 2209, 2204, 2212, 2205, + 2210, 2207, 6463, 2213, 2219, 2222, 2223, 2225, 2226, 2229, + 2231, 2230, 6463, 2232, 2233, 2237, 2245, 2247, 2244, 2248, + 2251, 2255, 2250, 2252, 2257, 2258, 2259, 2269, 2270, 2260, + 2262, 2273, 2280, 6463, 2275, 2276, 2285, 2281, 2283, 2288, + 2289, 2284, 2287, 2291, 2292, 2290, 2299, 2300, 2303, 2305, + 2313, 2314, 2310, 2311, 2320, 2309, 2312, 2317, 2327, 2321, + 2322, 2330, 2332, 6463, 2333, 2335, 2336, 171, 2337, 2338, + 2342, 2340, 2341, 2344, 2346, 2361, 2364, 2347, 2360, 2367, - 2343, 2346, 2344, 2348, 2349, 2350, 2357, 2359, 2352, 2361, - 2362, 6165, 2375, 2364, 2366, 2365, 2376, 2377, 2378, 2389, - 2384, 2385, 2387, 2391, 2404, 2393, 2386, 2407, 2397, 2405, - 2402, 2414, 2415, 2416, 2418, 2422, 2424, 2426, 2428, 2432, - 2430, 2433, 2435, 2437, 2434, 2442, 2444, 2441, 2445, 2447, - 2454, 2460, 2459, 6165, 2462, 2464, 2468, 2469, 2477, 2472, - 2473, 2475, 2474, 2482, 2483, 2484, 2485, 2493, 2489, 2492, - 2494, 2496, 2497, 2498, 2505, 2504, 2506, 2509, 2516, 2510, - 2518, 2519, 6165, 2520, 2524, 2513, 2526, 2528, 2530, 2534, - 2536, 2538, 2539, 2540, 2542, 2544, 2545, 2546, 2547, 2549, + 2368, 2348, 2370, 2371, 2359, 2372, 2375, 2377, 2378, 6463, + 2380, 2381, 2383, 2385, 2387, 2386, 2389, 6463, 2398, 2409, + 2399, 2412, 2407, 2413, 2415, 2416, 2419, 2417, 2420, 2421, + 2422, 2423, 2424, 2430, 2429, 6463, 2432, 2439, 2442, 2433, + 2445, 2451, 2443, 2446, 2449, 2454, 2456, 2457, 2458, 2459, + 2460, 2462, 2463, 2390, 2467, 2466, 2469, 2475, 2470, 2474, + 2476, 2477, 2478, 2480, 2487, 6463, 2497, 2490, 2492, 2494, + 2498, 2499, 2504, 2500, 2514, 2501, 2510, 2516, 2521, 2530, + 2519, 2517, 2533, 2536, 2523, 2525, 2546, 2542, 2545, 2551, + 2541, 2554, 2556, 2544, 2548, 2558, 2557, 2560, 2568, 2563, - 2551, 2554, 6165, 2556, 2555, 2557, 2563, 2568, 2567, 2569, - 2571, 2578, 2580, 2565, 2581, 2582, 2584, 6165, 2592, 2594, - 2590, 2599, 2591, 2596, 2598, 2602, 2603, 6165, 2604, 2605, - 2606, 2613, 2614, 2610, 6165, 2617, 2612, 2618, 2621, 2620, - 2622, 2627, 2624, 2630, 2631, 2636, 2643, 2635, 2645, 6165, - 2637, 2652, 2639, 2653, 2659, 2647, 2648, 2654, 2660, 2664, - 2674, 2666, 6165, 2677, 2675, 2670, 2684, 2682, 2685, 2686, - 2687, 2688, 2689, 2690, 2694, 6165, 2691, 2697, 2698, 2699, - 2702, 2703, 2708, 2718, 2710, 2709, 2717, 2719, 2720, 2713, - 2724, 2723, 2733, 2725, 2736, 2739, 2726, 2742, 2737, 2744, + 2575, 2576, 2573, 2579, 2571, 2592, 2597, 2588, 6463, 2586, + 2596, 2584, 2598, 2606, 2601, 2603, 2604, 2608, 2612, 2613, + 2614, 2615, 2623, 2618, 2616, 2620, 2626, 2627, 2628, 2635, + 2630, 2636, 2638, 2640, 2644, 2646, 2572, 6463, 2647, 2649, + 2651, 2653, 2656, 2652, 2658, 2663, 2660, 2666, 2667, 2669, + 2671, 2673, 2674, 2675, 2677, 2679, 2678, 6463, 2682, 2683, + 2684, 2690, 2692, 2693, 2695, 2699, 2703, 2705, 2707, 2709, + 2710, 2711, 2713, 6463, 2720, 2721, 2717, 2725, 2723, 2724, + 2728, 2730, 2731, 6463, 2733, 2734, 2735, 2742, 2744, 2740, + 6463, 2747, 2745, 2737, 2749, 2750, 2752, 2753, 2755, 2760, - 2746, 2755, 2756, 2757, 2759, 6165, 2762, 2763, 2764, 2752, - 2754, 2766, 2769, 2771, 2774, 2775, 2777, 2778, 2779, 2786, - 2790, 2787, 2795, 2791, 2793, 2788, 2799, 2800, 2801, 2802, - 2809, 2806, 2805, 2814, 2813, 2816, 2823, 2815, 2818, 2824, - 2825, 2826, 2827, 2830, 2828, 2833, 2835, 2839, 2842, 2846, - 2849, 2850, 2852, 2854, 2856, 6165, 2855, 2859, 2857, 2860, - 2865, 2869, 2866, 2876, 2874, 2877, 2878, 2882, 2884, 2879, - 2885, 2887, 2891, 2898, 2894, 6165, 2895, 6165, 2897, 2900, - 2901, 2910, 2906, 6165, 2908, 6165, 2909, 2915, 2916, 2917, - 6165, 2919, 2920, 2921, 2923, 2927, 2925, 2928, 2929, 2931, + 2761, 2763, 2767, 2774, 2764, 2770, 6463, 2776, 2783, 2778, + 2779, 2784, 2785, 2789, 2790, 2793, 2791, 2807, 2797, 6463, + 2812, 2810, 2802, 2821, 2803, 2768, 2816, 2818, 2819, 2817, + 2825, 2826, 2827, 6463, 2828, 2830, 2832, 2836, 2829, 2838, + 2839, 2846, 2841, 2843, 2849, 2844, 2851, 2852, 2855, 2854, + 2864, 2857, 2865, 2867, 2870, 2872, 2873, 2876, 2884, 2886, + 2882, 2888, 2883, 2879, 2890, 2892, 2900, 2904, 2905, 2901, + 2906, 6463, 2909, 2910, 2903, 2913, 2915, 2916, 2917, 2918, + 2919, 2921, 2926, 2923, 2922, 2924, 2939, 2946, 2929, 2947, + 2935, 2937, 2942, 2950, 2944, 2952, 2953, 2964, 2957, 2959, - 2935, 2939, 2937, 2938, 2941, 2943, 2949, 2950, 2951, 2952, - 2958, 2960, 2954, 2961, 2959, 2965, 2969, 2970, 2972, 6165, - 2979, 2971, 2975, 2980, 2982, 2983, 2984, 2985, 2990, 2988, - 2991, 2996, 2998, 2992, 3004, 3010, 3013, 2999, 3020, 6165, - 3016, 3018, 3021, 3022, 6165, 3024, 3023, 3025, 3031, 3027, - 3033, 3034, 3035, 3036, 3039, 3042, 3043, 3050, 3052, 3055, - 3045, 6165, 3058, 3061, 3044, 3059, 3071, 3078, 3074, 3075, - 3080, 3083, 3082, 3073, 3084, 3085, 3088, 3089, 3096, 3097, - 3093, 3100, 3095, 3101, 3110, 3107, 3099, 3103, 3105, 3113, - 3114, 3119, 3120, 3111, 3121, 3116, 3122, 3126, 3129, 6165, + 2966, 2961, 2967, 2974, 2965, 2969, 2970, 2975, 2976, 2977, + 2978, 2981, 2983, 2979, 2996, 3000, 2987, 2997, 3002, 3003, + 3004, 3005, 6463, 3008, 3009, 3006, 3010, 3013, 3019, 3020, + 3022, 3023, 3027, 3028, 3031, 3032, 3034, 3037, 3039, 3041, + 3049, 3045, 6463, 3042, 6463, 3046, 3047, 3050, 3059, 3056, + 6463, 3058, 6463, 3062, 3064, 3066, 3068, 6463, 3069, 3070, + 3071, 3073, 3077, 3075, 3078, 3081, 3079, 3087, 3085, 3083, + 3089, 3091, 3095, 3098, 3100, 3102, 3103, 3106, 3110, 3107, + 3105, 3112, 3117, 3118, 3119, 3122, 3126, 6463, 3128, 3124, + 3130, 3132, 3133, 3135, 3134, 3136, 3138, 3142, 3144, 3151, - 3134, 3135, 3138, 3144, 3137, 3139, 3130, 3141, 3147, 3146, - 3151, 3148, 3149, 6165, 3162, 6165, 3163, 3164, 3169, 3171, - 3166, 3172, 3173, 3175, 3179, 3180, 3181, 3184, 3183, 3185, - 3187, 3191, 3194, 3195, 3211, 3198, 3193, 3207, 3200, 3208, - 3209, 3212, 6165, 6165, 3214, 3215, 3216, 3219, 3221, 3223, - 3226, 3231, 3229, 3232, 3236, 3237, 3248, 6165, 3238, 3244, - 3245, 3246, 3260, 3253, 3262, 3264, 3263, 3256, 3272, 3269, - 6165, 3265, 3273, 3280, 3276, 3279, 3283, 6165, 3278, 6165, - 3281, 3284, 3290, 3292, 3291, 3293, 3294, 3295, 3297, 3305, - 3313, 3302, 3311, 3312, 3316, 3314, 3317, 3325, 3320, 3321, + 3145, 3155, 3147, 3156, 3161, 3163, 3165, 3174, 6463, 3169, + 3171, 3172, 3173, 6463, 3175, 3176, 3177, 3181, 3184, 3186, + 3187, 3189, 3193, 3188, 3195, 3190, 3205, 3203, 3196, 3209, + 6463, 3213, 3214, 3199, 3215, 3217, 3226, 3227, 3225, 3231, + 3233, 3235, 3236, 3237, 3238, 3239, 3240, 3242, 3249, 3252, + 3248, 3257, 3244, 3254, 3262, 3263, 3247, 3255, 3264, 3266, + 3269, 3271, 3270, 3272, 3273, 3274, 3279, 6463, 3278, 3281, + 3282, 3292, 3287, 3289, 3291, 3294, 3296, 6463, 3300, 3301, + 3304, 3302, 3312, 3303, 3306, 3310, 3315, 3316, 3322, 3319, + 3323, 3324, 6463, 3327, 6463, 3328, 3336, 3330, 3344, 3338, - 3322, 6165, 3324, 3326, 3327, 3336, 3338, 3339, 3345, 3328, - 6165, 3335, 3348, 3350, 3352, 3353, 3355, 3357, 3358, 3359, - 3361, 3364, 3360, 3362, 3375, 3368, 3367, 3377, 3387, 3378, - 3389, 6165, 3390, 3384, 3397, 3399, 3392, 3394, 3400, 3401, - 3402, 3405, 3407, 3406, 3408, 3409, 3410, 3412, 3414, 3417, - 3415, 3428, 3429, 3416, 3437, 3438, 3420, 6165, 3430, 3442, - 3443, 3444, 3445, 3447, 3451, 3453, 3454, 3456, 3464, 3457, - 3460, 3467, 3468, 3475, 3470, 6165, 3477, 3462, 3482, 3479, - 3483, 3485, 3487, 3489, 3496, 3493, 3491, 3495, 3498, 3497, - 6165, 3509, 3499, 3500, 3510, 3501, 3520, 3518, 3519, 3522, + 3331, 3345, 3352, 3341, 3346, 3355, 3356, 3357, 3358, 3359, + 3362, 3363, 3364, 3377, 3367, 3369, 3370, 3378, 3379, 3382, + 3380, 6463, 6463, 3384, 3385, 3386, 3388, 3390, 3395, 3401, + 3405, 3406, 3394, 3397, 3407, 3421, 6463, 3408, 3413, 3410, + 3419, 3429, 3426, 3431, 3433, 3434, 3435, 3442, 3437, 6463, + 3438, 3440, 3447, 3446, 3448, 3456, 6463, 3445, 6463, 3452, + 3455, 3460, 3461, 3462, 3463, 3464, 3465, 3467, 3483, 3486, + 3469, 3473, 3481, 3484, 3485, 3490, 3487, 3497, 3492, 3493, + 3494, 6463, 3496, 3498, 3499, 3505, 3506, 3508, 3507, 3515, + 6463, 3517, 3519, 3521, 3522, 3523, 3524, 3526, 3528, 3530, - 3524, 3525, 3528, 3526, 3530, 3531, 3534, 3535, 6165, 6165, - 3537, 3538, 3540, 6165, 3541, 3544, 3548, 3554, 3545, 3547, - 3557, 3558, 3556, 3559, 3561, 3568, 6165, 3569, 3576, 3571, - 3572, 3581, 3583, 3586, 3573, 3580, 3588, 3590, 3592, 3593, - 3594, 3595, 3597, 3605, 3606, 3602, 3601, 3603, 6165, 3610, - 3611, 3613, 3615, 3617, 3619, 6165, 3620, 3624, 3625, 3629, - 3631, 3638, 3641, 3632, 3647, 3642, 3644, 3649, 3650, 3651, - 3652, 3659, 3654, 3656, 3665, 3666, 3670, 6165, 3673, 3675, - 3657, 3679, 6165, 3681, 3689, 3690, 3693, 3676, 3692, 3694, - 3701, 6165, 3696, 3699, 3698, 3660, 3711, 3700, 3713, 3704, + 3527, 3532, 6463, 3531, 3533, 3546, 3536, 3545, 3549, 3552, + 3554, 3559, 6463, 3556, 3560, 3568, 3565, 3566, 3570, 3571, + 3547, 3573, 3575, 3576, 3577, 3579, 3580, 3585, 3581, 3583, + 3590, 3586, 3598, 3587, 3600, 3602, 3611, 3604, 6463, 3607, + 3608, 3613, 3614, 3616, 3617, 3619, 3622, 3624, 3628, 3636, + 3637, 3609, 3632, 3640, 3641, 3649, 3644, 6463, 3652, 3642, + 3656, 3651, 3654, 3659, 3655, 3661, 3663, 3664, 3665, 3667, + 3668, 3673, 3677, 3670, 3674, 3680, 3681, 3691, 3687, 6463, + 3696, 3688, 3693, 3697, 3692, 3700, 3710, 3705, 3706, 3709, + 3712, 3713, 3716, 3718, 3719, 3720, 3723, 3724, 6463, 6463, - 3712, 6165, 3714, 3715, 3716, 6165, 3717, 3718, 3728, 3730, - 3723, 3731, 3732, 3735, 3733, 3736, 6165, 3737, 6165, 3741, - 3746, 3747, 6165, 3749, 3750, 3751, 3753, 3754, 3755, 3759, - 3765, 3767, 3757, 3769, 3770, 3771, 3772, 3774, 3781, 3773, - 3780, 3782, 3783, 6165, 3784, 3786, 3792, 3793, 3798, 3787, - 3795, 3803, 3802, 6165, 6165, 3806, 6165, 3809, 3810, 3811, - 6165, 3813, 3817, 3820, 3818, 3821, 3823, 3830, 3824, 6165, - 3833, 3819, 3834, 3836, 3838, 3839, 3843, 3844, 3845, 3842, - 3846, 3852, 6165, 3849, 3850, 3864, 3848, 3853, 3867, 3872, - 3859, 6165, 3875, 3874, 3865, 3881, 3878, 6165, 3882, 6165, + 3728, 3725, 3731, 6463, 3733, 3732, 3735, 3737, 3734, 3743, + 3745, 3747, 3746, 3748, 3751, 3754, 6463, 3757, 3765, 3760, + 3761, 3769, 3773, 3775, 3766, 3776, 3764, 3778, 3779, 3783, + 3781, 3782, 3787, 3795, 3796, 3792, 3794, 3798, 6463, 3793, + 3800, 3801, 3804, 3805, 3810, 6463, 3807, 3811, 3816, 3814, + 3819, 3830, 3823, 3821, 3834, 3831, 3835, 3836, 3838, 3839, + 3840, 3847, 3842, 3845, 3854, 3861, 3844, 6463, 3856, 3858, + 3846, 3864, 6463, 3868, 3876, 3877, 6463, 3878, 3873, 3879, + 3880, 3887, 6463, 3882, 3885, 3883, 3886, 3896, 3888, 3897, + 3893, 3900, 6463, 3901, 3902, 3903, 6463, 3904, 3905, 3915, - 3884, 3887, 3888, 3890, 3889, 6165, 3893, 3897, 3899, 3894, - 3901, 3903, 3904, 3907, 3910, 3913, 3921, 3914, 3916, 3917, - 6165, 3918, 3922, 3924, 3926, 3930, 3931, 3938, 3934, 3940, - 3935, 3941, 3944, 3946, 3947, 3954, 3950, 3956, 3952, 6165, - 3960, 3962, 3963, 3974, 3965, 3966, 3967, 6165, 3971, 3976, - 3980, 6165, 3978, 3982, 3986, 3988, 3989, 3990, 3993, 3992, - 3996, 6165, 3998, 4000, 3994, 3999, 4013, 4015, 6165, 6165, - 3997, 6165, 4017, 4005, 4019, 4020, 4001, 4021, 4032, 4027, - 4040, 4022, 4025, 4037, 4033, 4035, 4049, 4050, 4051, 4052, - 4053, 4047, 6165, 6165, 4059, 4062, 4056, 4069, 4070, 4054, + 3917, 3909, 3924, 3919, 3922, 3920, 3923, 6463, 3928, 6463, + 3931, 3930, 3935, 6463, 3937, 3938, 3939, 3941, 3943, 3946, + 3948, 3954, 3956, 3945, 3958, 3959, 3947, 3960, 3963, 3975, + 3961, 3962, 3970, 3972, 6463, 3973, 3976, 3978, 3980, 3981, + 3983, 3984, 3989, 3990, 3991, 6463, 6463, 3998, 6463, 3999, + 3993, 4001, 6463, 4003, 4005, 4012, 4007, 4013, 4020, 4016, + 4021, 6463, 4026, 4027, 6463, 4008, 4030, 4038, 4033, 4023, + 4034, 4041, 4035, 4037, 4039, 4043, 4046, 4047, 4048, 4049, + 4050, 6463, 4052, 4053, 4063, 4066, 4060, 4057, 4067, 4068, + 4062, 6463, 4079, 4081, 4071, 4080, 4086, 6463, 4087, 6463, - 4060, 4079, 4075, 4081, 4084, 4085, 4092, 6165, 4072, 4074, - 4087, 4089, 6165, 4093, 4095, 4096, 4097, 4098, 4099, 4104, - 4101, 4102, 4105, 4111, 4122, 4108, 4124, 4106, 4113, 4114, - 4130, 4115, 4116, 4137, 6165, 4131, 4138, 4140, 4141, 4142, - 4143, 4144, 4146, 4147, 6165, 4145, 4149, 4150, 4151, 4156, - 4153, 4161, 4170, 4173, 4176, 4163, 4177, 4179, 4182, 4184, - 4181, 6165, 4187, 4185, 4188, 4189, 4196, 4198, 4193, 4200, - 4202, 4204, 4206, 4209, 4211, 4216, 4213, 4217, 4218, 4219, - 6165, 4223, 4225, 4222, 4230, 4231, 4233, 4234, 4235, 4243, - 4240, 4245, 4244, 4247, 6165, 4248, 4250, 4252, 4253, 4255, + 4088, 4090, 4091, 4092, 4095, 6463, 4098, 4097, 4102, 4104, + 4105, 4107, 4108, 4112, 4115, 4116, 4124, 4120, 4119, 4121, + 6463, 4122, 4123, 4127, 4134, 4128, 4131, 4144, 4140, 4146, + 4139, 4142, 4153, 4147, 4154, 4160, 4156, 4162, 4163, 6463, + 4164, 4166, 4149, 4175, 4171, 4177, 4172, 6463, 4178, 4180, + 4182, 6463, 4179, 4188, 4189, 4194, 4191, 4195, 4196, 4197, + 4199, 6463, 4203, 4204, 4200, 4201, 4202, 4210, 6463, 6463, + 4217, 6463, 4218, 4205, 4222, 4221, 4225, 4226, 4230, 4231, + 4233, 4227, 4234, 4242, 4241, 4243, 4257, 4255, 4258, 4245, + 4253, 4244, 6463, 6463, 4260, 4262, 4266, 4268, 4269, 4271, - 4256, 4261, 4262, 4264, 6165, 4270, 4258, 4265, 4271, 4274, - 4276, 4280, 4281, 4284, 4286, 4287, 6165, 4289, 4291, 4295, - 4296, 4297, 4298, 4299, 4304, 4302, 6165, 4308, 4310, 4312, - 4323, 4314, 4324, 4316, 4325, 4319, 4326, 4329, 4331, 4333, - 4334, 4336, 4337, 4347, 4352, 4349, 6165, 4338, 6165, 4348, - 4354, 4356, 4359, 4361, 4362, 6165, 4363, 4364, 4370, 4371, - 4365, 6165, 4373, 4367, 4372, 4376, 6165, 4375, 4389, 4377, - 4381, 4391, 4395, 6165, 4399, 4400, 4401, 4408, 4410, 4405, - 4412, 4407, 4415, 4413, 4409, 4417, 4418, 4426, 4424, 4422, - 6165, 4428, 4430, 4435, 4437, 4431, 4429, 4439, 4445, 4441, + 4272, 4279, 4276, 4284, 4287, 4289, 4280, 6463, 4278, 4291, + 4292, 4293, 6463, 4295, 4297, 4298, 4299, 4300, 4301, 4306, + 4303, 4304, 4307, 4316, 4308, 4310, 4326, 4317, 4318, 4327, + 4328, 4330, 4324, 4332, 4334, 6463, 4338, 4340, 4341, 4342, + 4344, 4345, 4348, 4349, 4351, 6463, 4352, 6463, 4353, 4356, + 4357, 4371, 4355, 4374, 4375, 4376, 4377, 4380, 4381, 4384, + 4385, 4395, 4386, 4390, 4396, 4398, 4400, 4405, 4406, 6463, + 4408, 4392, 4402, 4409, 4415, 4417, 4418, 4420, 4423, 4425, + 4427, 4426, 4429, 4433, 4430, 4434, 4435, 4436, 6463, 4440, + 4439, 4446, 4448, 4450, 4451, 4453, 4458, 4461, 4452, 4454, - 6165, 4446, 4447, 4448, 4450, 4452, 4453, 4455, 4463, 4459, - 4458, 6165, 4462, 4461, 4466, 4475, 4470, 4479, 6165, 6165, - 4472, 4482, 4484, 4480, 4488, 6165, 4490, 4491, 4492, 4496, - 4493, 6165, 6165, 4498, 6165, 4499, 6165, 4500, 4503, 6165, - 6165, 4505, 4501, 4507, 4508, 4516, 6165, 4521, 6165, 4524, - 4522, 4509, 4511, 4526, 6165, 4528, 4529, 4535, 6165, 4530, - 4538, 4536, 4537, 6165, 4543, 4545, 4540, 4544, 6165, 4549, - 4556, 4546, 4553, 4557, 4558, 4565, 4560, 4561, 4564, 4568, - 4569, 4570, 4572, 4579, 4581, 4583, 4585, 4586, 4587, 4588, - 4591, 4594, 4596, 4597, 4599, 4600, 4602, 4603, 4607, 4611, + 4462, 4464, 6463, 4466, 4467, 4470, 4358, 4473, 4475, 4477, + 4476, 4478, 6463, 4480, 4483, 4488, 4484, 4487, 4489, 4492, + 4496, 4499, 4500, 4501, 6463, 4512, 4510, 4509, 4511, 4513, + 4515, 4520, 4524, 4517, 6463, 4525, 4526, 4527, 4539, 4523, + 4540, 4532, 4545, 4535, 4536, 4548, 4546, 4547, 4552, 4553, + 4554, 4563, 4564, 4565, 6463, 4559, 6463, 4566, 4570, 4573, + 4576, 4578, 4572, 6463, 4574, 4580, 4582, 4584, 4586, 6463, + 4588, 4587, 4589, 4593, 6463, 4598, 4597, 4591, 4606, 4608, + 4609, 6463, 4613, 4614, 4615, 4622, 4625, 4621, 4624, 4626, + 4627, 4629, 4631, 4632, 4633, 4642, 4635, 4638, 6463, 4644, - 4604, 4612, 4613, 4614, 4617, 4618, 4621, 4625, 4628, 4629, - 4630, 4631, 4633, 4634, 4635, 4632, 4639, 4643, 4642, 4647, - 6165, 4636, 4648, 4650, 4660, 4653, 4659, 4661, 4669, 4672, - 4674, 6165, 4676, 6165, 4678, 4665, 4680, 4681, 4682, 6165, - 4684, 4685, 4686, 4687, 4689, 4690, 4692, 4693, 4688, 4696, - 4701, 6165, 4712, 4695, 4709, 4716, 6165, 4719, 4721, 4705, - 4722, 4724, 4726, 4725, 4727, 4730, 4729, 4733, 4735, 4737, - 4744, 4739, 4747, 4742, 4749, 4750, 4751, 4753, 4763, 4756, - 4764, 4760, 6165, 4767, 6165, 4768, 4769, 4772, 4773, 4774, - 4775, 4778, 6165, 6165, 4776, 4780, 4782, 4785, 4787, 4790, + 4647, 4653, 4654, 4637, 4655, 4656, 4657, 4663, 4658, 6463, + 4660, 4666, 4667, 4668, 4669, 4670, 4672, 4680, 4675, 4678, + 4679, 4683, 4684, 4685, 6463, 4688, 4691, 4692, 4699, 4695, + 4708, 6463, 4704, 6463, 4701, 4711, 4714, 4694, 4718, 6463, + 6463, 4705, 4722, 4721, 4724, 4725, 6463, 6463, 4727, 6463, + 4728, 6463, 4729, 4731, 6463, 6463, 4730, 4732, 4736, 4737, + 4739, 6463, 4745, 6463, 4754, 4749, 4740, 4751, 4752, 6463, + 4753, 4755, 4760, 6463, 4761, 4768, 4763, 4764, 6463, 4766, + 4771, 4769, 4775, 6463, 4776, 4783, 4780, 4778, 4786, 4784, + 4790, 4787, 4791, 4794, 4797, 4798, 4799, 4803, 4810, 4812, - 4794, 6165, 4791, 4799, 4802, 4804, 6165, 4792, 4808, 4809, - 4811, 6165, 4812, 4813, 4814, 4816, 4819, 4821, 4825, 4823, - 4826, 4827, 4831, 4834, 6165, 6165, 6165, 6165, 4835, 4837, - 4841, 4843, 4844, 4845, 4846, 4848, 4849, 6165, 4853, 6165, - 6165, 4858, 4860, 4861, 4862, 4866, 4850, 4868, 4870, 6165, - 4871, 4876, 4879, 4872, 4883, 4889, 4891, 4873, 4892, 4885, - 4893, 4900, 4896, 4898, 4895, 4902, 4905, 4909, 6165, 6165, - 4906, 4913, 4914, 4921, 4918, 4922, 4916, 4931, 4924, 4929, - 4926, 4932, 4933, 4936, 4943, 4944, 4940, 4939, 6165, 4948, - 4946, 6165, 4942, 6165, 4950, 4956, 4952, 4958, 4959, 4960, + 4814, 4816, 4817, 4804, 4820, 4823, 4826, 4821, 4828, 4830, + 4831, 4835, 4832, 4837, 4839, 4841, 4842, 4800, 4843, 4844, + 4848, 4845, 4846, 4857, 4849, 4859, 4860, 4861, 4862, 4863, + 4867, 4868, 4872, 4873, 4875, 6463, 4871, 4870, 4876, 4884, + 4882, 4878, 4893, 4895, 4901, 4902, 6463, 4904, 6463, 4906, + 4891, 4897, 4910, 4911, 6463, 4912, 4913, 4914, 4915, 4916, + 4917, 4918, 4919, 4922, 4923, 4927, 6463, 4934, 4924, 4921, + 4942, 4945, 6463, 4946, 4948, 4949, 4950, 4952, 4954, 4953, + 4956, 4957, 4958, 4961, 4963, 4964, 4965, 4966, 4976, 4979, + 4986, 4970, 4981, 4982, 4985, 4987, 4989, 4990, 4993, 4995, - 4962, 4964, 6165, 6165, 6165, 4965, 4966, 4972, 4975, 4976, - 4978, 4967, 4980, 4977, 6165, 4983, 6165, 4981, 4985, 4993, - 4988, 5000, 5003, 5005, 5007, 5002, 5004, 6165, 5008, 5011, - 6165, 5012, 5014, 5015, 6165, 5018, 5020, 5022, 5026, 6165, - 5032, 5023, 5029, 6165, 5036, 6165, 5033, 5037, 5039, 5046, - 5043, 6165, 5041, 5047, 6165, 5050, 5057, 5059, 5052, 6165, - 5054, 6165, 5044, 5067, 5068, 5071, 5058, 5075, 5063, 5060, - 5077, 5085, 5081, 5082, 6165, 6165, 181, 5089, 5084, 5090, - 5092, 5087, 5100, 5095, 5097, 5099, 6165, 6165, 5103, 6165, - 5096, 5102, 6165, 5106, 5111, 5115, 5109, 5113, 5117, 5119, + 5003, 5004, 5008, 6463, 4994, 6463, 4991, 5005, 5011, 5012, + 5014, 5015, 5017, 6463, 6463, 5018, 5022, 5021, 5016, 5026, + 5028, 5029, 6463, 5030, 5037, 5040, 5034, 6463, 5042, 5043, + 5046, 5049, 6463, 5050, 5051, 5052, 5054, 5055, 5059, 5064, + 5061, 5065, 5067, 5068, 5072, 6463, 6463, 6463, 6463, 5075, + 5073, 5078, 5080, 5083, 5082, 5085, 5087, 5084, 6463, 5090, + 6463, 6463, 5092, 5098, 5100, 5101, 5102, 5104, 5107, 5105, + 6463, 5109, 5112, 5115, 5111, 5119, 5122, 5128, 5125, 5129, + 5130, 5131, 5139, 5135, 5136, 5138, 5141, 5143, 5145, 6463, + 6463, 5147, 5151, 5152, 5162, 5154, 5158, 5157, 5170, 5165, - 5122, 5124, 5128, 5129, 5130, 5133, 5137, 5147, 5134, 5149, - 5150, 5154, 5156, 5158, 5160, 5138, 5161, 5162, 5163, 5164, - 5165, 6165, 5167, 5168, 5169, 6165, 5174, 5170, 5179, 5175, - 6165, 5183, 5186, 5189, 5190, 6165, 5191, 5193, 5121, 5194, - 5196, 5206, 5197, 5204, 5208, 6165, 6165, 6165, 5202, 5215, - 6165, 5217, 5218, 5201, 5219, 6165, 5221, 5222, 5223, 6165, - 6165, 5224, 5225, 5227, 5236, 6165, 5228, 6165, 5229, 6165, - 5233, 5239, 5241, 5243, 6165, 5246, 5253, 6165, 5256, 5259, - 5261, 5262, 5245, 5248, 5263, 6165, 5270, 5269, 5272, 5276, - 5266, 5273, 5278, 5281, 5279, 5288, 5280, 5290, 6165, 5283, + 5167, 5166, 5168, 5173, 5174, 5182, 5184, 5180, 5177, 6463, + 5179, 5187, 5188, 6463, 5190, 6463, 5193, 5194, 5196, 5197, + 5200, 5203, 5204, 5206, 6463, 6463, 5201, 5213, 5211, 6463, + 6463, 5208, 5216, 5218, 5221, 5222, 5223, 5224, 5225, 5231, + 5226, 6463, 5228, 6463, 5232, 5234, 5247, 5235, 5250, 5254, + 5255, 5257, 5251, 5253, 6463, 5261, 5262, 6463, 5263, 5264, + 5265, 6463, 5268, 5266, 5272, 5274, 6463, 5277, 5279, 5281, + 6463, 5288, 6463, 5282, 5285, 5289, 5297, 5292, 6463, 5293, + 5294, 6463, 5299, 5306, 5300, 5307, 6463, 5308, 6463, 5309, + 5311, 5314, 5317, 5312, 5319, 5321, 5322, 5323, 5330, 5332, - 5291, 5293, 5294, 5292, 5300, 5301, 6165, 5303, 6165, 5304, - 5306, 5308, 5307, 5309, 5310, 5314, 5313, 5320, 5324, 5326, - 6165, 5328, 5331, 6165, 5332, 6165, 5334, 6165, 5335, 5336, - 5338, 5337, 6165, 5340, 5341, 5343, 5344, 6165, 5347, 5350, - 5349, 5356, 6165, 6165, 5357, 5365, 5362, 6165, 5358, 5370, - 5372, 5373, 5375, 5376, 5379, 5378, 5389, 5381, 5384, 5382, - 5386, 5392, 5390, 6165, 6165, 6165, 5397, 5399, 5407, 5404, - 5405, 5412, 5410, 6165, 5411, 5414, 5415, 5417, 5424, 5421, - 5423, 6165, 5425, 5426, 5427, 5429, 5431, 5432, 5434, 6165, - 5441, 5446, 5448, 5433, 5449, 5456, 5458, 5460, 5461, 6165, + 5335, 6463, 6463, 135, 5342, 5325, 5333, 5338, 5343, 5350, + 5345, 5347, 5355, 6463, 6463, 5352, 6463, 5356, 5359, 6463, + 5346, 5360, 5365, 5361, 5367, 5368, 5369, 5373, 5375, 5376, + 5377, 5381, 5382, 5383, 5398, 5400, 5384, 5405, 5406, 5408, + 5410, 5412, 5402, 5414, 5396, 5415, 5417, 5420, 5421, 5423, + 5424, 5425, 6463, 5428, 5430, 5431, 5433, 6463, 5436, 5440, + 5438, 5443, 6463, 5450, 5446, 5452, 5453, 6463, 5442, 5457, + 5454, 5459, 5463, 5470, 5466, 5465, 5467, 6463, 6463, 6463, + 5472, 5476, 6463, 5481, 5473, 5482, 5483, 6463, 5485, 5486, + 5488, 6463, 6463, 5489, 5490, 5491, 5498, 6463, 5493, 6463, - 5463, 6165, 6165, 5450, 6165, 5464, 5465, 5467, 5470, 6165, - 5473, 5468, 5474, 5475, 5477, 5479, 6165, 5491, 5480, 5483, - 5488, 6165, 6165, 5496, 6165, 5498, 5499, 5492, 5507, 5503, - 5505, 5509, 5511, 6165, 5490, 5512, 5514, 5517, 5518, 6165, - 5520, 5521, 5522, 5523, 6165, 5526, 5525, 5530, 5531, 5533, - 6165, 5534, 5535, 5551, 5549, 6165, 5536, 5537, 6165, 6165, - 5558, 5560, 5561, 6165, 6165, 6165, 5563, 6165, 5567, 5571, - 5575, 5579, 5570, 6165, 5581, 5546, 5578, 6165, 6165, 5582, - 5583, 5584, 5586, 6165, 6165, 5587, 5588, 5590, 5591, 5593, - 6165, 5596, 5597, 5598, 5605, 5610, 5601, 5613, 5611, 5625, + 5494, 6463, 5497, 5503, 5509, 5504, 6463, 5512, 5518, 6463, + 5521, 5524, 5526, 5527, 5496, 5528, 5529, 6463, 5537, 5530, + 5533, 5540, 5532, 5541, 5542, 5543, 5544, 5551, 5546, 5555, + 6463, 5552, 5559, 5560, 5557, 5549, 5561, 5566, 6463, 5567, + 6463, 5570, 6463, 5572, 5573, 5574, 5575, 5577, 5579, 5385, + 5583, 5589, 5582, 5592, 5580, 5595, 5596, 6463, 6463, 5600, + 5602, 6463, 5597, 6463, 5604, 6463, 5605, 5607, 5608, 5609, + 6463, 5612, 5613, 5616, 5617, 6463, 5619, 5626, 5622, 5628, + 6463, 6463, 5625, 5635, 5632, 6463, 5630, 5643, 5647, 5631, + 5649, 5644, 5650, 5634, 5662, 5638, 5653, 5658, 5661, 5663, - 5621, 5607, 5622, 5617, 5626, 5628, 5627, 5630, 5640, 5635, - 5643, 5645, 5647, 6165, 6165, 5649, 6165, 6165, 5651, 5654, - 5656, 5658, 5660, 5662, 5664, 6165, 5665, 5667, 5668, 5669, - 5670, 6165, 5672, 5676, 5671, 5679, 5673, 5682, 5678, 5688, - 6165, 6165, 5680, 5636, 5527, 5694, 5684, 6165, 5696, 5703, - 5700, 5701, 5689, 5704, 5705, 6165, 5707, 5709, 6165, 6165, - 5710, 6165, 6165, 6165, 6165, 6165, 6165, 6165, 6165, 5712, - 6165, 5711, 5717, 5720, 5727, 6165, 5723, 5728, 5729, 5730, - 5731, 6165, 5732, 5736, 5734, 5738, 5741, 5742, 5735, 5744, - 5749, 5752, 5751, 5754, 5753, 5758, 5757, 5759, 5760, 6165, + 5669, 6463, 6463, 6463, 5664, 5667, 5677, 5673, 5679, 5680, + 5675, 6463, 5681, 5684, 5685, 5688, 5695, 5691, 5697, 6463, + 5692, 5694, 5698, 5700, 5702, 5699, 5703, 5705, 6463, 5711, + 5716, 5717, 5706, 5721, 5725, 5728, 5730, 5731, 5732, 5739, + 5735, 6463, 5737, 6463, 6463, 5734, 6463, 5738, 5741, 5742, + 5745, 6463, 5748, 5743, 5749, 5750, 5752, 5755, 6463, 5762, + 5761, 5765, 5766, 6463, 6463, 5768, 6463, 5773, 5770, 5774, + 5782, 5777, 5778, 5780, 5785, 6463, 5783, 5787, 5791, 5792, + 5793, 6463, 5794, 5795, 5797, 5798, 6463, 5801, 5800, 5805, + 5806, 5808, 6463, 5810, 5809, 5826, 5825, 6463, 5811, 5821, - 6165, 6165, 5761, 5764, 5772, 5773, 5781, 5785, 5788, 5790, - 5774, 5777, 5791, 5795, 5796, 5783, 5792, 5804, 5799, 5802, - 5805, 5803, 5812, 5806, 5809, 5816, 6165, 5817, 6165, 5818, - 6165, 6165, 5820, 5824, 5822, 5826, 5833, 5835, 5834, 5831, - 5837, 5838, 5840, 5842, 6165, 5846, 5849, 6165, 5847, 5850, - 6165, 5851, 5852, 5853, 5855, 5860, 5858, 5859, 5865, 5863, - 6165, 6165, 5866, 5874, 5875, 5879, 5876, 5888, 5883, 5880, - 5890, 5891, 5887, 5899, 6165, 5898, 5900, 5902, 6165, 5903, - 5889, 5904, 5909, 5910, 5918, 5913, 5914, 6165, 5915, 6165, - 5920, 5921, 5917, 5923, 5924, 5925, 5934, 5926, 5936, 6165, + 5828, 6463, 6463, 5833, 5835, 5836, 6463, 6463, 6463, 5838, + 5839, 5842, 5846, 6463, 5848, 5852, 5856, 5860, 5851, 6463, + 5863, 5859, 5864, 6463, 6463, 5865, 5866, 5867, 5869, 6463, + 6463, 5870, 5873, 5871, 5874, 5876, 6463, 5879, 5881, 5887, + 5893, 5899, 5889, 5896, 5894, 5908, 5911, 5884, 5900, 5910, + 5912, 5913, 5914, 5920, 5922, 5921, 5924, 5926, 5928, 5929, + 6463, 6463, 5936, 6463, 5938, 5930, 6463, 6463, 5941, 5945, + 5947, 5949, 5951, 5953, 5955, 6463, 5956, 5958, 5959, 5960, + 5942, 6463, 5961, 5964, 5966, 5969, 5967, 5970, 5973, 5975, + 6463, 6463, 5976, 5983, 5977, 5984, 5978, 6463, 5987, 5995, - 5937, 5939, 5941, 5944, 5946, 5948, 5950, 5951, 5955, 5956, - 5962, 5959, 5965, 5966, 5952, 5969, 5967, 6165, 5976, 5968, - 6165, 5977, 5978, 5979, 5980, 5984, 6165, 5989, 5981, 5990, - 5991, 5994, 5995, 6165, 5997, 6004, 6001, 6165, 6005, 6165, - 6165, 6006, 6007, 6012, 6014, 6016, 6165, 6165, 6165, 6045, - 6052, 6059, 6066, 6073, 6080, 6087, 88, 6094, 6101, 6108, - 6115, 6122, 6129, 6136, 6143, 6150, 6157 + 5991, 5992, 5993, 5998, 5999, 6463, 6000, 6001, 6463, 6463, + 6004, 6002, 6463, 6463, 6007, 6463, 6463, 6463, 6463, 6463, + 6463, 6463, 6011, 6463, 6009, 6019, 6021, 6024, 6463, 6013, + 6025, 6026, 6027, 6028, 6463, 6029, 6032, 6035, 5239, 6031, + 6037, 6041, 6039, 6044, 6045, 6048, 6049, 6050, 6051, 6055, + 6053, 6065, 6056, 6066, 6463, 6463, 6463, 6067, 6057, 6069, + 6075, 6079, 6082, 6086, 6088, 6072, 6080, 6089, 6090, 6093, + 6094, 6096, 6103, 6099, 6102, 6101, 6105, 6107, 6109, 6116, + 6110, 6112, 6118, 6463, 6120, 6463, 6121, 6463, 6463, 6123, + 6128, 6124, 6126, 6136, 6140, 6133, 6137, 6138, 6141, 6143, + + 6463, 6149, 6463, 6463, 6144, 6151, 6463, 6152, 6154, 6463, + 6153, 6155, 6156, 6159, 6161, 6162, 6163, 6164, 6177, 6463, + 6463, 6167, 6170, 6178, 6180, 6184, 6191, 6182, 6190, 6193, + 6194, 6186, 6202, 6463, 6201, 6203, 6207, 6463, 6209, 6192, + 6210, 6204, 6212, 6220, 6215, 6216, 6463, 6218, 6463, 6222, + 6224, 6225, 6226, 6227, 6228, 6237, 6235, 6239, 6463, 6232, + 6242, 6244, 6247, 6249, 6251, 6253, 6254, 6262, 6259, 6255, + 6266, 6267, 6268, 6269, 6271, 6270, 6463, 6278, 6272, 6463, + 6279, 6280, 6281, 6282, 6286, 6463, 6293, 6283, 6290, 6294, + 6297, 6298, 6463, 6304, 6307, 6308, 6463, 6311, 6463, 6463, + + 6312, 6299, 6310, 6314, 6320, 6463, 6463, 6463, 6343, 6350, + 6357, 6364, 6371, 6378, 6385, 88, 6392, 6399, 6406, 6413, + 6420, 6427, 6434, 6441, 6448, 6455 } ; -static const flex_int16_t yy_def[3168] = +static const flex_int16_t yy_def[3327] = { 0, - 3149, 1, 3150, 3150, 3151, 3151, 3152, 3152, 3153, 3153, - 3154, 3154, 3155, 3155, 3156, 3156, 3149, 3157, 3149, 3149, - 3149, 3149, 3158, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3159, 3149, 3149, 3149, - 3159, 3160, 3149, 3149, 3149, 3160, 3161, 3149, 3149, 3149, - 3149, 3161, 3162, 3149, 3149, 3149, 3162, 3163, 3149, 3164, - 3149, 3163, 3163, 3165, 3149, 3149, 3149, 3149, 3165, 3166, - 3149, 3149, 3149, 3166, 3157, 3157, 3149, 3167, 3158, 3167, - 3158, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3308, 1, 3309, 3309, 3310, 3310, 3311, 3311, 3312, 3312, + 3313, 3313, 3314, 3314, 3315, 3315, 3308, 3316, 3308, 3308, + 3308, 3308, 3317, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3318, 3308, 3308, 3308, + 3318, 3319, 3308, 3308, 3308, 3319, 3320, 3308, 3308, 3308, + 3308, 3320, 3321, 3308, 3308, 3308, 3321, 3322, 3308, 3323, + 3308, 3322, 3322, 3324, 3308, 3308, 3308, 3308, 3324, 3325, + 3308, 3308, 3308, 3325, 3316, 3316, 3308, 3326, 3317, 3326, + 3317, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3159, 3159, 3160, 3160, - 3161, 3161, 3149, 3162, 3162, 3163, 3163, 3164, 3164, 3163, - 3165, 3165, 3149, 3166, 3166, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3318, 3318, + 3319, 3319, 3320, 3320, 3308, 3321, 3321, 3322, 3322, 3323, + 3323, 3322, 3324, 3324, 3308, 3325, 3325, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3163, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3322, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3163, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3322, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3163, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3322, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3163, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3149, 3149, 3157, 3149, 3149, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3322, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3308, 3308, 3316, 3308, 3308, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3163, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3322, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3149, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3308, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3163, 3163, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3322, 3322, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3163, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3322, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3163, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3322, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3163, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3322, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3149, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3163, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3308, - 3157, 3149, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3149, 3157, 3149, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3322, 3316, 3308, 3316, 3316, 3316, 3308, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3149, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3163, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3308, 3316, 3308, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3308, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3322, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3308, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, - 3157, 3157, 3157, 3163, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3149, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3149, 3149, 3157, 3149, 3157, 3149, 3157, 3157, 3149, - 3149, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, 3316, 3316, + 3316, 3322, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3163, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3308, + 3308, 3316, 3316, 3316, 3316, 3316, 3308, 3308, 3316, 3308, + 3316, 3308, 3316, 3316, 3308, 3308, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3149, 3149, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3163, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, - 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3322, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3149, 3149, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3149, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3149, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3149, 3163, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3149, 3157, 3149, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3316, 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3308, 3308, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3308, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3322, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3149, 3149, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3149, - 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, 3149, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3308, 3316, 3316, 3316, 3308, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3308, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3149, 3157, 3149, 3157, 3149, 3157, 3157, - 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3149, 3149, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3149, 3149, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, + 3316, 3308, 3308, 3322, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3308, 3316, 3308, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3308, 3308, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3308, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3308, - 3157, 3149, 3149, 3157, 3149, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3149, 3149, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3149, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3149, 3149, - 3157, 3157, 3157, 3149, 3149, 3149, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3149, 3149, 3157, - 3157, 3157, 3157, 3149, 3149, 3157, 3157, 3157, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, + 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3308, 3316, + 3316, 3308, 3316, 3308, 3316, 3308, 3316, 3316, 3316, 3316, + 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3308, 3308, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3149, 3157, 3149, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3149, 3149, - 3157, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3157, - 3149, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3157, - 3157, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, + 3316, 3308, 3308, 3308, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3308, 3308, 3316, 3308, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3308, 3308, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, 3316, - 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, 3157, - 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3149, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3149, 3149, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3149, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3149, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, + 3316, 3308, 3308, 3316, 3316, 3316, 3308, 3308, 3308, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3308, + 3316, 3316, 3316, 3308, 3308, 3316, 3316, 3316, 3316, 3308, + 3308, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3308, 3316, 3308, 3316, 3316, 3308, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3308, 3308, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3157, - 3157, 3157, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, - 3149, 3157, 3157, 3157, 3157, 3157, 3149, 3157, 3157, 3157, - 3157, 3157, 3157, 3149, 3157, 3157, 3157, 3149, 3157, 3149, - 3149, 3157, 3157, 3157, 3157, 3157, 3149, 3149, 0, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149 + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3308, 3308, + 3316, 3316, 3308, 3308, 3316, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3316, 3308, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3308, 3308, 3308, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3308, 3316, 3308, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + + 3308, 3316, 3308, 3308, 3316, 3316, 3308, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, + 3308, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3308, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, 3316, + 3316, 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3308, + 3316, 3316, 3316, 3316, 3316, 3308, 3316, 3316, 3316, 3316, + 3316, 3316, 3308, 3316, 3316, 3316, 3308, 3316, 3308, 3308, + + 3316, 3316, 3316, 3316, 3316, 3308, 3308, 0, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308 } ; -static const flex_int16_t yy_nxt[6206] = +static const flex_int16_t yy_nxt[6504] = { 0, 18, 19, 20, 21, 22, 23, 22, 18, 18, 18, 18, 18, 22, 24, 25, 26, 27, 28, 29, 30, @@ -1467,684 +1521,717 @@ static const flex_int16_t yy_nxt[6206] = 55, 51, 55, 85, 51, 85, 85, 56, 85, 56, 58, 59, 60, 61, 85, 22, 58, 59, 60, 61, 86, 22, 62, 64, 65, 66, 86, 97, 62, 64, - 65, 66, 87, 86, 67, 118, 88, 108, 85, 86, + 65, 66, 87, 86, 67, 119, 88, 108, 85, 86, 67, 19, 20, 21, 69, 70, 71, 75, 76, 77, - 78, 86, 22, 72, 120, 86, 119, 109, 86, 79, - 157, 157, 73, 19, 20, 21, 69, 70, 71, 75, - 76, 77, 78, 184, 22, 72, 81, 82, 83, 128, + 78, 86, 22, 72, 121, 86, 120, 109, 86, 79, + 159, 159, 73, 19, 20, 21, 69, 70, 71, 75, + 76, 77, 78, 186, 22, 72, 81, 82, 83, 130, 90, 79, 90, 90, 73, 90, 86, 84, 81, 82, - 83, 90, 91, 86, 86, 98, 92, 93, 86, 84, - 94, 156, 99, 86, 110, 95, 100, 86, 112, 101, - 86, 145, 134, 146, 96, 86, 113, 87, 111, 86, - 102, 88, 147, 114, 103, 86, 115, 104, 148, 105, - 106, 159, 178, 116, 159, 117, 86, 121, 86, 125, - 107, 86, 153, 126, 167, 122, 154, 86, 86, 135, + 83, 90, 91, 86, 86, 98, 92, 93, 169, 84, + 94, 158, 99, 86, 110, 95, 100, 161, 86, 101, + 161, 169, 86, 112, 96, 86, 166, 166, 111, 86, + 102, 113, 136, 115, 103, 172, 116, 104, 86, 105, + 106, 178, 114, 117, 169, 118, 86, 122, 86, 126, + 107, 86, 155, 127, 177, 123, 156, 86, 86, 137, - 155, 123, 129, 136, 86, 124, 130, 164, 164, 127, - 167, 223, 131, 137, 138, 132, 139, 86, 86, 174, - 174, 149, 133, 140, 170, 161, 141, 161, 161, 86, - 161, 150, 176, 142, 246, 151, 152, 143, 144, 90, - 86, 90, 90, 166, 90, 166, 166, 171, 166, 171, - 171, 169, 171, 85, 86, 85, 85, 90, 85, 90, - 90, 86, 90, 86, 85, 177, 179, 86, 90, 91, - 181, 86, 86, 86, 182, 86, 86, 86, 86, 194, - 86, 185, 187, 180, 86, 86, 86, 183, 188, 186, - 189, 190, 191, 86, 196, 86, 86, 193, 195, 192, + 157, 124, 131, 138, 87, 125, 132, 128, 88, 129, + 176, 176, 133, 139, 140, 134, 141, 86, 86, 86, + 86, 179, 135, 142, 86, 147, 143, 148, 86, 86, + 86, 181, 183, 144, 151, 180, 149, 145, 146, 86, + 182, 86, 150, 206, 152, 175, 208, 86, 153, 154, + 163, 225, 163, 163, 90, 163, 90, 90, 168, 90, + 168, 168, 173, 168, 173, 173, 171, 173, 85, 86, + 85, 85, 90, 85, 90, 90, 86, 90, 86, 85, + 86, 184, 86, 90, 91, 187, 86, 192, 193, 86, + 86, 196, 189, 86, 185, 86, 188, 86, 190, 86, - 197, 86, 86, 86, 198, 86, 199, 200, 205, 204, - 206, 202, 86, 86, 201, 207, 211, 86, 208, 203, - 86, 213, 86, 86, 86, 214, 216, 221, 86, 86, - 217, 209, 210, 222, 86, 225, 86, 227, 86, 86, - 86, 212, 86, 219, 229, 215, 218, 224, 220, 226, - 86, 86, 234, 86, 86, 231, 228, 230, 86, 232, - 86, 86, 233, 86, 86, 236, 242, 86, 248, 239, - 86, 86, 86, 235, 237, 86, 247, 243, 251, 241, - 238, 244, 86, 245, 240, 249, 86, 86, 250, 252, - 86, 253, 86, 255, 257, 261, 86, 86, 86, 260, + 191, 86, 194, 86, 198, 86, 174, 199, 195, 86, + 197, 86, 201, 202, 86, 200, 86, 204, 214, 210, + 203, 205, 211, 209, 86, 207, 86, 86, 86, 86, + 216, 217, 86, 222, 86, 212, 213, 219, 223, 226, + 227, 220, 224, 215, 86, 86, 86, 86, 86, 231, + 86, 218, 228, 229, 233, 86, 86, 221, 86, 230, + 235, 86, 238, 86, 236, 232, 234, 86, 86, 86, + 169, 240, 86, 86, 252, 250, 237, 86, 239, 86, + 241, 86, 246, 243, 86, 249, 242, 86, 245, 244, + 86, 253, 86, 247, 254, 86, 251, 248, 259, 255, - 86, 254, 256, 258, 167, 264, 157, 157, 262, 159, - 86, 265, 159, 164, 164, 259, 263, 161, 275, 161, - 161, 166, 161, 166, 166, 90, 166, 90, 90, 167, - 90, 171, 266, 171, 171, 86, 171, 169, 174, 174, - 267, 268, 86, 86, 86, 86, 86, 86, 86, 86, - 86, 86, 272, 86, 278, 175, 269, 274, 271, 273, - 270, 281, 280, 277, 276, 173, 86, 86, 282, 286, - 279, 284, 86, 285, 86, 86, 283, 287, 290, 86, - 86, 295, 288, 291, 86, 86, 86, 86, 292, 86, - 86, 298, 299, 86, 293, 294, 296, 302, 86, 289, + 86, 86, 86, 257, 261, 86, 265, 86, 86, 258, + 256, 260, 264, 262, 86, 159, 159, 266, 86, 268, + 161, 269, 86, 161, 367, 263, 267, 163, 169, 163, + 163, 270, 163, 166, 166, 168, 274, 168, 168, 90, + 168, 90, 90, 173, 90, 173, 173, 86, 173, 176, + 176, 171, 271, 272, 86, 86, 86, 86, 86, 86, + 86, 86, 86, 276, 86, 279, 282, 278, 273, 275, + 277, 86, 285, 284, 290, 281, 86, 280, 86, 286, + 86, 288, 283, 86, 289, 291, 86, 86, 86, 86, + 292, 86, 294, 86, 299, 86, 287, 295, 300, 86, - 86, 300, 304, 86, 297, 305, 86, 306, 86, 86, - 301, 86, 86, 86, 172, 86, 311, 312, 86, 313, - 308, 307, 314, 309, 315, 86, 303, 310, 321, 323, - 318, 320, 86, 319, 86, 86, 316, 325, 317, 86, - 322, 324, 327, 86, 328, 86, 86, 331, 86, 333, - 86, 332, 326, 86, 334, 86, 86, 86, 86, 329, - 86, 86, 86, 335, 337, 86, 330, 86, 339, 86, - 336, 86, 86, 86, 86, 341, 343, 86, 86, 348, - 86, 338, 342, 344, 349, 86, 86, 340, 345, 354, - 86, 350, 347, 346, 352, 86, 351, 86, 357, 86, + 302, 304, 296, 86, 303, 306, 86, 293, 297, 298, + 301, 86, 86, 86, 86, 86, 308, 86, 309, 86, + 86, 86, 310, 305, 86, 316, 317, 86, 311, 313, + 312, 167, 314, 86, 307, 86, 318, 315, 323, 319, + 326, 320, 86, 325, 324, 328, 86, 86, 327, 86, + 330, 86, 332, 321, 333, 322, 86, 329, 86, 336, + 86, 86, 331, 86, 86, 86, 337, 338, 339, 334, + 335, 340, 86, 86, 86, 86, 342, 86, 86, 341, + 343, 86, 86, 86, 345, 86, 86, 86, 86, 86, + 348, 350, 86, 355, 346, 344, 349, 351, 356, 86, - 86, 86, 353, 360, 86, 359, 86, 86, 86, 86, - 86, 363, 364, 167, 362, 355, 356, 86, 86, 358, - 366, 367, 86, 369, 368, 361, 86, 365, 370, 86, - 371, 373, 86, 86, 374, 86, 86, 86, 167, 86, - 377, 86, 86, 86, 86, 86, 384, 385, 382, 380, - 378, 375, 86, 86, 372, 86, 376, 388, 379, 86, - 386, 86, 381, 86, 387, 86, 86, 383, 86, 86, - 394, 86, 395, 86, 396, 397, 389, 393, 86, 390, - 86, 398, 392, 399, 391, 86, 86, 86, 401, 86, - 402, 86, 86, 86, 86, 405, 86, 86, 406, 86, + 352, 86, 86, 347, 86, 353, 357, 354, 359, 361, + 358, 86, 364, 86, 86, 86, 86, 370, 86, 366, + 86, 86, 371, 86, 360, 373, 86, 369, 86, 362, + 363, 86, 86, 365, 86, 368, 86, 376, 374, 378, + 372, 377, 86, 380, 169, 86, 375, 86, 86, 86, + 381, 86, 384, 86, 86, 86, 385, 383, 86, 391, + 389, 387, 392, 379, 86, 86, 86, 382, 86, 393, + 386, 394, 395, 86, 388, 86, 86, 86, 86, 86, + 86, 390, 86, 406, 402, 403, 86, 400, 396, 397, + 86, 399, 86, 86, 398, 404, 86, 405, 86, 408, - 86, 165, 412, 400, 409, 407, 408, 403, 404, 411, - 86, 413, 86, 410, 86, 86, 414, 86, 86, 416, - 86, 418, 86, 86, 86, 417, 86, 86, 86, 423, - 86, 86, 86, 415, 419, 424, 86, 422, 86, 86, - 420, 163, 426, 86, 421, 427, 86, 429, 425, 428, - 86, 433, 434, 431, 430, 436, 86, 86, 86, 435, - 86, 86, 86, 86, 449, 86, 443, 445, 454, 86, - 432, 86, 86, 455, 86, 446, 450, 447, 444, 86, - 437, 451, 86, 438, 452, 453, 86, 606, 439, 440, - 441, 442, 86, 448, 86, 456, 457, 86, 86, 458, + 86, 409, 86, 86, 86, 401, 412, 86, 86, 416, + 407, 413, 86, 86, 418, 86, 86, 414, 410, 411, + 86, 415, 86, 420, 419, 86, 86, 417, 86, 86, + 421, 86, 423, 424, 425, 426, 428, 86, 86, 86, + 86, 86, 433, 429, 86, 432, 86, 422, 86, 86, + 165, 431, 435, 86, 86, 438, 86, 86, 430, 86, + 427, 443, 440, 86, 434, 86, 444, 86, 436, 442, + 86, 437, 86, 86, 439, 466, 86, 445, 454, 441, + 86, 452, 86, 86, 86, 455, 458, 456, 453, 446, + 86, 86, 447, 465, 86, 86, 460, 448, 449, 450, - 86, 459, 86, 460, 462, 86, 461, 463, 86, 464, - 86, 86, 467, 465, 86, 466, 86, 471, 86, 86, - 86, 86, 472, 86, 473, 476, 477, 162, 488, 86, - 468, 470, 86, 474, 469, 86, 86, 86, 475, 86, - 478, 479, 481, 483, 482, 86, 490, 480, 484, 86, - 489, 86, 86, 491, 86, 86, 492, 503, 86, 86, - 86, 485, 493, 86, 486, 86, 487, 86, 494, 86, - 508, 167, 495, 505, 86, 506, 504, 507, 519, 510, - 496, 86, 497, 86, 498, 520, 509, 86, 86, 518, - 521, 86, 523, 522, 86, 86, 86, 499, 525, 842, + 451, 86, 791, 457, 459, 86, 463, 461, 462, 469, + 86, 464, 86, 86, 472, 86, 86, 474, 467, 470, + 86, 468, 471, 86, 475, 473, 86, 86, 86, 86, + 86, 86, 477, 482, 86, 86, 483, 86, 484, 86, + 478, 476, 487, 488, 86, 86, 481, 485, 479, 86, + 480, 86, 86, 499, 486, 86, 489, 490, 492, 494, + 493, 86, 501, 491, 495, 86, 500, 86, 86, 502, + 86, 86, 503, 86, 86, 86, 515, 496, 504, 86, + 497, 86, 498, 86, 505, 164, 86, 86, 506, 517, + 520, 514, 86, 519, 516, 522, 507, 86, 508, 86, - 500, 86, 501, 528, 502, 86, 86, 511, 512, 86, - 526, 86, 86, 524, 527, 86, 86, 513, 86, 514, - 515, 516, 529, 532, 517, 531, 530, 86, 86, 86, - 537, 540, 538, 533, 86, 534, 535, 86, 536, 86, - 541, 86, 86, 539, 545, 86, 86, 86, 549, 550, - 86, 86, 548, 543, 542, 86, 544, 86, 86, 86, - 86, 555, 547, 86, 86, 86, 556, 86, 86, 558, - 546, 559, 86, 552, 553, 551, 86, 554, 86, 561, - 86, 86, 634, 86, 557, 86, 560, 562, 564, 86, - 86, 563, 567, 572, 570, 566, 86, 86, 565, 573, + 509, 518, 536, 86, 532, 86, 521, 530, 531, 533, + 86, 534, 86, 510, 86, 86, 511, 169, 512, 86, + 513, 86, 539, 523, 524, 540, 86, 537, 538, 86, + 86, 86, 162, 525, 542, 526, 527, 528, 535, 544, + 529, 541, 86, 543, 86, 86, 548, 546, 86, 545, + 549, 86, 553, 551, 86, 554, 86, 86, 86, 550, + 86, 558, 86, 86, 86, 547, 552, 86, 86, 556, + 86, 86, 86, 561, 557, 160, 555, 562, 563, 560, + 86, 86, 86, 568, 564, 567, 565, 559, 566, 86, + 86, 569, 570, 86, 572, 86, 575, 573, 86, 86, - 574, 571, 86, 568, 86, 569, 86, 86, 576, 86, - 86, 577, 578, 86, 581, 579, 86, 86, 575, 583, - 86, 86, 584, 86, 580, 86, 586, 587, 86, 582, - 86, 86, 588, 86, 585, 86, 591, 86, 589, 86, - 592, 86, 593, 86, 86, 86, 86, 86, 599, 595, - 594, 590, 603, 86, 86, 602, 598, 600, 601, 596, - 86, 597, 86, 605, 86, 607, 86, 86, 86, 86, - 86, 86, 86, 617, 86, 609, 86, 610, 619, 86, - 86, 604, 612, 86, 86, 618, 624, 608, 616, 611, - 613, 615, 614, 86, 621, 86, 86, 86, 620, 627, + 86, 576, 86, 86, 589, 86, 86, 592, 86, 571, + 86, 584, 574, 577, 581, 578, 580, 590, 579, 585, + 586, 86, 86, 587, 588, 582, 591, 583, 594, 86, + 86, 593, 86, 86, 86, 598, 596, 597, 86, 86, + 86, 601, 86, 599, 603, 86, 86, 86, 86, 606, + 595, 604, 607, 86, 86, 602, 86, 608, 86, 600, + 605, 86, 86, 86, 613, 86, 611, 612, 86, 609, + 86, 86, 614, 86, 86, 86, 619, 610, 620, 86, + 615, 86, 622, 618, 623, 616, 86, 621, 617, 86, + 625, 86, 86, 627, 86, 86, 86, 86, 86, 86, - 86, 86, 630, 622, 629, 86, 623, 86, 86, 86, - 625, 86, 626, 86, 633, 86, 86, 636, 86, 86, - 628, 632, 86, 637, 639, 86, 631, 86, 86, 86, - 638, 86, 635, 653, 86, 641, 86, 667, 640, 86, - 642, 86, 643, 652, 86, 651, 86, 644, 656, 645, - 654, 660, 655, 86, 659, 646, 86, 647, 657, 86, - 648, 649, 658, 664, 86, 86, 86, 650, 663, 86, - 86, 670, 661, 86, 665, 662, 86, 672, 86, 86, - 666, 86, 86, 86, 86, 86, 669, 86, 668, 678, - 86, 674, 86, 673, 679, 86, 675, 86, 671, 683, + 86, 86, 86, 629, 86, 630, 638, 624, 639, 86, + 632, 86, 86, 626, 86, 628, 641, 631, 633, 635, + 634, 640, 636, 637, 86, 86, 86, 86, 642, 645, + 86, 648, 643, 86, 651, 644, 86, 86, 86, 646, + 86, 650, 86, 86, 86, 647, 86, 654, 657, 86, + 653, 86, 86, 649, 658, 86, 86, 660, 652, 86, + 86, 86, 86, 86, 86, 655, 659, 656, 674, 86, + 86, 661, 663, 696, 677, 662, 86, 664, 673, 86, + 672, 675, 665, 177, 666, 676, 86, 86, 86, 86, + 667, 681, 668, 678, 680, 669, 670, 679, 684, 685, - 167, 676, 685, 682, 684, 677, 680, 681, 86, 86, - 687, 86, 86, 86, 86, 86, 86, 86, 86, 692, - 694, 686, 696, 86, 86, 695, 689, 697, 690, 693, - 688, 699, 691, 86, 86, 86, 698, 86, 701, 86, - 86, 86, 86, 86, 705, 86, 700, 704, 713, 86, - 86, 710, 706, 702, 715, 703, 711, 86, 86, 707, - 86, 709, 708, 712, 714, 86, 716, 86, 717, 86, - 718, 86, 719, 86, 722, 86, 86, 720, 86, 721, - 723, 86, 86, 86, 86, 726, 86, 86, 727, 725, - 731, 730, 724, 86, 86, 86, 86, 732, 86, 86, + 86, 86, 671, 682, 86, 86, 683, 689, 86, 86, + 686, 86, 692, 86, 86, 687, 86, 688, 86, 694, + 86, 86, 86, 86, 86, 701, 86, 175, 700, 691, + 86, 690, 86, 698, 86, 695, 697, 86, 693, 705, + 704, 703, 169, 702, 699, 707, 706, 709, 86, 708, + 86, 86, 86, 86, 86, 86, 86, 716, 714, 86, + 719, 86, 86, 86, 711, 86, 720, 710, 712, 715, + 713, 718, 86, 722, 721, 86, 86, 723, 724, 86, + 86, 86, 86, 717, 86, 728, 727, 86, 86, 86, + 725, 733, 86, 729, 829, 726, 734, 86, 736, 86, - 734, 86, 736, 86, 737, 729, 86, 728, 86, 86, - 743, 86, 733, 86, 739, 738, 86, 86, 735, 740, - 86, 742, 746, 741, 744, 747, 86, 750, 86, 745, - 748, 86, 86, 86, 752, 86, 753, 751, 86, 86, - 755, 749, 756, 757, 86, 86, 86, 86, 86, 86, - 764, 86, 762, 760, 86, 86, 86, 86, 754, 86, - 758, 761, 770, 759, 765, 160, 768, 86, 86, 763, - 86, 769, 767, 766, 86, 86, 771, 772, 773, 774, - 86, 86, 86, 775, 779, 777, 86, 776, 781, 778, - 86, 780, 86, 86, 86, 782, 784, 86, 783, 86, + 730, 738, 735, 731, 732, 737, 86, 86, 739, 86, + 740, 86, 741, 744, 742, 86, 86, 86, 86, 743, + 86, 86, 747, 86, 746, 86, 86, 745, 750, 86, + 755, 749, 86, 86, 751, 748, 86, 754, 86, 86, + 86, 86, 756, 86, 760, 758, 86, 86, 86, 752, + 86, 753, 86, 763, 766, 759, 86, 757, 86, 86, + 86, 761, 86, 767, 86, 774, 764, 174, 762, 86, + 768, 86, 765, 86, 769, 86, 86, 773, 777, 770, + 775, 778, 771, 772, 86, 776, 781, 86, 86, 779, + 86, 783, 86, 86, 784, 86, 782, 86, 786, 780, - 86, 785, 86, 791, 86, 788, 86, 86, 86, 86, - 786, 86, 787, 794, 86, 793, 86, 796, 797, 789, - 790, 86, 800, 792, 798, 86, 801, 795, 86, 804, - 802, 86, 806, 86, 805, 86, 86, 86, 808, 799, - 803, 86, 86, 810, 86, 86, 86, 86, 816, 86, - 86, 86, 86, 817, 86, 86, 809, 86, 807, 818, - 811, 86, 812, 813, 86, 814, 819, 815, 825, 86, - 820, 822, 86, 823, 86, 821, 86, 86, 86, 824, - 86, 86, 830, 826, 827, 86, 86, 86, 86, 86, - 839, 86, 158, 837, 86, 828, 829, 832, 831, 86, + 787, 86, 86, 86, 86, 86, 788, 86, 793, 795, + 86, 789, 86, 86, 86, 86, 785, 792, 801, 86, + 790, 796, 86, 799, 86, 794, 797, 800, 802, 798, + 86, 804, 805, 803, 86, 86, 86, 808, 806, 86, + 810, 807, 86, 812, 86, 86, 86, 811, 813, 86, + 86, 816, 86, 809, 86, 815, 817, 86, 86, 86, + 823, 86, 86, 820, 169, 818, 86, 819, 825, 814, + 86, 86, 828, 86, 86, 826, 830, 821, 822, 832, + 824, 86, 827, 86, 836, 86, 833, 86, 834, 837, + 86, 831, 86, 838, 86, 86, 840, 86, 835, 842, - 86, 86, 86, 833, 834, 835, 836, 86, 838, 86, - 841, 840, 86, 843, 844, 847, 845, 86, 86, 848, - 846, 86, 849, 86, 86, 850, 851, 86, 852, 86, - 86, 86, 167, 86, 854, 86, 86, 859, 855, 860, - 857, 86, 853, 86, 856, 858, 86, 861, 86, 862, - 863, 86, 867, 86, 86, 868, 870, 86, 86, 86, - 873, 864, 865, 869, 86, 86, 86, 871, 86, 875, - 86, 86, 866, 879, 86, 86, 86, 86, 872, 86, - 876, 86, 880, 881, 874, 86, 86, 86, 86, 878, - 86, 86, 895, 882, 86, 877, 896, 894, 898, 86, + 86, 86, 86, 86, 848, 843, 839, 86, 86, 86, + 86, 849, 86, 86, 841, 86, 86, 850, 844, 845, + 86, 846, 86, 847, 851, 86, 857, 852, 855, 86, + 86, 853, 86, 86, 854, 856, 858, 859, 86, 86, + 86, 86, 862, 86, 167, 86, 86, 86, 860, 861, + 869, 863, 86, 871, 86, 864, 86, 86, 865, 866, + 867, 870, 868, 86, 86, 874, 86, 872, 873, 86, + 876, 877, 86, 878, 86, 875, 86, 86, 86, 86, + 86, 881, 882, 883, 884, 880, 86, 887, 879, 86, + 86, 885, 86, 86, 169, 86, 886, 86, 888, 892, - 892, 884, 883, 86, 893, 885, 86, 897, 886, 86, - 899, 86, 887, 86, 900, 888, 86, 901, 905, 904, - 86, 86, 889, 890, 86, 891, 913, 86, 86, 902, - 903, 86, 906, 907, 86, 908, 86, 917, 909, 86, - 86, 914, 918, 910, 934, 915, 920, 919, 86, 911, - 912, 86, 921, 916, 86, 922, 86, 923, 86, 924, - 86, 925, 927, 86, 86, 926, 928, 86, 86, 86, - 86, 86, 86, 931, 86, 935, 86, 938, 86, 929, - 86, 86, 86, 942, 944, 86, 936, 930, 86, 86, - 932, 933, 937, 940, 86, 945, 954, 86, 939, 943, + 893, 890, 86, 86, 889, 891, 894, 86, 86, 895, + 86, 86, 896, 900, 86, 86, 86, 901, 903, 86, + 904, 86, 897, 86, 898, 902, 907, 86, 86, 899, + 905, 908, 86, 86, 86, 913, 86, 909, 86, 910, + 86, 86, 906, 86, 914, 915, 86, 86, 86, 86, + 86, 86, 912, 911, 86, 929, 86, 930, 916, 928, + 86, 165, 926, 931, 933, 927, 918, 86, 917, 86, + 86, 919, 932, 86, 920, 86, 934, 940, 921, 86, + 935, 922, 86, 86, 936, 937, 86, 86, 923, 924, + 939, 925, 948, 86, 86, 86, 938, 86, 941, 942, - 946, 86, 947, 948, 941, 949, 86, 86, 951, 86, - 86, 86, 950, 952, 86, 86, 955, 86, 956, 86, - 86, 953, 86, 86, 958, 86, 86, 959, 957, 86, - 960, 962, 86, 965, 86, 963, 86, 964, 86, 86, - 86, 86, 86, 86, 961, 967, 970, 968, 973, 86, - 86, 971, 972, 966, 86, 978, 86, 86, 86, 980, - 979, 86, 86, 86, 969, 976, 86, 86, 974, 86, - 977, 86, 86, 988, 86, 975, 983, 981, 86, 989, - 86, 986, 982, 86, 86, 86, 86, 985, 991, 987, - 984, 86, 86, 990, 86, 992, 86, 86, 86, 86, + 955, 943, 86, 86, 944, 86, 951, 949, 86, 945, + 86, 950, 953, 164, 86, 946, 947, 959, 952, 960, + 957, 86, 956, 86, 961, 86, 86, 963, 954, 86, + 962, 86, 966, 86, 965, 958, 964, 86, 967, 86, + 968, 970, 86, 86, 969, 971, 86, 86, 86, 86, + 86, 86, 974, 86, 86, 978, 86, 86, 972, 86, + 981, 977, 86, 86, 162, 979, 973, 985, 86, 975, + 976, 980, 86, 86, 982, 983, 988, 986, 987, 86, + 86, 989, 86, 991, 984, 990, 992, 1004, 86, 86, + 994, 86, 86, 993, 995, 86, 86, 86, 998, 86, - 999, 997, 86, 1002, 993, 994, 86, 1003, 995, 86, - 86, 996, 86, 86, 1004, 1000, 86, 998, 1001, 1007, - 86, 1009, 1010, 86, 1006, 1005, 1008, 86, 86, 86, - 86, 86, 86, 1019, 86, 1020, 1012, 1014, 86, 86, - 1011, 86, 86, 1022, 86, 86, 86, 86, 1013, 86, - 1015, 1017, 1021, 1016, 1018, 1024, 86, 1025, 1028, 86, - 1026, 86, 1023, 86, 1027, 86, 1029, 1033, 1031, 86, - 1030, 86, 1032, 86, 86, 86, 1037, 1034, 86, 1038, - 1039, 86, 86, 86, 86, 1042, 86, 1035, 1036, 1041, - 1043, 167, 86, 86, 86, 1046, 1040, 1045, 1044, 86, + 86, 996, 999, 86, 86, 997, 86, 86, 1000, 1005, + 86, 1002, 86, 1009, 1003, 86, 1008, 86, 86, 86, + 86, 1006, 1001, 1007, 86, 86, 86, 86, 86, 1011, + 86, 1014, 86, 1012, 86, 1016, 1015, 1010, 86, 1017, + 86, 86, 1018, 86, 1024, 1022, 86, 1020, 86, 1013, + 1023, 86, 86, 1021, 86, 1019, 1025, 1027, 86, 86, + 86, 1030, 1032, 1033, 86, 1026, 86, 86, 86, 1031, + 86, 1035, 1029, 86, 86, 86, 1028, 1041, 86, 86, + 1034, 86, 86, 1043, 86, 1046, 86, 86, 1036, 86, + 1037, 86, 86, 1038, 1048, 1040, 1039, 86, 1047, 1044, - 86, 86, 86, 86, 1049, 86, 86, 1061, 1047, 86, - 1064, 86, 1048, 1062, 86, 86, 1052, 86, 86, 1050, - 86, 1066, 86, 1053, 175, 1051, 1054, 86, 1086, 1063, - 1055, 86, 1056, 1067, 1068, 86, 1057, 86, 1058, 86, - 1065, 1071, 1069, 1059, 1073, 1070, 1072, 86, 1060, 86, - 86, 86, 86, 1074, 1075, 86, 86, 1078, 86, 86, - 1081, 173, 86, 1080, 1077, 86, 1076, 1079, 1087, 1088, - 1082, 1085, 86, 1084, 86, 86, 1089, 86, 1090, 1083, - 1091, 86, 86, 86, 86, 86, 86, 1092, 86, 1103, - 86, 1093, 86, 1106, 1102, 1107, 86, 1105, 86, 1094, + 86, 1042, 86, 1045, 86, 1049, 1050, 1055, 1051, 1053, + 86, 1052, 1054, 86, 86, 86, 86, 86, 1063, 1056, + 1057, 86, 1058, 1064, 86, 86, 1066, 86, 86, 86, + 86, 1069, 86, 86, 1070, 1059, 1061, 86, 1060, 1065, + 86, 1062, 1067, 86, 86, 1073, 86, 1068, 1071, 1072, + 1078, 1075, 86, 1074, 86, 1077, 86, 86, 86, 1082, + 1079, 86, 1084, 86, 1076, 86, 86, 86, 1087, 86, + 1080, 1081, 1086, 1088, 169, 86, 86, 86, 1091, 86, + 1090, 1083, 86, 86, 1085, 86, 86, 1094, 86, 86, + 1089, 1092, 86, 86, 1107, 86, 86, 1110, 86, 1093, - 86, 1095, 1104, 86, 1108, 86, 1096, 86, 1097, 1112, - 86, 1113, 1109, 86, 1098, 1115, 86, 86, 86, 1099, - 1100, 86, 1110, 1119, 1111, 86, 1101, 86, 1116, 86, - 1118, 86, 1120, 1114, 86, 1117, 86, 1121, 1125, 86, - 1122, 86, 86, 1123, 86, 86, 86, 1128, 1126, 86, - 86, 86, 1124, 86, 172, 86, 86, 1135, 86, 86, - 1127, 86, 1132, 1130, 1133, 1129, 1131, 1134, 1137, 86, - 1136, 86, 1138, 1139, 86, 86, 86, 86, 86, 86, - 86, 1140, 1145, 1146, 1147, 1142, 86, 1149, 1141, 1148, - 1150, 1144, 86, 1143, 86, 1153, 86, 86, 86, 1155, + 1097, 1098, 1095, 86, 86, 86, 86, 1108, 1112, 1096, + 1100, 1109, 1099, 86, 160, 86, 1101, 86, 1102, 1114, + 1111, 1113, 1103, 86, 1104, 86, 86, 1117, 1115, 1105, + 1123, 1116, 1118, 86, 1106, 1119, 86, 86, 86, 1120, + 1121, 86, 86, 1124, 86, 86, 1127, 86, 86, 1126, + 86, 86, 1122, 1125, 86, 1133, 1128, 1131, 1134, 1130, + 1132, 1135, 1136, 86, 86, 1129, 1137, 86, 1138, 1139, + 1140, 86, 86, 86, 86, 86, 86, 86, 1153, 86, + 1150, 86, 86, 86, 86, 1149, 1154, 86, 1152, 86, + 1141, 86, 1142, 1151, 1160, 1155, 1156, 1143, 86, 1144, - 1154, 86, 1156, 86, 86, 1151, 1157, 86, 86, 86, - 1152, 1158, 86, 1164, 86, 1166, 86, 86, 86, 86, - 86, 86, 1162, 1160, 1159, 1168, 1161, 1163, 86, 86, - 86, 1167, 1169, 1170, 1165, 86, 86, 86, 1171, 86, - 1172, 1173, 86, 86, 1174, 1180, 1175, 1176, 1177, 86, - 86, 1178, 1182, 1183, 86, 1179, 1181, 86, 86, 86, - 86, 86, 1187, 1186, 86, 86, 1184, 86, 86, 1193, - 86, 1191, 1194, 86, 86, 86, 86, 1185, 86, 1195, - 86, 1196, 1188, 1192, 1189, 1197, 1198, 1190, 86, 1201, - 86, 1199, 86, 86, 86, 86, 1203, 86, 1202, 1204, + 86, 86, 1157, 1158, 86, 1145, 1161, 1163, 86, 86, + 1146, 1147, 1166, 86, 1159, 86, 1162, 1148, 86, 1167, + 1169, 86, 86, 86, 1164, 1170, 86, 1165, 1172, 86, + 1174, 86, 86, 86, 86, 86, 86, 1175, 1168, 1180, + 1171, 86, 1173, 1177, 1178, 86, 86, 86, 86, 1179, + 1176, 86, 1183, 86, 86, 1181, 86, 86, 86, 86, + 1182, 86, 1190, 1192, 86, 1185, 1187, 1188, 1184, 86, + 1189, 86, 86, 1186, 1191, 1193, 86, 86, 1194, 86, + 86, 86, 86, 86, 86, 1200, 1197, 1201, 1202, 86, + 1203, 1195, 1199, 86, 1204, 1196, 1205, 1198, 86, 1208, - 86, 86, 86, 1205, 86, 1208, 86, 1209, 1200, 86, - 86, 86, 86, 1214, 86, 1215, 86, 1210, 1206, 86, - 1207, 86, 1212, 86, 1218, 86, 86, 1211, 1217, 1216, - 1213, 1219, 86, 1222, 1223, 86, 86, 86, 86, 86, - 1220, 1228, 86, 86, 1221, 1224, 167, 86, 86, 86, - 86, 86, 86, 1237, 1225, 1233, 1239, 1230, 1227, 86, - 1232, 1234, 1231, 1226, 1235, 86, 1229, 1238, 86, 1236, - 1240, 86, 86, 86, 86, 86, 1241, 86, 86, 86, - 1244, 86, 86, 1250, 86, 86, 1242, 86, 1243, 1247, - 86, 86, 1245, 86, 1248, 167, 1254, 1246, 86, 1251, + 1207, 86, 86, 1213, 1209, 86, 86, 1210, 86, 86, + 1211, 1206, 1212, 86, 86, 86, 1219, 86, 86, 1221, + 86, 1214, 86, 86, 1215, 86, 86, 1217, 1223, 1225, + 1218, 1216, 86, 1222, 1224, 86, 86, 1220, 86, 86, + 1227, 1228, 86, 86, 86, 86, 86, 1231, 1230, 1232, + 86, 1234, 1237, 1226, 1229, 1233, 1236, 86, 86, 1238, + 86, 86, 1235, 86, 86, 86, 1239, 1241, 86, 1242, + 86, 86, 86, 86, 1246, 86, 1248, 1249, 1250, 1240, + 1251, 1243, 86, 86, 1244, 1247, 86, 1253, 86, 86, + 1245, 1252, 1256, 86, 86, 1258, 86, 86, 86, 1257, - 1249, 86, 1261, 1256, 86, 1252, 1253, 86, 1260, 86, - 86, 86, 1257, 1255, 1258, 1262, 1264, 1259, 1263, 86, - 86, 1265, 86, 1266, 86, 86, 86, 86, 86, 86, - 1267, 1270, 86, 1269, 1273, 1276, 86, 86, 86, 1272, - 1268, 86, 1277, 1274, 1271, 86, 1278, 1275, 86, 86, - 1280, 86, 1281, 86, 86, 86, 86, 86, 1279, 86, - 1282, 86, 86, 86, 1283, 86, 1288, 1286, 1284, 1289, - 86, 1287, 86, 1285, 86, 86, 1293, 86, 86, 86, - 1290, 1292, 1298, 1291, 1297, 1295, 1301, 1294, 86, 86, - 86, 86, 1299, 1300, 1296, 1303, 1305, 86, 86, 86, + 86, 86, 86, 86, 86, 86, 1254, 1263, 1264, 1255, + 1259, 1260, 86, 86, 1265, 1261, 86, 1266, 86, 1262, + 1270, 1271, 86, 86, 86, 86, 86, 86, 1268, 1273, + 86, 1267, 1274, 86, 86, 86, 1278, 1269, 1272, 1276, + 86, 1275, 1277, 86, 1280, 86, 86, 1284, 86, 169, + 86, 86, 1279, 86, 86, 86, 1291, 86, 1289, 86, + 86, 86, 1281, 1290, 1286, 1283, 1287, 1288, 1293, 1285, + 1282, 1294, 86, 86, 86, 1299, 1295, 86, 1296, 1292, + 86, 86, 1297, 86, 86, 86, 1298, 1302, 86, 1301, + 86, 86, 1307, 86, 86, 1304, 86, 1300, 86, 86, - 86, 1306, 86, 1304, 86, 1310, 86, 165, 1318, 1302, - 86, 1320, 1308, 1309, 1319, 86, 1307, 86, 86, 1317, - 86, 1323, 1311, 1321, 1322, 1312, 1313, 86, 86, 86, - 1314, 86, 1326, 1324, 1325, 86, 1315, 86, 1328, 86, - 1316, 86, 1329, 86, 1330, 86, 86, 86, 86, 1338, - 86, 1339, 1333, 1335, 86, 86, 1327, 86, 86, 1340, - 86, 1331, 1341, 1332, 1336, 1337, 1334, 86, 1347, 1342, - 1348, 1349, 86, 86, 1343, 86, 1344, 86, 1345, 1351, - 1346, 86, 86, 1350, 1355, 86, 86, 86, 86, 1356, - 86, 1354, 1352, 1359, 1357, 86, 86, 86, 86, 1353, + 86, 86, 86, 86, 1303, 1305, 1311, 1313, 1308, 1351, + 1306, 86, 86, 1310, 1309, 1317, 1314, 1319, 1315, 1312, + 86, 1316, 86, 1318, 1320, 86, 86, 1321, 86, 86, + 86, 1323, 86, 86, 86, 86, 86, 86, 1327, 1326, + 1322, 1330, 86, 86, 1334, 86, 86, 1329, 1324, 3308, + 1325, 1331, 86, 1328, 1332, 86, 86, 1335, 86, 86, + 1336, 1333, 86, 1338, 86, 1340, 1337, 86, 1339, 86, + 86, 86, 86, 86, 1341, 86, 86, 1342, 1346, 86, + 86, 1344, 86, 86, 1347, 1345, 1343, 86, 86, 86, + 86, 86, 1348, 86, 1350, 1352, 1349, 1355, 1356, 1353, - 1365, 1360, 86, 1366, 1361, 86, 86, 86, 1358, 86, - 86, 86, 1364, 1367, 1369, 1362, 1363, 86, 86, 86, - 1371, 1368, 86, 86, 1370, 1372, 86, 1375, 1376, 86, - 1378, 86, 86, 86, 1379, 1373, 1380, 86, 1377, 86, - 1384, 86, 1381, 86, 1374, 1382, 1386, 86, 1383, 86, - 1387, 86, 86, 86, 1391, 86, 1388, 86, 86, 86, - 86, 1393, 86, 1385, 86, 1395, 1397, 86, 86, 86, - 86, 1396, 1399, 1389, 1390, 1401, 86, 1392, 86, 1394, - 86, 86, 86, 1400, 86, 1398, 1403, 1405, 1404, 1406, - 1402, 86, 1407, 86, 86, 86, 1409, 86, 1408, 1413, + 86, 1358, 1354, 86, 1363, 86, 1357, 86, 1361, 1359, + 86, 86, 86, 86, 86, 1366, 1360, 86, 1364, 1365, + 1362, 1371, 1369, 86, 3308, 1370, 1372, 86, 1368, 86, + 86, 1367, 86, 1373, 86, 1376, 86, 1374, 86, 1385, + 1386, 1388, 1375, 86, 1377, 1384, 86, 1389, 1378, 86, + 1387, 1379, 1380, 1390, 86, 86, 1381, 86, 86, 86, + 1391, 86, 1382, 1392, 86, 1393, 1383, 86, 1395, 86, + 86, 86, 1396, 86, 1397, 1394, 86, 1398, 1402, 1399, + 1400, 86, 1405, 1406, 86, 86, 86, 1446, 86, 86, + 1401, 1407, 86, 1409, 1404, 1403, 1408, 86, 1410, 86, - 1410, 1414, 1411, 86, 86, 86, 1416, 86, 1415, 86, - 1412, 86, 86, 1417, 1420, 86, 86, 167, 86, 86, - 1425, 1426, 1419, 86, 1428, 86, 86, 86, 1418, 1427, - 86, 86, 1422, 86, 86, 86, 1421, 86, 1423, 1429, - 86, 1435, 1424, 86, 86, 1430, 1432, 1433, 86, 86, - 86, 1431, 86, 1434, 1439, 1440, 86, 1436, 86, 1444, - 86, 86, 1438, 1442, 1445, 86, 86, 86, 1437, 1443, - 1446, 1441, 86, 86, 1449, 1447, 1450, 86, 1453, 86, - 1448, 1454, 1451, 86, 1458, 1452, 1455, 86, 86, 1456, - 86, 1461, 1459, 1457, 1460, 86, 1462, 86, 86, 86, + 1411, 86, 1412, 1418, 1413, 86, 1414, 1415, 1416, 86, + 86, 86, 1417, 1422, 86, 1420, 86, 86, 1423, 86, + 1421, 86, 1426, 1424, 1419, 86, 86, 86, 86, 86, + 1432, 86, 1433, 86, 1428, 1427, 86, 1434, 1425, 86, + 86, 86, 1431, 86, 1436, 1429, 1430, 1435, 86, 86, + 1438, 86, 1443, 86, 1437, 1439, 1442, 86, 1445, 86, + 86, 1440, 86, 1447, 86, 86, 86, 1448, 1451, 86, + 1453, 86, 1444, 86, 1441, 1450, 86, 1454, 1455, 86, + 86, 1458, 86, 1449, 86, 1452, 86, 86, 86, 1460, + 86, 86, 86, 1462, 1464, 86, 86, 86, 1466, 1463, - 86, 86, 86, 86, 86, 1466, 1467, 86, 1469, 163, - 86, 86, 86, 1474, 1463, 86, 86, 1465, 1471, 1475, - 1468, 86, 86, 86, 1464, 1478, 86, 1470, 1472, 1473, - 86, 86, 86, 86, 1476, 1479, 86, 86, 86, 86, - 1477, 1480, 1485, 1486, 1481, 1484, 86, 1482, 1483, 86, - 86, 1487, 86, 1490, 1491, 86, 1488, 86, 1489, 86, - 162, 1492, 1496, 1497, 1495, 86, 1493, 86, 86, 86, - 86, 1498, 86, 1499, 1500, 86, 86, 86, 1494, 86, - 1501, 1504, 86, 1503, 86, 1507, 1502, 86, 86, 1506, - 86, 86, 86, 1513, 1505, 1510, 1509, 1515, 1514, 86, + 1456, 1457, 1468, 86, 1459, 86, 86, 1461, 86, 1465, + 1470, 1467, 86, 1472, 1471, 1473, 86, 1469, 86, 1475, + 86, 1474, 86, 86, 86, 1476, 86, 1481, 1482, 1478, + 86, 1479, 1484, 86, 86, 1483, 86, 86, 86, 1480, + 1477, 86, 1488, 86, 86, 1485, 169, 86, 86, 1493, + 86, 1494, 1487, 86, 1496, 86, 1486, 86, 86, 1495, + 86, 1490, 86, 86, 1489, 86, 86, 1491, 86, 1504, + 1499, 1492, 1497, 86, 86, 1501, 86, 86, 1498, 1502, + 86, 86, 1500, 86, 1503, 1508, 1509, 86, 1511, 86, + 1513, 86, 86, 1505, 1507, 1514, 86, 86, 86, 1506, - 86, 86, 1516, 86, 86, 1511, 86, 1508, 86, 1518, - 1521, 1512, 86, 86, 86, 86, 1526, 1522, 86, 86, - 1517, 1529, 86, 1519, 1527, 1520, 86, 86, 86, 86, - 1532, 86, 1523, 1525, 1524, 1531, 86, 86, 86, 86, - 86, 86, 1540, 86, 1528, 1530, 86, 1533, 86, 1541, - 1534, 1543, 86, 1537, 1544, 86, 1535, 1536, 1539, 86, - 1542, 1538, 86, 86, 1545, 86, 1546, 86, 86, 86, - 86, 1550, 86, 86, 1548, 1551, 1547, 1554, 86, 86, - 1549, 1558, 86, 1560, 1559, 1555, 1553, 86, 1552, 86, - 86, 86, 86, 1556, 1557, 86, 1563, 86, 86, 1564, + 1510, 1516, 86, 86, 86, 1517, 86, 1533, 1512, 1515, + 86, 1522, 1518, 1524, 1523, 86, 86, 1519, 1520, 1527, + 86, 1521, 1525, 86, 1526, 86, 1529, 1528, 1530, 86, + 86, 86, 86, 1531, 86, 1532, 1535, 1536, 86, 86, + 86, 86, 86, 86, 1539, 86, 1545, 1534, 1537, 86, + 1544, 86, 86, 1548, 86, 1541, 86, 86, 1538, 86, + 1540, 1542, 86, 1543, 86, 86, 1549, 86, 86, 1546, + 86, 1547, 1552, 1555, 1556, 1550, 1551, 86, 86, 1553, + 86, 1560, 1557, 86, 1554, 86, 86, 1559, 1558, 86, + 1564, 1565, 86, 1566, 1562, 86, 86, 86, 1561, 86, - 86, 1565, 1561, 1562, 86, 1570, 1571, 86, 86, 1568, - 86, 86, 1566, 86, 86, 1575, 1567, 1576, 1574, 86, - 1578, 86, 86, 86, 1569, 1579, 1572, 1580, 86, 86, - 86, 1573, 86, 86, 86, 1583, 86, 1586, 86, 1577, - 86, 86, 86, 1585, 86, 1581, 1582, 1590, 86, 1592, - 86, 86, 86, 1584, 86, 1587, 86, 1597, 1591, 1588, - 1589, 1593, 86, 86, 86, 86, 1595, 86, 1594, 1600, - 1602, 86, 86, 86, 86, 1605, 1598, 1603, 86, 1596, - 1601, 1599, 86, 86, 167, 86, 1608, 1604, 86, 1607, - 1610, 1611, 86, 86, 1606, 86, 86, 86, 86, 1619, + 1568, 86, 1569, 86, 3308, 86, 1563, 1573, 1570, 1567, + 1572, 1574, 1575, 86, 86, 1576, 86, 86, 86, 86, + 1577, 1578, 86, 86, 1571, 1580, 86, 1579, 86, 86, + 86, 86, 86, 1586, 86, 86, 86, 86, 1585, 86, + 1582, 1589, 86, 1583, 1581, 1584, 1592, 1588, 86, 1590, + 86, 1593, 86, 1594, 1587, 86, 1591, 86, 1595, 86, + 86, 1597, 1596, 86, 1600, 86, 86, 1598, 1601, 1599, + 86, 1605, 86, 1608, 86, 1606, 1602, 86, 86, 86, + 86, 1611, 86, 86, 1604, 1603, 1610, 86, 86, 86, + 86, 86, 86, 1609, 86, 1619, 86, 1612, 1607, 1620, - 1612, 86, 1609, 86, 86, 86, 1613, 1614, 1620, 86, - 1617, 86, 86, 160, 1615, 1616, 1624, 86, 1623, 1626, - 1628, 1621, 1618, 86, 1622, 1625, 86, 1630, 1627, 86, - 1632, 86, 1629, 86, 86, 86, 86, 86, 86, 1637, - 86, 1634, 1635, 1631, 86, 1638, 86, 86, 86, 86, - 1643, 1642, 86, 1633, 1639, 86, 86, 86, 86, 1650, - 1636, 1652, 1641, 86, 1640, 86, 1647, 1645, 86, 1648, - 1644, 86, 86, 1651, 86, 1657, 1646, 1653, 158, 1655, - 1654, 1649, 1656, 1658, 86, 1659, 86, 86, 86, 1661, - 1663, 86, 1660, 86, 1662, 86, 86, 86, 86, 1665, + 86, 1613, 1614, 1616, 1621, 1624, 1618, 1615, 1622, 86, + 86, 1617, 1623, 86, 1625, 86, 86, 86, 86, 86, + 1629, 86, 86, 86, 1630, 1627, 86, 1633, 1626, 1639, + 1628, 1637, 86, 86, 1634, 86, 86, 1631, 1638, 1632, + 86, 86, 1636, 1635, 86, 86, 1642, 86, 1643, 1644, + 86, 1640, 86, 1641, 86, 86, 1649, 1650, 86, 86, + 86, 1647, 86, 86, 1654, 1653, 1655, 1645, 1646, 86, + 1657, 86, 86, 1651, 1648, 86, 1659, 86, 1658, 86, + 1652, 86, 86, 86, 86, 1662, 86, 1665, 86, 1656, + 86, 86, 86, 1664, 86, 1660, 86, 1661, 86, 1669, - 1664, 86, 86, 1670, 1671, 1669, 86, 1673, 86, 86, - 86, 1672, 86, 86, 86, 1666, 86, 1667, 86, 1675, - 86, 1668, 1676, 86, 86, 1677, 86, 86, 1686, 86, - 1678, 1674, 86, 86, 86, 86, 1679, 1685, 1680, 86, - 1681, 1682, 86, 86, 1683, 1684, 1691, 86, 86, 1687, - 86, 86, 86, 1689, 86, 1688, 1693, 86, 1694, 86, - 86, 86, 86, 1690, 86, 1695, 1696, 1697, 1692, 1699, - 1702, 1701, 1698, 1703, 1700, 86, 86, 86, 1704, 86, - 1708, 1709, 86, 1710, 86, 86, 86, 1714, 86, 1713, - 1705, 1711, 86, 86, 86, 1706, 86, 86, 86, 1717, + 86, 1671, 86, 1663, 86, 1666, 1670, 1672, 86, 1667, + 1668, 86, 1677, 86, 1673, 86, 86, 1674, 86, 86, + 86, 1680, 1682, 86, 1683, 86, 1685, 1678, 1676, 1675, + 86, 86, 86, 1679, 1681, 86, 1688, 169, 1684, 86, + 1691, 86, 1687, 86, 1690, 86, 86, 86, 86, 86, + 1699, 86, 1686, 1692, 1689, 86, 1700, 86, 86, 1694, + 86, 1693, 1697, 1703, 86, 1695, 1696, 1704, 86, 86, + 1709, 1707, 1698, 1705, 86, 1701, 86, 1702, 86, 1708, + 1706, 1711, 86, 1713, 86, 86, 86, 86, 86, 86, + 86, 1718, 1715, 1716, 86, 1719, 1712, 86, 1710, 86, - 86, 1707, 1718, 1712, 86, 1715, 86, 86, 86, 1721, - 1727, 86, 1716, 86, 1720, 1719, 1723, 1725, 1726, 1724, - 86, 86, 86, 1722, 86, 86, 1728, 86, 86, 86, - 1736, 1730, 86, 1729, 86, 1731, 86, 1733, 1732, 86, - 1740, 1739, 86, 1738, 86, 86, 1735, 1744, 1737, 86, - 86, 86, 1734, 1742, 1741, 1748, 1743, 86, 86, 86, - 1749, 86, 86, 1745, 1753, 1750, 86, 1754, 1747, 86, - 1746, 1757, 1751, 86, 1756, 86, 86, 86, 86, 1760, - 1752, 1758, 86, 1759, 1755, 86, 86, 1764, 1761, 86, - 1768, 86, 86, 86, 86, 1766, 86, 86, 1762, 1769, + 86, 86, 86, 86, 1714, 1723, 86, 1724, 86, 86, + 1731, 1720, 86, 1717, 1732, 1722, 86, 1721, 86, 1725, + 1726, 1728, 86, 1727, 1729, 1733, 86, 86, 86, 1739, + 86, 1738, 1736, 1740, 1741, 1735, 1730, 1737, 86, 86, + 86, 1734, 1745, 1742, 86, 1743, 86, 1744, 86, 86, + 86, 86, 86, 86, 1746, 86, 1752, 86, 1751, 1753, + 86, 86, 86, 1747, 1755, 86, 1754, 86, 86, 1748, + 86, 1749, 1757, 1750, 1758, 86, 86, 86, 1760, 86, + 1756, 1759, 86, 86, 86, 86, 86, 86, 1761, 1769, + 1768, 86, 86, 1763, 86, 86, 1764, 1762, 1765, 1774, - 1763, 1767, 1765, 86, 86, 86, 86, 86, 86, 1778, - 86, 1772, 1780, 1770, 1773, 86, 1771, 1774, 86, 1775, - 1781, 1776, 1777, 1783, 86, 86, 86, 86, 1782, 86, - 86, 1779, 1788, 86, 86, 86, 1792, 86, 86, 86, - 86, 86, 3149, 1787, 1794, 1784, 1786, 1785, 167, 86, - 1790, 86, 86, 1791, 1795, 1789, 1796, 1797, 86, 1793, - 1800, 86, 1802, 86, 1799, 86, 86, 1798, 86, 1806, - 86, 86, 86, 86, 86, 86, 1801, 86, 1804, 1808, - 86, 86, 1813, 3149, 1803, 1807, 1809, 1805, 86, 1810, - 86, 86, 1811, 1814, 1818, 1812, 1816, 86, 1815, 1817, + 86, 1766, 86, 1771, 86, 86, 1772, 86, 1773, 86, + 1767, 1770, 1780, 86, 86, 86, 86, 86, 1776, 86, + 1775, 1778, 1782, 86, 1777, 86, 1784, 1783, 86, 86, + 1779, 1785, 86, 1786, 1781, 86, 86, 86, 1789, 1791, + 86, 86, 1799, 86, 86, 1792, 1788, 1787, 1793, 86, + 1790, 86, 1798, 1794, 86, 1795, 1800, 86, 86, 86, + 1796, 1803, 1802, 1801, 1804, 86, 1797, 1805, 86, 86, + 86, 86, 86, 1807, 1808, 86, 86, 86, 1806, 1817, + 86, 1811, 86, 86, 1816, 1813, 1815, 1810, 1814, 1809, + 86, 86, 86, 86, 1812, 86, 1819, 86, 86, 86, - 86, 1819, 86, 86, 1822, 86, 1821, 86, 1820, 1825, - 86, 1823, 86, 86, 86, 86, 1826, 1824, 86, 86, - 86, 86, 86, 86, 1831, 86, 1832, 86, 86, 86, - 86, 1833, 1836, 86, 1827, 1834, 1829, 1828, 1830, 1837, - 1835, 86, 86, 86, 1843, 1845, 1840, 1842, 1839, 1844, - 86, 86, 1838, 1841, 1846, 86, 86, 86, 86, 1850, - 86, 1853, 1847, 1854, 86, 1855, 86, 86, 1857, 86, - 86, 1848, 1851, 86, 1852, 86, 1849, 86, 1858, 1861, - 86, 86, 1863, 86, 1865, 1862, 1864, 1856, 86, 1867, - 86, 1859, 86, 1866, 1860, 86, 86, 1870, 86, 1869, + 1826, 86, 1818, 86, 3308, 1823, 1821, 86, 86, 1820, + 86, 1822, 1828, 1829, 86, 1830, 1825, 1827, 86, 86, + 86, 86, 1824, 86, 1834, 1835, 86, 1832, 1838, 1831, + 1833, 1836, 86, 1839, 86, 1840, 1844, 1843, 1837, 86, + 1847, 1841, 86, 1846, 86, 1842, 86, 86, 86, 1850, + 86, 86, 1848, 86, 1854, 86, 1851, 1845, 86, 86, + 86, 86, 1849, 1858, 1856, 86, 1859, 1853, 86, 86, + 1857, 1852, 1855, 86, 86, 86, 86, 86, 86, 1868, + 86, 1862, 86, 1863, 1860, 1873, 86, 1861, 1864, 1865, + 1870, 1866, 1867, 1871, 86, 1872, 86, 86, 86, 86, - 86, 1871, 86, 1873, 86, 1880, 86, 1872, 86, 86, - 86, 86, 86, 86, 86, 1885, 1882, 1868, 1874, 1875, - 1876, 1883, 86, 86, 1878, 1877, 1884, 1888, 1879, 1887, - 1881, 86, 86, 86, 1886, 86, 1892, 86, 86, 86, - 1889, 86, 1894, 86, 86, 1897, 1898, 86, 86, 1900, - 86, 86, 1890, 86, 86, 1905, 1891, 86, 86, 1895, - 86, 86, 1902, 1903, 1893, 1896, 1906, 86, 1899, 86, - 86, 86, 86, 1912, 86, 1908, 1901, 1909, 1904, 1907, - 1910, 86, 86, 1916, 86, 86, 86, 1915, 1919, 86, - 1920, 1922, 1918, 86, 86, 1911, 86, 1914, 1921, 86, + 86, 1869, 1877, 86, 1879, 86, 86, 86, 1883, 86, + 86, 86, 86, 1878, 1874, 1875, 1885, 1876, 86, 86, + 86, 86, 1881, 1886, 1887, 1882, 1888, 1880, 86, 1889, + 169, 1884, 86, 1893, 86, 86, 86, 86, 1897, 86, + 86, 86, 1891, 86, 86, 86, 86, 1892, 1895, 86, + 1899, 1890, 1900, 1904, 1894, 1898, 1896, 1901, 86, 86, + 86, 1905, 86, 1902, 1908, 86, 1903, 86, 1907, 86, + 1909, 1910, 86, 86, 1911, 1913, 1906, 1914, 86, 86, + 1918, 86, 1912, 86, 86, 1916, 86, 1917, 86, 86, + 86, 1915, 86, 86, 86, 1922, 86, 1923, 86, 86, - 1913, 86, 1923, 86, 1917, 86, 86, 86, 86, 1927, - 86, 1930, 1931, 1932, 86, 86, 86, 1926, 86, 86, - 1935, 1924, 1925, 86, 86, 1928, 86, 1940, 86, 1934, - 86, 1939, 86, 86, 1929, 1933, 1936, 86, 86, 1945, - 3149, 1944, 86, 1937, 86, 86, 1938, 1942, 1946, 1941, - 1948, 86, 1943, 1947, 86, 86, 1950, 86, 1949, 1952, - 86, 1951, 86, 86, 86, 86, 1959, 86, 1956, 86, - 86, 1954, 86, 86, 1961, 3149, 1953, 1962, 86, 86, - 1963, 1955, 1960, 86, 1957, 1958, 86, 1964, 86, 86, - 1968, 1969, 86, 1970, 86, 1965, 1971, 1973, 1982, 1966, + 86, 1927, 1924, 86, 3308, 1933, 1920, 1921, 1919, 1926, + 1925, 86, 1928, 86, 1935, 86, 1931, 86, 1936, 1930, + 86, 86, 86, 1932, 86, 1929, 86, 86, 1934, 86, + 86, 1942, 86, 1945, 1946, 86, 1947, 86, 1937, 1938, + 1939, 86, 1940, 1951, 1943, 86, 1944, 1941, 1949, 86, + 86, 1950, 1953, 86, 86, 86, 1955, 86, 1954, 1957, + 1956, 1948, 86, 1959, 86, 86, 1952, 86, 86, 86, + 1961, 1962, 86, 1958, 86, 1965, 86, 86, 86, 1964, + 86, 86, 1969, 86, 1971, 1968, 86, 86, 1963, 1960, + 86, 1970, 1966, 86, 86, 1972, 1973, 1974, 1979, 1967, - 1974, 1972, 86, 86, 1967, 86, 86, 86, 1978, 86, - 1976, 86, 86, 86, 86, 1975, 1980, 167, 1983, 1977, - 1985, 1979, 1986, 1981, 86, 86, 86, 86, 86, 86, - 86, 86, 1992, 1991, 1990, 1984, 86, 1987, 1996, 1988, - 1993, 86, 1994, 86, 86, 86, 86, 1989, 86, 86, - 86, 1997, 1999, 1998, 86, 2001, 1995, 2002, 2000, 86, - 86, 2004, 86, 86, 86, 2008, 86, 86, 86, 2007, - 86, 2003, 86, 2010, 2005, 2006, 2009, 2011, 86, 2013, - 86, 2012, 86, 86, 86, 86, 86, 86, 2020, 2018, - 2014, 2015, 2019, 86, 86, 86, 86, 86, 2025, 86, + 86, 86, 1975, 1981, 86, 86, 86, 1976, 1982, 86, + 86, 1977, 1985, 86, 1978, 1983, 1986, 1988, 86, 86, + 1980, 1984, 86, 86, 1992, 86, 86, 1989, 1987, 86, + 1994, 86, 86, 86, 1997, 1998, 86, 86, 86, 1990, + 2000, 86, 2005, 1991, 86, 86, 86, 86, 86, 2006, + 86, 1995, 1993, 2002, 1996, 2003, 86, 1999, 86, 86, + 86, 86, 2012, 2001, 86, 2009, 2004, 86, 2007, 2010, + 86, 2008, 2016, 86, 86, 2015, 2019, 86, 86, 86, + 2020, 2018, 86, 2014, 2022, 2011, 86, 2021, 86, 86, + 2013, 86, 86, 2017, 86, 86, 86, 2024, 2023, 2027, - 86, 2016, 2022, 2017, 2021, 86, 86, 2029, 86, 2026, - 2024, 86, 2031, 2023, 2028, 86, 86, 2027, 2035, 86, - 2030, 2033, 86, 86, 86, 2036, 86, 2041, 2034, 2032, - 86, 86, 86, 86, 86, 2043, 86, 86, 2044, 2037, - 2038, 2039, 2045, 86, 2040, 2046, 86, 86, 2042, 86, - 2050, 86, 86, 2047, 2048, 86, 86, 86, 86, 86, - 2051, 86, 86, 86, 3149, 86, 86, 2049, 2053, 2054, - 2055, 2058, 86, 2052, 2057, 2061, 2062, 86, 86, 2063, - 86, 2056, 2060, 2065, 2059, 86, 2064, 86, 86, 2069, - 2066, 86, 2067, 2068, 86, 86, 2070, 86, 2072, 2071, + 86, 2030, 2031, 2032, 2026, 86, 86, 86, 86, 86, + 2025, 86, 2028, 86, 86, 2035, 2040, 86, 86, 2039, + 86, 2029, 2034, 86, 86, 2033, 2037, 86, 2044, 86, + 2045, 2036, 86, 2046, 86, 2038, 86, 2041, 2042, 2043, + 2049, 2047, 2048, 86, 86, 2050, 2052, 86, 86, 86, + 2051, 86, 86, 86, 2059, 86, 2056, 86, 86, 86, + 86, 2064, 2054, 2061, 3308, 2053, 2062, 86, 2055, 86, + 2060, 86, 2057, 2058, 86, 2063, 2069, 86, 2065, 2068, + 2070, 86, 2066, 2071, 2073, 2074, 86, 2067, 2072, 86, + 86, 86, 86, 86, 2078, 86, 86, 2076, 86, 86, - 86, 86, 86, 86, 2073, 2077, 86, 86, 2079, 2075, - 86, 2081, 86, 2076, 86, 2074, 86, 86, 2084, 2083, - 86, 2078, 2085, 86, 2080, 2086, 86, 86, 2089, 86, - 86, 86, 2090, 2082, 86, 86, 2095, 86, 2092, 86, - 2096, 2087, 2091, 86, 86, 2099, 2088, 86, 86, 2094, - 2093, 86, 2100, 86, 86, 2101, 2105, 86, 2097, 86, - 86, 2107, 2103, 86, 2098, 86, 2102, 86, 2108, 86, - 2104, 2106, 2109, 86, 2110, 86, 86, 2114, 86, 86, - 86, 2116, 2112, 2111, 86, 2113, 2117, 86, 2119, 86, - 2118, 86, 2120, 86, 2122, 86, 2121, 2115, 2123, 86, + 86, 86, 2080, 2083, 2085, 2077, 169, 2079, 2081, 86, + 86, 2086, 2075, 86, 86, 86, 86, 86, 86, 2092, + 2091, 2090, 86, 2084, 2082, 2087, 2088, 2093, 86, 2094, + 86, 2096, 86, 86, 2089, 86, 86, 86, 2097, 2099, + 2098, 86, 2095, 86, 86, 2100, 2101, 2102, 86, 2104, + 86, 86, 86, 2108, 86, 2103, 86, 2107, 86, 86, + 86, 86, 2105, 2106, 2110, 2109, 2111, 86, 2113, 86, + 2112, 86, 86, 86, 86, 86, 86, 2118, 2114, 2117, + 2115, 2119, 2120, 86, 2122, 86, 86, 2125, 86, 86, + 2116, 86, 2121, 86, 86, 2130, 86, 86, 2126, 2124, - 2127, 86, 86, 86, 2124, 86, 86, 86, 2126, 86, - 86, 86, 86, 86, 86, 2125, 2139, 2136, 86, 2131, - 2128, 2129, 2130, 2133, 2132, 2134, 86, 2135, 86, 2140, - 86, 2137, 86, 86, 86, 86, 2141, 2138, 86, 2145, - 86, 2142, 2151, 2146, 2147, 86, 86, 2143, 167, 2148, - 86, 2144, 2149, 86, 2150, 2152, 2155, 2157, 2158, 2153, - 86, 2156, 86, 86, 86, 86, 86, 86, 2159, 86, - 2154, 2162, 86, 86, 2160, 86, 2163, 3149, 2166, 2169, - 2161, 2167, 86, 86, 2168, 86, 2171, 86, 86, 2177, - 2164, 2170, 86, 2172, 86, 2173, 2174, 86, 86, 2176, + 2128, 2123, 86, 86, 86, 2131, 86, 2127, 2134, 2132, + 2136, 86, 86, 2129, 86, 2137, 86, 2135, 86, 2142, + 86, 86, 2138, 2133, 3308, 86, 86, 2144, 2146, 86, + 2139, 2140, 2141, 86, 86, 2145, 86, 2143, 2148, 86, + 86, 2149, 2147, 86, 2150, 2152, 86, 86, 86, 2151, + 86, 86, 86, 2153, 86, 2156, 86, 2157, 2154, 86, + 86, 86, 86, 86, 2159, 86, 86, 2155, 2160, 2165, + 86, 2158, 2162, 86, 2161, 86, 86, 2164, 2170, 86, + 86, 86, 2166, 2173, 86, 2167, 2174, 2163, 2169, 2168, + 2172, 2171, 86, 86, 86, 2175, 2177, 2176, 2179, 86, - 86, 2165, 86, 2175, 2179, 86, 86, 2178, 86, 86, - 86, 86, 86, 2182, 86, 86, 2185, 86, 86, 86, - 2189, 86, 2180, 2191, 86, 2184, 86, 86, 86, 86, - 2186, 2181, 2183, 2187, 2188, 86, 2193, 86, 2196, 2192, - 2190, 2199, 2194, 86, 86, 2195, 2197, 2200, 2198, 2201, - 86, 86, 2202, 86, 86, 86, 86, 86, 86, 86, - 86, 2212, 86, 86, 86, 3149, 86, 2214, 2213, 86, - 2203, 2209, 2204, 2211, 86, 2207, 86, 2205, 2208, 2206, - 2216, 2210, 2215, 86, 2218, 2219, 86, 2217, 2220, 86, - 86, 2221, 86, 2223, 86, 86, 2226, 86, 86, 2227, + 86, 86, 2178, 86, 86, 86, 2180, 2185, 86, 2181, + 86, 86, 2183, 2187, 2189, 86, 2184, 86, 86, 2182, + 86, 86, 2192, 2191, 2188, 86, 2193, 2186, 86, 86, + 2194, 2197, 86, 86, 86, 86, 86, 86, 2198, 2203, + 86, 86, 2200, 2190, 86, 2199, 2195, 86, 2204, 2196, + 2202, 2207, 86, 86, 2201, 86, 2205, 86, 2208, 86, + 86, 2209, 86, 2211, 2206, 2213, 86, 86, 2215, 86, + 2210, 2212, 2214, 86, 2216, 86, 86, 86, 2217, 86, + 2218, 2222, 2224, 2223, 86, 86, 2220, 2225, 86, 2221, + 86, 86, 86, 86, 2219, 86, 2226, 2228, 2230, 2227, - 86, 86, 86, 2222, 2224, 2228, 86, 2225, 2232, 86, - 2233, 86, 2235, 86, 2231, 86, 2237, 86, 2229, 86, - 3149, 2230, 86, 2240, 86, 2234, 86, 2239, 2241, 86, - 86, 86, 86, 2236, 2238, 86, 86, 2247, 86, 2243, - 2242, 2246, 2249, 86, 86, 2244, 86, 86, 86, 2253, - 2252, 2245, 2251, 86, 2248, 2255, 86, 86, 86, 2259, - 86, 86, 2250, 86, 2254, 86, 86, 2264, 86, 86, - 2263, 86, 2256, 2257, 86, 86, 2258, 86, 86, 2266, - 2262, 2260, 2269, 86, 86, 2271, 2261, 86, 2265, 86, - 2267, 2270, 2268, 86, 86, 2276, 2282, 86, 2272, 86, + 2231, 86, 86, 2229, 86, 2232, 2235, 86, 86, 86, + 86, 2234, 86, 86, 86, 86, 86, 86, 86, 2244, + 2245, 2233, 2236, 86, 2239, 2238, 2237, 2240, 2241, 2242, + 86, 86, 2246, 2243, 86, 86, 2247, 2249, 86, 86, + 86, 2250, 2255, 86, 86, 2257, 86, 86, 2254, 2248, + 2251, 2259, 2252, 2256, 86, 86, 169, 86, 86, 2258, + 2260, 2267, 2265, 2253, 2263, 2266, 86, 2261, 86, 2264, + 86, 86, 2270, 86, 2268, 86, 2271, 2269, 2262, 86, + 2275, 86, 86, 2276, 86, 86, 2279, 2284, 2274, 86, + 2272, 86, 86, 86, 2280, 2285, 2277, 86, 2281, 2282, - 86, 2278, 86, 2279, 86, 2273, 2277, 2274, 86, 86, - 86, 86, 86, 2284, 2285, 86, 2283, 86, 2280, 2275, - 2281, 86, 2289, 86, 2287, 86, 2291, 86, 2292, 86, - 2294, 2296, 86, 2288, 2297, 2286, 86, 86, 86, 86, - 2293, 2290, 86, 2298, 86, 2301, 86, 86, 2295, 86, - 86, 86, 2300, 2302, 2307, 2303, 2304, 2299, 2305, 2308, - 86, 86, 86, 2313, 2306, 86, 2309, 86, 2312, 86, - 2311, 2310, 86, 2314, 167, 86, 86, 86, 86, 2316, - 86, 2315, 2321, 86, 86, 86, 86, 2323, 86, 86, - 86, 2328, 2319, 2320, 86, 2317, 2325, 2318, 2324, 2322, + 86, 2273, 86, 2278, 86, 86, 86, 2283, 86, 2287, + 86, 86, 86, 86, 86, 2290, 86, 86, 2293, 86, + 86, 86, 2297, 86, 2286, 2300, 2288, 2292, 2299, 86, + 86, 86, 2294, 2289, 2291, 2295, 2296, 86, 2301, 86, + 86, 86, 2298, 86, 2302, 86, 2310, 86, 2307, 2304, + 2308, 86, 2305, 86, 86, 86, 2303, 86, 86, 2311, + 2306, 86, 86, 2309, 86, 86, 86, 2325, 86, 86, + 86, 86, 2312, 2313, 2318, 2378, 2323, 2316, 2314, 2321, + 2320, 2315, 2317, 2322, 86, 2319, 2324, 86, 86, 86, + 86, 2327, 2326, 86, 86, 2331, 2332, 86, 86, 86, - 2326, 2327, 86, 2332, 86, 3149, 2331, 2329, 86, 2333, - 2330, 2334, 86, 86, 86, 2337, 2335, 2338, 86, 2336, - 86, 86, 86, 86, 2340, 86, 86, 2339, 86, 2342, - 86, 86, 2346, 2347, 2341, 86, 2344, 86, 2343, 86, - 2349, 86, 86, 86, 86, 2350, 2351, 2352, 86, 2345, - 86, 2348, 86, 2354, 86, 2353, 2356, 2357, 86, 86, - 86, 86, 2355, 86, 2359, 86, 86, 2358, 86, 2363, - 2366, 86, 86, 2365, 86, 86, 86, 2362, 2367, 86, - 2360, 2361, 2372, 86, 2371, 86, 2364, 2369, 86, 2368, - 2370, 2373, 86, 86, 2374, 86, 2376, 86, 2381, 2375, + 2333, 3308, 2328, 86, 2329, 86, 2330, 2334, 86, 86, + 2337, 86, 2340, 86, 2335, 86, 2336, 2341, 86, 86, + 2338, 86, 86, 2339, 2342, 2344, 2343, 2347, 86, 2348, + 86, 86, 2350, 86, 2346, 2345, 86, 2352, 86, 86, + 86, 2355, 86, 86, 2354, 2356, 86, 86, 86, 86, + 2349, 2362, 86, 86, 2351, 2353, 2358, 2357, 2361, 86, + 2364, 86, 2359, 86, 86, 86, 86, 86, 2360, 2367, + 2366, 86, 2368, 2370, 86, 86, 2374, 86, 2363, 86, + 86, 2365, 2372, 86, 2371, 2379, 86, 2369, 86, 86, + 86, 86, 2384, 86, 2373, 2381, 86, 86, 2377, 2375, - 2377, 86, 2379, 86, 86, 86, 86, 2380, 2383, 86, - 2385, 86, 86, 86, 86, 2384, 86, 2382, 86, 2378, - 86, 86, 86, 2389, 86, 2391, 2392, 2387, 2393, 86, - 2386, 2395, 2388, 2394, 86, 86, 2396, 86, 2397, 86, - 2390, 86, 86, 86, 2399, 2404, 2398, 2402, 86, 86, - 86, 86, 2403, 86, 2401, 2407, 86, 86, 86, 86, - 2400, 2408, 86, 2411, 2413, 2406, 86, 2405, 2412, 86, - 86, 86, 2409, 86, 86, 2410, 2416, 86, 86, 2415, - 2417, 86, 86, 86, 2414, 86, 2421, 2418, 2419, 2420, - 2424, 2425, 86, 2426, 86, 2427, 86, 2428, 86, 86, + 86, 86, 86, 2376, 2382, 86, 2383, 2380, 2386, 86, + 2391, 2387, 86, 86, 86, 2393, 2385, 2394, 2388, 2397, + 2389, 2392, 86, 86, 86, 86, 86, 2399, 86, 2400, + 86, 2390, 2395, 86, 2396, 2398, 86, 86, 86, 86, + 86, 2402, 2404, 2406, 2407, 86, 2409, 2411, 86, 86, + 2412, 2401, 86, 86, 2403, 2408, 2405, 2410, 86, 86, + 86, 86, 2415, 2413, 2416, 86, 86, 86, 2417, 2418, + 2422, 2423, 86, 2414, 2419, 2420, 86, 86, 86, 86, + 2428, 2421, 2424, 86, 2427, 86, 86, 86, 2426, 86, + 2429, 169, 2425, 86, 2436, 86, 2431, 86, 2430, 86, - 86, 86, 2422, 2423, 86, 2432, 2431, 86, 2433, 86, - 86, 2429, 86, 86, 2438, 86, 86, 86, 2430, 2440, - 86, 2434, 2435, 2441, 86, 86, 86, 86, 2442, 2437, - 86, 86, 2436, 2444, 86, 2439, 2447, 2443, 86, 2445, - 2450, 86, 86, 86, 86, 167, 86, 86, 86, 86, - 2446, 2451, 86, 2458, 2448, 86, 86, 2457, 2449, 2454, - 86, 86, 2456, 86, 2453, 2459, 86, 2462, 3149, 2452, - 2460, 2455, 86, 86, 86, 2461, 2465, 2467, 86, 2468, - 2466, 2469, 86, 2463, 2470, 86, 2464, 86, 2471, 86, - 2472, 86, 2473, 86, 86, 86, 2474, 86, 86, 86, + 86, 86, 86, 2434, 86, 2432, 86, 2433, 2438, 2435, + 86, 86, 2437, 2439, 2443, 2444, 2440, 2441, 2442, 86, + 2447, 86, 86, 2448, 2445, 2449, 86, 86, 86, 2452, + 2450, 2446, 2453, 2451, 86, 86, 2455, 86, 86, 86, + 86, 2457, 86, 2454, 86, 86, 86, 2461, 86, 2462, + 86, 86, 3308, 2456, 2458, 86, 2464, 86, 2459, 2469, + 86, 2465, 2463, 2466, 2460, 2467, 86, 86, 86, 86, + 86, 86, 2468, 86, 2472, 2473, 86, 2470, 2475, 86, + 86, 86, 86, 86, 2474, 86, 2479, 2482, 86, 2471, + 2481, 86, 86, 86, 2483, 2478, 86, 86, 86, 2476, - 86, 86, 86, 86, 2475, 86, 86, 2484, 86, 86, - 2477, 2482, 3149, 2476, 86, 2488, 2479, 2478, 86, 2486, - 2481, 2480, 86, 2483, 2489, 86, 2485, 2487, 2492, 86, - 2490, 2491, 86, 2494, 86, 86, 2495, 86, 86, 86, - 86, 2493, 86, 86, 2497, 2503, 86, 2504, 86, 2505, - 86, 2506, 86, 2496, 2498, 86, 2499, 86, 2500, 2501, - 86, 2502, 86, 86, 86, 3149, 86, 2510, 2515, 86, - 2507, 2513, 2517, 86, 2509, 2508, 86, 86, 2514, 2516, - 86, 86, 86, 2511, 2512, 86, 86, 86, 86, 86, - 2519, 86, 2523, 86, 2528, 86, 2527, 2521, 86, 2518, + 2477, 86, 2487, 2480, 86, 86, 2492, 86, 86, 2484, + 2491, 2485, 86, 2489, 86, 2486, 2493, 86, 86, 2488, + 2490, 86, 2501, 2494, 86, 2497, 2495, 86, 2496, 2502, + 2498, 86, 2500, 2499, 86, 86, 2504, 86, 86, 2506, + 86, 86, 86, 86, 86, 86, 2503, 2505, 2510, 86, + 86, 2514, 86, 86, 2512, 2513, 2508, 2515, 86, 2507, + 2509, 2516, 86, 2517, 86, 86, 86, 86, 86, 2518, + 2520, 2511, 2523, 86, 86, 2525, 86, 86, 2528, 86, + 2522, 86, 86, 2524, 86, 2521, 2519, 2529, 86, 86, + 2532, 86, 2527, 86, 2526, 2533, 86, 86, 2534, 86, - 86, 2520, 2531, 86, 86, 86, 2522, 86, 2524, 2526, - 2525, 2532, 86, 2529, 2535, 86, 2534, 86, 2530, 2533, - 2537, 86, 86, 2540, 86, 86, 86, 86, 2544, 86, - 2536, 2543, 86, 2546, 86, 2542, 86, 2541, 86, 86, - 86, 2538, 2539, 2547, 86, 2548, 2552, 86, 86, 2553, - 86, 2545, 2550, 2555, 86, 2549, 86, 86, 86, 86, - 2560, 86, 86, 86, 2551, 2562, 86, 2558, 2559, 2556, - 2557, 86, 2554, 86, 86, 86, 2563, 2561, 2564, 86, - 2566, 86, 2568, 86, 86, 86, 86, 2567, 2565, 86, - 2569, 2570, 86, 2578, 2572, 2575, 86, 2573, 86, 2571, + 86, 2530, 2537, 86, 86, 2538, 2531, 86, 2536, 2535, + 86, 86, 86, 86, 2539, 2542, 86, 86, 2540, 2541, + 2565, 2545, 2546, 86, 2547, 86, 2548, 86, 2549, 86, + 86, 2543, 2544, 86, 86, 2551, 86, 2553, 2552, 86, + 2554, 86, 2550, 86, 86, 86, 2555, 2559, 86, 2561, + 86, 2562, 86, 2556, 86, 86, 86, 86, 86, 86, + 2558, 86, 86, 2557, 2560, 2563, 2568, 2564, 2566, 2571, + 86, 2572, 86, 86, 86, 86, 86, 2567, 2569, 2570, + 169, 86, 2579, 86, 86, 86, 86, 2575, 86, 86, + 2577, 86, 2578, 2574, 2580, 86, 2588, 86, 2573, 2576, - 2574, 2576, 86, 2577, 167, 86, 86, 2582, 86, 86, - 2579, 86, 2584, 86, 2583, 86, 2580, 2587, 86, 86, - 2586, 2588, 86, 2585, 2581, 2590, 86, 86, 2592, 86, - 2591, 86, 2589, 2593, 86, 86, 2594, 86, 2597, 86, - 2595, 2598, 86, 2596, 86, 86, 86, 2599, 2600, 86, - 2604, 2605, 86, 86, 2602, 86, 86, 86, 2606, 86, - 2601, 86, 2609, 86, 2607, 86, 2608, 2610, 2611, 86, - 2603, 86, 86, 86, 2612, 86, 2617, 86, 86, 86, - 86, 2615, 2616, 2613, 2614, 86, 2618, 2622, 86, 86, - 86, 86, 2626, 86, 86, 2625, 86, 2619, 86, 2620, + 2586, 2581, 2583, 2582, 86, 2584, 86, 2590, 86, 2587, + 86, 2589, 2585, 2591, 86, 86, 2592, 86, 2593, 86, + 2594, 2596, 2595, 86, 86, 86, 86, 86, 86, 86, + 86, 86, 86, 2605, 86, 86, 86, 86, 2603, 2598, + 86, 2609, 2597, 3308, 2600, 2599, 2610, 86, 2602, 2601, + 2604, 2611, 2606, 2607, 2608, 86, 2612, 2614, 86, 86, + 2616, 86, 86, 86, 2613, 86, 86, 86, 2615, 86, + 86, 86, 2619, 2625, 86, 2626, 86, 86, 86, 86, + 2617, 2618, 2620, 86, 2621, 2629, 2623, 2622, 2630, 86, + 2624, 2631, 86, 2632, 86, 86, 2628, 2627, 86, 86, - 2624, 86, 2630, 3149, 2621, 2631, 86, 2633, 2623, 2627, - 2634, 2628, 2635, 86, 2629, 86, 86, 86, 86, 2636, - 86, 86, 2638, 2637, 86, 86, 2632, 86, 86, 2641, - 2639, 86, 2644, 86, 2646, 86, 86, 2640, 2647, 86, - 2649, 2642, 86, 2643, 2648, 86, 86, 2650, 2651, 86, - 86, 2645, 86, 2655, 86, 2653, 86, 86, 2656, 86, - 86, 2659, 2660, 86, 2654, 86, 2652, 86, 2657, 2661, - 86, 86, 86, 86, 2658, 2662, 86, 2665, 2663, 2666, - 86, 86, 2667, 2668, 86, 2664, 2669, 2670, 86, 2671, - 86, 2672, 2674, 2675, 86, 86, 2677, 86, 86, 2676, + 86, 2633, 86, 86, 86, 2637, 86, 86, 86, 2634, + 2641, 2640, 2636, 2646, 2635, 2642, 86, 86, 86, 2643, + 2644, 86, 2638, 2639, 86, 86, 2645, 86, 86, 86, + 86, 86, 2650, 2655, 86, 86, 2648, 2647, 2654, 86, + 2658, 86, 86, 86, 2656, 2649, 2659, 86, 2651, 2652, + 86, 2653, 2662, 86, 2661, 86, 86, 2657, 2660, 86, + 2663, 2667, 86, 86, 86, 86, 2671, 86, 86, 2670, + 2664, 2673, 86, 2669, 86, 2668, 2665, 86, 86, 2666, + 86, 86, 2674, 2675, 2679, 86, 86, 2672, 86, 2680, + 2682, 86, 2677, 86, 2676, 86, 86, 86, 86, 2687, - 86, 2678, 86, 86, 2673, 86, 2682, 2683, 86, 86, - 86, 2686, 86, 86, 2685, 86, 86, 2688, 2689, 86, - 2679, 2687, 86, 2680, 86, 2681, 86, 2691, 86, 2692, - 86, 2695, 86, 2684, 86, 86, 2699, 86, 2734, 2693, - 2694, 86, 86, 86, 2690, 2701, 86, 86, 2696, 2698, - 86, 86, 2697, 2702, 2706, 2700, 2715, 2703, 2705, 2707, - 86, 2709, 86, 86, 2710, 2704, 2708, 86, 2711, 86, - 2712, 86, 2713, 86, 86, 86, 86, 86, 86, 2721, - 86, 86, 86, 86, 2722, 2718, 2724, 86, 86, 2714, - 2725, 2726, 86, 2727, 2716, 2728, 86, 2719, 2720, 86, + 86, 2678, 2689, 86, 2685, 86, 2683, 2686, 2681, 2684, + 2690, 86, 2688, 86, 86, 86, 2691, 86, 86, 2693, + 86, 3308, 86, 2694, 86, 86, 2697, 2692, 86, 2696, + 2699, 2702, 86, 2700, 2703, 86, 2695, 2698, 86, 2701, + 2704, 169, 86, 86, 86, 2705, 2709, 2706, 86, 86, + 2711, 86, 86, 2710, 86, 2714, 86, 2715, 86, 2713, + 86, 2707, 2708, 2717, 86, 86, 2712, 86, 2718, 2719, + 86, 86, 2721, 2716, 2720, 86, 2722, 2724, 86, 86, + 86, 86, 2725, 86, 2723, 2726, 86, 86, 2727, 2731, + 86, 2732, 86, 86, 2729, 86, 2728, 86, 2733, 2735, - 2723, 2717, 86, 86, 86, 2733, 86, 86, 2729, 86, - 86, 2730, 2731, 2737, 86, 86, 2735, 86, 2738, 86, - 2742, 86, 2732, 2739, 2736, 2741, 2740, 2743, 86, 2744, - 86, 86, 86, 2748, 86, 86, 86, 86, 86, 2746, - 86, 86, 86, 2754, 2749, 2745, 86, 2752, 2750, 86, - 2747, 2757, 86, 2755, 86, 2759, 86, 2758, 86, 86, - 2753, 86, 2751, 2756, 2761, 2760, 86, 2762, 2764, 86, - 2763, 2765, 86, 2766, 86, 86, 86, 2771, 2768, 86, - 2769, 2770, 86, 86, 2767, 86, 86, 2772, 2774, 86, - 2773, 86, 86, 86, 86, 2780, 86, 2775, 2776, 2778, + 86, 86, 2734, 86, 2737, 2736, 86, 86, 2730, 86, + 86, 2739, 2740, 86, 86, 2738, 86, 86, 2745, 86, + 2748, 86, 2743, 2742, 86, 2744, 86, 2741, 2746, 86, + 2749, 86, 2747, 2753, 86, 86, 86, 86, 86, 86, + 2750, 86, 2754, 2758, 86, 86, 2756, 86, 86, 2751, + 2752, 2762, 86, 2757, 3166, 2755, 2760, 2765, 2759, 2763, + 86, 2766, 2767, 86, 86, 2761, 86, 86, 86, 2768, + 86, 2770, 2769, 2764, 86, 86, 86, 86, 86, 86, + 2773, 86, 2776, 2771, 2778, 86, 2779, 86, 2772, 2780, + 86, 2774, 86, 2775, 86, 86, 2781, 2777, 86, 2782, - 2783, 86, 2782, 86, 86, 86, 86, 86, 2786, 2784, - 2779, 2785, 2777, 86, 86, 2790, 86, 86, 2781, 86, - 86, 86, 86, 86, 2787, 2793, 86, 86, 2788, 2794, - 2791, 2798, 2792, 86, 2789, 2797, 2800, 86, 2795, 86, - 2802, 86, 2796, 2803, 86, 86, 2805, 86, 86, 86, - 86, 86, 2810, 86, 86, 2809, 86, 86, 2801, 2799, - 86, 2814, 86, 86, 2806, 2807, 2804, 2808, 2817, 86, - 86, 86, 2819, 3149, 2811, 86, 2813, 2815, 86, 2812, - 2820, 2816, 2822, 86, 2823, 86, 86, 2825, 86, 86, - 2818, 86, 86, 2821, 86, 86, 2830, 86, 2834, 86, + 2783, 86, 86, 2785, 2787, 86, 86, 86, 2791, 2788, + 86, 2792, 86, 86, 2786, 2784, 2794, 2789, 2793, 86, + 86, 86, 86, 2798, 86, 86, 2790, 86, 2799, 2800, + 86, 2802, 86, 2795, 86, 86, 86, 2806, 86, 2796, + 2801, 3308, 2797, 86, 2807, 86, 86, 2803, 86, 2809, + 2805, 86, 2808, 2804, 2810, 86, 86, 2815, 86, 86, + 86, 2811, 2814, 86, 2817, 86, 2812, 2818, 86, 86, + 2819, 2813, 86, 86, 86, 2821, 2823, 2820, 86, 2824, + 86, 86, 86, 2816, 2822, 2827, 86, 2831, 86, 86, + 86, 2825, 2826, 2833, 86, 86, 86, 86, 86, 2828, - 2827, 2828, 86, 86, 2836, 86, 2824, 2826, 2835, 2832, - 86, 2829, 86, 2831, 2839, 2833, 2840, 86, 86, 2842, - 86, 2841, 2837, 86, 86, 86, 2845, 86, 86, 2844, - 86, 2848, 2838, 2846, 86, 2851, 86, 86, 86, 86, - 86, 2843, 86, 2856, 86, 86, 86, 86, 3149, 2847, - 2852, 2849, 2850, 2859, 86, 2855, 2858, 2853, 2860, 86, - 2862, 86, 86, 86, 2857, 2854, 2861, 2863, 2864, 86, - 2865, 86, 2866, 86, 86, 2868, 86, 86, 86, 2867, - 86, 86, 2869, 86, 2873, 2874, 86, 86, 86, 2878, - 86, 2879, 86, 86, 3149, 2875, 86, 2877, 2880, 2870, + 2830, 2834, 2829, 2832, 2837, 2838, 2936, 2840, 2835, 86, + 2839, 86, 2841, 86, 2836, 86, 2842, 2843, 86, 86, + 2844, 86, 2845, 86, 2846, 86, 2847, 86, 86, 2850, + 86, 2848, 2849, 86, 86, 2852, 86, 86, 86, 2854, + 2858, 86, 2859, 86, 86, 2855, 86, 2860, 2862, 86, + 2864, 86, 2853, 86, 2851, 86, 86, 2856, 2857, 86, + 2863, 2865, 2866, 86, 2861, 86, 86, 86, 2867, 2871, + 86, 2872, 86, 2870, 2868, 2869, 86, 2875, 86, 86, + 86, 2873, 2876, 86, 2879, 86, 86, 2878, 2881, 86, + 2880, 2874, 2877, 2882, 86, 86, 86, 2886, 86, 86, - 2871, 86, 2872, 86, 86, 86, 2883, 2876, 2884, 86, - 2885, 86, 86, 2881, 2888, 2882, 86, 2886, 86, 2887, - 86, 2891, 86, 2893, 86, 86, 2890, 86, 2889, 2892, - 86, 86, 2895, 86, 86, 86, 86, 2897, 86, 86, - 86, 2898, 2896, 86, 86, 2894, 86, 86, 86, 86, - 86, 2907, 2908, 2899, 2903, 2900, 2901, 2902, 2910, 86, - 2904, 2905, 86, 2913, 86, 2906, 2985, 2911, 2909, 2912, - 2914, 86, 2915, 86, 86, 2917, 86, 2927, 2916, 2918, - 86, 2919, 2920, 86, 86, 2921, 2922, 2925, 86, 2923, - 2924, 86, 86, 2926, 86, 86, 86, 86, 2932, 86, + 2883, 86, 86, 86, 86, 2892, 86, 86, 2887, 86, + 86, 86, 2890, 2888, 2885, 2895, 86, 86, 2893, 3308, + 2884, 2896, 86, 2897, 2891, 86, 2898, 2889, 2894, 2906, + 2899, 86, 2900, 2902, 86, 2901, 2903, 86, 2904, 86, + 86, 86, 86, 86, 2909, 86, 86, 2908, 2910, 2905, + 86, 2911, 2912, 86, 86, 86, 86, 86, 2918, 86, + 2907, 2916, 86, 2913, 86, 86, 2914, 2920, 86, 2921, + 86, 2924, 86, 86, 86, 2917, 2915, 2922, 2923, 86, + 86, 2925, 2929, 86, 2919, 86, 86, 86, 86, 2926, + 86, 2932, 86, 86, 2927, 86, 86, 2933, 2930, 2931, - 86, 86, 2931, 86, 86, 2928, 86, 2935, 2934, 86, - 86, 86, 2940, 2936, 86, 2929, 2930, 2941, 86, 2939, - 86, 2937, 2942, 86, 86, 2933, 86, 2938, 2949, 2943, - 86, 2944, 2947, 2945, 86, 86, 2946, 2948, 86, 86, - 86, 86, 2956, 86, 2953, 2950, 2954, 2957, 86, 86, - 2951, 2952, 2984, 86, 2958, 2959, 86, 2960, 86, 2955, - 86, 2962, 86, 2963, 86, 2961, 2964, 86, 2965, 86, - 2966, 86, 2967, 86, 2968, 86, 2969, 86, 86, 2971, - 86, 86, 86, 86, 86, 86, 86, 2970, 2976, 86, - 2972, 86, 86, 86, 2973, 86, 2980, 86, 2979, 2977, + 2928, 2937, 86, 2938, 2939, 86, 2934, 2942, 86, 86, + 86, 2935, 2944, 86, 2945, 86, 2947, 86, 86, 2941, + 86, 86, 86, 2940, 2952, 86, 86, 2951, 2943, 86, + 86, 2946, 86, 2956, 2948, 86, 2949, 2950, 86, 86, + 2959, 86, 2961, 86, 86, 86, 2953, 86, 86, 2955, + 2962, 86, 2954, 2957, 2958, 2964, 86, 86, 2960, 2965, + 86, 2967, 86, 86, 2966, 2963, 86, 2971, 2969, 2972, + 2973, 86, 2970, 2976, 86, 86, 86, 86, 2974, 2977, + 86, 2968, 86, 2978, 2981, 2982, 86, 2984, 86, 2979, + 86, 2975, 86, 86, 86, 2983, 2987, 86, 86, 2986, - 2982, 86, 86, 2974, 2975, 2978, 2981, 86, 2986, 86, - 2989, 2983, 2988, 86, 86, 2987, 86, 86, 86, 2991, - 86, 2992, 86, 86, 86, 86, 2995, 2990, 2998, 3000, - 86, 2996, 3001, 86, 2994, 2993, 86, 2999, 2997, 3002, - 86, 86, 86, 86, 86, 86, 3005, 86, 86, 86, - 3004, 86, 3010, 3011, 86, 86, 3013, 86, 3007, 3003, - 3009, 3014, 86, 3006, 86, 86, 86, 86, 3008, 3012, - 86, 86, 86, 86, 86, 3020, 3015, 86, 3024, 3149, - 3016, 3017, 3019, 3021, 3027, 86, 86, 86, 3025, 3018, - 86, 3022, 3023, 3029, 86, 3028, 86, 3026, 86, 3030, + 2980, 86, 2990, 2988, 86, 86, 2985, 86, 86, 2993, + 86, 86, 86, 86, 2998, 86, 86, 2994, 86, 86, + 2989, 2991, 2992, 3002, 86, 2995, 2997, 3001, 3003, 86, + 86, 2999, 3000, 3005, 86, 3004, 2996, 3007, 86, 3006, + 3008, 86, 3009, 86, 86, 86, 3012, 86, 86, 3014, + 86, 86, 86, 3013, 86, 86, 86, 3010, 86, 3019, + 3020, 86, 86, 86, 3024, 86, 3015, 3025, 86, 3026, + 3021, 3011, 3023, 3016, 86, 86, 3017, 3018, 86, 86, + 3030, 86, 3022, 86, 3029, 3031, 86, 86, 3032, 3034, + 86, 86, 3037, 86, 3027, 86, 86, 3028, 86, 3036, - 3031, 86, 3032, 86, 86, 86, 3033, 3035, 86, 86, - 3034, 3040, 86, 3036, 3037, 86, 86, 86, 86, 86, - 3039, 3038, 86, 3043, 3045, 86, 3041, 3042, 3048, 86, - 86, 86, 3051, 86, 3046, 86, 3044, 86, 3052, 86, - 3055, 3047, 3056, 3053, 86, 3049, 86, 86, 86, 3050, - 86, 86, 3061, 86, 3062, 86, 3060, 3058, 3054, 86, - 86, 3057, 86, 86, 86, 86, 86, 3066, 86, 3059, - 3068, 86, 86, 86, 3065, 3075, 86, 3073, 86, 86, - 3063, 3070, 3064, 3074, 3067, 3069, 3071, 86, 86, 86, - 3072, 3079, 86, 86, 3080, 3081, 86, 3082, 3083, 3076, + 86, 3033, 3035, 3038, 86, 86, 86, 86, 86, 3041, + 86, 86, 3043, 86, 86, 3044, 3039, 3042, 86, 86, + 3040, 86, 86, 86, 86, 3308, 3053, 3045, 3054, 3049, + 3046, 3047, 3048, 3056, 86, 3050, 3051, 3059, 86, 86, + 3052, 86, 3055, 3057, 3058, 3061, 86, 3062, 86, 86, + 3064, 86, 86, 3063, 3060, 86, 3308, 3065, 3067, 86, + 3068, 86, 3069, 3070, 86, 86, 3071, 3072, 3075, 86, + 3073, 3074, 86, 86, 3066, 3076, 86, 86, 86, 86, + 86, 3082, 86, 86, 86, 3081, 86, 86, 3085, 86, + 3077, 3078, 86, 3084, 86, 3308, 3086, 86, 3079, 3080, - 86, 86, 86, 86, 86, 3077, 3087, 3078, 3084, 3085, - 3088, 86, 86, 86, 3090, 86, 86, 86, 3089, 3086, - 3091, 3092, 86, 86, 3093, 3096, 86, 86, 86, 3099, - 86, 86, 3100, 86, 86, 3103, 86, 86, 86, 86, - 3098, 3094, 3095, 3101, 3108, 3097, 3102, 86, 3107, 86, - 86, 3106, 86, 3111, 86, 3104, 3105, 86, 3113, 86, - 3114, 86, 3109, 86, 86, 86, 3115, 3118, 86, 86, - 3116, 3121, 86, 3112, 3119, 86, 3110, 3120, 86, 86, - 86, 86, 86, 3117, 3124, 3122, 3123, 3125, 3127, 86, - 86, 86, 86, 86, 86, 3129, 3130, 86, 3133, 3126, + 86, 3090, 86, 3089, 3087, 3091, 86, 86, 3083, 86, + 3088, 3092, 86, 86, 3094, 3097, 3095, 3093, 3099, 3096, + 3098, 86, 3100, 86, 86, 86, 86, 86, 3101, 3107, + 3103, 3104, 3106, 86, 86, 86, 3109, 86, 3110, 86, + 3108, 86, 86, 86, 3102, 3308, 3105, 3112, 3113, 86, + 3114, 86, 3115, 3116, 86, 86, 3111, 3117, 86, 3118, + 86, 3119, 86, 3120, 86, 3121, 86, 3122, 86, 86, + 3124, 86, 86, 86, 86, 3127, 3129, 86, 3123, 86, + 86, 3125, 86, 86, 3133, 3126, 86, 3135, 86, 86, + 86, 86, 3132, 3128, 3130, 3131, 86, 86, 3139, 3137, - 3128, 3134, 86, 86, 86, 3137, 3138, 86, 86, 3140, - 86, 3131, 3132, 3135, 86, 3139, 3141, 86, 86, 86, - 86, 3142, 3136, 3143, 3144, 86, 3147, 86, 3148, 86, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3145, - 3149, 3149, 3149, 3149, 3146, 47, 47, 47, 47, 47, - 47, 47, 52, 52, 52, 52, 52, 52, 52, 57, - 57, 57, 57, 57, 57, 57, 63, 63, 63, 63, - 63, 63, 63, 68, 68, 68, 68, 68, 68, 68, - 74, 74, 74, 74, 74, 74, 74, 80, 80, 80, - 80, 80, 80, 80, 89, 89, 3149, 89, 89, 89, + 86, 3134, 3142, 3141, 86, 86, 86, 3136, 86, 3140, + 3144, 86, 86, 86, 86, 86, 3138, 86, 3143, 3148, + 86, 3150, 86, 3149, 86, 3145, 86, 3153, 3147, 3146, + 3151, 3155, 86, 3156, 86, 3154, 3157, 86, 86, 86, + 86, 86, 86, 3160, 86, 86, 3152, 3159, 86, 3158, + 86, 3168, 86, 3165, 86, 3162, 3164, 86, 86, 3167, + 3161, 86, 86, 86, 86, 3163, 86, 3169, 86, 86, + 86, 3170, 3175, 3177, 3172, 3171, 3176, 3174, 86, 86, + 86, 3184, 86, 3179, 3181, 86, 3173, 3178, 86, 3180, + 3183, 3186, 86, 86, 3182, 86, 3187, 3185, 3188, 86, - 89, 157, 157, 3149, 3149, 3149, 157, 157, 159, 159, - 3149, 3149, 159, 3149, 159, 161, 3149, 3149, 3149, 3149, - 3149, 161, 164, 164, 3149, 3149, 3149, 164, 164, 166, - 3149, 3149, 3149, 3149, 3149, 166, 168, 168, 3149, 168, - 168, 168, 168, 171, 3149, 3149, 3149, 3149, 3149, 171, - 174, 174, 3149, 3149, 3149, 174, 174, 90, 90, 3149, - 90, 90, 90, 90, 17, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, + 3189, 86, 86, 86, 3190, 3192, 86, 86, 3193, 86, + 3197, 3194, 86, 3191, 86, 86, 86, 3201, 86, 3200, + 86, 3203, 86, 86, 3196, 86, 3198, 3199, 3204, 86, + 3207, 86, 3195, 86, 86, 3210, 86, 86, 3205, 86, + 3202, 86, 3211, 3214, 3206, 3212, 86, 3215, 3208, 86, + 86, 86, 3209, 86, 86, 3220, 86, 86, 3213, 3219, + 3216, 3221, 86, 3217, 86, 86, 86, 86, 86, 86, + 3218, 3225, 86, 3227, 86, 86, 86, 86, 3222, 3224, + 86, 3232, 3233, 86, 3223, 3229, 3226, 3230, 3228, 3234, + 86, 86, 3238, 86, 3231, 86, 3241, 86, 3240, 86, - 3149, 3149, 3149, 3149, 3149 + 3235, 3236, 3239, 86, 86, 86, 86, 86, 3242, 3246, + 3237, 3243, 3244, 3247, 86, 86, 86, 86, 3245, 3249, + 86, 3248, 86, 86, 3251, 86, 3250, 3255, 86, 86, + 3252, 86, 3258, 86, 3259, 86, 3253, 86, 86, 86, + 86, 86, 3257, 3262, 3254, 86, 3260, 3256, 86, 3261, + 86, 3266, 86, 3267, 3265, 86, 3270, 86, 3263, 3264, + 86, 3272, 86, 3273, 86, 3268, 86, 86, 86, 3274, + 3279, 3269, 86, 3275, 3277, 86, 3271, 3278, 3280, 86, + 86, 86, 86, 86, 86, 86, 3276, 3281, 3282, 3284, + 3286, 86, 86, 86, 86, 86, 86, 3288, 3289, 86, + + 3292, 3283, 3285, 86, 3287, 3293, 86, 86, 3296, 3297, + 86, 86, 86, 3290, 3291, 3294, 3299, 86, 3298, 3300, + 86, 86, 3295, 86, 86, 86, 3306, 86, 3301, 3302, + 3303, 3304, 3307, 86, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3305, 47, 47, 47, 47, 47, 47, 47, + 52, 52, 52, 52, 52, 52, 52, 57, 57, 57, + 57, 57, 57, 57, 63, 63, 63, 63, 63, 63, + 63, 68, 68, 68, 68, 68, 68, 68, 74, 74, + 74, 74, 74, 74, 74, 80, 80, 80, 80, 80, + 80, 80, 89, 89, 3308, 89, 89, 89, 89, 159, + + 159, 3308, 3308, 3308, 159, 159, 161, 161, 3308, 3308, + 161, 3308, 161, 163, 3308, 3308, 3308, 3308, 3308, 163, + 166, 166, 3308, 3308, 3308, 166, 166, 168, 3308, 3308, + 3308, 3308, 3308, 168, 170, 170, 3308, 170, 170, 170, + 170, 173, 3308, 3308, 3308, 3308, 3308, 173, 176, 176, + 3308, 3308, 3308, 176, 176, 90, 90, 3308, 90, 90, + 90, 90, 17, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + + 3308, 3308, 3308 } ; -static const flex_int16_t yy_chk[6206] = +static const flex_int16_t yy_chk[6504] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -2154,681 +2241,714 @@ static const flex_int16_t yy_chk[6206] = 5, 3, 6, 24, 4, 24, 24, 5, 24, 6, 7, 7, 7, 7, 24, 7, 8, 8, 8, 8, 33, 8, 7, 9, 9, 9, 26, 26, 8, 10, - 10, 10, 19, 29, 9, 33, 19, 29, 3157, 35, + 10, 10, 19, 29, 9, 33, 19, 29, 3316, 35, 10, 11, 11, 11, 11, 11, 11, 13, 13, 13, 13, 34, 13, 11, 35, 99, 34, 29, 38, 13, 51, 51, 11, 12, 12, 12, 12, 12, 12, 14, 14, 14, 14, 99, 14, 12, 15, 15, 15, 38, 23, 14, 23, 23, 12, 23, 46, 15, 16, 16, - 16, 23, 23, 25, 27, 27, 25, 25, 40, 16, - 25, 46, 27, 30, 30, 25, 27, 31, 31, 27, - 43, 43, 40, 43, 25, 28, 31, 87, 30, 32, - 28, 87, 43, 32, 28, 94, 32, 28, 43, 28, - 28, 56, 94, 32, 56, 32, 36, 36, 37, 37, - 28, 45, 45, 37, 2577, 36, 45, 39, 41, 41, + 16, 23, 23, 25, 27, 27, 25, 25, 2704, 16, + 25, 46, 27, 30, 30, 25, 27, 56, 40, 27, + 56, 73, 31, 31, 25, 28, 67, 67, 30, 32, + 28, 31, 40, 32, 28, 73, 32, 28, 92, 28, + 28, 92, 31, 32, 1088, 32, 36, 36, 37, 37, + 28, 45, 45, 37, 176, 36, 45, 39, 41, 41, - 45, 36, 39, 41, 124, 36, 39, 67, 67, 37, - 73, 124, 39, 41, 41, 39, 41, 44, 42, 84, - 84, 44, 39, 42, 73, 62, 42, 62, 62, 92, - 62, 44, 92, 42, 142, 44, 44, 42, 42, 70, - 142, 70, 70, 72, 70, 72, 72, 79, 72, 79, - 79, 70, 79, 86, 95, 86, 86, 89, 86, 89, - 89, 93, 89, 96, 86, 93, 95, 97, 89, 89, - 97, 98, 100, 103, 98, 101, 102, 104, 105, 106, - 107, 100, 102, 96, 109, 106, 108, 98, 102, 101, - 102, 103, 103, 111, 107, 110, 115, 105, 106, 104, + 45, 36, 39, 41, 87, 36, 39, 37, 87, 37, + 84, 84, 39, 41, 41, 39, 41, 93, 42, 95, + 96, 93, 39, 42, 43, 43, 42, 43, 94, 97, + 44, 95, 97, 42, 44, 94, 43, 42, 42, 113, + 96, 115, 43, 113, 44, 175, 115, 124, 44, 44, + 62, 124, 62, 62, 70, 62, 70, 70, 72, 70, + 72, 72, 79, 72, 79, 79, 70, 79, 86, 103, + 86, 86, 89, 86, 89, 89, 100, 89, 98, 86, + 104, 98, 101, 89, 89, 100, 102, 103, 103, 105, + 107, 106, 102, 108, 98, 109, 101, 106, 102, 111, - 108, 112, 118, 114, 109, 113, 110, 110, 114, 113, - 115, 111, 116, 122, 110, 116, 117, 128, 116, 112, - 119, 118, 117, 120, 121, 119, 120, 122, 126, 123, - 120, 116, 116, 123, 125, 126, 127, 128, 129, 131, - 130, 117, 133, 121, 130, 119, 120, 125, 121, 127, - 132, 134, 134, 135, 137, 132, 129, 131, 138, 132, - 139, 136, 133, 140, 143, 136, 140, 144, 144, 137, - 141, 145, 148, 135, 136, 146, 143, 140, 145, 139, - 136, 140, 147, 141, 138, 144, 149, 151, 144, 145, - 152, 146, 150, 148, 150, 152, 153, 156, 154, 151, + 102, 110, 104, 112, 107, 114, 173, 108, 105, 116, + 106, 119, 110, 110, 122, 109, 117, 111, 118, 117, + 110, 112, 117, 116, 118, 114, 120, 126, 123, 130, + 119, 120, 125, 122, 121, 117, 117, 121, 122, 125, + 126, 121, 123, 118, 128, 127, 129, 131, 133, 130, + 132, 120, 127, 128, 132, 134, 135, 121, 137, 129, + 134, 136, 136, 140, 134, 131, 133, 138, 139, 141, + 168, 138, 143, 146, 146, 144, 135, 150, 137, 142, + 138, 144, 142, 139, 145, 143, 138, 148, 141, 140, + 149, 146, 147, 142, 146, 151, 145, 142, 150, 147, - 155, 147, 149, 150, 1043, 155, 158, 158, 153, 160, - 182, 156, 160, 165, 165, 150, 154, 162, 182, 162, - 162, 167, 162, 167, 167, 168, 167, 168, 168, 170, - 168, 172, 170, 172, 172, 176, 172, 168, 175, 175, - 176, 177, 178, 179, 180, 183, 181, 177, 184, 185, - 186, 189, 180, 187, 185, 174, 177, 181, 179, 180, - 178, 188, 187, 184, 183, 173, 190, 188, 188, 192, - 186, 190, 191, 191, 194, 192, 189, 193, 194, 193, - 195, 195, 193, 194, 196, 197, 198, 199, 194, 200, - 201, 198, 199, 205, 194, 194, 196, 202, 203, 193, + 153, 154, 152, 148, 152, 155, 154, 158, 156, 149, + 147, 151, 153, 152, 157, 160, 160, 155, 180, 157, + 162, 158, 254, 162, 254, 152, 156, 164, 172, 164, + 164, 172, 164, 167, 167, 169, 180, 169, 169, 170, + 169, 170, 170, 174, 170, 174, 174, 178, 174, 177, + 177, 170, 178, 179, 181, 182, 183, 184, 185, 179, + 186, 187, 188, 182, 189, 184, 187, 183, 179, 181, + 182, 191, 190, 189, 194, 186, 192, 185, 190, 190, + 194, 192, 188, 193, 193, 195, 198, 195, 196, 202, + 195, 199, 196, 197, 197, 200, 191, 196, 198, 201, - 204, 200, 203, 202, 197, 204, 206, 205, 207, 208, - 201, 209, 210, 213, 171, 214, 209, 210, 211, 211, - 207, 206, 211, 207, 211, 212, 202, 208, 215, 217, - 212, 214, 219, 213, 215, 217, 211, 218, 211, 216, - 216, 217, 220, 218, 221, 222, 224, 223, 220, 225, - 221, 224, 219, 223, 226, 225, 227, 228, 229, 221, - 226, 230, 231, 227, 229, 232, 222, 233, 231, 234, - 228, 235, 239, 237, 236, 233, 235, 238, 242, 240, - 244, 230, 234, 236, 240, 240, 241, 232, 237, 245, - 243, 241, 239, 238, 243, 245, 242, 246, 247, 248, + 200, 202, 196, 203, 201, 204, 207, 195, 196, 196, + 199, 204, 205, 206, 208, 209, 205, 210, 206, 211, + 212, 213, 207, 203, 216, 212, 213, 217, 208, 210, + 209, 166, 210, 215, 204, 214, 214, 211, 215, 214, + 218, 214, 222, 217, 216, 220, 218, 219, 219, 225, + 221, 220, 223, 214, 224, 214, 221, 220, 223, 226, + 224, 227, 222, 232, 229, 226, 227, 228, 229, 224, + 225, 230, 231, 228, 233, 234, 232, 230, 235, 231, + 233, 236, 237, 238, 235, 241, 239, 243, 240, 242, + 237, 239, 246, 244, 236, 234, 238, 240, 244, 244, - 249, 250, 244, 250, 247, 249, 251, 252, 255, 257, - 258, 253, 254, 166, 252, 246, 246, 253, 254, 248, - 256, 257, 259, 259, 258, 251, 256, 255, 260, 260, - 261, 262, 263, 264, 263, 265, 261, 262, 266, 267, - 265, 268, 269, 270, 271, 282, 272, 273, 270, 268, - 266, 263, 272, 273, 261, 274, 264, 276, 267, 275, - 274, 277, 269, 276, 275, 278, 279, 271, 280, 281, - 282, 284, 283, 285, 284, 285, 277, 281, 283, 278, - 286, 286, 280, 287, 279, 288, 287, 289, 289, 290, - 290, 291, 293, 292, 294, 293, 295, 296, 294, 298, + 241, 245, 248, 236, 247, 242, 245, 243, 247, 249, + 246, 250, 251, 252, 253, 249, 255, 257, 251, 253, + 256, 259, 258, 257, 248, 260, 261, 256, 258, 250, + 250, 260, 262, 252, 268, 255, 263, 263, 261, 265, + 259, 264, 264, 266, 270, 265, 262, 269, 267, 266, + 267, 271, 269, 272, 273, 274, 270, 268, 275, 276, + 274, 272, 277, 265, 278, 276, 279, 267, 277, 278, + 271, 279, 280, 281, 273, 282, 283, 284, 280, 285, + 286, 275, 288, 291, 287, 288, 291, 285, 281, 282, + 287, 284, 292, 289, 283, 289, 290, 290, 293, 293, - 300, 164, 300, 288, 297, 295, 296, 291, 292, 299, - 297, 301, 302, 298, 306, 299, 302, 301, 303, 303, - 304, 305, 307, 308, 309, 304, 314, 305, 310, 310, - 312, 315, 311, 302, 306, 311, 317, 309, 313, 319, - 307, 163, 313, 322, 308, 314, 316, 316, 312, 315, - 318, 319, 320, 318, 317, 322, 321, 324, 320, 321, - 325, 328, 326, 329, 328, 454, 324, 326, 332, 330, - 318, 323, 327, 332, 332, 327, 329, 327, 325, 334, - 323, 330, 331, 323, 331, 331, 335, 454, 323, 323, - 323, 323, 333, 327, 336, 333, 334, 337, 341, 334, + 294, 294, 295, 297, 296, 286, 297, 298, 299, 301, + 292, 298, 300, 302, 303, 301, 311, 299, 295, 296, + 303, 300, 304, 305, 304, 312, 306, 302, 308, 305, + 306, 307, 307, 308, 309, 310, 311, 313, 314, 316, + 309, 310, 316, 312, 315, 315, 317, 306, 318, 319, + 165, 314, 318, 320, 321, 321, 322, 324, 313, 323, + 310, 325, 323, 326, 317, 327, 326, 325, 319, 324, + 330, 320, 329, 331, 322, 339, 339, 327, 331, 323, + 328, 329, 332, 333, 335, 332, 333, 332, 330, 328, + 338, 334, 328, 338, 341, 613, 335, 328, 328, 328, - 343, 335, 339, 336, 338, 338, 337, 339, 340, 340, - 342, 344, 343, 341, 345, 342, 346, 347, 350, 358, - 351, 348, 348, 347, 348, 351, 352, 161, 358, 356, - 344, 346, 352, 348, 345, 353, 354, 365, 350, 355, - 353, 354, 355, 356, 355, 357, 360, 354, 357, 359, - 359, 362, 360, 361, 361, 366, 362, 365, 367, 363, - 368, 357, 363, 369, 357, 372, 357, 371, 363, 375, - 371, 378, 363, 367, 374, 368, 366, 369, 375, 372, - 363, 364, 364, 380, 364, 376, 371, 377, 667, 374, - 376, 376, 378, 377, 379, 382, 384, 364, 380, 667, + 328, 340, 613, 332, 334, 336, 337, 336, 336, 341, + 342, 337, 337, 343, 344, 344, 346, 346, 340, 342, + 345, 340, 343, 347, 347, 345, 348, 349, 350, 351, + 352, 353, 349, 354, 357, 355, 355, 358, 355, 354, + 350, 348, 358, 359, 365, 363, 353, 355, 351, 359, + 352, 360, 361, 365, 357, 362, 360, 361, 362, 363, + 362, 364, 367, 361, 364, 366, 366, 369, 367, 368, + 368, 372, 369, 373, 374, 370, 373, 364, 370, 376, + 364, 379, 364, 386, 370, 163, 375, 378, 370, 374, + 378, 372, 381, 376, 373, 379, 370, 371, 371, 382, - 364, 381, 364, 383, 364, 373, 385, 373, 373, 383, - 381, 386, 388, 379, 382, 391, 389, 373, 390, 373, - 373, 373, 384, 387, 373, 386, 385, 392, 393, 387, - 391, 394, 392, 387, 396, 388, 389, 394, 390, 395, - 395, 397, 398, 393, 399, 400, 401, 402, 403, 403, - 399, 403, 402, 397, 396, 404, 398, 405, 406, 408, - 481, 408, 401, 407, 409, 410, 409, 411, 413, 410, - 400, 411, 415, 405, 406, 404, 414, 407, 412, 412, - 416, 417, 481, 418, 409, 419, 411, 413, 415, 421, - 422, 414, 418, 421, 419, 417, 420, 424, 416, 422, + 371, 375, 386, 389, 383, 384, 378, 381, 382, 383, + 383, 384, 387, 371, 392, 391, 371, 385, 371, 388, + 371, 380, 389, 380, 380, 390, 396, 387, 388, 393, + 397, 390, 161, 380, 392, 380, 380, 380, 385, 394, + 380, 391, 395, 393, 398, 394, 396, 395, 399, 394, + 397, 400, 401, 399, 402, 402, 403, 404, 401, 398, + 405, 406, 407, 408, 411, 395, 400, 406, 409, 404, + 412, 414, 413, 409, 405, 159, 403, 410, 410, 408, + 410, 415, 420, 415, 411, 414, 412, 407, 413, 416, + 417, 416, 416, 418, 417, 419, 419, 418, 421, 422, - 423, 420, 425, 418, 429, 418, 423, 426, 425, 427, - 428, 426, 427, 430, 430, 428, 431, 433, 424, 432, - 432, 434, 433, 438, 429, 435, 435, 436, 437, 431, - 439, 440, 437, 436, 434, 441, 440, 443, 438, 444, - 441, 442, 442, 445, 446, 447, 449, 451, 447, 443, - 442, 439, 451, 448, 450, 450, 446, 448, 449, 444, - 452, 445, 453, 453, 456, 456, 457, 458, 459, 460, - 461, 464, 463, 466, 465, 458, 467, 459, 468, 466, - 470, 452, 461, 472, 468, 467, 472, 457, 465, 460, - 463, 464, 463, 469, 470, 471, 473, 474, 469, 475, + 423, 420, 424, 430, 427, 425, 426, 430, 428, 416, + 427, 426, 418, 421, 425, 422, 424, 428, 423, 426, + 426, 429, 431, 426, 426, 425, 429, 425, 432, 433, + 434, 431, 436, 435, 432, 436, 434, 435, 437, 438, + 439, 439, 440, 437, 441, 441, 442, 443, 444, 444, + 433, 442, 445, 446, 447, 440, 448, 446, 445, 438, + 443, 449, 450, 451, 451, 453, 449, 450, 452, 447, + 454, 455, 451, 456, 457, 458, 456, 448, 457, 460, + 452, 459, 459, 455, 460, 453, 461, 458, 454, 462, + 462, 463, 465, 465, 467, 468, 469, 470, 471, 478, - 476, 477, 478, 471, 477, 475, 471, 479, 478, 480, - 473, 482, 474, 483, 480, 485, 488, 483, 484, 486, - 476, 479, 487, 484, 486, 492, 478, 489, 493, 494, - 485, 495, 482, 494, 505, 488, 496, 505, 487, 499, - 489, 490, 490, 493, 497, 492, 500, 490, 497, 490, - 495, 500, 496, 498, 499, 490, 501, 490, 498, 502, - 490, 490, 498, 503, 504, 506, 507, 490, 502, 503, - 508, 508, 501, 509, 503, 501, 510, 510, 511, 512, - 504, 513, 514, 515, 516, 517, 507, 518, 506, 516, - 522, 512, 519, 511, 517, 526, 513, 520, 509, 522, + 473, 474, 475, 468, 85, 469, 477, 461, 478, 476, + 471, 480, 477, 463, 481, 467, 480, 470, 473, 474, + 473, 479, 475, 476, 482, 484, 483, 479, 481, 483, + 485, 486, 482, 487, 489, 482, 490, 486, 488, 484, + 489, 488, 491, 492, 494, 485, 493, 491, 494, 495, + 490, 496, 497, 487, 495, 498, 499, 497, 489, 500, + 503, 524, 506, 504, 505, 492, 496, 493, 505, 507, + 508, 498, 500, 524, 508, 499, 501, 501, 504, 510, + 503, 506, 501, 80, 501, 507, 511, 512, 509, 513, + 501, 511, 501, 509, 510, 501, 501, 509, 513, 514, - 523, 514, 524, 520, 523, 515, 518, 519, 524, 525, - 526, 527, 528, 529, 530, 531, 532, 534, 533, 531, - 533, 525, 535, 535, 537, 534, 528, 536, 529, 532, - 527, 538, 530, 536, 539, 540, 537, 538, 540, 541, - 542, 544, 543, 545, 544, 546, 539, 543, 549, 549, - 548, 547, 545, 541, 551, 542, 547, 547, 556, 545, - 551, 546, 545, 548, 550, 550, 552, 552, 553, 553, - 554, 557, 555, 559, 557, 558, 554, 555, 555, 556, - 558, 560, 561, 562, 563, 561, 564, 565, 562, 560, - 566, 565, 559, 567, 568, 569, 566, 567, 570, 572, + 515, 516, 501, 512, 517, 514, 512, 517, 518, 519, + 514, 520, 520, 521, 526, 515, 529, 516, 522, 522, + 523, 525, 527, 528, 530, 529, 531, 75, 528, 519, + 534, 518, 538, 526, 532, 523, 525, 537, 521, 534, + 532, 531, 535, 530, 527, 536, 535, 538, 539, 537, + 540, 536, 542, 541, 543, 545, 544, 545, 543, 546, + 548, 548, 550, 547, 540, 552, 549, 539, 541, 544, + 542, 547, 549, 551, 550, 553, 554, 552, 553, 551, + 555, 556, 557, 546, 558, 557, 556, 647, 559, 561, + 554, 560, 569, 558, 647, 555, 560, 560, 562, 562, - 569, 573, 571, 575, 572, 564, 577, 563, 571, 576, - 576, 574, 568, 578, 574, 573, 581, 579, 570, 574, - 580, 575, 579, 574, 577, 580, 582, 584, 585, 578, - 581, 586, 587, 584, 586, 588, 587, 585, 590, 589, - 588, 582, 589, 590, 591, 592, 593, 595, 594, 596, - 597, 597, 595, 593, 599, 598, 600, 601, 587, 602, - 591, 594, 603, 592, 598, 159, 601, 609, 603, 596, - 604, 602, 600, 599, 605, 610, 604, 605, 606, 606, - 607, 606, 608, 607, 611, 609, 612, 608, 613, 610, - 611, 612, 614, 615, 613, 614, 616, 617, 615, 618, + 558, 564, 561, 558, 559, 563, 563, 564, 565, 565, + 566, 566, 567, 569, 568, 570, 573, 572, 567, 568, + 568, 571, 572, 574, 571, 575, 577, 570, 575, 576, + 580, 574, 578, 579, 576, 573, 580, 579, 581, 582, + 583, 584, 581, 585, 585, 583, 586, 587, 588, 577, + 589, 578, 590, 588, 591, 584, 593, 582, 592, 595, + 591, 586, 597, 592, 596, 596, 589, 74, 587, 598, + 593, 594, 590, 599, 594, 601, 600, 595, 599, 594, + 597, 600, 594, 594, 602, 598, 604, 605, 606, 601, + 607, 606, 604, 608, 607, 611, 605, 609, 608, 602, - 619, 616, 616, 620, 621, 619, 622, 624, 623, 620, - 617, 626, 618, 623, 629, 622, 625, 625, 626, 619, - 619, 627, 628, 621, 627, 630, 629, 624, 628, 631, - 630, 632, 632, 633, 631, 631, 634, 635, 634, 627, - 630, 636, 637, 636, 638, 639, 640, 641, 642, 643, - 644, 645, 648, 643, 642, 646, 635, 647, 633, 644, - 637, 649, 638, 639, 650, 640, 645, 641, 651, 652, - 646, 648, 653, 649, 651, 647, 654, 655, 656, 650, - 657, 658, 656, 652, 653, 659, 660, 661, 662, 664, - 664, 666, 157, 662, 663, 654, 655, 658, 657, 668, + 609, 610, 612, 615, 614, 616, 610, 619, 615, 617, + 617, 611, 618, 620, 621, 622, 607, 614, 623, 629, + 612, 618, 624, 621, 623, 616, 619, 622, 624, 620, + 625, 626, 626, 625, 626, 627, 628, 629, 627, 630, + 631, 628, 632, 633, 635, 634, 631, 632, 634, 633, + 636, 637, 638, 630, 639, 636, 637, 637, 640, 643, + 641, 642, 645, 640, 68, 638, 641, 639, 643, 635, + 644, 646, 646, 648, 650, 644, 648, 640, 640, 649, + 642, 654, 645, 651, 652, 649, 650, 658, 651, 652, + 652, 648, 653, 653, 655, 656, 655, 657, 651, 657, - 670, 671, 672, 659, 660, 660, 661, 665, 663, 669, - 666, 665, 673, 668, 669, 672, 670, 674, 675, 673, - 671, 676, 674, 677, 678, 675, 676, 679, 677, 680, - 681, 682, 684, 683, 679, 687, 685, 684, 680, 685, - 682, 688, 678, 686, 681, 683, 689, 686, 690, 687, - 688, 691, 692, 692, 693, 693, 694, 694, 695, 697, - 698, 689, 690, 693, 699, 700, 698, 695, 701, 700, - 702, 703, 691, 704, 705, 707, 706, 708, 697, 704, - 701, 709, 705, 706, 699, 712, 719, 715, 718, 703, - 721, 722, 719, 707, 723, 702, 721, 718, 723, 729, + 659, 660, 661, 662, 663, 658, 654, 664, 665, 666, + 663, 664, 667, 668, 656, 669, 670, 665, 659, 660, + 671, 661, 673, 662, 666, 674, 672, 667, 670, 675, + 676, 668, 672, 678, 669, 671, 673, 674, 677, 679, + 680, 681, 677, 682, 63, 683, 688, 684, 675, 676, + 683, 678, 685, 685, 687, 679, 690, 692, 680, 681, + 681, 684, 682, 686, 689, 688, 691, 686, 687, 693, + 690, 691, 694, 692, 695, 689, 697, 696, 700, 698, + 701, 695, 696, 697, 698, 694, 699, 701, 693, 702, + 703, 699, 704, 705, 706, 709, 700, 707, 702, 706, - 712, 709, 708, 710, 715, 710, 726, 722, 710, 724, - 724, 727, 710, 725, 725, 710, 728, 726, 730, 729, - 733, 732, 710, 710, 730, 710, 732, 734, 735, 727, - 728, 731, 731, 731, 736, 731, 752, 736, 731, 738, - 740, 733, 737, 731, 752, 734, 738, 737, 737, 731, - 731, 739, 739, 735, 742, 740, 741, 741, 743, 742, - 744, 743, 745, 745, 746, 744, 746, 747, 748, 749, - 750, 754, 751, 749, 753, 753, 756, 756, 755, 747, - 757, 758, 759, 760, 762, 762, 754, 748, 772, 760, - 750, 751, 755, 758, 761, 763, 772, 765, 757, 761, + 707, 704, 708, 710, 703, 705, 708, 711, 713, 709, + 712, 722, 710, 714, 714, 717, 715, 715, 716, 716, + 717, 718, 711, 720, 712, 715, 721, 724, 725, 713, + 718, 722, 721, 723, 726, 727, 728, 723, 729, 724, + 730, 727, 720, 731, 728, 729, 732, 735, 738, 742, + 741, 744, 726, 725, 745, 742, 746, 744, 730, 741, + 747, 58, 735, 745, 747, 738, 732, 751, 731, 733, + 753, 733, 746, 750, 733, 748, 748, 754, 733, 749, + 749, 733, 752, 754, 750, 751, 757, 756, 733, 733, + 753, 733, 756, 758, 760, 762, 752, 755, 755, 755, - 763, 763, 765, 766, 759, 767, 776, 768, 769, 766, - 770, 767, 768, 770, 769, 771, 773, 773, 774, 774, - 775, 771, 777, 778, 776, 779, 781, 777, 775, 782, - 778, 780, 780, 783, 784, 781, 786, 782, 787, 783, - 788, 789, 790, 792, 779, 786, 789, 787, 792, 791, - 794, 790, 791, 784, 793, 797, 795, 796, 798, 798, - 797, 797, 799, 800, 788, 795, 802, 801, 793, 803, - 796, 806, 808, 806, 810, 794, 801, 799, 804, 807, - 807, 804, 800, 809, 811, 812, 813, 803, 809, 804, - 802, 814, 815, 808, 816, 810, 817, 818, 821, 819, + 762, 755, 759, 763, 755, 764, 759, 757, 761, 755, + 765, 758, 761, 57, 766, 755, 755, 766, 760, 767, + 764, 770, 763, 768, 767, 767, 769, 769, 761, 771, + 768, 772, 772, 773, 771, 765, 770, 774, 773, 775, + 774, 776, 776, 777, 775, 777, 778, 779, 780, 781, + 785, 782, 780, 783, 784, 784, 788, 786, 778, 787, + 787, 783, 790, 789, 52, 785, 779, 791, 810, 781, + 782, 786, 792, 791, 788, 789, 794, 792, 793, 793, + 796, 794, 794, 797, 790, 796, 798, 810, 799, 797, + 800, 801, 798, 799, 801, 802, 800, 803, 804, 804, - 817, 815, 822, 820, 811, 812, 823, 821, 813, 820, - 824, 814, 826, 825, 822, 818, 827, 816, 819, 825, - 829, 827, 828, 828, 824, 823, 826, 830, 831, 832, - 833, 834, 835, 837, 836, 838, 830, 832, 839, 837, - 829, 838, 841, 840, 85, 845, 846, 848, 831, 840, - 833, 835, 839, 834, 836, 842, 844, 843, 846, 855, - 844, 842, 841, 843, 845, 847, 846, 850, 848, 852, - 847, 849, 849, 850, 851, 853, 854, 851, 857, 855, - 856, 856, 854, 860, 858, 859, 863, 852, 853, 858, - 859, 859, 864, 861, 862, 862, 857, 861, 860, 865, + 806, 802, 805, 805, 807, 803, 808, 809, 806, 811, + 811, 808, 812, 815, 809, 813, 814, 814, 816, 815, + 818, 812, 807, 813, 819, 820, 821, 822, 825, 818, + 826, 821, 823, 819, 824, 823, 822, 816, 827, 824, + 828, 831, 825, 830, 830, 829, 832, 827, 833, 820, + 829, 829, 834, 828, 835, 826, 831, 833, 836, 840, + 838, 836, 838, 839, 839, 832, 841, 842, 847, 836, + 843, 841, 835, 844, 845, 846, 834, 847, 848, 849, + 840, 850, 854, 849, 851, 852, 855, 861, 842, 853, + 843, 852, 856, 844, 854, 846, 845, 858, 853, 850, - 866, 868, 869, 871, 865, 872, 874, 874, 863, 875, - 877, 877, 864, 875, 876, 878, 869, 879, 880, 866, - 881, 879, 896, 871, 80, 868, 872, 873, 896, 876, - 873, 883, 873, 880, 881, 885, 873, 882, 873, 886, - 878, 884, 882, 873, 885, 883, 884, 884, 873, 888, - 887, 890, 889, 886, 887, 891, 892, 889, 893, 894, - 891, 75, 895, 890, 888, 902, 887, 889, 897, 898, - 892, 895, 903, 894, 897, 898, 899, 899, 900, 893, - 901, 904, 906, 900, 907, 909, 901, 902, 908, 907, - 911, 903, 910, 910, 906, 911, 912, 909, 913, 904, + 863, 848, 857, 851, 859, 855, 856, 861, 857, 859, + 862, 858, 860, 860, 864, 865, 866, 867, 869, 862, + 863, 868, 864, 870, 869, 871, 872, 874, 873, 870, + 878, 875, 872, 879, 876, 865, 867, 875, 866, 871, + 876, 868, 873, 881, 877, 879, 880, 874, 877, 878, + 883, 880, 885, 879, 882, 882, 883, 884, 886, 887, + 884, 888, 889, 889, 881, 887, 890, 891, 892, 896, + 885, 886, 891, 892, 892, 893, 894, 895, 895, 897, + 894, 888, 898, 899, 890, 901, 902, 898, 904, 906, + 893, 896, 905, 908, 908, 912, 910, 911, 911, 897, - 905, 905, 908, 914, 912, 915, 905, 917, 905, 916, - 916, 917, 913, 918, 905, 920, 922, 923, 926, 905, - 905, 920, 914, 924, 915, 921, 905, 925, 921, 924, - 923, 928, 925, 918, 929, 922, 930, 926, 931, 932, - 928, 933, 934, 929, 931, 935, 937, 934, 932, 936, - 938, 941, 930, 942, 74, 939, 945, 941, 940, 947, - 933, 948, 938, 936, 939, 935, 937, 940, 943, 949, - 942, 950, 945, 947, 943, 951, 952, 953, 954, 957, - 958, 948, 953, 954, 957, 950, 959, 959, 949, 958, - 960, 952, 961, 951, 963, 964, 960, 967, 965, 965, + 902, 904, 899, 909, 913, 915, 914, 909, 913, 901, + 906, 910, 905, 907, 47, 922, 907, 917, 907, 915, + 912, 914, 907, 916, 907, 920, 919, 918, 916, 907, + 922, 917, 918, 918, 907, 919, 921, 924, 923, 920, + 921, 925, 926, 923, 927, 928, 925, 937, 929, 924, + 931, 938, 921, 923, 930, 931, 926, 929, 932, 928, + 930, 933, 934, 934, 932, 927, 935, 933, 936, 937, + 938, 935, 939, 941, 936, 942, 944, 945, 945, 943, + 942, 946, 948, 949, 950, 941, 946, 947, 944, 955, + 939, 940, 940, 943, 952, 947, 948, 940, 951, 940, - 964, 964, 965, 966, 968, 961, 966, 969, 970, 971, - 963, 967, 972, 973, 974, 975, 976, 981, 978, 973, - 977, 975, 971, 969, 968, 977, 970, 972, 984, 991, - 980, 976, 978, 980, 974, 982, 983, 985, 981, 988, - 982, 983, 986, 987, 984, 991, 985, 986, 987, 990, - 992, 988, 993, 994, 994, 990, 992, 995, 993, 996, - 997, 998, 998, 997, 999, 1000, 995, 1001, 1002, 1004, - 1003, 1002, 1005, 1011, 1006, 1004, 1007, 996, 1005, 1006, - 1008, 1007, 999, 1003, 1000, 1008, 1009, 1001, 1012, 1013, - 1016, 1011, 1009, 1014, 1017, 1013, 1015, 1015, 1014, 1016, + 952, 953, 949, 950, 954, 940, 953, 955, 956, 957, + 940, 940, 958, 958, 951, 959, 954, 940, 960, 959, + 962, 964, 963, 965, 956, 963, 962, 957, 965, 966, + 967, 969, 968, 973, 971, 972, 967, 968, 960, 974, + 964, 976, 966, 971, 972, 974, 975, 977, 978, 973, + 969, 979, 977, 980, 981, 975, 984, 985, 982, 988, + 976, 983, 984, 986, 990, 979, 981, 982, 978, 986, + 983, 991, 993, 980, 985, 988, 992, 995, 990, 994, + 996, 1001, 997, 1000, 1006, 996, 993, 997, 1000, 1011, + 1001, 991, 995, 1002, 1002, 992, 1003, 994, 1004, 1007, - 1018, 1019, 1020, 1017, 1021, 1020, 1022, 1021, 1012, 1023, - 1024, 1025, 1031, 1026, 1028, 1027, 1035, 1022, 1018, 1026, - 1019, 1027, 1024, 1029, 1030, 1030, 1032, 1023, 1029, 1028, - 1025, 1031, 1033, 1034, 1035, 1037, 1036, 1034, 1038, 1040, - 1032, 1041, 1041, 1044, 1033, 1036, 1042, 1045, 1046, 1050, - 1047, 1053, 1048, 1051, 1037, 1047, 1053, 1044, 1040, 1051, - 1046, 1048, 1045, 1038, 1049, 1049, 1042, 1052, 1054, 1050, - 1054, 1055, 1056, 1052, 1057, 1058, 1055, 1059, 1060, 1062, - 1058, 1063, 1061, 1065, 1065, 1066, 1056, 1067, 1057, 1061, - 1069, 1068, 1059, 1070, 1062, 68, 1069, 1060, 1071, 1066, + 1006, 1012, 1003, 1011, 1007, 1007, 1009, 1009, 1013, 1010, + 1009, 1004, 1010, 1014, 1015, 1016, 1017, 1018, 1020, 1019, + 1022, 1012, 1017, 1021, 1013, 1019, 1024, 1015, 1021, 1024, + 1016, 1014, 1025, 1020, 1022, 1026, 1027, 1018, 1028, 1029, + 1026, 1027, 1030, 1032, 1031, 1034, 1035, 1030, 1029, 1031, + 1036, 1034, 1037, 1025, 1028, 1032, 1036, 1039, 1037, 1038, + 1038, 1040, 1035, 1043, 1041, 1044, 1039, 1041, 1042, 1042, + 1045, 1046, 1047, 1050, 1046, 1051, 1048, 1049, 1050, 1040, + 1051, 1043, 1048, 1049, 1044, 1047, 1052, 1053, 1055, 1056, + 1045, 1052, 1057, 1053, 1058, 1059, 1059, 1062, 1057, 1058, - 1063, 1074, 1074, 1071, 1073, 1067, 1068, 1078, 1073, 1077, - 1075, 1080, 1071, 1070, 1071, 1075, 1077, 1071, 1076, 1076, - 1079, 1078, 1081, 1079, 1082, 1084, 1083, 1085, 1088, 1086, - 1080, 1083, 1087, 1082, 1086, 1090, 1090, 1091, 1093, 1085, - 1081, 1092, 1091, 1087, 1084, 1094, 1092, 1088, 1095, 1097, - 1094, 1096, 1095, 1098, 1099, 1100, 1101, 1103, 1093, 1102, - 1096, 1104, 1105, 1106, 1097, 1109, 1102, 1100, 1098, 1103, - 1107, 1101, 1108, 1099, 1110, 1111, 1107, 1114, 1116, 1115, - 1104, 1106, 1113, 1105, 1111, 1109, 1116, 1108, 1113, 1117, - 1118, 1119, 1114, 1115, 1110, 1118, 1120, 1121, 1122, 1127, + 1063, 1060, 1061, 1066, 1064, 1065, 1055, 1064, 1065, 1056, + 1060, 1061, 1067, 1068, 1066, 1062, 1069, 1067, 1070, 1063, + 1071, 1072, 1076, 1073, 1074, 1077, 1071, 1072, 1069, 1074, + 1078, 1068, 1075, 1075, 1080, 1081, 1079, 1070, 1073, 1077, + 1079, 1076, 1078, 1082, 1081, 1083, 1085, 1086, 1086, 1087, + 1089, 1090, 1080, 1092, 1093, 1091, 1094, 1094, 1092, 1095, + 1098, 1102, 1082, 1093, 1089, 1085, 1090, 1091, 1096, 1087, + 1083, 1097, 1105, 1099, 1096, 1102, 1098, 1097, 1099, 1095, + 1100, 1101, 1100, 1103, 1104, 1106, 1101, 1105, 1107, 1104, + 1108, 1109, 1111, 1111, 1112, 1107, 1113, 1103, 1114, 1116, - 1123, 1120, 1120, 1119, 1124, 1124, 1126, 63, 1127, 1117, - 1129, 1129, 1122, 1123, 1128, 1131, 1121, 1125, 1130, 1126, - 1128, 1132, 1125, 1130, 1131, 1125, 1125, 1132, 1133, 1134, - 1125, 1135, 1135, 1133, 1134, 1136, 1125, 1137, 1137, 1138, - 1125, 1139, 1138, 1141, 1138, 1140, 1142, 1145, 1143, 1146, - 1144, 1147, 1141, 1143, 1148, 1146, 1136, 1147, 1149, 1148, - 1150, 1139, 1149, 1140, 1144, 1145, 1142, 1151, 1151, 1150, - 1152, 1152, 1153, 1152, 1150, 1155, 1150, 1156, 1150, 1155, - 1150, 1157, 1158, 1153, 1159, 1160, 1161, 1163, 1162, 1159, - 1159, 1158, 1156, 1162, 1160, 1164, 1165, 1166, 1167, 1157, + 1115, 18, 1117, 1154, 1106, 1108, 1115, 1117, 1112, 1154, + 1109, 1119, 1121, 1114, 1113, 1119, 1117, 1121, 1117, 1116, + 1123, 1117, 1120, 1120, 1122, 1122, 1124, 1123, 1125, 1126, + 1128, 1125, 1127, 1129, 1130, 1131, 1132, 1133, 1129, 1128, + 1124, 1132, 1135, 1134, 1137, 1137, 1140, 1131, 1126, 17, + 1127, 1133, 1138, 1130, 1134, 1139, 1143, 1138, 1141, 1144, + 1139, 1135, 1145, 1141, 1142, 1143, 1140, 1146, 1142, 1147, + 1148, 1149, 1150, 1151, 1144, 1152, 1153, 1145, 1149, 1156, + 1155, 1147, 1157, 1159, 1150, 1148, 1146, 1160, 1158, 1161, + 1162, 1163, 1151, 1164, 1153, 1155, 1152, 1158, 1159, 1156, - 1168, 1163, 1169, 1169, 1164, 1170, 1168, 1171, 1161, 1172, - 1173, 1174, 1167, 1170, 1172, 1165, 1166, 1176, 1175, 1177, - 1174, 1171, 1178, 1180, 1173, 1175, 1186, 1178, 1179, 1179, - 1181, 1181, 1182, 1184, 1182, 1176, 1184, 1185, 1180, 1187, - 1188, 1188, 1185, 1189, 1177, 1186, 1190, 1190, 1187, 1191, - 1191, 1192, 1193, 1194, 1195, 1195, 1192, 1196, 1197, 1198, - 1199, 1197, 1200, 1189, 1201, 1199, 1201, 1202, 1205, 1204, - 1206, 1200, 1204, 1193, 1194, 1206, 1207, 1196, 1214, 1198, - 1209, 1208, 1210, 1205, 1211, 1202, 1208, 1210, 1209, 1211, - 1207, 1212, 1212, 1213, 1215, 1216, 1214, 1217, 1213, 1219, + 1165, 1161, 1157, 1168, 1167, 1169, 1160, 1170, 1164, 1162, + 1167, 1171, 1172, 1174, 1176, 1170, 1163, 1173, 1168, 1169, + 1165, 1175, 1173, 1177, 0, 1174, 1175, 1175, 1172, 1178, + 1182, 1171, 1181, 1176, 1179, 1179, 1185, 1177, 1186, 1182, + 1183, 1185, 1178, 1180, 1180, 1181, 1183, 1186, 1180, 1184, + 1184, 1180, 1180, 1187, 1191, 1188, 1180, 1194, 1189, 1187, + 1188, 1195, 1180, 1189, 1190, 1190, 1180, 1192, 1192, 1193, + 1197, 1196, 1193, 1198, 1193, 1191, 1200, 1194, 1198, 1195, + 1196, 1199, 1201, 1202, 1205, 1237, 1203, 1237, 1201, 1202, + 1197, 1203, 1204, 1205, 1200, 1199, 1204, 1212, 1205, 1210, - 1215, 1220, 1216, 1221, 1223, 1219, 1222, 1220, 1221, 1224, - 1217, 1225, 1222, 1223, 1226, 1226, 1227, 1229, 1230, 1231, - 1232, 1233, 1225, 1234, 1236, 1237, 1232, 1233, 1224, 1234, - 1236, 1238, 1229, 1240, 1239, 1241, 1227, 1243, 1230, 1237, - 1242, 1242, 1231, 1244, 1245, 1237, 1239, 1240, 1248, 1246, - 1251, 1238, 1253, 1241, 1246, 1247, 1247, 1243, 1249, 1252, - 1256, 1257, 1245, 1249, 1252, 1252, 1254, 1258, 1244, 1251, - 1253, 1248, 1255, 1259, 1256, 1254, 1257, 1260, 1259, 1262, - 1255, 1259, 1258, 1266, 1264, 1258, 1260, 1261, 1265, 1261, - 1264, 1267, 1265, 1262, 1266, 1268, 1267, 1267, 1269, 1270, + 1205, 1208, 1205, 1210, 1205, 1206, 1206, 1207, 1207, 1211, + 1207, 1213, 1208, 1214, 1215, 1212, 1216, 1217, 1214, 1214, + 1213, 1218, 1217, 1215, 1211, 1219, 1220, 1221, 1222, 1225, + 1223, 1224, 1224, 1226, 1219, 1218, 1223, 1225, 1216, 1227, + 1228, 1229, 1222, 1231, 1227, 1220, 1221, 1226, 1230, 1232, + 1229, 1233, 1234, 1234, 1228, 1230, 1233, 1235, 1236, 1236, + 1239, 1231, 1240, 1239, 1241, 1244, 1242, 1240, 1243, 1243, + 1245, 1245, 1235, 1247, 1232, 1242, 1246, 1246, 1247, 1248, + 1249, 1250, 1250, 1241, 1251, 1244, 1252, 1253, 1254, 1252, + 1255, 1257, 1256, 1254, 1256, 1259, 1260, 1261, 1259, 1255, - 1271, 1272, 1273, 1274, 1277, 1271, 1272, 1275, 1274, 58, - 1278, 1279, 1280, 1280, 1268, 1281, 1282, 1270, 1277, 1281, - 1273, 1283, 1286, 1285, 1269, 1284, 1290, 1275, 1278, 1279, - 1287, 1284, 1288, 1289, 1282, 1285, 1292, 1291, 1294, 1297, - 1283, 1286, 1291, 1292, 1287, 1290, 1293, 1288, 1289, 1295, - 1299, 1293, 1296, 1296, 1297, 1298, 1294, 1300, 1295, 1301, - 57, 1298, 1302, 1303, 1301, 1310, 1299, 1311, 1302, 1303, - 1304, 1304, 1305, 1305, 1307, 1307, 1308, 1309, 1300, 1312, - 1308, 1311, 1313, 1310, 1314, 1314, 1309, 1315, 1316, 1313, - 1317, 1318, 1319, 1320, 1312, 1317, 1316, 1321, 1320, 1320, + 1248, 1249, 1261, 1262, 1251, 1263, 1264, 1253, 1265, 1257, + 1263, 1260, 1266, 1265, 1264, 1266, 1267, 1262, 1268, 1268, + 1269, 1267, 1270, 1271, 1272, 1269, 1273, 1275, 1276, 1271, + 1277, 1272, 1278, 1275, 1276, 1277, 1279, 1280, 1278, 1273, + 1270, 1281, 1282, 1282, 1283, 1279, 1285, 1286, 1287, 1288, + 1294, 1289, 1281, 1290, 1292, 1288, 1280, 1289, 1293, 1290, + 1292, 1285, 1295, 1296, 1283, 1297, 1298, 1286, 1299, 1299, + 1294, 1287, 1293, 1300, 1301, 1296, 1302, 1305, 1293, 1297, + 1303, 1326, 1295, 1306, 1298, 1303, 1304, 1304, 1306, 1308, + 1309, 1310, 1311, 1300, 1302, 1309, 1309, 1312, 1313, 1301, - 1322, 1326, 1321, 1321, 1324, 1318, 1325, 1315, 1323, 1323, - 1326, 1319, 1327, 1328, 1329, 1330, 1331, 1327, 1333, 1332, - 1322, 1334, 1331, 1324, 1332, 1325, 1335, 1334, 1338, 1336, - 1337, 1339, 1328, 1330, 1329, 1336, 1337, 1340, 1341, 1342, - 1343, 1345, 1345, 1344, 1333, 1335, 1346, 1338, 1347, 1346, - 1339, 1348, 1348, 1342, 1349, 1349, 1340, 1341, 1344, 1350, - 1347, 1343, 1351, 1352, 1350, 1353, 1351, 1354, 1357, 1355, - 1359, 1355, 1358, 1360, 1353, 1355, 1352, 1358, 1361, 1363, - 1354, 1362, 1362, 1364, 1363, 1359, 1357, 1365, 1355, 1364, - 1366, 1367, 1370, 1360, 1361, 1368, 1367, 1369, 1371, 1368, + 1305, 1311, 1314, 1315, 1317, 1312, 1316, 1326, 1308, 1310, + 1319, 1316, 1313, 1317, 1316, 1323, 1325, 1314, 1315, 1321, + 1318, 1315, 1318, 1322, 1319, 1321, 1323, 1322, 1324, 1327, + 1330, 1328, 1329, 1324, 1324, 1325, 1328, 1329, 1331, 1332, + 1333, 1335, 1339, 1336, 1332, 1337, 1339, 1327, 1330, 1338, + 1338, 1340, 1341, 1342, 1343, 1335, 1344, 1346, 1331, 1342, + 1333, 1336, 1345, 1337, 1347, 1348, 1343, 1350, 1349, 1340, + 1352, 1341, 1346, 1349, 1350, 1344, 1345, 1351, 1353, 1347, + 1354, 1354, 1351, 1355, 1348, 1356, 1357, 1353, 1352, 1358, + 1358, 1359, 1364, 1360, 1356, 1361, 1363, 1359, 1355, 1360, - 1372, 1369, 1365, 1366, 1373, 1374, 1375, 1375, 1377, 1372, - 1379, 1374, 1370, 1380, 1381, 1381, 1371, 1382, 1380, 1383, - 1385, 1385, 1387, 1382, 1373, 1387, 1377, 1388, 1388, 1389, - 1390, 1379, 1392, 1393, 1394, 1392, 1395, 1395, 1397, 1383, - 1396, 1398, 1399, 1394, 1400, 1389, 1390, 1399, 1401, 1401, - 1403, 1404, 1402, 1393, 1405, 1396, 1406, 1406, 1400, 1397, - 1398, 1402, 1407, 1408, 1409, 1410, 1404, 1413, 1403, 1409, - 1411, 1411, 1415, 1412, 1414, 1414, 1407, 1412, 1416, 1405, - 1410, 1408, 1417, 1418, 1422, 1419, 1417, 1413, 1423, 1416, - 1419, 1421, 1421, 1424, 1415, 1425, 1426, 1427, 1428, 1428, + 1362, 1362, 1363, 1365, 0, 1366, 1357, 1367, 1364, 1361, + 1366, 1368, 1369, 1367, 1370, 1370, 1375, 1368, 1369, 1371, + 1371, 1373, 1373, 1374, 1365, 1375, 1376, 1374, 1377, 1378, + 1379, 1380, 1381, 1381, 1382, 1385, 1384, 1386, 1380, 1383, + 1377, 1384, 1389, 1378, 1376, 1379, 1387, 1383, 1391, 1385, + 1392, 1387, 1387, 1388, 1382, 1393, 1386, 1395, 1388, 1388, + 1390, 1390, 1389, 1394, 1393, 1396, 1397, 1391, 1394, 1392, + 1399, 1398, 1400, 1401, 1402, 1399, 1395, 1398, 1405, 1401, + 1403, 1404, 1406, 1407, 1397, 1396, 1403, 1404, 1408, 1409, + 1410, 1411, 1414, 1402, 1412, 1412, 1413, 1405, 1400, 1413, - 1422, 1430, 1418, 1429, 1431, 1434, 1423, 1424, 1429, 1432, - 1426, 1433, 1438, 52, 1425, 1425, 1433, 1435, 1432, 1435, - 1437, 1430, 1427, 1436, 1431, 1434, 1437, 1439, 1436, 1441, - 1442, 1442, 1438, 1439, 1443, 1444, 1447, 1446, 1448, 1448, - 1450, 1444, 1446, 1441, 1449, 1449, 1451, 1452, 1453, 1454, - 1454, 1453, 1455, 1443, 1450, 1456, 1457, 1465, 1461, 1459, - 1447, 1461, 1452, 1458, 1451, 1459, 1458, 1456, 1460, 1458, - 1455, 1463, 1466, 1460, 1464, 1466, 1457, 1461, 47, 1464, - 1463, 1458, 1465, 1467, 1467, 1468, 1474, 1469, 1470, 1470, - 1472, 1468, 1469, 1471, 1471, 1473, 1472, 1475, 1476, 1474, + 1417, 1406, 1407, 1409, 1414, 1417, 1411, 1408, 1415, 1415, + 1418, 1410, 1416, 1416, 1418, 1419, 1420, 1421, 1422, 1426, + 1422, 1424, 1425, 1427, 1422, 1420, 1428, 1425, 1419, 1431, + 1421, 1429, 1429, 1430, 1426, 1431, 1432, 1422, 1430, 1424, + 1433, 1434, 1428, 1427, 1435, 1436, 1434, 1437, 1435, 1436, + 1438, 1432, 1439, 1433, 1440, 1444, 1441, 1442, 1442, 1446, + 1447, 1439, 1441, 1448, 1448, 1447, 1449, 1437, 1438, 1450, + 1452, 1452, 1449, 1444, 1440, 1454, 1455, 1455, 1454, 1456, + 1446, 1457, 1459, 1460, 1461, 1459, 1462, 1462, 1464, 1450, + 1463, 1465, 1467, 1461, 1466, 1456, 1470, 1457, 1469, 1466, - 1473, 1477, 1478, 1479, 1480, 1478, 1481, 1482, 1483, 1479, - 1480, 1481, 1487, 1482, 1484, 1475, 1488, 1476, 1489, 1484, - 1486, 1477, 1485, 1485, 1494, 1486, 1490, 1491, 1495, 1496, - 1487, 1483, 1492, 1493, 1495, 1497, 1488, 1494, 1489, 1498, - 1490, 1491, 1499, 1507, 1492, 1493, 1501, 1501, 1502, 1496, - 1505, 1503, 1506, 1498, 1508, 1497, 1503, 1504, 1504, 1510, - 1509, 1512, 1513, 1499, 1511, 1505, 1506, 1507, 1502, 1509, - 1512, 1511, 1508, 1512, 1510, 1515, 1517, 1518, 1513, 1521, - 1518, 1519, 1519, 1520, 1520, 1522, 1523, 1524, 1524, 1523, - 1515, 1521, 1525, 1526, 1527, 1515, 1529, 1528, 1530, 1527, + 1468, 1468, 1471, 1460, 1472, 1463, 1467, 1469, 1473, 1464, + 1465, 1474, 1474, 1475, 1470, 1476, 1477, 1471, 1481, 1478, + 1480, 1477, 1479, 1479, 1480, 1482, 1482, 1475, 1473, 1472, + 1483, 1484, 1485, 1476, 1478, 1486, 1485, 1490, 1481, 1487, + 1489, 1489, 1484, 1491, 1487, 1492, 1493, 1495, 1494, 1496, + 1496, 1497, 1483, 1490, 1486, 1498, 1497, 1499, 1501, 1492, + 1503, 1491, 1494, 1500, 1500, 1493, 1493, 1501, 1502, 1504, + 1506, 1504, 1495, 1502, 1505, 1498, 1506, 1499, 1507, 1505, + 1503, 1508, 1510, 1511, 1511, 1512, 1513, 1508, 1515, 1516, + 1517, 1517, 1513, 1515, 1518, 1518, 1510, 1519, 1507, 1520, - 1531, 1517, 1528, 1522, 1532, 1525, 1537, 1533, 1534, 1531, - 1536, 1536, 1526, 1539, 1530, 1529, 1533, 1534, 1535, 1533, - 1538, 1540, 1541, 1532, 1535, 1542, 1537, 1545, 1546, 1547, - 1547, 1539, 1548, 1538, 1549, 1540, 1550, 1542, 1541, 1551, - 1551, 1550, 1553, 1549, 1552, 1554, 1546, 1553, 1548, 1555, - 1556, 1559, 1545, 1552, 1551, 1557, 1552, 1560, 1561, 1562, - 1557, 1557, 18, 1554, 1562, 1559, 1564, 1563, 1556, 1568, - 1555, 1566, 1560, 1563, 1565, 1565, 1567, 1566, 1572, 1569, - 1561, 1567, 1570, 1568, 1564, 1569, 1573, 1574, 1570, 1575, - 1577, 1579, 1576, 1574, 1581, 1576, 1577, 1582, 1572, 1579, + 1521, 1524, 1522, 1526, 1512, 1522, 1523, 1523, 1525, 1529, + 1528, 1519, 1534, 1516, 1529, 1521, 1528, 1520, 1527, 1524, + 1525, 1527, 1530, 1526, 1527, 1530, 1532, 1533, 1535, 1536, + 1536, 1535, 1533, 1537, 1538, 1532, 1527, 1534, 1539, 1537, + 1538, 1530, 1542, 1539, 1540, 1540, 1541, 1541, 1542, 1543, + 1544, 1545, 1546, 1547, 1543, 1548, 1549, 1553, 1548, 1550, + 1557, 1551, 1549, 1544, 1552, 1550, 1551, 1554, 1558, 1545, + 1552, 1546, 1554, 1547, 1555, 1555, 1556, 1559, 1557, 1560, + 1553, 1556, 1561, 1563, 1562, 1564, 1565, 1566, 1558, 1566, + 1565, 1569, 1567, 1560, 1570, 1571, 1561, 1559, 1562, 1572, - 1573, 1576, 1575, 1583, 1585, 1584, 1586, 1587, 1588, 1589, - 1589, 1583, 1590, 1581, 1584, 1592, 1582, 1585, 1590, 1586, - 1591, 1587, 1588, 1593, 1593, 1594, 1591, 1596, 1592, 1595, - 1597, 1589, 1598, 1599, 1600, 1601, 1603, 1603, 1598, 1604, - 1605, 1610, 17, 1597, 1605, 1594, 1596, 1595, 1612, 1606, - 1600, 1607, 1608, 1601, 1606, 1599, 1607, 1608, 1609, 1604, - 1612, 1613, 1614, 1614, 1610, 1615, 1616, 1609, 1617, 1618, - 1618, 1619, 1620, 1623, 1621, 1624, 1613, 1622, 1616, 1620, - 1627, 1626, 1625, 0, 1615, 1619, 1621, 1617, 1625, 1622, - 1628, 1630, 1623, 1626, 1630, 1624, 1628, 1634, 1627, 1629, + 1573, 1563, 1574, 1569, 1575, 1572, 1570, 1576, 1571, 1577, + 1564, 1567, 1579, 1579, 1580, 1582, 1584, 1581, 1574, 1585, + 1573, 1576, 1581, 1586, 1575, 1583, 1583, 1582, 1587, 1588, + 1577, 1584, 1590, 1585, 1580, 1589, 1591, 1592, 1588, 1590, + 1594, 1596, 1598, 1598, 1601, 1591, 1587, 1586, 1591, 1597, + 1589, 1600, 1597, 1592, 1604, 1594, 1599, 1599, 1602, 1605, + 1594, 1602, 1601, 1600, 1603, 1603, 1596, 1604, 1606, 1607, + 1608, 1609, 1610, 1606, 1607, 1611, 1612, 1613, 1605, 1615, + 1615, 1610, 1616, 1617, 1614, 1612, 1613, 1609, 1612, 1608, + 1614, 1618, 1619, 1621, 1611, 1620, 1617, 1624, 1625, 1626, - 1629, 1631, 1631, 1633, 1635, 1637, 1634, 1638, 1633, 1638, - 1635, 1636, 1636, 1639, 1640, 1641, 1639, 1637, 1642, 1644, - 1643, 1645, 1646, 1647, 1644, 1648, 1645, 1649, 1651, 1654, - 1650, 1646, 1649, 1657, 1640, 1647, 1642, 1641, 1643, 1650, - 1648, 1652, 1653, 1659, 1654, 1656, 1652, 1653, 1651, 1655, - 1655, 1656, 1650, 1652, 1657, 1660, 1661, 1662, 1663, 1662, - 1664, 1664, 1659, 1665, 1665, 1666, 1666, 1667, 1668, 1668, - 1670, 1660, 1663, 1671, 1663, 1678, 1661, 1669, 1669, 1672, - 1672, 1673, 1674, 1675, 1677, 1673, 1675, 1667, 1674, 1679, - 1677, 1670, 1680, 1678, 1671, 1679, 1681, 1682, 1682, 1681, + 1626, 1627, 1616, 1628, 0, 1621, 1619, 1633, 1629, 1618, + 1634, 1620, 1628, 1629, 1630, 1630, 1625, 1627, 1631, 1632, + 1635, 1638, 1624, 1640, 1632, 1633, 1639, 1631, 1636, 1630, + 1631, 1634, 1641, 1636, 1636, 1638, 1642, 1641, 1635, 1643, + 1645, 1639, 1642, 1644, 1644, 1640, 1645, 1646, 1647, 1648, + 1649, 1651, 1646, 1652, 1653, 1648, 1649, 1643, 1658, 1654, + 1653, 1655, 1647, 1656, 1655, 1660, 1658, 1652, 1661, 1656, + 1655, 1651, 1654, 1662, 1663, 1664, 1665, 1666, 1667, 1668, + 1668, 1662, 1671, 1663, 1660, 1672, 1672, 1661, 1664, 1665, + 1669, 1666, 1667, 1670, 1673, 1671, 1669, 1674, 1675, 1670, - 1683, 1683, 1684, 1685, 1687, 1689, 1686, 1684, 1688, 1685, - 1690, 1689, 1693, 1694, 1696, 1694, 1692, 1680, 1686, 1686, - 1686, 1692, 1692, 1695, 1687, 1686, 1693, 1697, 1688, 1696, - 1690, 1698, 1699, 1697, 1695, 1700, 1701, 1701, 1702, 1704, - 1698, 1703, 1703, 1705, 1706, 1706, 1707, 1707, 1708, 1711, - 1711, 1712, 1699, 1713, 1715, 1717, 1700, 1716, 1719, 1704, - 1720, 1717, 1713, 1715, 1702, 1705, 1718, 1718, 1708, 1723, - 1721, 1722, 1724, 1724, 1725, 1720, 1712, 1721, 1716, 1719, - 1722, 1726, 1728, 1729, 1730, 1731, 1735, 1728, 1732, 1729, - 1733, 1735, 1731, 1736, 1732, 1723, 1733, 1726, 1734, 1734, + 1677, 1668, 1676, 1676, 1678, 1679, 1680, 1681, 1683, 1683, + 1678, 1684, 1685, 1677, 1673, 1674, 1685, 1675, 1686, 1687, + 1689, 1688, 1680, 1686, 1687, 1681, 1688, 1679, 1690, 1689, + 1692, 1684, 1693, 1694, 1694, 1695, 1696, 1697, 1698, 1698, + 1701, 1699, 1692, 1700, 1704, 1702, 1705, 1693, 1696, 1707, + 1700, 1690, 1701, 1706, 1695, 1699, 1697, 1702, 1708, 1706, + 1721, 1707, 1709, 1704, 1710, 1710, 1705, 1711, 1709, 1714, + 1711, 1712, 1712, 1715, 1714, 1716, 1708, 1717, 1717, 1718, + 1721, 1716, 1715, 1719, 1720, 1719, 1722, 1720, 1723, 1724, + 1725, 1718, 1726, 1727, 1729, 1725, 1730, 1726, 1728, 1732, - 1725, 1737, 1736, 1738, 1730, 1739, 1740, 1741, 1742, 1740, - 1743, 1743, 1744, 1745, 1747, 1746, 1748, 1739, 1744, 1745, - 1748, 1737, 1738, 1750, 1751, 1741, 1752, 1753, 1753, 1747, - 1754, 1752, 1755, 1757, 1742, 1746, 1748, 1758, 1759, 1759, - 0, 1758, 1760, 1750, 1761, 1764, 1751, 1755, 1760, 1754, - 1762, 1762, 1757, 1761, 1763, 1766, 1764, 1767, 1763, 1765, - 1765, 1764, 1768, 1769, 1770, 1771, 1772, 1773, 1769, 1774, - 1781, 1767, 1772, 1796, 1774, 0, 1766, 1775, 1775, 1776, - 1776, 1768, 1773, 1777, 1770, 1771, 1779, 1777, 1780, 1788, - 1781, 1782, 1782, 1784, 1784, 1779, 1785, 1786, 1796, 1780, + 1734, 1730, 1727, 1731, 0, 1734, 1723, 1724, 1722, 1729, + 1728, 1733, 1731, 1735, 1736, 1736, 1733, 1738, 1737, 1732, + 1740, 1741, 1752, 1733, 1737, 1731, 1742, 1743, 1735, 1744, + 1745, 1744, 1746, 1746, 1747, 1747, 1748, 1748, 1738, 1740, + 1741, 1749, 1742, 1752, 1745, 1753, 1745, 1743, 1750, 1750, + 1751, 1751, 1754, 1754, 1755, 1760, 1756, 1757, 1755, 1759, + 1757, 1749, 1756, 1761, 1762, 1759, 1753, 1763, 1765, 1761, + 1763, 1764, 1764, 1760, 1766, 1767, 1767, 1768, 1769, 1766, + 1770, 1771, 1771, 1774, 1773, 1770, 1772, 1775, 1765, 1762, + 1773, 1772, 1768, 1776, 1777, 1774, 1774, 1774, 1778, 1769, - 1787, 1785, 1785, 1786, 1780, 1789, 1787, 1790, 1791, 1793, - 1789, 1795, 1794, 1798, 1791, 1788, 1794, 1800, 1797, 1790, - 1799, 1793, 1800, 1795, 1797, 1801, 1799, 1803, 1804, 1805, - 1807, 1808, 1808, 1807, 1805, 1798, 1811, 1801, 1812, 1803, - 1809, 1809, 1810, 1810, 1812, 1813, 1815, 1804, 1814, 1816, - 1818, 1813, 1815, 1814, 1820, 1818, 1811, 1820, 1816, 1821, - 1822, 1822, 1824, 1825, 1826, 1827, 1827, 1828, 1829, 1826, - 1833, 1821, 1830, 1829, 1824, 1825, 1828, 1830, 1831, 1832, - 1832, 1831, 1834, 1835, 1836, 1837, 1840, 1838, 1839, 1837, - 1833, 1834, 1838, 1841, 1839, 1842, 1843, 1845, 1845, 1846, + 1779, 1782, 1774, 1781, 1778, 1785, 1783, 1775, 1781, 1781, + 1784, 1776, 1784, 1786, 1777, 1782, 1785, 1787, 1788, 1789, + 1779, 1783, 1790, 1787, 1791, 1791, 1792, 1788, 1786, 1793, + 1793, 1794, 1795, 1796, 1796, 1797, 1797, 1798, 1802, 1789, + 1801, 1801, 1807, 1790, 1803, 1806, 1805, 1809, 1807, 1808, + 1808, 1794, 1792, 1803, 1795, 1805, 1810, 1798, 1811, 1813, + 1812, 1814, 1814, 1802, 1815, 1811, 1806, 1816, 1809, 1812, + 1818, 1810, 1819, 1820, 1821, 1818, 1822, 1827, 1819, 1825, + 1823, 1821, 1822, 1816, 1825, 1813, 1823, 1824, 1824, 1826, + 1815, 1828, 1829, 1820, 1831, 1832, 1830, 1827, 1826, 1830, - 1850, 1835, 1841, 1836, 1840, 1847, 1848, 1848, 1851, 1845, - 1843, 1849, 1850, 1842, 1847, 1853, 1852, 1846, 1856, 1856, - 1849, 1852, 1858, 1859, 1860, 1858, 1862, 1864, 1853, 1851, - 1863, 1865, 1872, 1864, 1866, 1866, 1867, 1869, 1867, 1859, - 1860, 1862, 1868, 1868, 1863, 1869, 1871, 1873, 1865, 1874, - 1874, 1875, 1876, 1871, 1872, 1880, 1877, 1878, 1879, 1881, - 1875, 1887, 1884, 1885, 0, 1882, 1888, 1873, 1877, 1878, - 1879, 1882, 1891, 1876, 1881, 1885, 1886, 1886, 1895, 1887, - 1889, 1880, 1884, 1889, 1882, 1890, 1888, 1894, 1893, 1894, - 1890, 1897, 1891, 1893, 1896, 1899, 1895, 1901, 1897, 1896, + 1833, 1833, 1834, 1835, 1829, 1836, 1840, 1837, 1834, 1835, + 1828, 1838, 1831, 1841, 1842, 1838, 1843, 1843, 1844, 1842, + 1847, 1832, 1837, 1845, 1848, 1836, 1840, 1850, 1848, 1849, + 1849, 1838, 1851, 1850, 1854, 1841, 1853, 1844, 1845, 1847, + 1853, 1851, 1852, 1852, 1856, 1854, 1855, 1855, 1857, 1858, + 1854, 1859, 1860, 1861, 1862, 1863, 1859, 1867, 1864, 1871, + 1862, 1867, 1857, 1864, 0, 1856, 1865, 1865, 1858, 1869, + 1863, 1870, 1860, 1861, 1866, 1866, 1872, 1872, 1869, 1871, + 1874, 1874, 1870, 1875, 1876, 1878, 1879, 1870, 1875, 1875, + 1876, 1878, 1880, 1881, 1882, 1884, 1886, 1880, 1885, 1887, - 1902, 1903, 1905, 1904, 1899, 1904, 1907, 1910, 1907, 1902, - 1908, 1909, 1909, 1903, 1911, 1901, 1912, 1913, 1912, 1911, - 1914, 1905, 1913, 1915, 1908, 1914, 1916, 1918, 1917, 1919, - 1920, 1922, 1918, 1910, 1917, 1923, 1924, 1924, 1920, 1925, - 1925, 1915, 1919, 1926, 1927, 1928, 1916, 1929, 1931, 1923, - 1922, 1928, 1929, 1930, 1932, 1930, 1933, 1933, 1926, 1934, - 1935, 1935, 1932, 1937, 1927, 1939, 1931, 1936, 1936, 1938, - 1932, 1934, 1937, 1941, 1938, 1942, 1943, 1942, 1945, 1946, - 1947, 1944, 1941, 1939, 1949, 1941, 1944, 1944, 1946, 1950, - 1945, 1953, 1947, 1951, 1950, 1954, 1949, 1943, 1951, 1955, + 1882, 1889, 1885, 1888, 1890, 1881, 1891, 1884, 1886, 1888, + 1890, 1891, 1879, 1892, 1894, 1895, 1896, 1898, 1899, 1899, + 1898, 1896, 1902, 1889, 1887, 1892, 1894, 1900, 1900, 1901, + 1901, 1903, 1904, 1906, 1895, 1905, 1907, 1903, 1904, 1906, + 1905, 1909, 1902, 1912, 1911, 1907, 1909, 1911, 1913, 1913, + 1915, 1916, 1917, 1918, 1918, 1912, 1919, 1917, 1924, 1920, + 1927, 1921, 1915, 1916, 1920, 1919, 1921, 1922, 1923, 1923, + 1922, 1925, 1926, 1928, 1931, 1932, 1929, 1928, 1924, 1927, + 1925, 1929, 1930, 1933, 1932, 1934, 1936, 1936, 1930, 1937, + 1926, 1938, 1931, 1939, 1940, 1940, 1941, 1942, 1936, 1934, - 1956, 1956, 1957, 1958, 1953, 1960, 1959, 1965, 1955, 1961, - 1971, 1963, 1966, 1964, 1977, 1954, 1971, 1966, 1974, 1960, - 1957, 1958, 1959, 1963, 1961, 1964, 1967, 1965, 1968, 1971, - 1973, 1967, 1975, 1976, 1978, 1982, 1973, 1968, 1983, 1977, - 1980, 1974, 1983, 1978, 1979, 1979, 1985, 1975, 1986, 1980, - 1984, 1976, 1981, 1981, 1982, 1984, 1987, 1988, 1989, 1985, - 1992, 1987, 1987, 1988, 1989, 1990, 1991, 2000, 1990, 1997, - 1986, 1995, 1995, 2001, 1991, 1996, 1996, 0, 1997, 2000, - 1992, 1998, 1998, 1999, 1999, 2009, 2002, 2010, 2003, 2009, - 1996, 2001, 2002, 2003, 2004, 2004, 2005, 2005, 2006, 2007, + 1938, 1933, 1943, 1944, 1945, 1941, 1951, 1937, 1944, 1942, + 1948, 1948, 1950, 1939, 1952, 1950, 1954, 1945, 1955, 1956, + 1957, 1966, 1951, 1943, 0, 1956, 1958, 1958, 1960, 1960, + 1952, 1954, 1955, 1959, 1961, 1959, 1970, 1957, 1963, 1963, + 1964, 1964, 1961, 1967, 1966, 1968, 1969, 1971, 1973, 1967, + 1974, 1968, 1975, 1969, 1972, 1972, 1976, 1973, 1970, 1977, + 1978, 1979, 1980, 1981, 1975, 1983, 1984, 1971, 1976, 1981, + 1988, 1974, 1978, 1987, 1977, 1991, 1985, 1980, 1986, 1986, + 1989, 1990, 1981, 1989, 1995, 1983, 1990, 1979, 1985, 1984, + 1988, 1987, 1993, 1996, 1994, 1991, 1994, 1993, 1996, 1997, - 2011, 1996, 2012, 2006, 2011, 2007, 2014, 2010, 2015, 2016, - 2017, 2018, 2019, 2015, 2021, 2022, 2018, 2020, 2023, 2028, - 2022, 2026, 2012, 2024, 2024, 2017, 2029, 2030, 2032, 2033, - 2019, 2014, 2016, 2020, 2021, 2025, 2026, 2027, 2029, 2025, - 2023, 2032, 2027, 2031, 2036, 2028, 2030, 2033, 2031, 2034, - 2034, 2037, 2036, 2038, 2039, 2040, 2041, 2042, 2046, 2043, - 2044, 2047, 2047, 2048, 2049, 0, 2051, 2049, 2048, 2050, - 2037, 2043, 2038, 2046, 2052, 2041, 2056, 2039, 2042, 2040, - 2051, 2044, 2050, 2053, 2053, 2054, 2054, 2052, 2055, 2055, - 2057, 2056, 2058, 2058, 2061, 2059, 2060, 2060, 2064, 2061, + 1999, 2001, 1995, 2002, 2003, 2004, 1997, 2004, 2005, 1999, + 2008, 2007, 2002, 2007, 2009, 2009, 2003, 2010, 2011, 2001, + 2012, 2013, 2012, 2011, 2008, 2014, 2013, 2005, 2015, 2016, + 2014, 2017, 2019, 2018, 2020, 2022, 2023, 2017, 2018, 2024, + 2024, 2026, 2020, 2010, 2027, 2019, 2015, 2025, 2025, 2016, + 2023, 2028, 2031, 2029, 2022, 2032, 2026, 2028, 2029, 2030, + 2034, 2030, 2043, 2032, 2027, 2033, 2033, 2035, 2035, 2037, + 2031, 2032, 2034, 2036, 2036, 2038, 2039, 2041, 2037, 2042, + 2038, 2042, 2044, 2043, 2045, 2047, 2041, 2044, 2044, 2041, + 2046, 2049, 2053, 2050, 2039, 2051, 2045, 2047, 2050, 2046, - 2063, 2065, 2066, 2057, 2059, 2063, 2069, 2059, 2067, 2067, - 2068, 2068, 2070, 2070, 2066, 2071, 2072, 2072, 2064, 2073, - 0, 2065, 2074, 2075, 2075, 2069, 2077, 2074, 2076, 2076, - 2078, 2079, 2080, 2071, 2073, 2084, 2082, 2083, 2083, 2078, - 2077, 2082, 2085, 2085, 2086, 2079, 2087, 2088, 2089, 2089, - 2088, 2080, 2087, 2091, 2084, 2090, 2090, 2093, 2092, 2094, - 2094, 2096, 2086, 2097, 2089, 2098, 2099, 2100, 2100, 2101, - 2099, 2107, 2091, 2092, 2102, 2103, 2093, 2104, 2108, 2102, - 2098, 2096, 2106, 2106, 2109, 2108, 2097, 2110, 2101, 2111, - 2103, 2107, 2104, 2112, 2113, 2113, 2118, 2114, 2109, 2115, + 2051, 2054, 2055, 2049, 2057, 2053, 2056, 2056, 2058, 2059, + 2060, 2055, 2061, 2065, 2066, 2067, 2063, 2064, 2074, 2066, + 2067, 2054, 2057, 2068, 2060, 2059, 2058, 2061, 2063, 2064, + 2071, 2073, 2068, 2065, 2076, 2075, 2071, 2073, 2077, 2078, + 2082, 2074, 2079, 2079, 2080, 2081, 2081, 2083, 2078, 2071, + 2075, 2083, 2076, 2080, 2085, 2084, 2086, 2092, 2090, 2082, + 2084, 2090, 2088, 2077, 2087, 2089, 2091, 2085, 2088, 2087, + 2087, 2089, 2095, 2095, 2091, 2096, 2096, 2092, 2086, 2097, + 2098, 2098, 2099, 2099, 2100, 2101, 2102, 2107, 2097, 2103, + 2096, 2109, 2102, 2107, 2103, 2109, 2100, 2104, 2104, 2105, - 2116, 2115, 2118, 2116, 2119, 2110, 2114, 2111, 2120, 2121, - 2122, 2123, 2124, 2120, 2121, 2126, 2119, 2125, 2116, 2112, - 2116, 2128, 2125, 2129, 2123, 2130, 2128, 2132, 2129, 2134, - 2131, 2133, 2136, 2124, 2134, 2122, 2131, 2133, 2135, 2137, - 2130, 2126, 2138, 2135, 2139, 2138, 2140, 2141, 2132, 2142, - 2143, 2148, 2137, 2139, 2144, 2140, 2141, 2136, 2142, 2145, - 2144, 2150, 2146, 2152, 2143, 2145, 2146, 2151, 2151, 2152, - 2150, 2148, 2153, 2153, 2154, 2155, 2157, 2158, 2161, 2154, - 2164, 2153, 2159, 2159, 2160, 2165, 2163, 2161, 2168, 2166, - 2170, 2168, 2157, 2158, 2171, 2155, 2164, 2155, 2163, 2160, + 2105, 2096, 2106, 2101, 2110, 2111, 2112, 2106, 2114, 2111, + 2115, 2116, 2117, 2118, 2119, 2115, 2121, 2122, 2118, 2120, + 2123, 2125, 2122, 2126, 2110, 2125, 2112, 2117, 2124, 2124, + 2128, 2129, 2119, 2114, 2116, 2120, 2121, 2133, 2126, 2127, + 2130, 2131, 2123, 2132, 2127, 2134, 2135, 2135, 2132, 2129, + 2133, 2137, 2130, 2138, 2139, 2140, 2128, 2141, 2142, 2137, + 2131, 2143, 2144, 2134, 2145, 2147, 2149, 2153, 2153, 2150, + 2151, 2207, 2138, 2139, 2144, 2207, 2151, 2142, 2140, 2149, + 2147, 2141, 2143, 2150, 2152, 2145, 2152, 2154, 2155, 2156, + 2157, 2155, 2154, 2158, 2159, 2159, 2160, 2160, 2161, 2163, - 2165, 2166, 2169, 2172, 2172, 0, 2171, 2169, 2173, 2173, - 2170, 2175, 2175, 2176, 2177, 2178, 2176, 2179, 2180, 2177, - 2182, 2178, 2185, 2179, 2181, 2181, 2184, 2180, 2183, 2183, - 2186, 2187, 2187, 2188, 2182, 2190, 2185, 2189, 2184, 2188, - 2190, 2192, 2197, 2193, 2196, 2192, 2193, 2194, 2194, 2186, - 2195, 2189, 2198, 2196, 2200, 2195, 2198, 2199, 2199, 2202, - 2203, 2204, 2197, 2205, 2202, 2206, 2207, 2200, 2208, 2206, - 2209, 2211, 2210, 2208, 2214, 2213, 2209, 2205, 2210, 2215, - 2203, 2204, 2216, 2217, 2215, 2221, 2207, 2213, 2216, 2211, - 2214, 2217, 2218, 2224, 2218, 2222, 2222, 2223, 2228, 2221, + 2161, 0, 2156, 2164, 2157, 2172, 2158, 2162, 2162, 2165, + 2165, 2166, 2167, 2167, 2163, 2173, 2164, 2168, 2168, 2169, + 2166, 2171, 2174, 2166, 2169, 2172, 2171, 2175, 2175, 2176, + 2176, 2177, 2178, 2178, 2174, 2173, 2179, 2180, 2180, 2182, + 2181, 2183, 2183, 2185, 2182, 2184, 2184, 2186, 2187, 2188, + 2177, 2191, 2191, 2190, 2179, 2181, 2186, 2185, 2190, 2192, + 2193, 2193, 2187, 2194, 2195, 2199, 2196, 2200, 2188, 2196, + 2195, 2197, 2197, 2198, 2198, 2201, 2202, 2202, 2192, 2204, + 2205, 2194, 2200, 2206, 2199, 2208, 2208, 2197, 2209, 2211, + 2210, 2212, 2214, 2214, 2201, 2210, 2215, 2217, 2206, 2204, - 2223, 2225, 2225, 2227, 2228, 2229, 2231, 2227, 2230, 2230, - 2234, 2234, 2236, 2238, 2243, 2231, 2239, 2229, 2242, 2224, - 2244, 2245, 2252, 2242, 2253, 2244, 2245, 2238, 2246, 2246, - 2236, 2250, 2239, 2248, 2248, 2251, 2251, 2250, 2252, 2254, - 2243, 2256, 2257, 2260, 2254, 2261, 2253, 2258, 2258, 2262, - 2263, 2261, 2260, 2267, 2257, 2265, 2265, 2268, 2266, 2272, - 2256, 2266, 2270, 2270, 2272, 2263, 2273, 2262, 2271, 2271, - 2274, 2275, 2267, 2277, 2278, 2268, 2275, 2279, 2276, 2274, - 2276, 2280, 2281, 2282, 2273, 2283, 2280, 2277, 2278, 2279, - 2283, 2284, 2284, 2285, 2285, 2286, 2286, 2287, 2287, 2288, + 2218, 2216, 2219, 2205, 2211, 2220, 2212, 2209, 2216, 2221, + 2221, 2217, 2222, 2223, 2224, 2223, 2215, 2224, 2218, 2226, + 2219, 2222, 2228, 2227, 2229, 2226, 2230, 2228, 2231, 2229, + 2234, 2220, 2224, 2232, 2224, 2227, 2240, 2233, 2236, 2237, + 2238, 2231, 2233, 2236, 2237, 2242, 2239, 2241, 2244, 2245, + 2242, 2230, 2239, 2241, 2232, 2238, 2234, 2240, 2243, 2247, + 2248, 2246, 2245, 2243, 2246, 2249, 2250, 2251, 2247, 2248, + 2252, 2253, 2256, 2244, 2249, 2250, 2252, 2253, 2254, 2258, + 2260, 2251, 2254, 2259, 2259, 2263, 2260, 2265, 2258, 2261, + 2261, 2262, 2256, 2266, 2267, 2267, 2262, 2268, 2261, 2269, - 2289, 2290, 2281, 2282, 2291, 2291, 2290, 2292, 2292, 2293, - 2294, 2288, 2295, 2296, 2297, 2297, 2298, 2301, 2289, 2299, - 2299, 2293, 2294, 2300, 2300, 2302, 2303, 2304, 2301, 2296, - 2305, 2306, 2295, 2303, 2307, 2298, 2306, 2302, 2308, 2304, - 2309, 2309, 2310, 2311, 2312, 2316, 2313, 2314, 2315, 2322, - 2305, 2310, 2317, 2317, 2307, 2319, 2318, 2316, 2308, 2313, - 2320, 2323, 2315, 2324, 2312, 2318, 2326, 2322, 0, 2311, - 2319, 2314, 2327, 2325, 2328, 2320, 2325, 2327, 2336, 2328, - 2326, 2329, 2329, 2323, 2330, 2330, 2324, 2331, 2331, 2333, - 2333, 2335, 2335, 2337, 2338, 2339, 2336, 2341, 2342, 2343, + 2272, 2271, 2273, 2265, 2278, 2263, 2274, 2263, 2269, 2266, + 2277, 2276, 2268, 2271, 2276, 2277, 2272, 2273, 2274, 2279, + 2280, 2280, 2281, 2281, 2278, 2283, 2283, 2284, 2285, 2286, + 2284, 2279, 2287, 2285, 2288, 2286, 2289, 2289, 2287, 2290, + 2291, 2291, 2292, 2288, 2293, 2294, 2295, 2295, 2297, 2296, + 2304, 2298, 0, 2290, 2292, 2296, 2298, 2300, 2293, 2304, + 2301, 2300, 2297, 2301, 2294, 2302, 2302, 2303, 2305, 2306, + 2307, 2309, 2303, 2311, 2307, 2308, 2308, 2305, 2311, 2312, + 2313, 2314, 2315, 2316, 2309, 2317, 2315, 2318, 2319, 2306, + 2317, 2320, 2321, 2318, 2319, 2314, 2322, 2323, 2324, 2312, - 2344, 2349, 2345, 2346, 2337, 2347, 2348, 2347, 2354, 2350, - 2339, 2345, 0, 2338, 2351, 2351, 2342, 2341, 2360, 2349, - 2344, 2343, 2355, 2346, 2353, 2353, 2348, 2350, 2356, 2356, - 2354, 2355, 2358, 2359, 2359, 2361, 2360, 2362, 2364, 2363, - 2365, 2358, 2367, 2366, 2362, 2368, 2368, 2369, 2369, 2370, - 2370, 2371, 2372, 2361, 2363, 2374, 2364, 2371, 2365, 2366, - 2373, 2367, 2375, 2376, 2377, 0, 2378, 2375, 2380, 2380, - 2372, 2378, 2382, 2382, 2374, 2373, 2379, 2381, 2379, 2381, - 2384, 2386, 2387, 2376, 2377, 2388, 2389, 2390, 2391, 2395, - 2386, 2392, 2390, 2396, 2397, 2397, 2396, 2388, 2398, 2384, + 2313, 2326, 2323, 2316, 2327, 2328, 2329, 2338, 2330, 2320, + 2328, 2321, 2329, 2326, 2335, 2322, 2330, 2333, 2342, 2324, + 2327, 2331, 2342, 2331, 2336, 2336, 2333, 2337, 2335, 2343, + 2337, 2339, 2339, 2338, 2344, 2343, 2345, 2345, 2346, 2349, + 2349, 2351, 2353, 2357, 2354, 2358, 2344, 2346, 2357, 2359, + 2360, 2361, 2361, 2367, 2359, 2360, 2353, 2363, 2363, 2351, + 2354, 2365, 2366, 2366, 2368, 2369, 2371, 2365, 2372, 2367, + 2369, 2358, 2373, 2373, 2375, 2376, 2377, 2378, 2380, 2380, + 2372, 2376, 2382, 2375, 2381, 2371, 2368, 2381, 2383, 2385, + 2385, 2388, 2378, 2387, 2377, 2386, 2386, 2390, 2387, 2389, - 2399, 2387, 2400, 2400, 2403, 2408, 2389, 2401, 2391, 2395, - 2392, 2401, 2404, 2398, 2405, 2405, 2404, 2406, 2399, 2403, - 2408, 2409, 2410, 2411, 2411, 2413, 2414, 2415, 2416, 2416, - 2406, 2415, 2417, 2418, 2418, 2414, 2420, 2413, 2419, 2421, - 2422, 2409, 2410, 2419, 2423, 2420, 2424, 2424, 2429, 2429, - 2430, 2417, 2422, 2431, 2431, 2421, 2432, 2433, 2434, 2435, - 2436, 2436, 2437, 2447, 2423, 2439, 2439, 2434, 2435, 2432, - 2433, 2442, 2430, 2443, 2444, 2445, 2442, 2437, 2443, 2446, - 2445, 2448, 2447, 2449, 2451, 2454, 2458, 2446, 2444, 2452, - 2448, 2449, 2453, 2458, 2452, 2455, 2455, 2453, 2460, 2451, + 2392, 2382, 2390, 2391, 2393, 2391, 2383, 2394, 2389, 2388, + 2395, 2396, 2397, 2418, 2392, 2395, 2398, 2404, 2393, 2394, + 2418, 2398, 2399, 2399, 2400, 2400, 2401, 2401, 2402, 2402, + 2403, 2396, 2397, 2405, 2408, 2404, 2406, 2406, 2405, 2407, + 2407, 2409, 2403, 2410, 2411, 2413, 2408, 2412, 2412, 2414, + 2414, 2415, 2415, 2409, 2416, 2417, 2419, 2420, 2422, 2423, + 2411, 2421, 2425, 2410, 2413, 2416, 2421, 2417, 2419, 2424, + 2424, 2425, 2426, 2427, 2428, 2429, 2430, 2420, 2422, 2423, + 2431, 2432, 2432, 2438, 2437, 2433, 2434, 2428, 2435, 2439, + 2430, 2442, 2431, 2427, 2433, 2441, 2442, 2440, 2426, 2429, - 2454, 2456, 2456, 2457, 2457, 2459, 2461, 2462, 2465, 2463, - 2459, 2464, 2464, 2462, 2463, 2466, 2460, 2467, 2467, 2471, - 2466, 2468, 2468, 2465, 2461, 2472, 2472, 2473, 2474, 2477, - 2473, 2475, 2471, 2474, 2474, 2476, 2475, 2479, 2478, 2481, - 2476, 2479, 2480, 2477, 2478, 2482, 2483, 2480, 2481, 2484, - 2485, 2486, 2488, 2487, 2483, 2493, 2485, 2486, 2487, 2491, - 2482, 2490, 2491, 2495, 2488, 2497, 2490, 2493, 2495, 2496, - 2484, 2498, 2499, 2500, 2496, 2501, 2501, 2502, 2506, 2507, - 2512, 2499, 2500, 2497, 2498, 2508, 2502, 2509, 2509, 2510, - 2514, 2511, 2513, 2513, 2518, 2512, 2516, 2506, 2519, 2507, + 2440, 2434, 2437, 2435, 2451, 2438, 2443, 2444, 2444, 2441, + 2452, 2443, 2439, 2445, 2445, 2446, 2446, 2448, 2448, 2450, + 2450, 2452, 2451, 2453, 2454, 2456, 2457, 2458, 2459, 2460, + 2461, 2462, 2463, 2462, 2470, 2464, 2465, 2469, 2460, 2454, + 2466, 2466, 2453, 0, 2457, 2456, 2468, 2468, 2459, 2458, + 2461, 2469, 2463, 2464, 2465, 2471, 2470, 2472, 2472, 2474, + 2475, 2475, 2476, 2477, 2471, 2478, 2480, 2479, 2474, 2481, + 2482, 2483, 2478, 2484, 2484, 2485, 2485, 2486, 2487, 2488, + 2476, 2477, 2479, 2492, 2480, 2488, 2482, 2481, 2489, 2489, + 2483, 2490, 2490, 2491, 2493, 2494, 2487, 2486, 2495, 2491, - 2511, 2521, 2519, 0, 2508, 2520, 2520, 2522, 2510, 2514, - 2523, 2516, 2524, 2522, 2518, 2526, 2523, 2527, 2524, 2525, - 2525, 2529, 2527, 2526, 2530, 2532, 2521, 2533, 2534, 2532, - 2529, 2536, 2536, 2537, 2538, 2538, 2542, 2530, 2539, 2539, - 2542, 2533, 2543, 2534, 2541, 2541, 2547, 2543, 2545, 2545, - 2548, 2537, 2549, 2550, 2553, 2548, 2551, 2563, 2550, 2550, - 2554, 2554, 2556, 2556, 2549, 2559, 2547, 2561, 2551, 2557, - 2557, 2567, 2558, 2570, 2553, 2558, 2569, 2563, 2559, 2564, - 2564, 2565, 2565, 2566, 2566, 2561, 2567, 2568, 2568, 2569, - 2571, 2570, 2572, 2573, 2573, 2574, 2578, 2579, 2572, 2574, + 2496, 2492, 2497, 2498, 2507, 2496, 2499, 2505, 2500, 2493, + 2500, 2499, 2495, 2507, 2494, 2501, 2501, 2502, 2508, 2502, + 2503, 2503, 2497, 2498, 2509, 2510, 2505, 2511, 2512, 2519, + 2513, 2516, 2511, 2518, 2518, 2517, 2509, 2508, 2517, 2520, + 2521, 2521, 2522, 2524, 2519, 2510, 2522, 2527, 2512, 2513, + 2525, 2516, 2526, 2526, 2525, 2529, 2530, 2520, 2524, 2531, + 2527, 2532, 2532, 2534, 2535, 2536, 2537, 2537, 2538, 2536, + 2529, 2539, 2539, 2535, 2541, 2534, 2530, 2540, 2542, 2531, + 2543, 2544, 2540, 2541, 2545, 2545, 2551, 2538, 2550, 2550, + 2552, 2552, 2543, 2553, 2542, 2555, 2554, 2558, 2556, 2557, - 2582, 2578, 2578, 2580, 2571, 2581, 2582, 2583, 2584, 2591, - 2585, 2586, 2586, 2583, 2585, 2592, 2589, 2591, 2592, 2594, - 2579, 2589, 2597, 2580, 2595, 2581, 2598, 2595, 2596, 2596, - 2599, 2598, 2600, 2584, 2639, 2601, 2602, 2602, 2639, 2597, - 2597, 2603, 2604, 2605, 2594, 2604, 2606, 2609, 2599, 2601, - 2607, 2616, 2600, 2604, 2608, 2603, 2616, 2605, 2607, 2608, - 2608, 2610, 2610, 2611, 2611, 2606, 2609, 2612, 2612, 2613, - 2613, 2614, 2614, 2615, 2617, 2618, 2619, 2620, 2621, 2623, - 2623, 2624, 2625, 2628, 2624, 2619, 2627, 2627, 2630, 2615, - 2628, 2629, 2629, 2630, 2617, 2632, 2632, 2620, 2621, 2633, + 2557, 2544, 2560, 2560, 2555, 2563, 2553, 2556, 2551, 2554, + 2563, 2564, 2558, 2565, 2566, 2567, 2564, 2568, 2570, 2566, + 2569, 0, 2572, 2567, 2575, 2573, 2570, 2565, 2574, 2569, + 2573, 2576, 2576, 2574, 2577, 2577, 2568, 2572, 2579, 2575, + 2578, 2578, 2580, 2581, 2582, 2579, 2583, 2580, 2584, 2585, + 2585, 2586, 2583, 2584, 2587, 2588, 2588, 2589, 2589, 2587, + 2592, 2581, 2582, 2593, 2593, 2594, 2586, 2596, 2594, 2595, + 2598, 2597, 2596, 2592, 2595, 2595, 2597, 2599, 2600, 2602, + 2601, 2603, 2600, 2599, 2598, 2601, 2604, 2605, 2602, 2606, + 2609, 2607, 2611, 2608, 2604, 2606, 2603, 2607, 2608, 2611, - 2625, 2618, 2634, 2635, 2637, 2638, 2638, 2640, 2633, 2641, - 2643, 2634, 2635, 2642, 2654, 2649, 2640, 2644, 2642, 2642, - 2649, 2645, 2637, 2643, 2641, 2645, 2644, 2650, 2650, 2652, - 2652, 2653, 2655, 2657, 2657, 2658, 2659, 2662, 2663, 2654, - 2664, 2667, 2669, 2665, 2658, 2653, 2671, 2663, 2659, 2665, - 2655, 2671, 2672, 2667, 2673, 2673, 2674, 2672, 2683, 2676, - 2664, 2684, 2662, 2669, 2676, 2674, 2677, 2677, 2679, 2679, - 2677, 2680, 2680, 2681, 2681, 2682, 2685, 2687, 2683, 2691, - 2684, 2685, 2688, 2687, 2682, 2689, 2692, 2688, 2690, 2690, - 2689, 2693, 2695, 2697, 2694, 2696, 2700, 2691, 2692, 2694, + 2612, 2613, 2609, 2615, 2613, 2612, 2617, 2618, 2605, 2619, + 2620, 2617, 2618, 2621, 2627, 2615, 2622, 2623, 2623, 2624, + 2628, 2632, 2621, 2620, 2629, 2622, 2628, 2619, 2624, 2633, + 2629, 2634, 2627, 2635, 2635, 2636, 2637, 2638, 2639, 2641, + 2632, 2643, 2636, 2640, 2640, 2645, 2638, 2646, 2648, 2633, + 2634, 2646, 3139, 2639, 3139, 2637, 2643, 2649, 2641, 2647, + 2647, 2650, 2651, 2649, 2653, 2645, 2654, 2650, 2651, 2652, + 2652, 2654, 2653, 2648, 2656, 2657, 2659, 2660, 2661, 2664, + 2659, 2663, 2663, 2656, 2665, 2665, 2666, 2666, 2657, 2668, + 2668, 2660, 2669, 2661, 2670, 2674, 2669, 2664, 2675, 2670, - 2700, 2696, 2698, 2698, 2701, 2704, 2702, 2703, 2703, 2701, - 2695, 2702, 2693, 2705, 2706, 2708, 2708, 2710, 2697, 2711, - 2713, 2712, 2714, 2715, 2704, 2712, 2717, 2716, 2705, 2713, - 2710, 2717, 2711, 2718, 2706, 2716, 2719, 2719, 2714, 2720, - 2722, 2722, 2715, 2723, 2723, 2725, 2727, 2727, 2729, 2730, - 2732, 2731, 2734, 2734, 2735, 2732, 2736, 2737, 2720, 2718, - 2739, 2739, 2741, 2740, 2729, 2730, 2725, 2731, 2742, 2742, - 2745, 2749, 2746, 0, 2735, 2747, 2737, 2740, 2746, 2736, - 2747, 2741, 2750, 2750, 2751, 2751, 2752, 2753, 2753, 2754, - 2745, 2756, 2755, 2749, 2758, 2760, 2757, 2759, 2761, 2761, + 2672, 2672, 2676, 2675, 2677, 2678, 2680, 2681, 2681, 2677, + 2677, 2683, 2683, 2685, 2676, 2674, 2685, 2678, 2684, 2684, + 2686, 2688, 2690, 2691, 2691, 2694, 2680, 2692, 2692, 2693, + 2693, 2695, 2695, 2686, 2696, 2697, 2698, 2699, 2706, 2688, + 2694, 0, 2690, 2699, 2700, 2700, 2707, 2696, 2701, 2705, + 2698, 2708, 2701, 2697, 2705, 2705, 2709, 2710, 2711, 2721, + 2712, 2706, 2709, 2710, 2712, 2716, 2707, 2713, 2713, 2718, + 2716, 2708, 2719, 2722, 2724, 2719, 2722, 2718, 2723, 2723, + 2725, 2726, 2727, 2711, 2721, 2725, 2728, 2729, 2729, 2730, + 2731, 2724, 2724, 2731, 2732, 2733, 2734, 2737, 2850, 2726, - 2754, 2755, 2757, 2763, 2763, 2762, 2752, 2753, 2762, 2759, - 2767, 2756, 2768, 2758, 2769, 2760, 2770, 2770, 2771, 2772, - 2769, 2771, 2767, 2773, 2775, 2772, 2776, 2776, 2777, 2775, - 2778, 2779, 2768, 2777, 2780, 2781, 2781, 2779, 2783, 2784, - 2785, 2773, 2786, 2787, 2787, 2788, 2794, 2789, 0, 2778, - 2783, 2780, 2780, 2791, 2791, 2786, 2789, 2784, 2792, 2792, - 2794, 2793, 2795, 2804, 2788, 2785, 2793, 2795, 2796, 2796, - 2797, 2797, 2798, 2798, 2799, 2801, 2801, 2806, 2807, 2799, - 2808, 2812, 2804, 2809, 2809, 2811, 2811, 2813, 2814, 2815, - 2815, 2816, 2816, 2819, 0, 2812, 2820, 2814, 2818, 2806, + 2728, 2731, 2727, 2730, 2734, 2735, 2850, 2736, 2732, 2745, + 2735, 2735, 2736, 2736, 2733, 2743, 2737, 2738, 2738, 2739, + 2739, 2740, 2740, 2741, 2741, 2742, 2742, 2744, 2746, 2745, + 2747, 2743, 2744, 2748, 2749, 2747, 2750, 2751, 2752, 2749, + 2754, 2754, 2755, 2755, 2756, 2750, 2757, 2756, 2759, 2759, + 2761, 2761, 2748, 2760, 2746, 2769, 2762, 2751, 2752, 2765, + 2760, 2762, 2764, 2764, 2757, 2766, 2767, 2771, 2765, 2770, + 2770, 2771, 2772, 2769, 2766, 2767, 2773, 2774, 2776, 2775, + 2777, 2772, 2774, 2774, 2777, 2781, 2785, 2776, 2782, 2782, + 2781, 2773, 2775, 2784, 2784, 2786, 2787, 2789, 2789, 2790, - 2807, 2821, 2808, 2835, 2818, 2828, 2821, 2813, 2824, 2824, - 2826, 2826, 2827, 2819, 2829, 2820, 2830, 2827, 2831, 2828, - 2829, 2832, 2832, 2835, 2833, 2836, 2831, 2837, 2830, 2833, - 2838, 2839, 2837, 2841, 2842, 2843, 2844, 2839, 2847, 2846, - 2945, 2841, 2838, 2848, 2849, 2836, 2850, 2852, 2853, 2857, - 2858, 2850, 2852, 2842, 2847, 2843, 2844, 2846, 2854, 2876, - 2848, 2848, 2855, 2858, 2854, 2849, 2945, 2855, 2853, 2857, - 2861, 2861, 2862, 2862, 2863, 2867, 2867, 2876, 2863, 2869, - 2869, 2870, 2870, 2873, 2870, 2871, 2871, 2873, 2871, 2872, - 2872, 2877, 2872, 2875, 2875, 2880, 2881, 2882, 2883, 2883, + 2785, 2791, 2794, 2795, 2796, 2797, 2799, 2801, 2790, 2815, + 2803, 2797, 2795, 2791, 2787, 2803, 2804, 2806, 2799, 0, + 2786, 2804, 2805, 2805, 2796, 2808, 2806, 2794, 2801, 2815, + 2808, 2809, 2809, 2811, 2811, 2809, 2812, 2812, 2813, 2813, + 2814, 2816, 2817, 2820, 2819, 2823, 2821, 2817, 2820, 2814, + 2819, 2821, 2822, 2822, 2824, 2825, 2826, 2827, 2828, 2829, + 2816, 2826, 2836, 2823, 2828, 2832, 2824, 2830, 2830, 2832, + 2835, 2835, 2833, 2834, 2837, 2827, 2825, 2833, 2834, 2838, + 2840, 2836, 2842, 2842, 2829, 2844, 2845, 2846, 2847, 2837, + 2848, 2846, 2849, 2855, 2838, 2853, 2851, 2847, 2844, 2845, - 2886, 2887, 2882, 2888, 2889, 2877, 2890, 2888, 2887, 2892, - 2893, 2894, 2894, 2889, 2897, 2880, 2881, 2895, 2895, 2893, - 2902, 2890, 2896, 2896, 2899, 2886, 2898, 2892, 2901, 2897, - 2904, 2898, 2900, 2899, 2901, 2903, 2899, 2900, 2900, 2905, - 2907, 2906, 2908, 2908, 2905, 2902, 2906, 2909, 2910, 2944, - 2903, 2904, 2944, 2909, 2910, 2911, 2911, 2912, 2912, 2907, - 2913, 2916, 2916, 2919, 2919, 2913, 2920, 2920, 2921, 2921, - 2922, 2922, 2923, 2923, 2924, 2924, 2925, 2925, 2927, 2928, - 2928, 2929, 2930, 2931, 2935, 2933, 2937, 2927, 2934, 2934, - 2929, 2939, 2936, 2943, 2930, 2938, 2938, 2947, 2937, 2935, + 2840, 2851, 2852, 2852, 2853, 2854, 2848, 2856, 2856, 2857, + 2863, 2849, 2860, 2860, 2861, 2861, 2865, 2865, 2867, 2855, + 2868, 2869, 2870, 2854, 2872, 2872, 2873, 2870, 2857, 2874, + 2875, 2863, 2877, 2877, 2867, 2879, 2868, 2869, 2883, 2878, + 2880, 2880, 2884, 2887, 2890, 2885, 2873, 2894, 2884, 2875, + 2885, 2896, 2874, 2878, 2879, 2888, 2888, 2892, 2883, 2889, + 2889, 2891, 2891, 2893, 2890, 2887, 2897, 2894, 2892, 2895, + 2896, 2898, 2893, 2899, 2899, 2895, 2900, 2905, 2897, 2900, + 2906, 2891, 2901, 2901, 2907, 2908, 2908, 2910, 2911, 2905, + 2907, 2898, 2909, 2910, 2913, 2909, 2914, 2914, 2915, 2913, - 2940, 2940, 2953, 2931, 2933, 2936, 2939, 2946, 2946, 2949, - 2950, 2943, 2949, 2951, 2952, 2947, 2950, 2954, 2955, 2952, - 2957, 2953, 2958, 2961, 2972, 2970, 2957, 2951, 2970, 2973, - 2973, 2958, 2974, 2974, 2955, 2954, 2977, 2972, 2961, 2975, - 2975, 2978, 2979, 2980, 2981, 2983, 2979, 2985, 2989, 2984, - 2978, 2986, 2985, 2986, 2987, 2988, 2988, 2990, 2981, 2977, - 2984, 2989, 2991, 2980, 2993, 2992, 2995, 2994, 2983, 2987, - 2997, 2996, 2998, 2999, 3003, 2995, 2990, 3004, 2999, 0, - 2991, 2992, 2994, 2996, 3005, 3005, 3006, 3011, 3003, 2993, - 3012, 2997, 2998, 3007, 3007, 3006, 3016, 3004, 3008, 3008, + 2906, 2916, 2917, 2915, 2918, 2921, 2911, 2922, 2917, 2919, + 2919, 2923, 2926, 2924, 2925, 2925, 2927, 2921, 2928, 2933, + 2916, 2918, 2918, 2930, 2930, 2922, 2924, 2928, 2931, 2931, + 2932, 2926, 2927, 2933, 2934, 2932, 2923, 2935, 2935, 2934, + 2936, 2936, 2937, 2937, 2938, 2939, 2940, 2946, 2941, 2943, + 2943, 2948, 2940, 2941, 2949, 2950, 2954, 2938, 2951, 2951, + 2953, 2953, 2955, 2956, 2957, 2957, 2946, 2958, 2958, 2960, + 2954, 2939, 2956, 2948, 2961, 2960, 2949, 2950, 2962, 2963, + 2966, 2966, 2955, 2969, 2963, 2968, 2968, 2970, 2969, 2971, + 2972, 2973, 2974, 2974, 2961, 2971, 2977, 2962, 2975, 2973, - 3009, 3009, 3010, 3010, 3013, 3017, 3011, 3013, 3014, 3015, - 3012, 3018, 3019, 3014, 3015, 3020, 3022, 3018, 3021, 3024, - 3017, 3016, 3025, 3021, 3023, 3023, 3019, 3020, 3026, 3026, - 3028, 3030, 3033, 3033, 3024, 3035, 3022, 3034, 3034, 3036, - 3037, 3025, 3038, 3035, 3040, 3028, 3037, 3039, 3038, 3030, - 3041, 3042, 3043, 3043, 3044, 3044, 3042, 3040, 3036, 3046, - 3049, 3039, 3047, 3050, 3052, 3053, 3054, 3050, 3055, 3041, - 3053, 3057, 3058, 3056, 3049, 3060, 3060, 3058, 3059, 3063, - 3046, 3055, 3047, 3059, 3052, 3054, 3056, 3064, 3065, 3067, - 3057, 3066, 3066, 3070, 3067, 3068, 3069, 3069, 3070, 3063, + 2978, 2970, 2972, 2975, 2979, 2980, 2981, 2983, 2984, 2979, + 2985, 2986, 2981, 2989, 2988, 2983, 2977, 2980, 2990, 2991, + 2978, 2992, 2995, 2994, 2999, 0, 2992, 2984, 2994, 2989, + 2985, 2986, 2988, 2996, 3000, 2990, 2990, 3000, 2997, 2996, + 2991, 3001, 2995, 2997, 2999, 3004, 3004, 3005, 3005, 3006, + 3010, 3010, 3011, 3006, 3001, 3012, 0, 3011, 3013, 3013, + 3015, 3015, 3016, 3016, 3019, 3016, 3017, 3017, 3019, 3017, + 3018, 3018, 3022, 3018, 3012, 3021, 3021, 3023, 3026, 3027, + 3028, 3029, 3029, 3032, 3034, 3028, 3033, 3035, 3034, 3036, + 3022, 3023, 3038, 3033, 3039, 0, 3035, 3048, 3026, 3027, - 3073, 3068, 3081, 3071, 3072, 3064, 3074, 3065, 3071, 3072, - 3076, 3076, 3074, 3077, 3078, 3078, 3080, 3082, 3077, 3073, - 3080, 3081, 3083, 3084, 3082, 3085, 3086, 3087, 3089, 3089, - 3093, 3085, 3091, 3091, 3092, 3093, 3094, 3095, 3096, 3098, - 3087, 3083, 3084, 3092, 3098, 3086, 3092, 3097, 3097, 3099, - 3101, 3096, 3102, 3102, 3103, 3094, 3095, 3104, 3104, 3105, - 3105, 3106, 3099, 3107, 3108, 3115, 3106, 3109, 3109, 3110, - 3107, 3112, 3112, 3103, 3110, 3111, 3101, 3111, 3113, 3114, - 3117, 3120, 3116, 3108, 3115, 3113, 3114, 3116, 3119, 3119, - 3122, 3123, 3124, 3125, 3129, 3122, 3123, 3126, 3126, 3117, + 3040, 3040, 3043, 3039, 3036, 3041, 3041, 3045, 3032, 3044, + 3038, 3042, 3042, 3049, 3044, 3046, 3045, 3043, 3047, 3045, + 3046, 3046, 3048, 3050, 3047, 3051, 3052, 3053, 3049, 3055, + 3051, 3052, 3054, 3054, 3056, 3055, 3057, 3057, 3058, 3058, + 3056, 3059, 3060, 3066, 3050, 0, 3053, 3060, 3063, 3063, + 3065, 3065, 3066, 3069, 3069, 3081, 3059, 3070, 3070, 3071, + 3071, 3072, 3072, 3073, 3073, 3074, 3074, 3075, 3075, 3077, + 3078, 3078, 3079, 3080, 3083, 3081, 3084, 3084, 3077, 3085, + 3087, 3079, 3086, 3088, 3088, 3080, 3089, 3090, 3090, 3093, + 3095, 3097, 3087, 3083, 3085, 3086, 3094, 3096, 3096, 3094, - 3120, 3128, 3128, 3130, 3131, 3131, 3132, 3132, 3133, 3135, - 3135, 3124, 3125, 3129, 3137, 3133, 3136, 3136, 3139, 3142, - 3143, 3137, 3130, 3139, 3142, 3144, 3145, 3145, 3146, 3146, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 3143, - 0, 0, 0, 0, 3144, 3150, 3150, 3150, 3150, 3150, - 3150, 3150, 3151, 3151, 3151, 3151, 3151, 3151, 3151, 3152, - 3152, 3152, 3152, 3152, 3152, 3152, 3153, 3153, 3153, 3153, - 3153, 3153, 3153, 3154, 3154, 3154, 3154, 3154, 3154, 3154, - 3155, 3155, 3155, 3155, 3155, 3155, 3155, 3156, 3156, 3156, - 3156, 3156, 3156, 3156, 3158, 3158, 0, 3158, 3158, 3158, + 3099, 3089, 3100, 3099, 3101, 3102, 3103, 3093, 3100, 3097, + 3102, 3104, 3105, 3107, 3108, 3112, 3095, 3111, 3101, 3107, + 3115, 3111, 3125, 3108, 3123, 3103, 3130, 3123, 3105, 3104, + 3112, 3126, 3126, 3127, 3127, 3125, 3128, 3128, 3131, 3132, + 3133, 3134, 3136, 3132, 3140, 3137, 3115, 3131, 3138, 3130, + 3141, 3141, 3143, 3138, 3142, 3134, 3137, 3144, 3145, 3140, + 3133, 3146, 3147, 3148, 3149, 3136, 3151, 3142, 3150, 3153, + 3159, 3143, 3148, 3150, 3145, 3144, 3149, 3147, 3152, 3154, + 3158, 3160, 3160, 3152, 3154, 3166, 3146, 3151, 3161, 3153, + 3159, 3162, 3162, 3167, 3158, 3163, 3163, 3161, 3164, 3164, - 3158, 3159, 3159, 0, 0, 0, 3159, 3159, 3160, 3160, - 0, 0, 3160, 0, 3160, 3161, 0, 0, 0, 0, - 0, 3161, 3162, 3162, 0, 0, 0, 3162, 3162, 3163, - 0, 0, 0, 0, 0, 3163, 3164, 3164, 0, 3164, - 3164, 3164, 3164, 3165, 0, 0, 0, 0, 0, 3165, - 3166, 3166, 0, 0, 0, 3166, 3166, 3167, 3167, 0, - 3167, 3167, 3167, 3167, 3149, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, - 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, 3149, + 3165, 3165, 3168, 3169, 3166, 3168, 3170, 3171, 3169, 3172, + 3173, 3170, 3174, 3167, 3176, 3175, 3173, 3177, 3177, 3176, + 3178, 3179, 3179, 3181, 3172, 3182, 3174, 3175, 3180, 3180, + 3183, 3183, 3171, 3185, 3187, 3190, 3190, 3192, 3181, 3193, + 3178, 3191, 3191, 3194, 3182, 3192, 3196, 3195, 3185, 3194, + 3197, 3198, 3187, 3195, 3199, 3200, 3200, 3205, 3193, 3199, + 3196, 3202, 3202, 3197, 3206, 3208, 3211, 3209, 3212, 3213, + 3198, 3209, 3214, 3212, 3215, 3216, 3217, 3218, 3205, 3208, + 3222, 3217, 3218, 3223, 3206, 3214, 3211, 3215, 3213, 3219, + 3219, 3224, 3225, 3225, 3216, 3228, 3228, 3226, 3227, 3232, - 3149, 3149, 3149, 3149, 3149 + 3222, 3223, 3226, 3229, 3227, 3240, 3230, 3231, 3229, 3233, + 3224, 3230, 3231, 3235, 3235, 3233, 3236, 3242, 3232, 3237, + 3237, 3236, 3239, 3241, 3240, 3243, 3239, 3244, 3245, 3246, + 3241, 3248, 3248, 3244, 3250, 3250, 3242, 3251, 3252, 3253, + 3254, 3255, 3246, 3252, 3243, 3260, 3251, 3245, 3257, 3251, + 3256, 3256, 3258, 3257, 3255, 3261, 3261, 3262, 3253, 3254, + 3263, 3263, 3264, 3264, 3265, 3258, 3266, 3267, 3270, 3265, + 3270, 3260, 3269, 3266, 3268, 3268, 3262, 3269, 3271, 3271, + 3272, 3273, 3274, 3276, 3275, 3279, 3267, 3272, 3273, 3275, + 3278, 3278, 3281, 3282, 3283, 3284, 3288, 3281, 3282, 3285, + + 3285, 3274, 3276, 3289, 3279, 3287, 3287, 3290, 3290, 3291, + 3291, 3292, 3302, 3283, 3284, 3288, 3294, 3294, 3292, 3295, + 3295, 3296, 3289, 3303, 3298, 3301, 3304, 3304, 3296, 3298, + 3301, 3302, 3305, 3305, 0, 0, 0, 0, 0, 0, + 0, 0, 3303, 3309, 3309, 3309, 3309, 3309, 3309, 3309, + 3310, 3310, 3310, 3310, 3310, 3310, 3310, 3311, 3311, 3311, + 3311, 3311, 3311, 3311, 3312, 3312, 3312, 3312, 3312, 3312, + 3312, 3313, 3313, 3313, 3313, 3313, 3313, 3313, 3314, 3314, + 3314, 3314, 3314, 3314, 3314, 3315, 3315, 3315, 3315, 3315, + 3315, 3315, 3317, 3317, 0, 3317, 3317, 3317, 3317, 3318, + + 3318, 0, 0, 0, 3318, 3318, 3319, 3319, 0, 0, + 3319, 0, 3319, 3320, 0, 0, 0, 0, 0, 3320, + 3321, 3321, 0, 0, 0, 3321, 3321, 3322, 0, 0, + 0, 0, 0, 3322, 3323, 3323, 0, 3323, 3323, 3323, + 3323, 3324, 0, 0, 0, 0, 0, 3324, 3325, 3325, + 0, 0, 0, 3325, 3325, 3326, 3326, 0, 3326, 3326, + 3326, 3326, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, 3308, + + 3308, 3308, 3308 } ; static yy_state_type yy_last_accepting_state; @@ -3034,7 +3154,7 @@ static void config_end_include(void) } #endif -#line 3036 "" +#line 3156 "" #define YY_NO_INPUT 1 #line 191 "./util/configlexer.lex" #ifndef YY_NO_UNPUT @@ -3043,9 +3163,9 @@ static void config_end_include(void) #ifndef YY_NO_INPUT #define YY_NO_INPUT 1 #endif -#line 3045 "" +#line 3165 "" -#line 3047 "" +#line 3167 "" #define INITIAL 0 #define quotedstring 1 @@ -3269,7 +3389,7 @@ YY_DECL { #line 211 "./util/configlexer.lex" -#line 3271 "" +#line 3391 "" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -3302,13 +3422,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3150 ) + if ( yy_current_state >= 3309 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 6165 ); + while ( yy_base[yy_current_state] != 6463 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3558,1304 +3678,1379 @@ YY_RULE_SETUP case 45: YY_RULE_SETUP #line 259 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } +{ YDVAR(1, VAR_HTTPS_PORT) } YY_BREAK case 46: YY_RULE_SETUP #line 260 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +{ YDVAR(1, VAR_HTTP_ENDPOINT) } YY_BREAK case 47: YY_RULE_SETUP #line 261 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_HTTP_MAX_STREAMS) } YY_BREAK case 48: YY_RULE_SETUP #line 262 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } YY_BREAK case 49: YY_RULE_SETUP #line 263 "./util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +{ YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } YY_BREAK case 50: YY_RULE_SETUP #line 264 "./util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +{ YDVAR(1, VAR_HTTP_NODELAY) } YY_BREAK case 51: YY_RULE_SETUP #line 265 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +{ YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } YY_BREAK case 52: YY_RULE_SETUP #line 266 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +{ YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK case 53: YY_RULE_SETUP #line 267 "./util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK case 54: YY_RULE_SETUP #line 268 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 55: YY_RULE_SETUP #line 269 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK case 56: YY_RULE_SETUP #line 270 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_DSCP) } +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK case 57: YY_RULE_SETUP #line 271 "./util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK case 58: YY_RULE_SETUP #line 272 "./util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK case 59: YY_RULE_SETUP #line 273 "./util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK case 60: YY_RULE_SETUP #line 274 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK case 61: YY_RULE_SETUP #line 275 "./util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK case 62: YY_RULE_SETUP #line 276 "./util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK case 63: YY_RULE_SETUP #line 277 "./util/configlexer.lex" -{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } +{ YDVAR(1, VAR_IP_DSCP) } YY_BREAK case 64: YY_RULE_SETUP #line 278 "./util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +{ YDVAR(1, VAR_CHROOT) } YY_BREAK case 65: YY_RULE_SETUP #line 279 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +{ YDVAR(1, VAR_USERNAME) } YY_BREAK case 66: YY_RULE_SETUP #line 280 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK case 67: YY_RULE_SETUP #line 281 "./util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK case 68: YY_RULE_SETUP #line 282 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK case 69: YY_RULE_SETUP #line 283 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK case 70: YY_RULE_SETUP #line 284 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +{ YDVAR(1, VAR_STREAM_WAIT_SIZE) } YY_BREAK case 71: YY_RULE_SETUP #line 285 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK case 72: YY_RULE_SETUP #line 286 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK case 73: YY_RULE_SETUP #line 287 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK case 74: YY_RULE_SETUP #line 288 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK case 75: YY_RULE_SETUP #line 289 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK case 76: YY_RULE_SETUP #line 290 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK case 77: YY_RULE_SETUP #line 291 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK case 78: YY_RULE_SETUP #line 292 "./util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK case 79: YY_RULE_SETUP #line 293 "./util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK case 80: YY_RULE_SETUP #line 294 "./util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK case 81: YY_RULE_SETUP #line 295 "./util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK case 82: YY_RULE_SETUP #line 296 "./util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK case 83: YY_RULE_SETUP #line 297 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK case 84: YY_RULE_SETUP #line 298 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK case 85: YY_RULE_SETUP #line 299 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK case 86: YY_RULE_SETUP #line 300 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +{ YDVAR(1, VAR_INFRA_KEEP_PROBING) } YY_BREAK case 87: YY_RULE_SETUP #line 301 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK case 88: YY_RULE_SETUP #line 302 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK case 89: YY_RULE_SETUP #line 303 "./util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK case 90: YY_RULE_SETUP #line 304 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +{ YDVAR(1, VAR_UDP_CONNECT) } YY_BREAK case 91: YY_RULE_SETUP #line 305 "./util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK case 92: YY_RULE_SETUP #line 306 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK case 93: YY_RULE_SETUP #line 307 "./util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK case 94: YY_RULE_SETUP #line 308 "./util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK case 95: YY_RULE_SETUP #line 309 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK case 96: YY_RULE_SETUP #line 310 "./util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK case 97: YY_RULE_SETUP #line 311 "./util/configlexer.lex" -{ YDVAR(1, VAR_DENY_ANY) } +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK case 98: YY_RULE_SETUP #line 312 "./util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK case 99: YY_RULE_SETUP #line 313 "./util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK case 100: YY_RULE_SETUP #line 314 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 101: YY_RULE_SETUP #line 315 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK case 102: YY_RULE_SETUP #line 316 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK case 103: YY_RULE_SETUP #line 317 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK case 104: YY_RULE_SETUP #line 318 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_NO_CACHE) } +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK case 105: YY_RULE_SETUP #line 319 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK case 106: YY_RULE_SETUP #line 320 "./util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK case 107: YY_RULE_SETUP #line 321 "./util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +{ YDVAR(1, VAR_DENY_ANY) } YY_BREAK case 108: YY_RULE_SETUP #line 322 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK case 109: YY_RULE_SETUP #line 323 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +{ YDVAR(1, VAR_NAME) } YY_BREAK case 110: YY_RULE_SETUP #line 324 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK case 111: YY_RULE_SETUP #line 325 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_NO_CACHE) } +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK case 112: YY_RULE_SETUP #line 326 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK case 113: YY_RULE_SETUP #line 327 "./util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK case 114: YY_RULE_SETUP #line 328 "./util/configlexer.lex" -{ YDVAR(0, VAR_AUTH_ZONE) } +{ YDVAR(1, VAR_STUB_NO_CACHE) } YY_BREAK case 115: YY_RULE_SETUP #line 329 "./util/configlexer.lex" -{ YDVAR(0, VAR_RPZ) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 116: YY_RULE_SETUP #line 330 "./util/configlexer.lex" -{ YDVAR(1, VAR_TAGS) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK case 117: YY_RULE_SETUP #line 331 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK case 118: YY_RULE_SETUP #line 332 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK case 119: YY_RULE_SETUP #line 333 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG) } +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK case 120: YY_RULE_SETUP #line 334 "./util/configlexer.lex" -{ YDVAR(1, VAR_RPZ_LOG_NAME) } +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK case 121: YY_RULE_SETUP #line 335 "./util/configlexer.lex" -{ YDVAR(1, VAR_ZONEFILE) } +{ YDVAR(1, VAR_FORWARD_NO_CACHE) } YY_BREAK case 122: YY_RULE_SETUP #line 336 "./util/configlexer.lex" -{ YDVAR(1, VAR_MASTER) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 123: YY_RULE_SETUP #line 337 "./util/configlexer.lex" -{ YDVAR(1, VAR_URL) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK case 124: YY_RULE_SETUP #line 338 "./util/configlexer.lex" -{ YDVAR(1, VAR_ALLOW_NOTIFY) } +{ YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK case 125: YY_RULE_SETUP #line 339 "./util/configlexer.lex" -{ YDVAR(1, VAR_FOR_DOWNSTREAM) } +{ YDVAR(0, VAR_RPZ) } YY_BREAK case 126: YY_RULE_SETUP #line 340 "./util/configlexer.lex" -{ YDVAR(1, VAR_FOR_UPSTREAM) } +{ YDVAR(1, VAR_TAGS) } YY_BREAK case 127: YY_RULE_SETUP #line 341 "./util/configlexer.lex" -{ YDVAR(1, VAR_FALLBACK_ENABLED) } +{ YDVAR(1, VAR_RPZ_ACTION_OVERRIDE) } YY_BREAK case 128: YY_RULE_SETUP #line 342 "./util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } +{ YDVAR(1, VAR_RPZ_CNAME_OVERRIDE) } YY_BREAK case 129: YY_RULE_SETUP #line 343 "./util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } +{ YDVAR(1, VAR_RPZ_LOG) } YY_BREAK case 130: YY_RULE_SETUP #line 344 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +{ YDVAR(1, VAR_RPZ_LOG_NAME) } YY_BREAK case 131: YY_RULE_SETUP #line 345 "./util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +{ YDVAR(1, VAR_ZONEFILE) } YY_BREAK case 132: YY_RULE_SETUP #line 346 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 133: YY_RULE_SETUP #line 347 "./util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK case 134: YY_RULE_SETUP #line 348 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } +{ YDVAR(1, VAR_URL) } YY_BREAK case 135: YY_RULE_SETUP #line 349 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +{ YDVAR(1, VAR_ALLOW_NOTIFY) } YY_BREAK case 136: YY_RULE_SETUP #line 350 "./util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +{ YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK case 137: YY_RULE_SETUP #line 351 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +{ YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK case 138: YY_RULE_SETUP #line 352 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK case 139: YY_RULE_SETUP #line 353 "./util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } +{ YDVAR(0, VAR_VIEW) } YY_BREAK case 140: YY_RULE_SETUP #line 354 "./util/configlexer.lex" -{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK case 141: YY_RULE_SETUP #line 355 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK case 142: YY_RULE_SETUP #line 356 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK case 143: YY_RULE_SETUP #line 357 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK case 144: YY_RULE_SETUP #line 358 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK case 145: YY_RULE_SETUP #line 359 "./util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK case 146: YY_RULE_SETUP #line 360 "./util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK case 147: YY_RULE_SETUP #line 361 "./util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK case 148: YY_RULE_SETUP #line 362 "./util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK case 149: YY_RULE_SETUP #line 363 "./util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK case 150: YY_RULE_SETUP #line 364 "./util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV4) } YY_BREAK case 151: YY_RULE_SETUP #line 365 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_MIN_CLIENT_SUBNET_IPV6) } YY_BREAK case 152: YY_RULE_SETUP #line 366 "./util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV4) } YY_BREAK case 153: YY_RULE_SETUP #line 367 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +{ YDVAR(1, VAR_MAX_ECS_TREE_SIZE_IPV6) } YY_BREAK case 154: YY_RULE_SETUP #line 368 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK case 155: YY_RULE_SETUP #line 369 "./util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK case 156: YY_RULE_SETUP #line 370 "./util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK case 157: YY_RULE_SETUP #line 371 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK case 158: YY_RULE_SETUP #line 372 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +{ YDVAR(1, VAR_VERSION) } YY_BREAK case 159: YY_RULE_SETUP #line 373 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK case 160: YY_RULE_SETUP #line 374 "./util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK case 161: YY_RULE_SETUP #line 375 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK case 162: YY_RULE_SETUP #line 376 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK case 163: YY_RULE_SETUP #line 377 "./util/configlexer.lex" -{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK case 164: YY_RULE_SETUP #line 378 "./util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK case 165: YY_RULE_SETUP #line 379 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK case 166: YY_RULE_SETUP #line 380 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } +{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK case 167: YY_RULE_SETUP #line 381 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } +{ YDVAR(1, VAR_ROOT_KEY_SENTINEL) } YY_BREAK case 168: YY_RULE_SETUP #line 382 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } YY_BREAK case 169: YY_RULE_SETUP #line 383 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } YY_BREAK case 170: YY_RULE_SETUP #line 384 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } YY_BREAK case 171: YY_RULE_SETUP #line 385 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +{ YDVAR(1, VAR_BOGUS_TTL) } YY_BREAK case 172: YY_RULE_SETUP #line 386 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } YY_BREAK case 173: YY_RULE_SETUP #line 387 "./util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } YY_BREAK case 174: YY_RULE_SETUP #line 388 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } YY_BREAK case 175: YY_RULE_SETUP #line 389 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } YY_BREAK case 176: YY_RULE_SETUP #line 390 "./util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +{ YDVAR(1, VAR_SERVE_EXPIRED) } YY_BREAK case 177: YY_RULE_SETUP #line 391 "./util/configlexer.lex" -{ - YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL) } YY_BREAK case 178: YY_RULE_SETUP -#line 393 "./util/configlexer.lex" -{ YDVAR(1, VAR_ADD_HOLDDOWN) } +#line 392 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_TTL_RESET) } YY_BREAK case 179: YY_RULE_SETUP -#line 394 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEL_HOLDDOWN) } +#line 393 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_REPLY_TTL) } YY_BREAK case 180: YY_RULE_SETUP -#line 395 "./util/configlexer.lex" -{ YDVAR(1, VAR_KEEP_MISSING) } +#line 394 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED_CLIENT_TIMEOUT) } YY_BREAK case 181: YY_RULE_SETUP -#line 396 "./util/configlexer.lex" -{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } +#line 395 "./util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_ORIGINAL_TTL) } YY_BREAK case 182: YY_RULE_SETUP -#line 397 "./util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSLOG) } +#line 396 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_DSA) } YY_BREAK case 183: YY_RULE_SETUP -#line 398 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_IDENTITY) } +#line 397 "./util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_SHA1) } YY_BREAK case 184: YY_RULE_SETUP -#line 399 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TIME_ASCII) } +#line 398 "./util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } YY_BREAK case 185: YY_RULE_SETUP -#line 400 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_QUERIES) } +#line 399 "./util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } YY_BREAK case 186: YY_RULE_SETUP -#line 401 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_REPLIES) } +#line 400 "./util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } YY_BREAK case 187: YY_RULE_SETUP -#line 402 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } +#line 401 "./util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } YY_BREAK case 188: YY_RULE_SETUP -#line 403 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } +#line 402 "./util/configlexer.lex" +{ + YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK case 189: YY_RULE_SETUP #line 404 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOG_SERVFAIL) } +{ YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK case 190: YY_RULE_SETUP #line 405 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE) } +{ YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK case 191: YY_RULE_SETUP #line 406 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA) } +{ YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK case 192: YY_RULE_SETUP #line 407 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOCAL_DATA_PTR) } +{ YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK case 193: YY_RULE_SETUP #line 408 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } +{ YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK case 194: YY_RULE_SETUP #line 409 "./util/configlexer.lex" -{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } +{ YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK case 195: YY_RULE_SETUP #line 410 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_INTERVAL) } +{ YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK case 196: YY_RULE_SETUP #line 411 "./util/configlexer.lex" -{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } +{ YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK case 197: YY_RULE_SETUP #line 412 "./util/configlexer.lex" -{ YDVAR(1, VAR_EXTENDED_STATISTICS) } +{ YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK case 198: YY_RULE_SETUP #line 413 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_ENABLE) } +{ YDVAR(1, VAR_LOG_TAG_QUERYREPLY) } YY_BREAK case 199: YY_RULE_SETUP #line 414 "./util/configlexer.lex" -{ YDVAR(1, VAR_SHM_KEY) } +{ YDVAR(1, VAR_LOG_LOCAL_ACTIONS) } YY_BREAK case 200: YY_RULE_SETUP #line 415 "./util/configlexer.lex" -{ YDVAR(0, VAR_REMOTE_CONTROL) } +{ YDVAR(1, VAR_LOG_SERVFAIL) } YY_BREAK case 201: YY_RULE_SETUP #line 416 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_ENABLE) } +{ YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK case 202: YY_RULE_SETUP #line 417 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_INTERFACE) } +{ YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK case 203: YY_RULE_SETUP #line 418 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_PORT) } +{ YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK case 204: YY_RULE_SETUP #line 419 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_USE_CERT) } +{ YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK case 205: YY_RULE_SETUP #line 420 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_KEY_FILE) } +{ YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK case 206: YY_RULE_SETUP #line 421 "./util/configlexer.lex" -{ YDVAR(1, VAR_SERVER_CERT_FILE) } +{ YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK case 207: YY_RULE_SETUP #line 422 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_KEY_FILE) } +{ YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK case 208: YY_RULE_SETUP #line 423 "./util/configlexer.lex" -{ YDVAR(1, VAR_CONTROL_CERT_FILE) } +{ YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK case 209: YY_RULE_SETUP #line 424 "./util/configlexer.lex" -{ YDVAR(1, VAR_PYTHON_SCRIPT) } +{ YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK case 210: YY_RULE_SETUP #line 425 "./util/configlexer.lex" -{ YDVAR(0, VAR_PYTHON) } +{ YDVAR(1, VAR_SHM_KEY) } YY_BREAK case 211: YY_RULE_SETUP #line 426 "./util/configlexer.lex" -{ YDVAR(1, VAR_DYNLIB_FILE) } +{ YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK case 212: YY_RULE_SETUP #line 427 "./util/configlexer.lex" -{ YDVAR(0, VAR_DYNLIB) } +{ YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK case 213: YY_RULE_SETUP #line 428 "./util/configlexer.lex" -{ YDVAR(1, VAR_DOMAIN_INSECURE) } +{ YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK case 214: YY_RULE_SETUP #line 429 "./util/configlexer.lex" -{ YDVAR(1, VAR_MINIMAL_RESPONSES) } +{ YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK case 215: YY_RULE_SETUP #line 430 "./util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } +{ YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK case 216: YY_RULE_SETUP #line 431 "./util/configlexer.lex" -{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } +{ YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK case 217: YY_RULE_SETUP #line 432 "./util/configlexer.lex" -{ YDVAR(1, VAR_MAX_UDP_SIZE) } +{ YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK case 218: YY_RULE_SETUP #line 433 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_PREFIX) } +{ YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK case 219: YY_RULE_SETUP #line 434 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_SYNTHALL) } +{ YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK case 220: YY_RULE_SETUP #line 435 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } +{ YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK case 221: YY_RULE_SETUP #line 436 "./util/configlexer.lex" -{ YDVAR(1, VAR_DEFINE_TAG) } +{ YDVAR(0, VAR_PYTHON) } YY_BREAK case 222: YY_RULE_SETUP #line 437 "./util/configlexer.lex" -{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } +{ YDVAR(1, VAR_DYNLIB_FILE) } YY_BREAK case 223: YY_RULE_SETUP #line 438 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } +{ YDVAR(0, VAR_DYNLIB) } YY_BREAK case 224: YY_RULE_SETUP #line 439 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } +{ YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK case 225: YY_RULE_SETUP #line 440 "./util/configlexer.lex" -{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } +{ YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK case 226: YY_RULE_SETUP #line 441 "./util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } +{ YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK case 227: YY_RULE_SETUP #line 442 "./util/configlexer.lex" -{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } +{ YDVAR(1, VAR_UNKNOWN_SERVER_TIME_LIMIT) } YY_BREAK case 228: YY_RULE_SETUP #line 443 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSTAP) } +{ YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK case 229: YY_RULE_SETUP #line 444 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_ENABLE) } +{ YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK case 230: YY_RULE_SETUP #line 445 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } +{ YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK case 231: YY_RULE_SETUP #line 446 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } +{ YDVAR(1, VAR_DNS64_IGNORE_AAAA) } YY_BREAK case 232: YY_RULE_SETUP #line 447 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IP) } +{ YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK case 233: YY_RULE_SETUP #line 448 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS) } +{ YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK case 234: YY_RULE_SETUP #line 449 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } +{ YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK case 235: YY_RULE_SETUP #line 450 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK case 236: YY_RULE_SETUP #line 451 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } +{ YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK case 237: YY_RULE_SETUP -#line 453 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } +#line 452 "./util/configlexer.lex" +{ YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK case 238: YY_RULE_SETUP -#line 455 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } +#line 453 "./util/configlexer.lex" +{ YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK case 239: YY_RULE_SETUP -#line 456 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } +#line 454 "./util/configlexer.lex" +{ YDVAR(0, VAR_DNSTAP) } YY_BREAK case 240: YY_RULE_SETUP -#line 457 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_IDENTITY) } +#line 455 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK case 241: YY_RULE_SETUP -#line 458 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSTAP_VERSION) } +#line 456 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_BIDIRECTIONAL) } YY_BREAK case 242: YY_RULE_SETUP -#line 459 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } +#line 457 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK case 243: YY_RULE_SETUP -#line 461 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } +#line 458 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IP) } YY_BREAK case 244: YY_RULE_SETUP -#line 463 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } +#line 459 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS) } YY_BREAK case 245: YY_RULE_SETUP -#line 465 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } +#line 460 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_SERVER_NAME) } YY_BREAK case 246: YY_RULE_SETUP -#line 467 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } +#line 461 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_TLS_CERT_BUNDLE) } YY_BREAK case 247: YY_RULE_SETUP -#line 469 "./util/configlexer.lex" +#line 462 "./util/configlexer.lex" { - YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_KEY_FILE) } YY_BREAK case 248: YY_RULE_SETUP -#line 471 "./util/configlexer.lex" -{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } +#line 464 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_TLS_CLIENT_CERT_FILE) } YY_BREAK case 249: YY_RULE_SETUP -#line 472 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT) } +#line 466 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK case 250: YY_RULE_SETUP -#line 473 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT) } +#line 467 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK case 251: YY_RULE_SETUP -#line 474 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } +#line 468 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK case 252: YY_RULE_SETUP -#line 475 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SLABS) } +#line 469 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK case 253: YY_RULE_SETUP -#line 476 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } +#line 470 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK case 254: YY_RULE_SETUP -#line 477 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_SIZE) } +#line 472 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK case 255: YY_RULE_SETUP -#line 478 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } +#line 474 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK case 256: YY_RULE_SETUP -#line 479 "./util/configlexer.lex" -{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } +#line 476 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK case 257: YY_RULE_SETUP -#line 480 "./util/configlexer.lex" -{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } +#line 478 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK case 258: YY_RULE_SETUP -#line 481 "./util/configlexer.lex" -{ YDVAR(1, VAR_RATELIMIT_FACTOR) } +#line 480 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK case 259: YY_RULE_SETUP #line 482 "./util/configlexer.lex" -{ YDVAR(1, VAR_LOW_RTT) } +{ YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK case 260: YY_RULE_SETUP #line 483 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_NUM) } +{ YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK case 261: YY_RULE_SETUP #line 484 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_RATELIMIT) } YY_BREAK case 262: YY_RULE_SETUP #line 485 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK case 263: YY_RULE_SETUP #line 486 "./util/configlexer.lex" -{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } +{ YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK case 264: YY_RULE_SETUP #line 487 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_TAG) } +{ YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK case 265: YY_RULE_SETUP #line 488 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP) } +{ YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK case 266: YY_RULE_SETUP #line 489 "./util/configlexer.lex" -{ YDVAR(2, VAR_RESPONSE_IP_DATA) } +{ YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK case 267: YY_RULE_SETUP #line 490 "./util/configlexer.lex" -{ YDVAR(0, VAR_DNSCRYPT) } +{ YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK case 268: YY_RULE_SETUP #line 491 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } +{ YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK case 269: YY_RULE_SETUP #line 492 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PORT) } +{ YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK case 270: YY_RULE_SETUP #line 493 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } +{ YDVAR(1, VAR_LOW_RTT) } YY_BREAK case 271: YY_RULE_SETUP #line 494 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } +{ YDVAR(1, VAR_FAST_SERVER_NUM) } YY_BREAK case 272: YY_RULE_SETUP #line 495 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 273: YY_RULE_SETUP #line 496 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 274: YY_RULE_SETUP #line 497 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } +{ YDVAR(1, VAR_FAST_SERVER_PERMIL) } YY_BREAK case 275: YY_RULE_SETUP -#line 499 "./util/configlexer.lex" -{ - YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } +#line 498 "./util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK case 276: YY_RULE_SETUP -#line 501 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } +#line 499 "./util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK case 277: YY_RULE_SETUP -#line 502 "./util/configlexer.lex" -{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } +#line 500 "./util/configlexer.lex" +{ YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK case 278: YY_RULE_SETUP -#line 503 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_ENABLED) } +#line 501 "./util/configlexer.lex" +{ YDVAR(0, VAR_DNSCRYPT) } YY_BREAK case 279: YY_RULE_SETUP -#line 504 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } +#line 502 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK case 280: YY_RULE_SETUP -#line 505 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_HOOK) } +#line 503 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK case 281: YY_RULE_SETUP -#line 506 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } +#line 504 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK case 282: YY_RULE_SETUP -#line 507 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } +#line 505 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK case 283: YY_RULE_SETUP -#line 508 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSECMOD_STRICT) } +#line 506 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK case 284: YY_RULE_SETUP -#line 509 "./util/configlexer.lex" -{ YDVAR(0, VAR_CACHEDB) } +#line 507 "./util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } YY_BREAK case 285: YY_RULE_SETUP -#line 510 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_BACKEND) } +#line 508 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK case 286: YY_RULE_SETUP -#line 511 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } +#line 510 "./util/configlexer.lex" +{ + YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK case 287: YY_RULE_SETUP #line 512 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISHOST) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK case 288: YY_RULE_SETUP #line 513 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISPORT) } +{ YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK case 289: YY_RULE_SETUP #line 514 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } +{ YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK case 290: YY_RULE_SETUP #line 515 "./util/configlexer.lex" -{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } +{ YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK case 291: YY_RULE_SETUP #line 516 "./util/configlexer.lex" -{ YDVAR(0, VAR_IPSET) } +{ YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK case 292: YY_RULE_SETUP #line 517 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V4) } +{ YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK case 293: YY_RULE_SETUP #line 518 "./util/configlexer.lex" -{ YDVAR(1, VAR_IPSET_NAME_V6) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 294: YY_RULE_SETUP #line 519 "./util/configlexer.lex" -{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } +{ YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK case 295: YY_RULE_SETUP #line 520 "./util/configlexer.lex" -{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +{ YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK case 296: -/* rule 296 can match eol */ YY_RULE_SETUP #line 521 "./util/configlexer.lex" +{ YDVAR(0, VAR_CACHEDB) } + YY_BREAK +case 297: +YY_RULE_SETUP +#line 522 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_BACKEND) } + YY_BREAK +case 298: +YY_RULE_SETUP +#line 523 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_SECRETSEED) } + YY_BREAK +case 299: +YY_RULE_SETUP +#line 524 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISHOST) } + YY_BREAK +case 300: +YY_RULE_SETUP +#line 525 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISPORT) } + YY_BREAK +case 301: +YY_RULE_SETUP +#line 526 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISTIMEOUT) } + YY_BREAK +case 302: +YY_RULE_SETUP +#line 527 "./util/configlexer.lex" +{ YDVAR(1, VAR_CACHEDB_REDISEXPIRERECORDS) } + YY_BREAK +case 303: +YY_RULE_SETUP +#line 528 "./util/configlexer.lex" +{ YDVAR(0, VAR_IPSET) } + YY_BREAK +case 304: +YY_RULE_SETUP +#line 529 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V4) } + YY_BREAK +case 305: +YY_RULE_SETUP +#line 530 "./util/configlexer.lex" +{ YDVAR(1, VAR_IPSET_NAME_V6) } + YY_BREAK +case 306: +YY_RULE_SETUP +#line 531 "./util/configlexer.lex" +{ YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } + YY_BREAK +case 307: +YY_RULE_SETUP +#line 532 "./util/configlexer.lex" +{ YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } + YY_BREAK +case 308: +YY_RULE_SETUP +#line 533 "./util/configlexer.lex" +{ YDVAR(2, VAR_EDNS_CLIENT_STRING) } + YY_BREAK +case 309: +YY_RULE_SETUP +#line 534 "./util/configlexer.lex" +{ YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } + YY_BREAK +case 310: +YY_RULE_SETUP +#line 535 "./util/configlexer.lex" +{ YDVAR(1, VAR_NSID ) } + YY_BREAK +case 311: +/* rule 311 can match eol */ +YY_RULE_SETUP +#line 536 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 297: +case 312: YY_RULE_SETUP -#line 524 "./util/configlexer.lex" +#line 539 "./util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 525 "./util/configlexer.lex" +#line 540 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 298: +case 313: YY_RULE_SETUP -#line 530 "./util/configlexer.lex" +#line 545 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 299: -/* rule 299 can match eol */ +case 314: +/* rule 314 can match eol */ YY_RULE_SETUP -#line 531 "./util/configlexer.lex" +#line 546 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 300: +case 315: YY_RULE_SETUP -#line 533 "./util/configlexer.lex" +#line 548 "./util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4868,34 +5063,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 301: +case 316: YY_RULE_SETUP -#line 545 "./util/configlexer.lex" +#line 560 "./util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 546 "./util/configlexer.lex" +#line 561 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 302: +case 317: YY_RULE_SETUP -#line 551 "./util/configlexer.lex" +#line 566 "./util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 303: -/* rule 303 can match eol */ +case 318: +/* rule 318 can match eol */ YY_RULE_SETUP -#line 552 "./util/configlexer.lex" +#line 567 "./util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 304: +case 319: YY_RULE_SETUP -#line 554 "./util/configlexer.lex" +#line 569 "./util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4908,38 +5103,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 305: +case 320: YY_RULE_SETUP -#line 566 "./util/configlexer.lex" +#line 581 "./util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 568 "./util/configlexer.lex" +#line 583 "./util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 306: +case 321: YY_RULE_SETUP -#line 572 "./util/configlexer.lex" +#line 587 "./util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 307: -/* rule 307 can match eol */ +case 322: +/* rule 322 can match eol */ YY_RULE_SETUP -#line 573 "./util/configlexer.lex" +#line 588 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 308: +case 323: YY_RULE_SETUP -#line 574 "./util/configlexer.lex" +#line 589 "./util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 309: +case 324: YY_RULE_SETUP -#line 575 "./util/configlexer.lex" +#line 590 "./util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 0); @@ -4947,27 +5142,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 580 "./util/configlexer.lex" +#line 595 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 310: +case 325: YY_RULE_SETUP -#line 584 "./util/configlexer.lex" +#line 599 "./util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 311: -/* rule 311 can match eol */ +case 326: +/* rule 326 can match eol */ YY_RULE_SETUP -#line 585 "./util/configlexer.lex" +#line 600 "./util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 312: +case 327: YY_RULE_SETUP -#line 587 "./util/configlexer.lex" +#line 602 "./util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -4977,7 +5172,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 593 "./util/configlexer.lex" +#line 608 "./util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -4992,39 +5187,39 @@ case YY_STATE_EOF(val): } YY_BREAK /* include-toplevel: directive */ -case 313: +case 328: YY_RULE_SETUP -#line 607 "./util/configlexer.lex" +#line 622 "./util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include_toplevel); } YY_BREAK case YY_STATE_EOF(include_toplevel): -#line 610 "./util/configlexer.lex" +#line 625 "./util/configlexer.lex" { yyerror("EOF inside include_toplevel directive"); BEGIN(inc_prev); } YY_BREAK -case 314: +case 329: YY_RULE_SETUP -#line 614 "./util/configlexer.lex" +#line 629 "./util/configlexer.lex" { LEXOUT(("ITSP ")); /* ignore */ } YY_BREAK -case 315: -/* rule 315 can match eol */ +case 330: +/* rule 330 can match eol */ YY_RULE_SETUP -#line 615 "./util/configlexer.lex" +#line 630 "./util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK -case 316: +case 331: YY_RULE_SETUP -#line 616 "./util/configlexer.lex" +#line 631 "./util/configlexer.lex" { LEXOUT(("ITQS ")); BEGIN(include_toplevel_quoted); } YY_BREAK -case 317: +case 332: YY_RULE_SETUP -#line 617 "./util/configlexer.lex" +#line 632 "./util/configlexer.lex" { LEXOUT(("ITunquotedstr(%s) ", yytext)); config_start_include_glob(yytext, 1); @@ -5033,29 +5228,29 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_toplevel_quoted): -#line 623 "./util/configlexer.lex" +#line 638 "./util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 318: +case 333: YY_RULE_SETUP -#line 627 "./util/configlexer.lex" +#line 642 "./util/configlexer.lex" { LEXOUT(("ITSTR(%s) ", yytext)); yymore(); } YY_BREAK -case 319: -/* rule 319 can match eol */ +case 334: +/* rule 334 can match eol */ YY_RULE_SETUP -#line 628 "./util/configlexer.lex" +#line 643 "./util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 320: +case 335: YY_RULE_SETUP -#line 632 "./util/configlexer.lex" +#line 647 "./util/configlexer.lex" { LEXOUT(("ITQE ")); yytext[yyleng - 1] = '\0'; @@ -5064,33 +5259,33 @@ YY_RULE_SETUP return (VAR_FORCE_TOPLEVEL); } YY_BREAK -case 321: +case 336: YY_RULE_SETUP -#line 640 "./util/configlexer.lex" +#line 655 "./util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 322: +case 337: YY_RULE_SETUP -#line 644 "./util/configlexer.lex" +#line 659 "./util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 323: +case 338: YY_RULE_SETUP -#line 648 "./util/configlexer.lex" +#line 663 "./util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 324: +case 339: YY_RULE_SETUP -#line 652 "./util/configlexer.lex" +#line 667 "./util/configlexer.lex" ECHO; YY_BREAK -#line 5092 "" +#line 5287 "" case YY_END_OF_BUFFER: { @@ -5385,7 +5580,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3150 ) + if ( yy_current_state >= 3309 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; @@ -5413,11 +5608,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 3150 ) + if ( yy_current_state >= 3309 ) yy_c = yy_meta[yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; - yy_is_jam = (yy_current_state == 3149); + yy_is_jam = (yy_current_state == 3308); return yy_is_jam ? 0 : yy_current_state; } @@ -6056,6 +6251,6 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 652 "./util/configlexer.lex" +#line 667 "./util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index 9d304418f..6fe4b7fea 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -256,6 +256,13 @@ tls-session-ticket-keys{COLON} { YDVAR(1, VAR_TLS_SESSION_TICKET_KEYS) } tls-ciphers{COLON} { YDVAR(1, VAR_TLS_CIPHERS) } tls-ciphersuites{COLON} { YDVAR(1, VAR_TLS_CIPHERSUITES) } tls-use-sni{COLON} { YDVAR(1, VAR_TLS_USE_SNI) } +https-port{COLON} { YDVAR(1, VAR_HTTPS_PORT) } +http-endpoint{COLON} { YDVAR(1, VAR_HTTP_ENDPOINT) } +http-max-streams{COLON} { YDVAR(1, VAR_HTTP_MAX_STREAMS) } +http-query-buffer-size{COLON} { YDVAR(1, VAR_HTTP_QUERY_BUFFER_SIZE) } +http-response-buffer-size{COLON} { YDVAR(1, VAR_HTTP_RESPONSE_BUFFER_SIZE) } +http-nodelay{COLON} { YDVAR(1, VAR_HTTP_NODELAY) } +http-notls-downstream{COLON} { YDVAR(1, VAR_HTTP_NOTLS_DOWNSTREAM) } use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } interface{COLON} { YDVAR(1, VAR_INTERFACE) } @@ -290,9 +297,11 @@ infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) } infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +infra-keep-probing{COLON} { YDVAR(1, VAR_INFRA_KEEP_PROBING) } num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) } delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) } +udp-connect{COLON} { YDVAR(1, VAR_UDP_CONNECT) } target-fetch-policy{COLON} { YDVAR(1, VAR_TARGET_FETCH_POLICY) } harden-short-bufsize{COLON} { YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } harden-large-queries{COLON} { YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } @@ -303,6 +312,7 @@ harden-referral-path{COLON} { YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } harden-algo-downgrade{COLON} { YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } use-caps-for-id{COLON} { YDVAR(1, VAR_USE_CAPS_FOR_ID) } caps-whitelist{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } +caps-exempt{COLON} { YDVAR(1, VAR_CAPS_WHITELIST) } unwanted-reply-threshold{COLON} { YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } private-address{COLON} { YDVAR(1, VAR_PRIVATE_ADDRESS) } private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } @@ -334,6 +344,7 @@ rpz-log{COLON} { YDVAR(1, VAR_RPZ_LOG) } rpz-log-name{COLON} { YDVAR(1, VAR_RPZ_LOG_NAME) } zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) } master{COLON} { YDVAR(1, VAR_MASTER) } +primary{COLON} { YDVAR(1, VAR_MASTER) } url{COLON} { YDVAR(1, VAR_URL) } allow-notify{COLON} { YDVAR(1, VAR_ALLOW_NOTIFY) } for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) } @@ -505,6 +516,7 @@ ipsecmod-ignore-bogus{COLON} { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } ipsecmod-hook{COLON} { YDVAR(1, VAR_IPSECMOD_HOOK) } ipsecmod-max-ttl{COLON} { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } ipsecmod-whitelist{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } +ipsecmod-allow{COLON} { YDVAR(1, VAR_IPSECMOD_WHITELIST) } ipsecmod-strict{COLON} { YDVAR(1, VAR_IPSECMOD_STRICT) } cachedb{COLON} { YDVAR(0, VAR_CACHEDB) } backend{COLON} { YDVAR(1, VAR_CACHEDB_BACKEND) } @@ -518,6 +530,9 @@ name-v4{COLON} { YDVAR(1, VAR_IPSET_NAME_V4) } name-v6{COLON} { YDVAR(1, VAR_IPSET_NAME_V6) } udp-upstream-without-downstream{COLON} { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } tcp-connection-limit{COLON} { YDVAR(2, VAR_TCP_CONNECTION_LIMIT) } +edns-client-string{COLON} { YDVAR(2, VAR_EDNS_CLIENT_STRING) } +edns-client-string-opcode{COLON} { YDVAR(1, VAR_EDNS_CLIENT_STRING_OPCODE) } +nsid{COLON} { YDVAR(1, VAR_NSID ) } {NEWLINE} { LEXOUT(("NL\n")); cfg_parser->line++; } /* Quoted strings. Strip leading and ending quotes */ diff --git a/util/configparser.c b/util/configparser.c index 7032f1b9f..8165290e1 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -265,157 +265,169 @@ extern int yydebug; VAR_STUB_SSL_UPSTREAM = 394, VAR_FORWARD_SSL_UPSTREAM = 395, VAR_TLS_CERT_BUNDLE = 396, - VAR_STUB_FIRST = 397, - VAR_MINIMAL_RESPONSES = 398, - VAR_RRSET_ROUNDROBIN = 399, - VAR_MAX_UDP_SIZE = 400, - VAR_DELAY_CLOSE = 401, - VAR_UNBLOCK_LAN_ZONES = 402, - VAR_INSECURE_LAN_ZONES = 403, - VAR_INFRA_CACHE_MIN_RTT = 404, - VAR_DNS64_PREFIX = 405, - VAR_DNS64_SYNTHALL = 406, - VAR_DNS64_IGNORE_AAAA = 407, - VAR_DNSTAP = 408, - VAR_DNSTAP_ENABLE = 409, - VAR_DNSTAP_SOCKET_PATH = 410, - VAR_DNSTAP_IP = 411, - VAR_DNSTAP_TLS = 412, - VAR_DNSTAP_TLS_SERVER_NAME = 413, - VAR_DNSTAP_TLS_CERT_BUNDLE = 414, - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 415, - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 416, - VAR_DNSTAP_SEND_IDENTITY = 417, - VAR_DNSTAP_SEND_VERSION = 418, - VAR_DNSTAP_BIDIRECTIONAL = 419, - VAR_DNSTAP_IDENTITY = 420, - VAR_DNSTAP_VERSION = 421, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 422, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 423, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 424, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 425, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 426, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 427, - VAR_RESPONSE_IP_TAG = 428, - VAR_RESPONSE_IP = 429, - VAR_RESPONSE_IP_DATA = 430, - VAR_HARDEN_ALGO_DOWNGRADE = 431, - VAR_IP_TRANSPARENT = 432, - VAR_IP_DSCP = 433, - VAR_DISABLE_DNSSEC_LAME_CHECK = 434, - VAR_IP_RATELIMIT = 435, - VAR_IP_RATELIMIT_SLABS = 436, - VAR_IP_RATELIMIT_SIZE = 437, - VAR_RATELIMIT = 438, - VAR_RATELIMIT_SLABS = 439, - VAR_RATELIMIT_SIZE = 440, - VAR_RATELIMIT_FOR_DOMAIN = 441, - VAR_RATELIMIT_BELOW_DOMAIN = 442, - VAR_IP_RATELIMIT_FACTOR = 443, - VAR_RATELIMIT_FACTOR = 444, - VAR_SEND_CLIENT_SUBNET = 445, - VAR_CLIENT_SUBNET_ZONE = 446, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 447, - VAR_CLIENT_SUBNET_OPCODE = 448, - VAR_MAX_CLIENT_SUBNET_IPV4 = 449, - VAR_MAX_CLIENT_SUBNET_IPV6 = 450, - VAR_MIN_CLIENT_SUBNET_IPV4 = 451, - VAR_MIN_CLIENT_SUBNET_IPV6 = 452, - VAR_MAX_ECS_TREE_SIZE_IPV4 = 453, - VAR_MAX_ECS_TREE_SIZE_IPV6 = 454, - VAR_CAPS_WHITELIST = 455, - VAR_CACHE_MAX_NEGATIVE_TTL = 456, - VAR_PERMIT_SMALL_HOLDDOWN = 457, - VAR_QNAME_MINIMISATION = 458, - VAR_QNAME_MINIMISATION_STRICT = 459, - VAR_IP_FREEBIND = 460, - VAR_DEFINE_TAG = 461, - VAR_LOCAL_ZONE_TAG = 462, - VAR_ACCESS_CONTROL_TAG = 463, - VAR_LOCAL_ZONE_OVERRIDE = 464, - VAR_ACCESS_CONTROL_TAG_ACTION = 465, - VAR_ACCESS_CONTROL_TAG_DATA = 466, - VAR_VIEW = 467, - VAR_ACCESS_CONTROL_VIEW = 468, - VAR_VIEW_FIRST = 469, - VAR_SERVE_EXPIRED = 470, - VAR_SERVE_EXPIRED_TTL = 471, - VAR_SERVE_EXPIRED_TTL_RESET = 472, - VAR_SERVE_EXPIRED_REPLY_TTL = 473, - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 474, - VAR_SERVE_ORIGINAL_TTL = 475, - VAR_FAKE_DSA = 476, - VAR_FAKE_SHA1 = 477, - VAR_LOG_IDENTITY = 478, - VAR_HIDE_TRUSTANCHOR = 479, - VAR_TRUST_ANCHOR_SIGNALING = 480, - VAR_AGGRESSIVE_NSEC = 481, - VAR_USE_SYSTEMD = 482, - VAR_SHM_ENABLE = 483, - VAR_SHM_KEY = 484, - VAR_ROOT_KEY_SENTINEL = 485, - VAR_DNSCRYPT = 486, - VAR_DNSCRYPT_ENABLE = 487, - VAR_DNSCRYPT_PORT = 488, - VAR_DNSCRYPT_PROVIDER = 489, - VAR_DNSCRYPT_SECRET_KEY = 490, - VAR_DNSCRYPT_PROVIDER_CERT = 491, - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 492, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 493, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 494, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 495, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 496, - VAR_IPSECMOD_ENABLED = 497, - VAR_IPSECMOD_HOOK = 498, - VAR_IPSECMOD_IGNORE_BOGUS = 499, - VAR_IPSECMOD_MAX_TTL = 500, - VAR_IPSECMOD_WHITELIST = 501, - VAR_IPSECMOD_STRICT = 502, - VAR_CACHEDB = 503, - VAR_CACHEDB_BACKEND = 504, - VAR_CACHEDB_SECRETSEED = 505, - VAR_CACHEDB_REDISHOST = 506, - VAR_CACHEDB_REDISPORT = 507, - VAR_CACHEDB_REDISTIMEOUT = 508, - VAR_CACHEDB_REDISEXPIRERECORDS = 509, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 510, - VAR_FOR_UPSTREAM = 511, - VAR_AUTH_ZONE = 512, - VAR_ZONEFILE = 513, - VAR_MASTER = 514, - VAR_URL = 515, - VAR_FOR_DOWNSTREAM = 516, - VAR_FALLBACK_ENABLED = 517, - VAR_TLS_ADDITIONAL_PORT = 518, - VAR_LOW_RTT = 519, - VAR_LOW_RTT_PERMIL = 520, - VAR_FAST_SERVER_PERMIL = 521, - VAR_FAST_SERVER_NUM = 522, - VAR_ALLOW_NOTIFY = 523, - VAR_TLS_WIN_CERT = 524, - VAR_TCP_CONNECTION_LIMIT = 525, - VAR_FORWARD_NO_CACHE = 526, - VAR_STUB_NO_CACHE = 527, - VAR_LOG_SERVFAIL = 528, - VAR_DENY_ANY = 529, - VAR_UNKNOWN_SERVER_TIME_LIMIT = 530, - VAR_LOG_TAG_QUERYREPLY = 531, - VAR_STREAM_WAIT_SIZE = 532, - VAR_TLS_CIPHERS = 533, - VAR_TLS_CIPHERSUITES = 534, - VAR_TLS_USE_SNI = 535, - VAR_IPSET = 536, - VAR_IPSET_NAME_V4 = 537, - VAR_IPSET_NAME_V6 = 538, - VAR_TLS_SESSION_TICKET_KEYS = 539, - VAR_RPZ = 540, - VAR_TAGS = 541, - VAR_RPZ_ACTION_OVERRIDE = 542, - VAR_RPZ_CNAME_OVERRIDE = 543, - VAR_RPZ_LOG = 544, - VAR_RPZ_LOG_NAME = 545, - VAR_DYNLIB = 546, - VAR_DYNLIB_FILE = 547 + VAR_HTTPS_PORT = 397, + VAR_HTTP_ENDPOINT = 398, + VAR_HTTP_MAX_STREAMS = 399, + VAR_HTTP_QUERY_BUFFER_SIZE = 400, + VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, + VAR_HTTP_NODELAY = 402, + VAR_HTTP_NOTLS_DOWNSTREAM = 403, + VAR_STUB_FIRST = 404, + VAR_MINIMAL_RESPONSES = 405, + VAR_RRSET_ROUNDROBIN = 406, + VAR_MAX_UDP_SIZE = 407, + VAR_DELAY_CLOSE = 408, + VAR_UDP_CONNECT = 409, + VAR_UNBLOCK_LAN_ZONES = 410, + VAR_INSECURE_LAN_ZONES = 411, + VAR_INFRA_CACHE_MIN_RTT = 412, + VAR_INFRA_KEEP_PROBING = 413, + VAR_DNS64_PREFIX = 414, + VAR_DNS64_SYNTHALL = 415, + VAR_DNS64_IGNORE_AAAA = 416, + VAR_DNSTAP = 417, + VAR_DNSTAP_ENABLE = 418, + VAR_DNSTAP_SOCKET_PATH = 419, + VAR_DNSTAP_IP = 420, + VAR_DNSTAP_TLS = 421, + VAR_DNSTAP_TLS_SERVER_NAME = 422, + VAR_DNSTAP_TLS_CERT_BUNDLE = 423, + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, + VAR_DNSTAP_SEND_IDENTITY = 426, + VAR_DNSTAP_SEND_VERSION = 427, + VAR_DNSTAP_BIDIRECTIONAL = 428, + VAR_DNSTAP_IDENTITY = 429, + VAR_DNSTAP_VERSION = 430, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, + VAR_RESPONSE_IP_TAG = 437, + VAR_RESPONSE_IP = 438, + VAR_RESPONSE_IP_DATA = 439, + VAR_HARDEN_ALGO_DOWNGRADE = 440, + VAR_IP_TRANSPARENT = 441, + VAR_IP_DSCP = 442, + VAR_DISABLE_DNSSEC_LAME_CHECK = 443, + VAR_IP_RATELIMIT = 444, + VAR_IP_RATELIMIT_SLABS = 445, + VAR_IP_RATELIMIT_SIZE = 446, + VAR_RATELIMIT = 447, + VAR_RATELIMIT_SLABS = 448, + VAR_RATELIMIT_SIZE = 449, + VAR_RATELIMIT_FOR_DOMAIN = 450, + VAR_RATELIMIT_BELOW_DOMAIN = 451, + VAR_IP_RATELIMIT_FACTOR = 452, + VAR_RATELIMIT_FACTOR = 453, + VAR_SEND_CLIENT_SUBNET = 454, + VAR_CLIENT_SUBNET_ZONE = 455, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, + VAR_CLIENT_SUBNET_OPCODE = 457, + VAR_MAX_CLIENT_SUBNET_IPV4 = 458, + VAR_MAX_CLIENT_SUBNET_IPV6 = 459, + VAR_MIN_CLIENT_SUBNET_IPV4 = 460, + VAR_MIN_CLIENT_SUBNET_IPV6 = 461, + VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, + VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, + VAR_CAPS_WHITELIST = 464, + VAR_CACHE_MAX_NEGATIVE_TTL = 465, + VAR_PERMIT_SMALL_HOLDDOWN = 466, + VAR_QNAME_MINIMISATION = 467, + VAR_QNAME_MINIMISATION_STRICT = 468, + VAR_IP_FREEBIND = 469, + VAR_DEFINE_TAG = 470, + VAR_LOCAL_ZONE_TAG = 471, + VAR_ACCESS_CONTROL_TAG = 472, + VAR_LOCAL_ZONE_OVERRIDE = 473, + VAR_ACCESS_CONTROL_TAG_ACTION = 474, + VAR_ACCESS_CONTROL_TAG_DATA = 475, + VAR_VIEW = 476, + VAR_ACCESS_CONTROL_VIEW = 477, + VAR_VIEW_FIRST = 478, + VAR_SERVE_EXPIRED = 479, + VAR_SERVE_EXPIRED_TTL = 480, + VAR_SERVE_EXPIRED_TTL_RESET = 481, + VAR_SERVE_EXPIRED_REPLY_TTL = 482, + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, + VAR_SERVE_ORIGINAL_TTL = 484, + VAR_FAKE_DSA = 485, + VAR_FAKE_SHA1 = 486, + VAR_LOG_IDENTITY = 487, + VAR_HIDE_TRUSTANCHOR = 488, + VAR_TRUST_ANCHOR_SIGNALING = 489, + VAR_AGGRESSIVE_NSEC = 490, + VAR_USE_SYSTEMD = 491, + VAR_SHM_ENABLE = 492, + VAR_SHM_KEY = 493, + VAR_ROOT_KEY_SENTINEL = 494, + VAR_DNSCRYPT = 495, + VAR_DNSCRYPT_ENABLE = 496, + VAR_DNSCRYPT_PORT = 497, + VAR_DNSCRYPT_PROVIDER = 498, + VAR_DNSCRYPT_SECRET_KEY = 499, + VAR_DNSCRYPT_PROVIDER_CERT = 500, + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, + VAR_IPSECMOD_ENABLED = 506, + VAR_IPSECMOD_HOOK = 507, + VAR_IPSECMOD_IGNORE_BOGUS = 508, + VAR_IPSECMOD_MAX_TTL = 509, + VAR_IPSECMOD_WHITELIST = 510, + VAR_IPSECMOD_STRICT = 511, + VAR_CACHEDB = 512, + VAR_CACHEDB_BACKEND = 513, + VAR_CACHEDB_SECRETSEED = 514, + VAR_CACHEDB_REDISHOST = 515, + VAR_CACHEDB_REDISPORT = 516, + VAR_CACHEDB_REDISTIMEOUT = 517, + VAR_CACHEDB_REDISEXPIRERECORDS = 518, + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 519, + VAR_FOR_UPSTREAM = 520, + VAR_AUTH_ZONE = 521, + VAR_ZONEFILE = 522, + VAR_MASTER = 523, + VAR_URL = 524, + VAR_FOR_DOWNSTREAM = 525, + VAR_FALLBACK_ENABLED = 526, + VAR_TLS_ADDITIONAL_PORT = 527, + VAR_LOW_RTT = 528, + VAR_LOW_RTT_PERMIL = 529, + VAR_FAST_SERVER_PERMIL = 530, + VAR_FAST_SERVER_NUM = 531, + VAR_ALLOW_NOTIFY = 532, + VAR_TLS_WIN_CERT = 533, + VAR_TCP_CONNECTION_LIMIT = 534, + VAR_FORWARD_NO_CACHE = 535, + VAR_STUB_NO_CACHE = 536, + VAR_LOG_SERVFAIL = 537, + VAR_DENY_ANY = 538, + VAR_UNKNOWN_SERVER_TIME_LIMIT = 539, + VAR_LOG_TAG_QUERYREPLY = 540, + VAR_STREAM_WAIT_SIZE = 541, + VAR_TLS_CIPHERS = 542, + VAR_TLS_CIPHERSUITES = 543, + VAR_TLS_USE_SNI = 544, + VAR_IPSET = 545, + VAR_IPSET_NAME_V4 = 546, + VAR_IPSET_NAME_V6 = 547, + VAR_TLS_SESSION_TICKET_KEYS = 548, + VAR_RPZ = 549, + VAR_TAGS = 550, + VAR_RPZ_ACTION_OVERRIDE = 551, + VAR_RPZ_CNAME_OVERRIDE = 552, + VAR_RPZ_LOG = 553, + VAR_RPZ_LOG_NAME = 554, + VAR_DYNLIB = 555, + VAR_DYNLIB_FILE = 556, + VAR_EDNS_CLIENT_STRING = 557, + VAR_EDNS_CLIENT_STRING_OPCODE = 558, + VAR_NSID = 559 }; #endif /* Tokens. */ @@ -558,157 +570,169 @@ extern int yydebug; #define VAR_STUB_SSL_UPSTREAM 394 #define VAR_FORWARD_SSL_UPSTREAM 395 #define VAR_TLS_CERT_BUNDLE 396 -#define VAR_STUB_FIRST 397 -#define VAR_MINIMAL_RESPONSES 398 -#define VAR_RRSET_ROUNDROBIN 399 -#define VAR_MAX_UDP_SIZE 400 -#define VAR_DELAY_CLOSE 401 -#define VAR_UNBLOCK_LAN_ZONES 402 -#define VAR_INSECURE_LAN_ZONES 403 -#define VAR_INFRA_CACHE_MIN_RTT 404 -#define VAR_DNS64_PREFIX 405 -#define VAR_DNS64_SYNTHALL 406 -#define VAR_DNS64_IGNORE_AAAA 407 -#define VAR_DNSTAP 408 -#define VAR_DNSTAP_ENABLE 409 -#define VAR_DNSTAP_SOCKET_PATH 410 -#define VAR_DNSTAP_IP 411 -#define VAR_DNSTAP_TLS 412 -#define VAR_DNSTAP_TLS_SERVER_NAME 413 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 414 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 415 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 416 -#define VAR_DNSTAP_SEND_IDENTITY 417 -#define VAR_DNSTAP_SEND_VERSION 418 -#define VAR_DNSTAP_BIDIRECTIONAL 419 -#define VAR_DNSTAP_IDENTITY 420 -#define VAR_DNSTAP_VERSION 421 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 422 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 423 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 424 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 425 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 426 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 427 -#define VAR_RESPONSE_IP_TAG 428 -#define VAR_RESPONSE_IP 429 -#define VAR_RESPONSE_IP_DATA 430 -#define VAR_HARDEN_ALGO_DOWNGRADE 431 -#define VAR_IP_TRANSPARENT 432 -#define VAR_IP_DSCP 433 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 434 -#define VAR_IP_RATELIMIT 435 -#define VAR_IP_RATELIMIT_SLABS 436 -#define VAR_IP_RATELIMIT_SIZE 437 -#define VAR_RATELIMIT 438 -#define VAR_RATELIMIT_SLABS 439 -#define VAR_RATELIMIT_SIZE 440 -#define VAR_RATELIMIT_FOR_DOMAIN 441 -#define VAR_RATELIMIT_BELOW_DOMAIN 442 -#define VAR_IP_RATELIMIT_FACTOR 443 -#define VAR_RATELIMIT_FACTOR 444 -#define VAR_SEND_CLIENT_SUBNET 445 -#define VAR_CLIENT_SUBNET_ZONE 446 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 447 -#define VAR_CLIENT_SUBNET_OPCODE 448 -#define VAR_MAX_CLIENT_SUBNET_IPV4 449 -#define VAR_MAX_CLIENT_SUBNET_IPV6 450 -#define VAR_MIN_CLIENT_SUBNET_IPV4 451 -#define VAR_MIN_CLIENT_SUBNET_IPV6 452 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 453 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 454 -#define VAR_CAPS_WHITELIST 455 -#define VAR_CACHE_MAX_NEGATIVE_TTL 456 -#define VAR_PERMIT_SMALL_HOLDDOWN 457 -#define VAR_QNAME_MINIMISATION 458 -#define VAR_QNAME_MINIMISATION_STRICT 459 -#define VAR_IP_FREEBIND 460 -#define VAR_DEFINE_TAG 461 -#define VAR_LOCAL_ZONE_TAG 462 -#define VAR_ACCESS_CONTROL_TAG 463 -#define VAR_LOCAL_ZONE_OVERRIDE 464 -#define VAR_ACCESS_CONTROL_TAG_ACTION 465 -#define VAR_ACCESS_CONTROL_TAG_DATA 466 -#define VAR_VIEW 467 -#define VAR_ACCESS_CONTROL_VIEW 468 -#define VAR_VIEW_FIRST 469 -#define VAR_SERVE_EXPIRED 470 -#define VAR_SERVE_EXPIRED_TTL 471 -#define VAR_SERVE_EXPIRED_TTL_RESET 472 -#define VAR_SERVE_EXPIRED_REPLY_TTL 473 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 474 -#define VAR_SERVE_ORIGINAL_TTL 475 -#define VAR_FAKE_DSA 476 -#define VAR_FAKE_SHA1 477 -#define VAR_LOG_IDENTITY 478 -#define VAR_HIDE_TRUSTANCHOR 479 -#define VAR_TRUST_ANCHOR_SIGNALING 480 -#define VAR_AGGRESSIVE_NSEC 481 -#define VAR_USE_SYSTEMD 482 -#define VAR_SHM_ENABLE 483 -#define VAR_SHM_KEY 484 -#define VAR_ROOT_KEY_SENTINEL 485 -#define VAR_DNSCRYPT 486 -#define VAR_DNSCRYPT_ENABLE 487 -#define VAR_DNSCRYPT_PORT 488 -#define VAR_DNSCRYPT_PROVIDER 489 -#define VAR_DNSCRYPT_SECRET_KEY 490 -#define VAR_DNSCRYPT_PROVIDER_CERT 491 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 492 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 493 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 494 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 495 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 496 -#define VAR_IPSECMOD_ENABLED 497 -#define VAR_IPSECMOD_HOOK 498 -#define VAR_IPSECMOD_IGNORE_BOGUS 499 -#define VAR_IPSECMOD_MAX_TTL 500 -#define VAR_IPSECMOD_WHITELIST 501 -#define VAR_IPSECMOD_STRICT 502 -#define VAR_CACHEDB 503 -#define VAR_CACHEDB_BACKEND 504 -#define VAR_CACHEDB_SECRETSEED 505 -#define VAR_CACHEDB_REDISHOST 506 -#define VAR_CACHEDB_REDISPORT 507 -#define VAR_CACHEDB_REDISTIMEOUT 508 -#define VAR_CACHEDB_REDISEXPIRERECORDS 509 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 510 -#define VAR_FOR_UPSTREAM 511 -#define VAR_AUTH_ZONE 512 -#define VAR_ZONEFILE 513 -#define VAR_MASTER 514 -#define VAR_URL 515 -#define VAR_FOR_DOWNSTREAM 516 -#define VAR_FALLBACK_ENABLED 517 -#define VAR_TLS_ADDITIONAL_PORT 518 -#define VAR_LOW_RTT 519 -#define VAR_LOW_RTT_PERMIL 520 -#define VAR_FAST_SERVER_PERMIL 521 -#define VAR_FAST_SERVER_NUM 522 -#define VAR_ALLOW_NOTIFY 523 -#define VAR_TLS_WIN_CERT 524 -#define VAR_TCP_CONNECTION_LIMIT 525 -#define VAR_FORWARD_NO_CACHE 526 -#define VAR_STUB_NO_CACHE 527 -#define VAR_LOG_SERVFAIL 528 -#define VAR_DENY_ANY 529 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 530 -#define VAR_LOG_TAG_QUERYREPLY 531 -#define VAR_STREAM_WAIT_SIZE 532 -#define VAR_TLS_CIPHERS 533 -#define VAR_TLS_CIPHERSUITES 534 -#define VAR_TLS_USE_SNI 535 -#define VAR_IPSET 536 -#define VAR_IPSET_NAME_V4 537 -#define VAR_IPSET_NAME_V6 538 -#define VAR_TLS_SESSION_TICKET_KEYS 539 -#define VAR_RPZ 540 -#define VAR_TAGS 541 -#define VAR_RPZ_ACTION_OVERRIDE 542 -#define VAR_RPZ_CNAME_OVERRIDE 543 -#define VAR_RPZ_LOG 544 -#define VAR_RPZ_LOG_NAME 545 -#define VAR_DYNLIB 546 -#define VAR_DYNLIB_FILE 547 +#define VAR_HTTPS_PORT 397 +#define VAR_HTTP_ENDPOINT 398 +#define VAR_HTTP_MAX_STREAMS 399 +#define VAR_HTTP_QUERY_BUFFER_SIZE 400 +#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401 +#define VAR_HTTP_NODELAY 402 +#define VAR_HTTP_NOTLS_DOWNSTREAM 403 +#define VAR_STUB_FIRST 404 +#define VAR_MINIMAL_RESPONSES 405 +#define VAR_RRSET_ROUNDROBIN 406 +#define VAR_MAX_UDP_SIZE 407 +#define VAR_DELAY_CLOSE 408 +#define VAR_UDP_CONNECT 409 +#define VAR_UNBLOCK_LAN_ZONES 410 +#define VAR_INSECURE_LAN_ZONES 411 +#define VAR_INFRA_CACHE_MIN_RTT 412 +#define VAR_INFRA_KEEP_PROBING 413 +#define VAR_DNS64_PREFIX 414 +#define VAR_DNS64_SYNTHALL 415 +#define VAR_DNS64_IGNORE_AAAA 416 +#define VAR_DNSTAP 417 +#define VAR_DNSTAP_ENABLE 418 +#define VAR_DNSTAP_SOCKET_PATH 419 +#define VAR_DNSTAP_IP 420 +#define VAR_DNSTAP_TLS 421 +#define VAR_DNSTAP_TLS_SERVER_NAME 422 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 423 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425 +#define VAR_DNSTAP_SEND_IDENTITY 426 +#define VAR_DNSTAP_SEND_VERSION 427 +#define VAR_DNSTAP_BIDIRECTIONAL 428 +#define VAR_DNSTAP_IDENTITY 429 +#define VAR_DNSTAP_VERSION 430 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436 +#define VAR_RESPONSE_IP_TAG 437 +#define VAR_RESPONSE_IP 438 +#define VAR_RESPONSE_IP_DATA 439 +#define VAR_HARDEN_ALGO_DOWNGRADE 440 +#define VAR_IP_TRANSPARENT 441 +#define VAR_IP_DSCP 442 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 443 +#define VAR_IP_RATELIMIT 444 +#define VAR_IP_RATELIMIT_SLABS 445 +#define VAR_IP_RATELIMIT_SIZE 446 +#define VAR_RATELIMIT 447 +#define VAR_RATELIMIT_SLABS 448 +#define VAR_RATELIMIT_SIZE 449 +#define VAR_RATELIMIT_FOR_DOMAIN 450 +#define VAR_RATELIMIT_BELOW_DOMAIN 451 +#define VAR_IP_RATELIMIT_FACTOR 452 +#define VAR_RATELIMIT_FACTOR 453 +#define VAR_SEND_CLIENT_SUBNET 454 +#define VAR_CLIENT_SUBNET_ZONE 455 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456 +#define VAR_CLIENT_SUBNET_OPCODE 457 +#define VAR_MAX_CLIENT_SUBNET_IPV4 458 +#define VAR_MAX_CLIENT_SUBNET_IPV6 459 +#define VAR_MIN_CLIENT_SUBNET_IPV4 460 +#define VAR_MIN_CLIENT_SUBNET_IPV6 461 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 462 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 463 +#define VAR_CAPS_WHITELIST 464 +#define VAR_CACHE_MAX_NEGATIVE_TTL 465 +#define VAR_PERMIT_SMALL_HOLDDOWN 466 +#define VAR_QNAME_MINIMISATION 467 +#define VAR_QNAME_MINIMISATION_STRICT 468 +#define VAR_IP_FREEBIND 469 +#define VAR_DEFINE_TAG 470 +#define VAR_LOCAL_ZONE_TAG 471 +#define VAR_ACCESS_CONTROL_TAG 472 +#define VAR_LOCAL_ZONE_OVERRIDE 473 +#define VAR_ACCESS_CONTROL_TAG_ACTION 474 +#define VAR_ACCESS_CONTROL_TAG_DATA 475 +#define VAR_VIEW 476 +#define VAR_ACCESS_CONTROL_VIEW 477 +#define VAR_VIEW_FIRST 478 +#define VAR_SERVE_EXPIRED 479 +#define VAR_SERVE_EXPIRED_TTL 480 +#define VAR_SERVE_EXPIRED_TTL_RESET 481 +#define VAR_SERVE_EXPIRED_REPLY_TTL 482 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 +#define VAR_SERVE_ORIGINAL_TTL 484 +#define VAR_FAKE_DSA 485 +#define VAR_FAKE_SHA1 486 +#define VAR_LOG_IDENTITY 487 +#define VAR_HIDE_TRUSTANCHOR 488 +#define VAR_TRUST_ANCHOR_SIGNALING 489 +#define VAR_AGGRESSIVE_NSEC 490 +#define VAR_USE_SYSTEMD 491 +#define VAR_SHM_ENABLE 492 +#define VAR_SHM_KEY 493 +#define VAR_ROOT_KEY_SENTINEL 494 +#define VAR_DNSCRYPT 495 +#define VAR_DNSCRYPT_ENABLE 496 +#define VAR_DNSCRYPT_PORT 497 +#define VAR_DNSCRYPT_PROVIDER 498 +#define VAR_DNSCRYPT_SECRET_KEY 499 +#define VAR_DNSCRYPT_PROVIDER_CERT 500 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505 +#define VAR_IPSECMOD_ENABLED 506 +#define VAR_IPSECMOD_HOOK 507 +#define VAR_IPSECMOD_IGNORE_BOGUS 508 +#define VAR_IPSECMOD_MAX_TTL 509 +#define VAR_IPSECMOD_WHITELIST 510 +#define VAR_IPSECMOD_STRICT 511 +#define VAR_CACHEDB 512 +#define VAR_CACHEDB_BACKEND 513 +#define VAR_CACHEDB_SECRETSEED 514 +#define VAR_CACHEDB_REDISHOST 515 +#define VAR_CACHEDB_REDISPORT 516 +#define VAR_CACHEDB_REDISTIMEOUT 517 +#define VAR_CACHEDB_REDISEXPIRERECORDS 518 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 519 +#define VAR_FOR_UPSTREAM 520 +#define VAR_AUTH_ZONE 521 +#define VAR_ZONEFILE 522 +#define VAR_MASTER 523 +#define VAR_URL 524 +#define VAR_FOR_DOWNSTREAM 525 +#define VAR_FALLBACK_ENABLED 526 +#define VAR_TLS_ADDITIONAL_PORT 527 +#define VAR_LOW_RTT 528 +#define VAR_LOW_RTT_PERMIL 529 +#define VAR_FAST_SERVER_PERMIL 530 +#define VAR_FAST_SERVER_NUM 531 +#define VAR_ALLOW_NOTIFY 532 +#define VAR_TLS_WIN_CERT 533 +#define VAR_TCP_CONNECTION_LIMIT 534 +#define VAR_FORWARD_NO_CACHE 535 +#define VAR_STUB_NO_CACHE 536 +#define VAR_LOG_SERVFAIL 537 +#define VAR_DENY_ANY 538 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 539 +#define VAR_LOG_TAG_QUERYREPLY 540 +#define VAR_STREAM_WAIT_SIZE 541 +#define VAR_TLS_CIPHERS 542 +#define VAR_TLS_CIPHERSUITES 543 +#define VAR_TLS_USE_SNI 544 +#define VAR_IPSET 545 +#define VAR_IPSET_NAME_V4 546 +#define VAR_IPSET_NAME_V6 547 +#define VAR_TLS_SESSION_TICKET_KEYS 548 +#define VAR_RPZ 549 +#define VAR_TAGS 550 +#define VAR_RPZ_ACTION_OVERRIDE 551 +#define VAR_RPZ_CNAME_OVERRIDE 552 +#define VAR_RPZ_LOG 553 +#define VAR_RPZ_LOG_NAME 554 +#define VAR_DYNLIB 555 +#define VAR_DYNLIB_FILE 556 +#define VAR_EDNS_CLIENT_STRING 557 +#define VAR_EDNS_CLIENT_STRING_OPCODE 558 +#define VAR_NSID 559 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -719,7 +743,7 @@ union YYSTYPE char* str; -#line 723 "util/configparser.c" /* yacc.c:355 */ +#line 747 "util/configparser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -736,7 +760,7 @@ int yyparse (void); /* Copy the second part of user declarations. */ -#line 740 "util/configparser.c" /* yacc.c:358 */ +#line 764 "util/configparser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -978,21 +1002,21 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 622 +#define YYLAST 644 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 293 +#define YYNTOKENS 305 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 318 +#define YYNNTS 330 /* YYNRULES -- Number of rules. */ -#define YYNRULES 612 +#define YYNRULES 636 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 908 +#define YYNSTATES 945 /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 547 +#define YYMAXUTOK 559 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -1055,75 +1079,78 @@ static const yytype_uint16 yytranslate[] = 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292 + 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 181, 181, 181, 182, 182, 183, 183, 184, 184, - 184, 185, 185, 186, 186, 187, 187, 188, 190, 196, - 201, 202, 203, 203, 203, 204, 204, 205, 205, 205, - 206, 206, 207, 207, 207, 208, 208, 209, 209, 209, - 210, 210, 210, 211, 211, 212, 212, 213, 213, 214, - 214, 215, 215, 216, 216, 217, 217, 218, 218, 219, - 219, 219, 220, 220, 220, 221, 221, 221, 222, 222, - 223, 223, 224, 224, 225, 225, 226, 226, 226, 227, - 227, 228, 228, 229, 229, 229, 230, 230, 231, 231, - 232, 232, 233, 233, 233, 234, 234, 235, 235, 236, - 236, 237, 237, 238, 238, 239, 239, 239, 240, 240, - 241, 241, 241, 242, 242, 242, 243, 243, 243, 244, - 244, 244, 244, 245, 246, 246, 246, 247, 247, 247, - 248, 248, 249, 249, 250, 250, 250, 251, 251, 252, - 252, 252, 253, 254, 254, 255, 255, 256, 257, 257, - 258, 258, 259, 259, 260, 261, 261, 262, 262, 263, - 263, 264, 264, 265, 265, 266, 266, 266, 267, 267, - 268, 268, 269, 269, 270, 270, 271, 271, 272, 272, - 273, 273, 274, 274, 275, 275, 275, 276, 276, 276, - 277, 277, 278, 279, 279, 280, 280, 281, 281, 282, - 282, 283, 283, 283, 284, 284, 284, 285, 285, 285, - 286, 286, 287, 287, 288, 288, 289, 291, 303, 304, - 305, 305, 305, 305, 305, 306, 306, 308, 320, 321, - 322, 322, 322, 322, 323, 323, 325, 339, 340, 341, - 341, 341, 341, 342, 342, 342, 344, 361, 362, 363, - 363, 363, 363, 364, 364, 364, 365, 368, 387, 404, - 412, 422, 430, 447, 448, 449, 449, 449, 449, 449, - 450, 450, 450, 451, 451, 453, 462, 471, 482, 491, - 500, 509, 520, 529, 541, 555, 570, 581, 598, 615, - 632, 649, 664, 679, 692, 707, 716, 725, 734, 743, - 752, 761, 770, 779, 788, 797, 806, 815, 824, 833, - 846, 855, 868, 877, 886, 895, 902, 909, 918, 925, - 934, 942, 949, 956, 964, 973, 982, 991, 1005, 1014, - 1023, 1032, 1041, 1050, 1059, 1066, 1073, 1099, 1107, 1114, - 1121, 1128, 1135, 1143, 1151, 1159, 1166, 1177, 1188, 1195, - 1204, 1213, 1222, 1229, 1236, 1244, 1252, 1262, 1272, 1282, - 1296, 1304, 1317, 1328, 1336, 1349, 1358, 1367, 1376, 1386, - 1396, 1404, 1417, 1426, 1434, 1443, 1451, 1464, 1473, 1480, - 1490, 1500, 1510, 1520, 1530, 1540, 1550, 1560, 1567, 1574, - 1581, 1590, 1599, 1608, 1617, 1624, 1634, 1654, 1661, 1679, - 1692, 1705, 1714, 1723, 1732, 1741, 1751, 1761, 1772, 1781, - 1790, 1799, 1808, 1817, 1826, 1835, 1848, 1861, 1870, 1877, - 1886, 1895, 1904, 1913, 1921, 1934, 1942, 1983, 1990, 2005, - 2015, 2025, 2032, 2039, 2046, 2055, 2063, 2077, 2098, 2119, - 2131, 2143, 2155, 2164, 2185, 2195, 2204, 2212, 2220, 2233, - 2246, 2261, 2276, 2285, 2294, 2300, 2309, 2318, 2328, 2338, - 2351, 2364, 2376, 2390, 2402, 2416, 2426, 2433, 2440, 2449, - 2458, 2468, 2478, 2488, 2495, 2502, 2511, 2520, 2530, 2540, - 2547, 2554, 2561, 2569, 2579, 2589, 2599, 2609, 2648, 2658, - 2666, 2674, 2689, 2698, 2703, 2704, 2705, 2705, 2705, 2706, - 2706, 2706, 2707, 2707, 2709, 2719, 2728, 2735, 2742, 2749, - 2756, 2763, 2770, 2775, 2776, 2777, 2777, 2777, 2778, 2778, - 2778, 2779, 2780, 2780, 2781, 2781, 2782, 2782, 2783, 2784, - 2785, 2786, 2787, 2788, 2790, 2799, 2809, 2816, 2823, 2832, - 2839, 2846, 2853, 2860, 2869, 2878, 2885, 2892, 2902, 2912, - 2922, 2932, 2942, 2952, 2957, 2958, 2959, 2961, 2967, 2972, - 2973, 2974, 2976, 2982, 2992, 2999, 3008, 3016, 3021, 3022, - 3024, 3024, 3024, 3025, 3025, 3026, 3027, 3028, 3029, 3030, - 3032, 3042, 3051, 3058, 3067, 3074, 3083, 3091, 3104, 3112, - 3125, 3130, 3131, 3132, 3132, 3133, 3133, 3133, 3134, 3136, - 3148, 3160, 3172, 3187, 3200, 3213, 3224, 3229, 3230, 3231, - 3231, 3233, 3248 + 0, 185, 185, 185, 186, 186, 187, 187, 188, 188, + 188, 189, 189, 190, 190, 191, 191, 192, 194, 200, + 205, 206, 207, 207, 207, 208, 208, 209, 209, 209, + 210, 210, 211, 211, 211, 212, 212, 213, 213, 213, + 214, 214, 214, 215, 215, 216, 216, 217, 217, 218, + 218, 219, 219, 220, 220, 221, 221, 222, 222, 223, + 223, 223, 224, 224, 224, 225, 225, 225, 226, 226, + 227, 227, 228, 228, 229, 229, 230, 230, 230, 231, + 231, 232, 232, 233, 233, 233, 234, 234, 235, 235, + 236, 236, 237, 237, 237, 238, 238, 239, 239, 240, + 240, 241, 241, 242, 242, 243, 243, 243, 244, 244, + 245, 245, 245, 246, 246, 246, 247, 247, 247, 248, + 248, 248, 248, 249, 250, 250, 250, 251, 251, 251, + 252, 252, 253, 253, 254, 254, 254, 255, 255, 255, + 256, 256, 257, 257, 257, 258, 258, 259, 259, 259, + 260, 260, 261, 261, 262, 262, 263, 264, 264, 265, + 265, 266, 266, 267, 268, 268, 269, 269, 270, 270, + 271, 271, 272, 272, 273, 273, 273, 274, 274, 275, + 275, 276, 276, 277, 277, 278, 278, 279, 279, 280, + 280, 281, 281, 282, 282, 282, 283, 283, 283, 284, + 284, 285, 286, 286, 287, 287, 288, 288, 289, 289, + 290, 290, 290, 291, 291, 291, 292, 292, 292, 293, + 293, 294, 294, 295, 295, 296, 296, 297, 297, 299, + 311, 312, 313, 313, 313, 313, 313, 314, 314, 316, + 328, 329, 330, 330, 330, 330, 331, 331, 333, 347, + 348, 349, 349, 349, 349, 350, 350, 350, 352, 369, + 370, 371, 371, 371, 371, 372, 372, 372, 373, 376, + 395, 412, 420, 430, 438, 455, 456, 457, 457, 457, + 457, 457, 458, 458, 458, 459, 459, 461, 470, 479, + 490, 499, 508, 517, 528, 537, 549, 563, 578, 589, + 606, 623, 640, 657, 672, 687, 700, 715, 724, 733, + 742, 751, 760, 769, 778, 787, 796, 805, 814, 823, + 832, 841, 854, 863, 876, 885, 894, 903, 910, 917, + 926, 933, 942, 950, 957, 964, 972, 981, 989, 1005, + 1013, 1021, 1029, 1037, 1045, 1054, 1063, 1077, 1086, 1095, + 1104, 1113, 1122, 1131, 1138, 1145, 1171, 1179, 1186, 1193, + 1200, 1207, 1215, 1223, 1231, 1238, 1249, 1260, 1267, 1276, + 1285, 1294, 1301, 1308, 1324, 1332, 1340, 1350, 1360, 1370, + 1384, 1392, 1405, 1416, 1424, 1437, 1446, 1455, 1464, 1473, + 1483, 1493, 1501, 1514, 1523, 1531, 1540, 1548, 1561, 1570, + 1580, 1587, 1597, 1607, 1617, 1627, 1637, 1647, 1657, 1667, + 1674, 1681, 1688, 1697, 1706, 1715, 1724, 1731, 1741, 1761, + 1768, 1786, 1799, 1812, 1821, 1830, 1839, 1848, 1858, 1868, + 1879, 1888, 1897, 1906, 1915, 1924, 1933, 1942, 1955, 1968, + 1977, 1984, 1993, 2002, 2011, 2020, 2028, 2041, 2049, 2094, + 2101, 2116, 2126, 2136, 2143, 2150, 2157, 2166, 2174, 2188, + 2209, 2230, 2242, 2254, 2266, 2275, 2296, 2306, 2315, 2323, + 2331, 2344, 2357, 2372, 2387, 2396, 2405, 2411, 2420, 2429, + 2439, 2449, 2462, 2475, 2487, 2501, 2513, 2527, 2536, 2548, + 2558, 2565, 2572, 2581, 2590, 2600, 2610, 2620, 2627, 2634, + 2643, 2652, 2662, 2672, 2679, 2686, 2693, 2701, 2711, 2721, + 2731, 2741, 2780, 2790, 2798, 2806, 2821, 2830, 2835, 2836, + 2837, 2837, 2837, 2838, 2838, 2838, 2839, 2839, 2841, 2851, + 2860, 2867, 2874, 2881, 2888, 2895, 2902, 2907, 2908, 2909, + 2909, 2909, 2910, 2910, 2910, 2911, 2912, 2912, 2913, 2913, + 2914, 2914, 2915, 2916, 2917, 2918, 2919, 2920, 2922, 2931, + 2941, 2948, 2955, 2964, 2971, 2978, 2985, 2992, 3001, 3010, + 3017, 3024, 3034, 3044, 3054, 3064, 3074, 3084, 3089, 3090, + 3091, 3093, 3099, 3104, 3105, 3106, 3108, 3114, 3124, 3131, + 3140, 3148, 3153, 3154, 3156, 3156, 3156, 3157, 3157, 3158, + 3159, 3160, 3161, 3162, 3164, 3174, 3183, 3190, 3199, 3206, + 3215, 3223, 3236, 3244, 3257, 3262, 3263, 3264, 3264, 3265, + 3265, 3265, 3266, 3268, 3280, 3292, 3304, 3319, 3332, 3345, + 3356, 3361, 3362, 3363, 3363, 3365, 3380 }; #endif @@ -1177,10 +1204,14 @@ static const char *const yytname[] = "VAR_LOG_REPLIES", "VAR_LOG_LOCAL_ACTIONS", "VAR_TCP_UPSTREAM", "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM", - "VAR_FORWARD_SSL_UPSTREAM", "VAR_TLS_CERT_BUNDLE", "VAR_STUB_FIRST", + "VAR_FORWARD_SSL_UPSTREAM", "VAR_TLS_CERT_BUNDLE", "VAR_HTTPS_PORT", + "VAR_HTTP_ENDPOINT", "VAR_HTTP_MAX_STREAMS", + "VAR_HTTP_QUERY_BUFFER_SIZE", "VAR_HTTP_RESPONSE_BUFFER_SIZE", + "VAR_HTTP_NODELAY", "VAR_HTTP_NOTLS_DOWNSTREAM", "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", - "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", - "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", + "VAR_DELAY_CLOSE", "VAR_UDP_CONNECT", "VAR_UNBLOCK_LAN_ZONES", + "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", + "VAR_INFRA_KEEP_PROBING", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", "VAR_DNS64_IGNORE_AAAA", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_IP", "VAR_DNSTAP_TLS", "VAR_DNSTAP_TLS_SERVER_NAME", "VAR_DNSTAP_TLS_CERT_BUNDLE", @@ -1240,7 +1271,8 @@ static const char *const yytname[] = "VAR_IPSET_NAME_V4", "VAR_IPSET_NAME_V6", "VAR_TLS_SESSION_TICKET_KEYS", "VAR_RPZ", "VAR_TAGS", "VAR_RPZ_ACTION_OVERRIDE", "VAR_RPZ_CNAME_OVERRIDE", "VAR_RPZ_LOG", "VAR_RPZ_LOG_NAME", - "VAR_DYNLIB", "VAR_DYNLIB_FILE", "$accept", "toplevelvars", + "VAR_DYNLIB", "VAR_DYNLIB_FILE", "VAR_EDNS_CLIENT_STRING", + "VAR_EDNS_CLIENT_STRING_OPCODE", "VAR_NSID", "$accept", "toplevelvars", "toplevelvar", "force_toplevel", "serverstart", "contents_server", "content_server", "stubstart", "contents_stub", "content_stub", "forwardstart", "contents_forward", "content_forward", "viewstart", @@ -1268,28 +1300,32 @@ static const char *const yytname[] = "server_tls_cert_bundle", "server_tls_win_cert", "server_tls_additional_port", "server_tls_ciphers", "server_tls_ciphersuites", "server_tls_session_ticket_keys", - "server_tls_use_sni", "server_use_systemd", "server_do_daemonize", - "server_use_syslog", "server_log_time_ascii", "server_log_queries", - "server_log_replies", "server_log_tag_queryreply", "server_log_servfail", - "server_log_local_actions", "server_chroot", "server_username", - "server_directory", "server_logfile", "server_pidfile", - "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", - "server_auto_trust_anchor_file", "server_trust_anchor_file", - "server_trusted_keys_file", "server_trust_anchor", - "server_trust_anchor_signaling", "server_root_key_sentinel", - "server_domain_insecure", "server_hide_identity", "server_hide_version", - "server_hide_trustanchor", "server_identity", "server_version", - "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", - "server_ip_transparent", "server_ip_freebind", "server_ip_dscp", - "server_stream_wait_size", "server_edns_buffer_size", - "server_msg_buffer_size", "server_msg_cache_size", - "server_msg_cache_slabs", "server_num_queries_per_thread", - "server_jostle_timeout", "server_delay_close", - "server_unblock_lan_zones", "server_insecure_lan_zones", - "server_rrset_cache_size", "server_rrset_cache_slabs", - "server_infra_host_ttl", "server_infra_lame_ttl", - "server_infra_cache_numhosts", "server_infra_cache_lame_size", - "server_infra_cache_slabs", "server_infra_cache_min_rtt", + "server_tls_use_sni", "server_https_port", "server_http_endpoint", + "server_http_max_streams", "server_http_query_buffer_size", + "server_http_response_buffer_size", "server_http_nodelay", + "server_http_notls_downstream", "server_use_systemd", + "server_do_daemonize", "server_use_syslog", "server_log_time_ascii", + "server_log_queries", "server_log_replies", "server_log_tag_queryreply", + "server_log_servfail", "server_log_local_actions", "server_chroot", + "server_username", "server_directory", "server_logfile", + "server_pidfile", "server_root_hints", "server_dlv_anchor_file", + "server_dlv_anchor", "server_auto_trust_anchor_file", + "server_trust_anchor_file", "server_trusted_keys_file", + "server_trust_anchor", "server_trust_anchor_signaling", + "server_root_key_sentinel", "server_domain_insecure", + "server_hide_identity", "server_hide_version", "server_hide_trustanchor", + "server_identity", "server_version", "server_nsid", "server_so_rcvbuf", + "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", + "server_ip_freebind", "server_ip_dscp", "server_stream_wait_size", + "server_edns_buffer_size", "server_msg_buffer_size", + "server_msg_cache_size", "server_msg_cache_slabs", + "server_num_queries_per_thread", "server_jostle_timeout", + "server_delay_close", "server_udp_connect", "server_unblock_lan_zones", + "server_insecure_lan_zones", "server_rrset_cache_size", + "server_rrset_cache_slabs", "server_infra_host_ttl", + "server_infra_lame_ttl", "server_infra_cache_numhosts", + "server_infra_cache_lame_size", "server_infra_cache_slabs", + "server_infra_cache_min_rtt", "server_infra_keep_probing", "server_target_fetch_policy", "server_harden_short_bufsize", "server_harden_large_queries", "server_harden_glue", "server_harden_dnssec_stripped", "server_harden_below_nxdomain", @@ -1329,23 +1365,25 @@ static const char *const yytname[] = "server_qname_minimisation_strict", "server_ipsecmod_enabled", "server_ipsecmod_ignore_bogus", "server_ipsecmod_hook", "server_ipsecmod_max_ttl", "server_ipsecmod_whitelist", - "server_ipsecmod_strict", "stub_name", "stub_host", "stub_addr", - "stub_first", "stub_no_cache", "stub_ssl_upstream", "stub_prime", - "forward_name", "forward_host", "forward_addr", "forward_first", - "forward_no_cache", "forward_ssl_upstream", "auth_name", "auth_zonefile", - "auth_master", "auth_url", "auth_allow_notify", "auth_for_downstream", - "auth_for_upstream", "auth_fallback_enabled", "view_name", - "view_local_zone", "view_response_ip", "view_response_ip_data", - "view_local_data", "view_local_data_ptr", "view_first", "rcstart", - "contents_rc", "content_rc", "rc_control_enable", "rc_control_port", - "rc_control_interface", "rc_control_use_cert", "rc_server_key_file", - "rc_server_cert_file", "rc_control_key_file", "rc_control_cert_file", - "dtstart", "contents_dt", "content_dt", "dt_dnstap_enable", - "dt_dnstap_bidirectional", "dt_dnstap_socket_path", "dt_dnstap_ip", - "dt_dnstap_tls", "dt_dnstap_tls_server_name", - "dt_dnstap_tls_cert_bundle", "dt_dnstap_tls_client_key_file", - "dt_dnstap_tls_client_cert_file", "dt_dnstap_send_identity", - "dt_dnstap_send_version", "dt_dnstap_identity", "dt_dnstap_version", + "server_ipsecmod_strict", "server_edns_client_string", + "server_edns_client_string_opcode", "stub_name", "stub_host", + "stub_addr", "stub_first", "stub_no_cache", "stub_ssl_upstream", + "stub_prime", "forward_name", "forward_host", "forward_addr", + "forward_first", "forward_no_cache", "forward_ssl_upstream", "auth_name", + "auth_zonefile", "auth_master", "auth_url", "auth_allow_notify", + "auth_for_downstream", "auth_for_upstream", "auth_fallback_enabled", + "view_name", "view_local_zone", "view_response_ip", + "view_response_ip_data", "view_local_data", "view_local_data_ptr", + "view_first", "rcstart", "contents_rc", "content_rc", + "rc_control_enable", "rc_control_port", "rc_control_interface", + "rc_control_use_cert", "rc_server_key_file", "rc_server_cert_file", + "rc_control_key_file", "rc_control_cert_file", "dtstart", "contents_dt", + "content_dt", "dt_dnstap_enable", "dt_dnstap_bidirectional", + "dt_dnstap_socket_path", "dt_dnstap_ip", "dt_dnstap_tls", + "dt_dnstap_tls_server_name", "dt_dnstap_tls_cert_bundle", + "dt_dnstap_tls_client_key_file", "dt_dnstap_tls_client_cert_file", + "dt_dnstap_send_identity", "dt_dnstap_send_version", + "dt_dnstap_identity", "dt_dnstap_version", "dt_dnstap_log_resolver_query_messages", "dt_dnstap_log_resolver_response_messages", "dt_dnstap_log_client_query_messages", @@ -1403,14 +1441,15 @@ static const yytype_uint16 yytoknum[] = 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547 + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559 }; # endif -#define YYPACT_NINF -286 +#define YYPACT_NINF -292 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-286))) + (!!((Yystate) == (-292))) #define YYTABLE_NINF -1 @@ -1421,97 +1460,101 @@ static const yytype_uint16 yytoknum[] = STATE-NUM. */ static const yytype_int16 yypact[] = { - -286, 0, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 279, -42, -37, -43, -21, -44, -11, -87, - -109, -285, -207, -231, -273, 3, 4, 5, 25, 26, + -292, 0, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, 288, -42, -38, -43, -21, -44, -11, -96, + -109, -291, -216, -241, -283, 3, 4, 13, 25, 26, 27, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40, 41, 43, 44, 45, 46, 47, 48, 49, 50, - 51, 52, 54, 55, 84, 85, 88, 89, 92, 94, - 95, 96, 97, 98, 99, 100, 101, 103, 104, 105, + 51, 52, 54, 55, 84, 85, 88, 89, 91, 93, + 94, 95, 96, 98, 99, 100, 101, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, - 116, 117, 118, 119, 120, 123, 124, 125, 126, 127, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 141, 142, 144, 145, 146, 147, 148, - 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, - 159, 160, 162, 163, 164, 165, 166, 167, 168, 169, - 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 128, 129, 132, 133, 134, 135, 136, 137, + 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, + 148, 149, 150, 151, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, - 200, 201, 203, 207, 208, 209, 210, 211, 212, 213, - 215, 216, 217, 218, 219, 222, 223, 226, 239, 240, - 241, 242, 243, 244, 245, 246, 248, 249, 250, 251, - 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, - 262, 263, 264, 265, 266, 267, 268, 269, 270, 272, - 273, 274, 276, 277, 278, 280, 314, 315, 316, 317, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, 321, 322, 323, 365, - 366, 367, 368, -286, -286, -286, -286, -286, -286, -286, - -286, 369, 370, 371, 372, 373, 377, -286, -286, -286, - -286, -286, -286, -286, 381, 382, 407, 408, 409, 411, - 422, -286, -286, -286, -286, -286, -286, -286, -286, 423, - 424, 425, 426, 427, 428, 429, 430, -286, -286, -286, - -286, -286, -286, -286, -286, -286, 431, 432, 433, 434, - 435, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 436, 437, 438, 439, 440, 441, 481, 483, - -286, -286, -286, -286, -286, -286, -286, -286, -286, 500, - 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, - 517, 518, 519, 520, 521, 522, 523, 525, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, 526, -286, - -286, 527, -286, -286, 528, 529, 530, 531, 534, 537, - 540, 541, 550, 551, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, 552, 554, 555, 556, 557, - 558, -286, -286, -286, -286, -286, -286, -286, 559, 560, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, 561, 562, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - 563, 564, 565, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, 566, 567, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, 568, 569, 570, 571, 572, 573, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, 574, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, 575, -286, -286, 576, 577, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, 578, 579, 580, - -286, -286, -286, -286, -286, -286, -286, -286 + 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, + 210, 212, 216, 217, 218, 219, 220, 221, 222, 224, + 225, 226, 227, 228, 231, 233, 235, 248, 249, 250, + 251, 252, 253, 254, 255, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 281, 282, + 283, 285, 286, 287, 289, 323, 324, 325, 326, 330, + 331, 332, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + 374, 375, 376, 377, 378, 379, 380, -292, -292, -292, + -292, -292, -292, -292, -292, 381, 382, 386, 390, 391, + 416, -292, -292, -292, -292, -292, -292, -292, 417, 418, + 427, 440, 441, 442, 443, -292, -292, -292, -292, -292, + -292, -292, -292, 444, 445, 446, 447, 448, 449, 450, + 451, -292, -292, -292, -292, -292, -292, -292, -292, -292, + 452, 453, 454, 455, 456, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, 457, 458, 459, 499, + 501, 518, 519, 520, -292, -292, -292, -292, -292, -292, + -292, -292, -292, 521, 522, 523, 524, 525, 526, 527, + 528, 535, 536, 537, 538, 539, 540, 541, 543, 544, + 545, 546, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, 547, -292, -292, 548, -292, -292, 549, 552, + 555, 558, 559, 568, 569, 570, 572, 573, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, 574, + 575, 576, 577, 578, 579, -292, -292, -292, -292, -292, + -292, -292, 583, 584, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, 585, 586, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, 587, 588, 589, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, 590, 591, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, 592, 593, 594, + 595, 596, 597, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, 598, -292, -292, -292, -292, -292, -292, -292, -292, + -292, 599, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, 600, -292, + -292, 601, 602, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, 603, 604, 605, -292, -292, -292, -292, + -292, -292, -292, -292, -292 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -1519,10 +1562,10 @@ static const yytype_int16 yypact[] = means the default is an error. */ static const yytype_uint16 yydefact[] = { - 2, 0, 1, 18, 19, 217, 227, 493, 553, 512, - 236, 567, 590, 246, 606, 262, 558, 3, 17, 21, - 219, 229, 238, 248, 264, 495, 514, 555, 560, 569, - 592, 608, 4, 5, 6, 10, 14, 15, 8, 9, + 2, 0, 1, 18, 19, 229, 239, 517, 577, 536, + 248, 591, 614, 258, 630, 274, 582, 3, 17, 21, + 231, 241, 250, 260, 276, 519, 538, 579, 584, 593, + 616, 632, 4, 5, 6, 10, 14, 15, 8, 9, 7, 16, 11, 12, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1543,147 +1586,153 @@ static const yytype_uint16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 20, 22, 23, 86, 89, 98, 187, 188, 24, 151, - 152, 153, 154, 155, 156, 157, 158, 159, 160, 37, - 77, 25, 90, 91, 48, 70, 85, 26, 27, 30, - 31, 28, 29, 32, 33, 34, 35, 36, 121, 199, - 122, 124, 125, 126, 201, 206, 202, 213, 214, 215, - 216, 183, 87, 76, 102, 119, 120, 211, 208, 123, - 38, 39, 40, 41, 42, 78, 92, 93, 108, 64, - 74, 65, 191, 192, 103, 58, 59, 190, 60, 61, - 112, 116, 130, 139, 165, 142, 212, 113, 71, 43, - 44, 45, 100, 131, 132, 133, 46, 47, 49, 50, - 52, 53, 51, 137, 54, 55, 56, 62, 81, 117, - 95, 138, 88, 161, 96, 97, 114, 115, 209, 101, - 57, 79, 82, 63, 66, 104, 105, 80, 162, 106, - 67, 68, 69, 200, 118, 175, 176, 177, 178, 179, - 180, 181, 189, 107, 75, 109, 110, 111, 163, 72, - 73, 94, 83, 84, 99, 127, 128, 210, 129, 134, - 135, 136, 166, 167, 169, 171, 172, 170, 173, 184, - 140, 141, 145, 146, 143, 144, 147, 148, 150, 149, - 203, 205, 204, 164, 174, 193, 195, 194, 196, 197, - 198, 168, 182, 185, 186, 207, 0, 0, 0, 0, - 0, 0, 0, 218, 220, 221, 222, 224, 225, 226, - 223, 0, 0, 0, 0, 0, 0, 228, 230, 231, - 232, 233, 234, 235, 0, 0, 0, 0, 0, 0, - 0, 237, 239, 240, 243, 244, 241, 245, 242, 0, - 0, 0, 0, 0, 0, 0, 0, 247, 249, 250, - 251, 252, 256, 253, 254, 255, 0, 0, 0, 0, - 0, 267, 271, 272, 273, 274, 263, 265, 266, 268, - 269, 270, 0, 0, 0, 0, 0, 0, 0, 0, - 494, 496, 498, 497, 503, 499, 500, 501, 502, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 513, 515, - 517, 516, 518, 519, 520, 521, 522, 523, 524, 525, - 526, 527, 528, 529, 530, 531, 532, 533, 0, 554, - 556, 0, 559, 561, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 568, 570, 571, 572, 574, 575, - 573, 576, 577, 578, 579, 0, 0, 0, 0, 0, - 0, 591, 593, 594, 595, 596, 597, 598, 0, 0, - 607, 609, 610, 276, 275, 282, 295, 293, 305, 301, - 302, 306, 303, 304, 307, 308, 309, 310, 311, 334, - 335, 336, 337, 338, 363, 364, 365, 370, 371, 298, - 372, 373, 376, 374, 375, 378, 379, 380, 394, 349, - 350, 352, 353, 381, 397, 343, 345, 398, 404, 405, - 406, 299, 362, 423, 424, 344, 418, 327, 294, 339, - 395, 401, 382, 0, 0, 427, 300, 277, 326, 386, - 278, 296, 297, 340, 341, 425, 384, 388, 389, 279, - 428, 366, 393, 328, 348, 399, 400, 403, 417, 342, - 421, 419, 420, 354, 361, 390, 391, 355, 356, 383, - 408, 329, 330, 333, 312, 314, 315, 316, 317, 318, - 429, 430, 432, 367, 368, 369, 377, 433, 434, 435, - 0, 0, 0, 385, 357, 359, 563, 444, 448, 446, - 445, 449, 447, 0, 0, 452, 453, 283, 284, 285, - 286, 287, 288, 289, 290, 291, 292, 387, 402, 422, - 457, 458, 358, 436, 0, 0, 0, 0, 0, 0, - 409, 410, 411, 412, 413, 414, 415, 416, 564, 351, - 346, 407, 325, 280, 281, 347, 459, 461, 460, 462, - 463, 464, 313, 320, 454, 456, 455, 319, 0, 332, - 392, 431, 331, 360, 321, 322, 324, 323, 465, 466, - 467, 471, 470, 468, 469, 472, 473, 474, 475, 477, - 476, 486, 0, 490, 491, 0, 0, 492, 478, 484, - 479, 480, 481, 483, 485, 482, 257, 258, 259, 260, - 261, 504, 506, 505, 508, 509, 510, 511, 507, 534, - 536, 537, 538, 539, 540, 541, 542, 543, 544, 535, - 545, 546, 547, 548, 549, 550, 551, 552, 557, 562, - 580, 581, 582, 585, 583, 584, 586, 587, 588, 589, - 599, 600, 601, 602, 603, 604, 611, 612, 396, 426, - 443, 565, 566, 450, 451, 437, 438, 0, 0, 0, - 442, 605, 487, 488, 489, 441, 439, 440 + 0, 0, 20, 22, 23, 86, 89, 98, 196, 197, + 24, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 37, 77, 25, 90, 91, 48, 70, 85, 26, + 27, 30, 31, 28, 29, 32, 33, 34, 35, 36, + 121, 208, 122, 124, 125, 126, 210, 215, 211, 222, + 223, 224, 225, 127, 128, 129, 130, 131, 132, 133, + 192, 87, 76, 102, 119, 120, 220, 217, 123, 38, + 39, 40, 41, 42, 78, 92, 93, 108, 64, 74, + 65, 200, 201, 103, 58, 59, 199, 60, 61, 228, + 112, 116, 137, 147, 174, 150, 221, 113, 71, 43, + 44, 45, 100, 138, 139, 140, 141, 46, 47, 49, + 50, 52, 53, 51, 145, 151, 54, 55, 56, 62, + 81, 117, 95, 146, 88, 170, 96, 97, 114, 115, + 218, 101, 57, 79, 82, 63, 66, 104, 105, 80, + 171, 106, 67, 68, 69, 209, 118, 184, 185, 186, + 187, 188, 189, 190, 198, 107, 75, 109, 110, 111, + 172, 72, 73, 94, 83, 84, 99, 134, 135, 219, + 136, 142, 143, 144, 175, 176, 178, 180, 181, 179, + 182, 193, 148, 149, 154, 155, 152, 153, 156, 157, + 159, 158, 212, 214, 213, 173, 183, 202, 204, 203, + 205, 206, 207, 226, 227, 177, 191, 194, 195, 216, + 0, 0, 0, 0, 0, 0, 0, 230, 232, 233, + 234, 236, 237, 238, 235, 0, 0, 0, 0, 0, + 0, 240, 242, 243, 244, 245, 246, 247, 0, 0, + 0, 0, 0, 0, 0, 249, 251, 252, 255, 256, + 253, 257, 254, 0, 0, 0, 0, 0, 0, 0, + 0, 259, 261, 262, 263, 264, 268, 265, 266, 267, + 0, 0, 0, 0, 0, 279, 283, 284, 285, 286, + 275, 277, 278, 280, 281, 282, 0, 0, 0, 0, + 0, 0, 0, 0, 518, 520, 522, 521, 527, 523, + 524, 525, 526, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 537, 539, 541, 540, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 0, 578, 580, 0, 583, 585, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 592, 594, + 595, 596, 598, 599, 597, 600, 601, 602, 603, 0, + 0, 0, 0, 0, 0, 615, 617, 618, 619, 620, + 621, 622, 0, 0, 631, 633, 634, 288, 287, 294, + 307, 305, 317, 313, 314, 318, 315, 316, 319, 320, + 321, 322, 323, 353, 354, 355, 356, 357, 383, 384, + 385, 391, 392, 310, 393, 394, 397, 395, 396, 400, + 401, 402, 416, 368, 369, 371, 372, 403, 419, 362, + 364, 420, 426, 427, 428, 311, 382, 445, 446, 363, + 440, 346, 306, 358, 417, 423, 404, 0, 0, 449, + 312, 289, 345, 408, 290, 308, 309, 359, 360, 447, + 406, 410, 411, 291, 450, 386, 415, 347, 367, 421, + 422, 425, 439, 361, 443, 441, 442, 374, 381, 412, + 413, 375, 376, 405, 430, 348, 349, 352, 324, 326, + 327, 328, 329, 330, 337, 338, 339, 340, 341, 342, + 343, 451, 452, 454, 387, 388, 389, 390, 398, 399, + 455, 456, 457, 0, 0, 0, 407, 377, 379, 587, + 466, 470, 468, 467, 471, 469, 0, 0, 474, 475, + 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 409, 424, 444, 479, 480, 378, 458, 0, 0, 0, + 0, 0, 0, 431, 432, 433, 434, 435, 436, 437, + 438, 588, 370, 365, 429, 344, 292, 293, 366, 481, + 483, 482, 484, 485, 486, 325, 332, 476, 478, 477, + 331, 0, 351, 414, 453, 350, 380, 333, 334, 336, + 335, 0, 488, 373, 489, 490, 491, 495, 494, 492, + 493, 496, 497, 498, 499, 501, 500, 510, 0, 514, + 515, 0, 0, 516, 502, 508, 503, 504, 505, 507, + 509, 506, 269, 270, 271, 272, 273, 528, 530, 529, + 532, 533, 534, 535, 531, 558, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 559, 569, 570, 571, 572, + 573, 574, 575, 576, 581, 586, 604, 605, 606, 609, + 607, 608, 610, 611, 612, 613, 623, 624, 625, 626, + 627, 628, 635, 636, 418, 448, 465, 589, 590, 472, + 473, 459, 460, 0, 0, 0, 464, 629, 487, 511, + 512, 513, 463, 461, 462 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - 581, 582, 583, 584, 585, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286, -286, -286, - -286, -286, -286, -286, -286, -286, -286, -286 + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, 580, 581, 582, 606, 607, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292, + -292, -292, -292, -292, -292, -292, -292, -292, -292, -292 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 17, 18, 19, 32, 240, 20, 33, 443, - 21, 34, 457, 22, 35, 471, 23, 36, 487, 501, - 502, 503, 504, 505, 24, 37, 506, 241, 242, 243, - 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, - 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, - 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, - 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 444, 445, 446, - 447, 448, 449, 450, 458, 459, 460, 461, 462, 463, - 488, 489, 490, 491, 492, 493, 494, 495, 472, 473, - 474, 475, 476, 477, 478, 25, 38, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 26, 39, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 27, 40, - 569, 570, 28, 41, 572, 573, 431, 432, 433, 434, - 29, 42, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 30, 43, 601, 602, 603, 604, 605, - 606, 607, 435, 31, 44, 610, 611, 612 + -1, 1, 17, 18, 19, 32, 252, 20, 33, 467, + 21, 34, 481, 22, 35, 495, 23, 36, 511, 525, + 526, 527, 528, 529, 24, 37, 530, 253, 254, 255, + 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, + 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, + 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, + 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, + 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 468, + 469, 470, 471, 472, 473, 474, 482, 483, 484, 485, + 486, 487, 512, 513, 514, 515, 516, 517, 518, 519, + 496, 497, 498, 499, 500, 501, 502, 25, 38, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 26, 39, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 27, 40, 593, 594, 28, 41, 596, 597, 455, 456, + 457, 458, 29, 42, 608, 609, 610, 611, 612, 613, + 614, 615, 616, 617, 618, 30, 43, 625, 626, 627, + 628, 629, 630, 631, 459, 31, 44, 634, 635, 636 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -1691,147 +1740,151 @@ static const yytype_int16 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint16 yytable[] = { - 2, 479, 464, 436, 568, 437, 438, 571, 451, 608, - 609, 3, 4, 613, 614, 615, 452, 453, 595, 596, - 597, 598, 599, 600, 479, 574, 575, 576, 577, 578, - 579, 580, 581, 582, 583, 616, 617, 618, 465, 466, - 619, 620, 621, 622, 623, 624, 5, 625, 626, 627, - 628, 629, 6, 630, 631, 632, 633, 634, 635, 636, - 637, 638, 639, 467, 640, 641, 439, 529, 530, 531, - 532, 533, 534, 535, 536, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 512, 513, 514, 515, - 516, 517, 518, 519, 642, 643, 7, 440, 644, 645, - 441, 454, 646, 455, 647, 648, 649, 650, 651, 652, - 653, 654, 8, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 468, 469, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, 684, 685, 686, 687, 688, 689, - 690, 691, 692, 9, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 470, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 10, 750, 481, 482, 483, 751, 752, 753, - 754, 755, 756, 757, 486, 758, 759, 760, 761, 762, - 442, 11, 763, 764, 456, 480, 765, 481, 482, 483, - 484, 485, 496, 497, 498, 499, 500, 486, 12, 766, - 767, 768, 769, 770, 771, 772, 773, 13, 774, 775, - 776, 777, 778, 779, 780, 781, 782, 783, 784, 785, - 786, 787, 788, 789, 790, 791, 792, 793, 794, 795, - 796, 14, 797, 798, 799, 15, 800, 801, 802, 0, - 803, 16, 45, 46, 47, 48, 49, 50, 51, 52, - 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 74, 75, 76, 804, 805, 806, 807, 77, 78, - 79, 808, 809, 810, 80, 81, 82, 83, 84, 85, - 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, - 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, - 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, - 116, 117, 118, 119, 120, 811, 812, 813, 814, 815, - 816, 817, 818, 819, 121, 122, 123, 820, 124, 125, - 126, 821, 822, 127, 128, 129, 130, 131, 132, 133, - 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, - 144, 145, 146, 147, 148, 149, 150, 823, 824, 825, - 151, 826, 152, 153, 154, 155, 156, 157, 158, 159, - 160, 161, 827, 828, 829, 830, 831, 832, 833, 834, - 835, 836, 837, 838, 839, 840, 841, 842, 843, 844, - 845, 846, 162, 163, 164, 165, 166, 167, 168, 169, - 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, - 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, - 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, - 200, 847, 201, 848, 202, 203, 204, 205, 206, 207, - 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 849, 850, 851, 852, 853, 854, 855, 856, 857, 858, - 859, 218, 219, 220, 221, 222, 223, 860, 861, 862, - 863, 864, 865, 866, 224, 867, 868, 869, 870, 871, - 872, 873, 225, 226, 874, 227, 228, 875, 229, 230, - 876, 877, 231, 232, 233, 234, 235, 236, 237, 238, - 878, 879, 880, 239, 881, 882, 883, 884, 885, 886, - 887, 888, 889, 890, 891, 892, 893, 894, 895, 896, - 897, 898, 899, 900, 901, 902, 903, 904, 905, 906, - 907, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2, 503, 488, 460, 592, 461, 462, 475, 632, 633, + 595, 3, 4, 637, 638, 476, 477, 619, 620, 621, + 622, 623, 624, 639, 503, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 640, 641, 642, 489, 490, + 643, 644, 645, 646, 647, 648, 5, 649, 650, 651, + 652, 653, 6, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 491, 664, 665, 463, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 536, 537, 538, 539, + 540, 541, 542, 543, 666, 667, 7, 464, 668, 669, + 478, 670, 479, 671, 672, 673, 674, 465, 675, 676, + 677, 678, 8, 679, 680, 681, 682, 683, 684, 685, + 686, 687, 688, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 492, 493, 706, 707, 708, 709, 710, 711, 712, 713, + 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, + 724, 725, 9, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 494, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 763, 764, 765, 766, 767, 768, 769, 770, 771, + 772, 773, 774, 775, 776, 777, 778, 779, 780, 781, + 782, 10, 783, 505, 506, 507, 784, 785, 786, 787, + 788, 789, 790, 510, 791, 792, 793, 794, 795, 466, + 11, 796, 480, 797, 504, 798, 505, 506, 507, 508, + 509, 520, 521, 522, 523, 524, 510, 12, 799, 800, + 801, 802, 803, 804, 805, 806, 13, 807, 808, 809, + 810, 811, 812, 813, 814, 815, 816, 817, 818, 819, + 820, 821, 822, 823, 824, 825, 826, 827, 828, 829, + 14, 830, 831, 832, 15, 833, 834, 835, 0, 836, + 16, 45, 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 837, 838, 839, 840, 77, 78, 79, + 841, 842, 843, 80, 81, 82, 83, 84, 85, 86, + 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, + 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, + 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, + 117, 118, 119, 120, 844, 845, 846, 847, 848, 849, + 850, 851, 852, 121, 122, 123, 853, 124, 125, 126, + 854, 855, 127, 128, 129, 130, 131, 132, 133, 134, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, + 145, 146, 147, 148, 149, 150, 856, 857, 858, 151, + 152, 153, 154, 155, 156, 157, 158, 859, 159, 160, + 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, + 860, 861, 862, 863, 864, 865, 866, 867, 868, 869, + 870, 871, 872, 873, 874, 875, 876, 877, 878, 879, + 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, + 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 880, + 210, 881, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 220, 221, 222, 223, 224, 225, 226, 882, 883, + 884, 885, 886, 887, 888, 889, 890, 891, 892, 227, + 228, 229, 230, 231, 232, 893, 894, 895, 896, 897, + 898, 899, 233, 900, 901, 902, 903, 904, 905, 906, + 234, 235, 907, 236, 237, 908, 238, 239, 909, 910, + 240, 241, 242, 243, 244, 245, 246, 247, 911, 912, + 913, 248, 914, 915, 916, 917, 918, 919, 920, 921, + 249, 250, 251, 922, 923, 924, 925, 926, 927, 928, + 929, 930, 931, 932, 933, 934, 935, 936, 937, 938, + 939, 940, 941, 942, 943, 944, 0, 531, 532, 533, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 507, 508, - 509, 510, 511 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 534, 535 }; static const yytype_int16 yycheck[] = { - 0, 45, 45, 45, 113, 47, 48, 292, 45, 282, - 283, 11, 12, 10, 10, 10, 53, 54, 249, 250, - 251, 252, 253, 254, 45, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 10, 10, 10, 81, 82, + 0, 45, 45, 45, 113, 47, 48, 45, 291, 292, + 301, 11, 12, 10, 10, 53, 54, 258, 259, 260, + 261, 262, 263, 10, 45, 241, 242, 243, 244, 245, + 246, 247, 248, 249, 250, 10, 10, 10, 81, 82, 10, 10, 10, 10, 10, 10, 46, 10, 10, 10, 10, 10, 52, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 106, 10, 10, 108, 154, 155, 156, - 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, - 167, 168, 169, 170, 171, 172, 97, 98, 99, 100, + 10, 10, 10, 106, 10, 10, 108, 163, 164, 165, + 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 181, 97, 98, 99, 100, 101, 102, 103, 104, 10, 10, 96, 139, 10, 10, - 142, 138, 10, 140, 10, 10, 10, 10, 10, 10, + 138, 10, 140, 10, 10, 10, 10, 149, 10, 10, 10, 10, 112, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 174, 175, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 153, 10, 10, 10, 10, 10, 10, + 183, 184, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 214, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 162, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 223, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 212, 10, 258, 259, 260, 10, 10, 10, - 10, 10, 10, 10, 268, 10, 10, 10, 10, 10, - 272, 231, 10, 10, 271, 256, 10, 258, 259, 260, - 261, 262, 286, 287, 288, 289, 290, 268, 248, 10, - 10, 10, 10, 10, 10, 10, 10, 257, 10, 10, + 10, 221, 10, 267, 268, 269, 10, 10, 10, 10, + 10, 10, 10, 277, 10, 10, 10, 10, 10, 281, + 240, 10, 280, 10, 265, 10, 267, 268, 269, 270, + 271, 295, 296, 297, 298, 299, 277, 257, 10, 10, + 10, 10, 10, 10, 10, 10, 266, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 281, 10, 10, 10, 285, 10, 10, 10, -1, - 10, 291, 13, 14, 15, 16, 17, 18, 19, 20, - 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, - 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 10, 10, 10, 10, 49, 50, - 51, 10, 10, 10, 55, 56, 57, 58, 59, 60, - 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, - 91, 92, 93, 94, 95, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 105, 106, 107, 10, 109, 110, - 111, 10, 10, 114, 115, 116, 117, 118, 119, 120, - 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, - 131, 132, 133, 134, 135, 136, 137, 10, 10, 10, - 141, 10, 143, 144, 145, 146, 147, 148, 149, 150, - 151, 152, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, - 211, 10, 213, 10, 215, 216, 217, 218, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 242, 243, 244, 245, 246, 247, 10, 10, 10, - 10, 10, 10, 10, 255, 10, 10, 10, 10, 10, - 10, 10, 263, 264, 10, 266, 267, 10, 269, 270, - 10, 10, 273, 274, 275, 276, 277, 278, 279, 280, - 10, 10, 10, 284, 10, 10, 10, 10, 10, 10, + 290, 10, 10, 10, 294, 10, 10, 10, -1, 10, + 300, 13, 14, 15, 16, 17, 18, 19, 20, 21, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, + 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, + 42, 43, 44, 10, 10, 10, 10, 49, 50, 51, + 10, 10, 10, 55, 56, 57, 58, 59, 60, 61, + 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, + 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, + 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, + 92, 93, 94, 95, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 105, 106, 107, 10, 109, 110, 111, + 10, 10, 114, 115, 116, 117, 118, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 10, 10, 10, 141, + 142, 143, 144, 145, 146, 147, 148, 10, 150, 151, + 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, + 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, + 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, + 212, 213, 214, 215, 216, 217, 218, 219, 220, 10, + 222, 10, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 251, + 252, 253, 254, 255, 256, 10, 10, 10, 10, 10, + 10, 10, 264, 10, 10, 10, 10, 10, 10, 10, + 272, 273, 10, 275, 276, 10, 278, 279, 10, 10, + 282, 283, 284, 285, 286, 287, 288, 289, 10, 10, + 10, 293, 10, 10, 10, 10, 10, 10, 10, 10, + 302, 303, 304, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, -1, 37, 37, 37, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 37, 37, - 37, 37, 37 + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 37, 37 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint16 yystos[] = { - 0, 294, 0, 11, 12, 46, 52, 96, 112, 153, - 212, 231, 248, 257, 281, 285, 291, 295, 296, 297, - 300, 303, 306, 309, 317, 538, 549, 571, 575, 583, - 596, 606, 298, 301, 304, 307, 310, 318, 539, 550, - 572, 576, 584, 597, 607, 13, 14, 15, 16, 17, + 0, 306, 0, 11, 12, 46, 52, 96, 112, 162, + 221, 240, 257, 266, 290, 294, 300, 307, 308, 309, + 312, 315, 318, 321, 329, 562, 573, 595, 599, 607, + 620, 630, 310, 313, 316, 319, 322, 330, 563, 574, + 596, 600, 608, 621, 631, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 49, 50, 51, @@ -1842,17 +1895,17 @@ static const yytype_uint16 yystos[] = 95, 105, 106, 107, 109, 110, 111, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 141, 143, 144, 145, 146, 147, 148, 149, 150, - 151, 152, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, + 137, 141, 142, 143, 144, 145, 146, 147, 148, 150, + 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, + 161, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, - 211, 213, 215, 216, 217, 218, 219, 220, 221, 222, - 223, 224, 225, 226, 227, 228, 229, 230, 242, 243, - 244, 245, 246, 247, 255, 263, 264, 266, 267, 269, - 270, 273, 274, 275, 276, 277, 278, 279, 280, 284, - 299, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, + 222, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 251, 252, 253, + 254, 255, 256, 264, 272, 273, 275, 276, 278, 279, + 282, 283, 284, 285, 286, 287, 288, 289, 293, 302, + 303, 304, 311, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, @@ -1870,25 +1923,27 @@ static const yytype_uint16 yystos[] = 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 579, 580, 581, 582, 605, 45, 47, 48, 108, - 139, 142, 272, 302, 510, 511, 512, 513, 514, 515, - 516, 45, 53, 54, 138, 140, 271, 305, 517, 518, - 519, 520, 521, 522, 45, 81, 82, 106, 174, 175, - 214, 308, 531, 532, 533, 534, 535, 536, 537, 45, - 256, 258, 259, 260, 261, 262, 268, 311, 523, 524, - 525, 526, 527, 528, 529, 530, 286, 287, 288, 289, - 290, 312, 313, 314, 315, 316, 319, 523, 524, 525, - 526, 527, 97, 98, 99, 100, 101, 102, 103, 104, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 154, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 168, 169, 170, 171, 172, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 113, 573, - 574, 292, 577, 578, 232, 233, 234, 235, 236, 237, - 238, 239, 240, 241, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 249, 250, 251, 252, 253, - 254, 598, 599, 600, 601, 602, 603, 604, 282, 283, - 608, 609, 610, 10, 10, 10, 10, 10, 10, 10, + 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, + 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, + 529, 530, 531, 532, 533, 603, 604, 605, 606, 629, + 45, 47, 48, 108, 139, 149, 281, 314, 534, 535, + 536, 537, 538, 539, 540, 45, 53, 54, 138, 140, + 280, 317, 541, 542, 543, 544, 545, 546, 45, 81, + 82, 106, 183, 184, 223, 320, 555, 556, 557, 558, + 559, 560, 561, 45, 265, 267, 268, 269, 270, 271, + 277, 323, 547, 548, 549, 550, 551, 552, 553, 554, + 295, 296, 297, 298, 299, 324, 325, 326, 327, 328, + 331, 547, 548, 549, 550, 551, 97, 98, 99, 100, + 101, 102, 103, 104, 564, 565, 566, 567, 568, 569, + 570, 571, 572, 163, 164, 165, 166, 167, 168, 169, + 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 113, 597, 598, 301, 601, 602, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 258, + 259, 260, 261, 262, 263, 622, 623, 624, 625, 626, + 627, 628, 291, 292, 632, 633, 634, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1917,41 +1972,43 @@ static const yytype_uint16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10 + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint16 yyr1[] = { - 0, 293, 294, 294, 295, 295, 295, 295, 295, 295, - 295, 295, 295, 295, 295, 295, 295, 295, 296, 297, - 298, 298, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 299, 299, 299, - 299, 299, 299, 299, 299, 299, 299, 300, 301, 301, - 302, 302, 302, 302, 302, 302, 302, 303, 304, 304, - 305, 305, 305, 305, 305, 305, 306, 307, 307, 308, - 308, 308, 308, 308, 308, 308, 309, 310, 310, 311, - 311, 311, 311, 311, 311, 311, 311, 312, 313, 314, - 315, 316, 317, 318, 318, 319, 319, 319, 319, 319, - 319, 319, 319, 319, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 0, 305, 306, 306, 307, 307, 307, 307, 307, 307, + 307, 307, 307, 307, 307, 307, 307, 307, 308, 309, + 310, 310, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 311, + 311, 311, 311, 311, 311, 311, 311, 311, 311, 312, + 313, 313, 314, 314, 314, 314, 314, 314, 314, 315, + 316, 316, 317, 317, 317, 317, 317, 317, 318, 319, + 319, 320, 320, 320, 320, 320, 320, 320, 321, 322, + 322, 323, 323, 323, 323, 323, 323, 323, 323, 324, + 325, 326, 327, 328, 329, 330, 330, 331, 331, 331, + 331, 331, 331, 331, 331, 331, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, @@ -1972,19 +2029,21 @@ static const yytype_uint16 yyr1[] = 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, 536, 537, 538, 539, 539, 540, 540, 540, 540, - 540, 540, 540, 540, 541, 542, 543, 544, 545, 546, - 547, 548, 549, 550, 550, 551, 551, 551, 551, 551, - 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, - 551, 551, 551, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 572, 573, 574, 575, 576, - 576, 577, 578, 579, 580, 581, 582, 583, 584, 584, - 585, 585, 585, 585, 585, 585, 585, 585, 585, 585, - 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, - 596, 597, 597, 598, 598, 598, 598, 598, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 607, 608, - 608, 609, 610 + 535, 536, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 563, + 564, 564, 564, 564, 564, 564, 564, 564, 565, 566, + 567, 568, 569, 570, 571, 572, 573, 574, 574, 575, + 575, 575, 575, 575, 575, 575, 575, 575, 575, 575, + 575, 575, 575, 575, 575, 575, 575, 575, 576, 577, + 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 596, + 597, 598, 599, 600, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 608, 609, 609, 609, 609, 609, 609, + 609, 609, 609, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 621, 622, 622, 622, + 622, 622, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 631, 631, 632, 632, 633, 634 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ @@ -2011,13 +2070,14 @@ static const yytype_uint8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, + 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -2029,29 +2089,30 @@ static const yytype_uint8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 3, 3, 4, - 4, 4, 3, 3, 2, 2, 2, 2, 2, 2, - 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, + 3, 4, 4, 4, 3, 3, 2, 2, 2, 2, + 2, 2, 3, 3, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, - 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, - 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, + 2, 3, 3, 3, 2, 2, 2, 1, 2, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 1, 2, 0, + 1, 2, 1, 2, 0, 1, 2, 2, 2, 3, + 3, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 2, 1, 2, - 0, 1, 2, 2, 2, 3, 3, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 1, 2, 0, 1, 1, 1, 1, 1, 1, 2, - 2, 2, 2, 2, 2, 3, 1, 2, 0, 1, - 1, 2, 2 + 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 2, 2, 2, 2, 2, 2, 3, + 1, 2, 0, 1, 1, 2, 2 }; @@ -2728,23 +2789,23 @@ yyreduce: switch (yyn) { case 18: -#line 191 "./util/configparser.y" /* yacc.c:1646 */ +#line 195 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(force-toplevel)\n")); } -#line 2736 "util/configparser.c" /* yacc.c:1646 */ +#line 2797 "util/configparser.c" /* yacc.c:1646 */ break; case 19: -#line 197 "./util/configparser.y" /* yacc.c:1646 */ +#line 201 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(server:)\n")); } -#line 2744 "util/configparser.c" /* yacc.c:1646 */ +#line 2805 "util/configparser.c" /* yacc.c:1646 */ break; - case 217: -#line 292 "./util/configparser.y" /* yacc.c:1646 */ + case 229: +#line 300 "./util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2755,11 +2816,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2759 "util/configparser.c" /* yacc.c:1646 */ +#line 2820 "util/configparser.c" /* yacc.c:1646 */ break; - case 227: -#line 309 "./util/configparser.y" /* yacc.c:1646 */ + case 239: +#line 317 "./util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2770,11 +2831,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2774 "util/configparser.c" /* yacc.c:1646 */ +#line 2835 "util/configparser.c" /* yacc.c:1646 */ break; - case 236: -#line 326 "./util/configparser.y" /* yacc.c:1646 */ + case 248: +#line 334 "./util/configparser.y" /* yacc.c:1646 */ { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -2787,11 +2848,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2791 "util/configparser.c" /* yacc.c:1646 */ +#line 2852 "util/configparser.c" /* yacc.c:1646 */ break; - case 246: -#line 345 "./util/configparser.y" /* yacc.c:1646 */ + case 258: +#line 353 "./util/configparser.y" /* yacc.c:1646 */ { struct config_auth* s; OUTYY(("\nP(auth_zone:)\n")); @@ -2807,11 +2868,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2811 "util/configparser.c" /* yacc.c:1646 */ +#line 2872 "util/configparser.c" /* yacc.c:1646 */ break; - case 257: -#line 369 "./util/configparser.y" /* yacc.c:1646 */ + case 269: +#line 377 "./util/configparser.y" /* yacc.c:1646 */ { uint8_t* bitlist; size_t len = 0; @@ -2828,11 +2889,11 @@ yyreduce: } } -#line 2832 "util/configparser.c" /* yacc.c:1646 */ +#line 2893 "util/configparser.c" /* yacc.c:1646 */ break; - case 258: -#line 388 "./util/configparser.y" /* yacc.c:1646 */ + case 270: +#line 396 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rpz_action_override:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "nxdomain")!=0 && strcmp((yyvsp[0].str), "nodata")!=0 && @@ -2847,21 +2908,21 @@ yyreduce: cfg_parser->cfg->auths->rpz_action_override = (yyvsp[0].str); } } -#line 2851 "util/configparser.c" /* yacc.c:1646 */ +#line 2912 "util/configparser.c" /* yacc.c:1646 */ break; - case 259: -#line 405 "./util/configparser.y" /* yacc.c:1646 */ + case 271: +#line 413 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rpz_cname_override:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_cname); cfg_parser->cfg->auths->rpz_cname = (yyvsp[0].str); } -#line 2861 "util/configparser.c" /* yacc.c:1646 */ +#line 2922 "util/configparser.c" /* yacc.c:1646 */ break; - case 260: -#line 413 "./util/configparser.y" /* yacc.c:1646 */ + case 272: +#line 421 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rpz_log:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2869,21 +2930,21 @@ yyreduce: else cfg_parser->cfg->auths->rpz_log = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2873 "util/configparser.c" /* yacc.c:1646 */ +#line 2934 "util/configparser.c" /* yacc.c:1646 */ break; - case 261: -#line 423 "./util/configparser.y" /* yacc.c:1646 */ + case 273: +#line 431 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rpz_log_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->rpz_log_name); cfg_parser->cfg->auths->rpz_log_name = (yyvsp[0].str); } -#line 2883 "util/configparser.c" /* yacc.c:1646 */ +#line 2944 "util/configparser.c" /* yacc.c:1646 */ break; - case 262: -#line 431 "./util/configparser.y" /* yacc.c:1646 */ + case 274: +#line 439 "./util/configparser.y" /* yacc.c:1646 */ { struct config_auth* s; OUTYY(("\nP(rpz:)\n")); @@ -2899,11 +2960,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2903 "util/configparser.c" /* yacc.c:1646 */ +#line 2964 "util/configparser.c" /* yacc.c:1646 */ break; - case 275: -#line 454 "./util/configparser.y" /* yacc.c:1646 */ + case 287: +#line 462 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2911,11 +2972,11 @@ yyreduce: else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2915 "util/configparser.c" /* yacc.c:1646 */ +#line 2976 "util/configparser.c" /* yacc.c:1646 */ break; - case 276: -#line 463 "./util/configparser.y" /* yacc.c:1646 */ + case 288: +#line 471 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2923,11 +2984,11 @@ yyreduce: else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2927 "util/configparser.c" /* yacc.c:1646 */ +#line 2988 "util/configparser.c" /* yacc.c:1646 */ break; - case 277: -#line 472 "./util/configparser.y" /* yacc.c:1646 */ + case 289: +#line 480 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2937,11 +2998,11 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2941 "util/configparser.c" /* yacc.c:1646 */ +#line 3002 "util/configparser.c" /* yacc.c:1646 */ break; - case 278: -#line 483 "./util/configparser.y" /* yacc.c:1646 */ + case 290: +#line 491 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2949,11 +3010,11 @@ yyreduce: else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2953 "util/configparser.c" /* yacc.c:1646 */ +#line 3014 "util/configparser.c" /* yacc.c:1646 */ break; - case 279: -#line 492 "./util/configparser.y" /* yacc.c:1646 */ + case 291: +#line 500 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2961,11 +3022,11 @@ yyreduce: else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2965 "util/configparser.c" /* yacc.c:1646 */ +#line 3026 "util/configparser.c" /* yacc.c:1646 */ break; - case 280: -#line 501 "./util/configparser.y" /* yacc.c:1646 */ + case 292: +#line 509 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2973,11 +3034,11 @@ yyreduce: else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2977 "util/configparser.c" /* yacc.c:1646 */ +#line 3038 "util/configparser.c" /* yacc.c:1646 */ break; - case 281: -#line 510 "./util/configparser.y" /* yacc.c:1646 */ + case 293: +#line 518 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2987,11 +3048,11 @@ yyreduce: else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2991 "util/configparser.c" /* yacc.c:1646 */ +#line 3052 "util/configparser.c" /* yacc.c:1646 */ break; - case 282: -#line 521 "./util/configparser.y" /* yacc.c:1646 */ + case 294: +#line 529 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2999,11 +3060,11 @@ yyreduce: else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3003 "util/configparser.c" /* yacc.c:1646 */ +#line 3064 "util/configparser.c" /* yacc.c:1646 */ break; - case 283: -#line 530 "./util/configparser.y" /* yacc.c:1646 */ + case 295: +#line 538 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); @@ -3014,11 +3075,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 3018 "util/configparser.c" /* yacc.c:1646 */ +#line 3079 "util/configparser.c" /* yacc.c:1646 */ break; - case 284: -#line 542 "./util/configparser.y" /* yacc.c:1646 */ + case 296: +#line 550 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -3030,11 +3091,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 3034 "util/configparser.c" /* yacc.c:1646 */ +#line 3095 "util/configparser.c" /* yacc.c:1646 */ break; - case 285: -#line 556 "./util/configparser.y" /* yacc.c:1646 */ + case 297: +#line 564 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -3048,11 +3109,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3052 "util/configparser.c" /* yacc.c:1646 */ +#line 3113 "util/configparser.c" /* yacc.c:1646 */ break; - case 286: -#line 571 "./util/configparser.y" /* yacc.c:1646 */ + case 298: +#line 579 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -3062,11 +3123,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3066 "util/configparser.c" /* yacc.c:1646 */ +#line 3127 "util/configparser.c" /* yacc.c:1646 */ break; - case 287: -#line 582 "./util/configparser.y" /* yacc.c:1646 */ + case 299: +#line 590 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3082,11 +3143,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3086 "util/configparser.c" /* yacc.c:1646 */ +#line 3147 "util/configparser.c" /* yacc.c:1646 */ break; - case 288: -#line 599 "./util/configparser.y" /* yacc.c:1646 */ + case 300: +#line 607 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3102,11 +3163,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3106 "util/configparser.c" /* yacc.c:1646 */ +#line 3167 "util/configparser.c" /* yacc.c:1646 */ break; - case 289: -#line 616 "./util/configparser.y" /* yacc.c:1646 */ + case 301: +#line 624 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -3122,11 +3183,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3126 "util/configparser.c" /* yacc.c:1646 */ +#line 3187 "util/configparser.c" /* yacc.c:1646 */ break; - case 290: -#line 633 "./util/configparser.y" /* yacc.c:1646 */ + case 302: +#line 641 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(min_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -3142,11 +3203,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3146 "util/configparser.c" /* yacc.c:1646 */ +#line 3207 "util/configparser.c" /* yacc.c:1646 */ break; - case 291: -#line 650 "./util/configparser.y" /* yacc.c:1646 */ + case 303: +#line 658 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv4:%s)\n", (yyvsp[0].str))); @@ -3160,11 +3221,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3164 "util/configparser.c" /* yacc.c:1646 */ +#line 3225 "util/configparser.c" /* yacc.c:1646 */ break; - case 292: -#line 665 "./util/configparser.y" /* yacc.c:1646 */ + case 304: +#line 673 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_ecs_tree_size_ipv6:%s)\n", (yyvsp[0].str))); @@ -3178,11 +3239,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3182 "util/configparser.c" /* yacc.c:1646 */ +#line 3243 "util/configparser.c" /* yacc.c:1646 */ break; - case 293: -#line 680 "./util/configparser.y" /* yacc.c:1646 */ + case 305: +#line 688 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -3194,11 +3255,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 3198 "util/configparser.c" /* yacc.c:1646 */ +#line 3259 "util/configparser.c" /* yacc.c:1646 */ break; - case 294: -#line 693 "./util/configparser.y" /* yacc.c:1646 */ + case 306: +#line 701 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -3212,11 +3273,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 3216 "util/configparser.c" /* yacc.c:1646 */ +#line 3277 "util/configparser.c" /* yacc.c:1646 */ break; - case 295: -#line 708 "./util/configparser.y" /* yacc.c:1646 */ + case 307: +#line 716 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3224,11 +3285,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3228 "util/configparser.c" /* yacc.c:1646 */ +#line 3289 "util/configparser.c" /* yacc.c:1646 */ break; - case 296: -#line 717 "./util/configparser.y" /* yacc.c:1646 */ + case 308: +#line 725 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -3236,11 +3297,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3240 "util/configparser.c" /* yacc.c:1646 */ +#line 3301 "util/configparser.c" /* yacc.c:1646 */ break; - case 297: -#line 726 "./util/configparser.y" /* yacc.c:1646 */ + case 309: +#line 734 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -3248,11 +3309,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 3252 "util/configparser.c" /* yacc.c:1646 */ +#line 3313 "util/configparser.c" /* yacc.c:1646 */ break; - case 298: -#line 735 "./util/configparser.y" /* yacc.c:1646 */ + case 310: +#line 743 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3260,11 +3321,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3264 "util/configparser.c" /* yacc.c:1646 */ +#line 3325 "util/configparser.c" /* yacc.c:1646 */ break; - case 299: -#line 744 "./util/configparser.y" /* yacc.c:1646 */ + case 311: +#line 752 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3272,11 +3333,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3276 "util/configparser.c" /* yacc.c:1646 */ +#line 3337 "util/configparser.c" /* yacc.c:1646 */ break; - case 300: -#line 753 "./util/configparser.y" /* yacc.c:1646 */ + case 312: +#line 761 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3284,11 +3345,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3288 "util/configparser.c" /* yacc.c:1646 */ +#line 3349 "util/configparser.c" /* yacc.c:1646 */ break; - case 301: -#line 762 "./util/configparser.y" /* yacc.c:1646 */ + case 313: +#line 770 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3296,11 +3357,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3300 "util/configparser.c" /* yacc.c:1646 */ +#line 3361 "util/configparser.c" /* yacc.c:1646 */ break; - case 302: -#line 771 "./util/configparser.y" /* yacc.c:1646 */ + case 314: +#line 779 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3308,11 +3369,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3312 "util/configparser.c" /* yacc.c:1646 */ +#line 3373 "util/configparser.c" /* yacc.c:1646 */ break; - case 303: -#line 780 "./util/configparser.y" /* yacc.c:1646 */ + case 315: +#line 788 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3320,11 +3381,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3324 "util/configparser.c" /* yacc.c:1646 */ +#line 3385 "util/configparser.c" /* yacc.c:1646 */ break; - case 304: -#line 789 "./util/configparser.y" /* yacc.c:1646 */ + case 316: +#line 797 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3332,11 +3393,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3336 "util/configparser.c" /* yacc.c:1646 */ +#line 3397 "util/configparser.c" /* yacc.c:1646 */ break; - case 305: -#line 798 "./util/configparser.y" /* yacc.c:1646 */ + case 317: +#line 806 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefer_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3344,11 +3405,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3348 "util/configparser.c" /* yacc.c:1646 */ +#line 3409 "util/configparser.c" /* yacc.c:1646 */ break; - case 306: -#line 807 "./util/configparser.y" /* yacc.c:1646 */ + case 318: +#line 815 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3356,11 +3417,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3360 "util/configparser.c" /* yacc.c:1646 */ +#line 3421 "util/configparser.c" /* yacc.c:1646 */ break; - case 307: -#line 816 "./util/configparser.y" /* yacc.c:1646 */ + case 319: +#line 824 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3368,11 +3429,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3372 "util/configparser.c" /* yacc.c:1646 */ +#line 3433 "util/configparser.c" /* yacc.c:1646 */ break; - case 308: -#line 825 "./util/configparser.y" /* yacc.c:1646 */ + case 320: +#line 833 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3380,11 +3441,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3384 "util/configparser.c" /* yacc.c:1646 */ +#line 3445 "util/configparser.c" /* yacc.c:1646 */ break; - case 309: -#line 834 "./util/configparser.y" /* yacc.c:1646 */ + case 321: +#line 842 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_idle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3396,11 +3457,11 @@ yyreduce: else cfg_parser->cfg->tcp_idle_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3400 "util/configparser.c" /* yacc.c:1646 */ +#line 3461 "util/configparser.c" /* yacc.c:1646 */ break; - case 310: -#line 847 "./util/configparser.y" /* yacc.c:1646 */ + case 322: +#line 855 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_keepalive:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3408,11 +3469,11 @@ yyreduce: else cfg_parser->cfg->do_tcp_keepalive = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3412 "util/configparser.c" /* yacc.c:1646 */ +#line 3473 "util/configparser.c" /* yacc.c:1646 */ break; - case 311: -#line 856 "./util/configparser.y" /* yacc.c:1646 */ + case 323: +#line 864 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_keepalive_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3424,11 +3485,11 @@ yyreduce: else cfg_parser->cfg->tcp_keepalive_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3428 "util/configparser.c" /* yacc.c:1646 */ +#line 3489 "util/configparser.c" /* yacc.c:1646 */ break; - case 312: -#line 869 "./util/configparser.y" /* yacc.c:1646 */ + case 324: +#line 877 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3436,11 +3497,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3440 "util/configparser.c" /* yacc.c:1646 */ +#line 3501 "util/configparser.c" /* yacc.c:1646 */ break; - case 313: -#line 878 "./util/configparser.y" /* yacc.c:1646 */ + case 325: +#line 886 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3448,11 +3509,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3452 "util/configparser.c" /* yacc.c:1646 */ +#line 3513 "util/configparser.c" /* yacc.c:1646 */ break; - case 314: -#line 887 "./util/configparser.y" /* yacc.c:1646 */ + case 326: +#line 895 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3460,31 +3521,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3464 "util/configparser.c" /* yacc.c:1646 */ +#line 3525 "util/configparser.c" /* yacc.c:1646 */ break; - case 315: -#line 896 "./util/configparser.y" /* yacc.c:1646 */ + case 327: +#line 904 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 3474 "util/configparser.c" /* yacc.c:1646 */ +#line 3535 "util/configparser.c" /* yacc.c:1646 */ break; - case 316: -#line 903 "./util/configparser.y" /* yacc.c:1646 */ + case 328: +#line 911 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 3484 "util/configparser.c" /* yacc.c:1646 */ +#line 3545 "util/configparser.c" /* yacc.c:1646 */ break; - case 317: -#line 910 "./util/configparser.y" /* yacc.c:1646 */ + case 329: +#line 918 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3492,21 +3553,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3496 "util/configparser.c" /* yacc.c:1646 */ +#line 3557 "util/configparser.c" /* yacc.c:1646 */ break; - case 318: -#line 919 "./util/configparser.y" /* yacc.c:1646 */ + case 330: +#line 927 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_cert_bundle); cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); } -#line 3506 "util/configparser.c" /* yacc.c:1646 */ +#line 3567 "util/configparser.c" /* yacc.c:1646 */ break; - case 319: -#line 926 "./util/configparser.y" /* yacc.c:1646 */ + case 331: +#line 934 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_win_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3514,53 +3575,53 @@ yyreduce: else cfg_parser->cfg->tls_win_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3518 "util/configparser.c" /* yacc.c:1646 */ +#line 3579 "util/configparser.c" /* yacc.c:1646 */ break; - case 320: -#line 935 "./util/configparser.y" /* yacc.c:1646 */ + case 332: +#line 943 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3529 "util/configparser.c" /* yacc.c:1646 */ +#line 3590 "util/configparser.c" /* yacc.c:1646 */ break; - case 321: -#line 943 "./util/configparser.y" /* yacc.c:1646 */ + case 333: +#line 951 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_ciphers:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphers); cfg_parser->cfg->tls_ciphers = (yyvsp[0].str); } -#line 3539 "util/configparser.c" /* yacc.c:1646 */ +#line 3600 "util/configparser.c" /* yacc.c:1646 */ break; - case 322: -#line 950 "./util/configparser.y" /* yacc.c:1646 */ + case 334: +#line 958 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_ciphersuites:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->tls_ciphersuites); cfg_parser->cfg->tls_ciphersuites = (yyvsp[0].str); } -#line 3549 "util/configparser.c" /* yacc.c:1646 */ +#line 3610 "util/configparser.c" /* yacc.c:1646 */ break; - case 323: -#line 957 "./util/configparser.y" /* yacc.c:1646 */ + case 335: +#line 965 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3560 "util/configparser.c" /* yacc.c:1646 */ +#line 3621 "util/configparser.c" /* yacc.c:1646 */ break; - case 324: -#line 965 "./util/configparser.y" /* yacc.c:1646 */ + case 336: +#line 973 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tls_use_sni:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3568,11 +3629,103 @@ yyreduce: else cfg_parser->cfg->tls_use_sni = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3572 "util/configparser.c" /* yacc.c:1646 */ +#line 3633 "util/configparser.c" /* yacc.c:1646 */ break; - case 325: -#line 974 "./util/configparser.y" /* yacc.c:1646 */ + case 337: +#line 982 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_https_port:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->https_port = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3645 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 338: +#line 990 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_http_endpoint:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->http_endpoint); + if((yyvsp[0].str) && (yyvsp[0].str)[0] != '/') { + cfg_parser->cfg->http_endpoint = malloc(strlen((yyvsp[0].str))+2); + if(!cfg_parser->cfg->http_endpoint) + yyerror("out of memory"); + cfg_parser->cfg->http_endpoint[0] = '/'; + memmove(cfg_parser->cfg->http_endpoint+1, (yyvsp[0].str), + strlen((yyvsp[0].str))+1); + free((yyvsp[0].str)); + } else { + cfg_parser->cfg->http_endpoint = (yyvsp[0].str); + } + } +#line 3665 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 339: +#line 1006 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_http_max_streams:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->http_max_streams = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + } +#line 3677 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 340: +#line 1014 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_http_query_buffer_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), + &cfg_parser->cfg->http_query_buffer_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 3689 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 341: +#line 1022 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_http_response_buffer_size:%s)\n", (yyvsp[0].str))); + if(!cfg_parse_memsize((yyvsp[0].str), + &cfg_parser->cfg->http_response_buffer_size)) + yyerror("memory size expected"); + free((yyvsp[0].str)); + } +#line 3701 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 342: +#line 1030 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_http_nodelay:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_nodelay = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3713 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 343: +#line 1038 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_http_notls_downstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_notls_downstream = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3725 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 344: +#line 1046 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3580,11 +3733,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3584 "util/configparser.c" /* yacc.c:1646 */ +#line 3737 "util/configparser.c" /* yacc.c:1646 */ break; - case 326: -#line 983 "./util/configparser.y" /* yacc.c:1646 */ + case 345: +#line 1055 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3592,11 +3745,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3596 "util/configparser.c" /* yacc.c:1646 */ +#line 3749 "util/configparser.c" /* yacc.c:1646 */ break; - case 327: -#line 992 "./util/configparser.y" /* yacc.c:1646 */ + case 346: +#line 1064 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3609,11 +3762,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3613 "util/configparser.c" /* yacc.c:1646 */ +#line 3766 "util/configparser.c" /* yacc.c:1646 */ break; - case 328: -#line 1006 "./util/configparser.y" /* yacc.c:1646 */ + case 347: +#line 1078 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3621,11 +3774,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3625 "util/configparser.c" /* yacc.c:1646 */ +#line 3778 "util/configparser.c" /* yacc.c:1646 */ break; - case 329: -#line 1015 "./util/configparser.y" /* yacc.c:1646 */ + case 348: +#line 1087 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3633,11 +3786,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3637 "util/configparser.c" /* yacc.c:1646 */ +#line 3790 "util/configparser.c" /* yacc.c:1646 */ break; - case 330: -#line 1024 "./util/configparser.y" /* yacc.c:1646 */ + case 349: +#line 1096 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3645,11 +3798,11 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3649 "util/configparser.c" /* yacc.c:1646 */ +#line 3802 "util/configparser.c" /* yacc.c:1646 */ break; - case 331: -#line 1033 "./util/configparser.y" /* yacc.c:1646 */ + case 350: +#line 1105 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_tag_queryreply:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3657,11 +3810,11 @@ yyreduce: else cfg_parser->cfg->log_tag_queryreply = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3661 "util/configparser.c" /* yacc.c:1646 */ +#line 3814 "util/configparser.c" /* yacc.c:1646 */ break; - case 332: -#line 1042 "./util/configparser.y" /* yacc.c:1646 */ + case 351: +#line 1114 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_servfail:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3669,11 +3822,11 @@ yyreduce: else cfg_parser->cfg->log_servfail = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3673 "util/configparser.c" /* yacc.c:1646 */ +#line 3826 "util/configparser.c" /* yacc.c:1646 */ break; - case 333: -#line 1051 "./util/configparser.y" /* yacc.c:1646 */ + case 352: +#line 1123 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_local_actions:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3681,31 +3834,31 @@ yyreduce: else cfg_parser->cfg->log_local_actions = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3685 "util/configparser.c" /* yacc.c:1646 */ +#line 3838 "util/configparser.c" /* yacc.c:1646 */ break; - case 334: -#line 1060 "./util/configparser.y" /* yacc.c:1646 */ + case 353: +#line 1132 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 3695 "util/configparser.c" /* yacc.c:1646 */ +#line 3848 "util/configparser.c" /* yacc.c:1646 */ break; - case 335: -#line 1067 "./util/configparser.y" /* yacc.c:1646 */ + case 354: +#line 1139 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 3705 "util/configparser.c" /* yacc.c:1646 */ +#line 3858 "util/configparser.c" /* yacc.c:1646 */ break; - case 336: -#line 1074 "./util/configparser.y" /* yacc.c:1646 */ + case 355: +#line 1146 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -3730,105 +3883,105 @@ yyreduce: } } } -#line 3734 "util/configparser.c" /* yacc.c:1646 */ +#line 3887 "util/configparser.c" /* yacc.c:1646 */ break; - case 337: -#line 1100 "./util/configparser.y" /* yacc.c:1646 */ + case 356: +#line 1172 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3745 "util/configparser.c" /* yacc.c:1646 */ +#line 3898 "util/configparser.c" /* yacc.c:1646 */ break; - case 338: -#line 1108 "./util/configparser.y" /* yacc.c:1646 */ + case 357: +#line 1180 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3755 "util/configparser.c" /* yacc.c:1646 */ +#line 3908 "util/configparser.c" /* yacc.c:1646 */ break; - case 339: -#line 1115 "./util/configparser.y" /* yacc.c:1646 */ + case 358: +#line 1187 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3765 "util/configparser.c" /* yacc.c:1646 */ +#line 3918 "util/configparser.c" /* yacc.c:1646 */ break; - case 340: -#line 1122 "./util/configparser.y" /* yacc.c:1646 */ + case 359: +#line 1194 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); - free(cfg_parser->cfg->dlv_anchor_file); - cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); + log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); + free((yyvsp[0].str)); } -#line 3775 "util/configparser.c" /* yacc.c:1646 */ +#line 3928 "util/configparser.c" /* yacc.c:1646 */ break; - case 341: -#line 1129 "./util/configparser.y" /* yacc.c:1646 */ + case 360: +#line 1201 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); - if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) - yyerror("out of memory"); + log_warn("option dlv-anchor ignored: DLV is decommissioned"); + free((yyvsp[0].str)); } -#line 3785 "util/configparser.c" /* yacc.c:1646 */ +#line 3938 "util/configparser.c" /* yacc.c:1646 */ break; - case 342: -#line 1136 "./util/configparser.y" /* yacc.c:1646 */ + case 361: +#line 1208 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3796 "util/configparser.c" /* yacc.c:1646 */ +#line 3949 "util/configparser.c" /* yacc.c:1646 */ break; - case 343: -#line 1144 "./util/configparser.y" /* yacc.c:1646 */ + case 362: +#line 1216 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3807 "util/configparser.c" /* yacc.c:1646 */ +#line 3960 "util/configparser.c" /* yacc.c:1646 */ break; - case 344: -#line 1152 "./util/configparser.y" /* yacc.c:1646 */ + case 363: +#line 1224 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3818 "util/configparser.c" /* yacc.c:1646 */ +#line 3971 "util/configparser.c" /* yacc.c:1646 */ break; - case 345: -#line 1160 "./util/configparser.y" /* yacc.c:1646 */ + case 364: +#line 1232 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3828 "util/configparser.c" /* yacc.c:1646 */ +#line 3981 "util/configparser.c" /* yacc.c:1646 */ break; - case 346: -#line 1167 "./util/configparser.y" /* yacc.c:1646 */ + case 365: +#line 1239 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3838,11 +3991,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3842 "util/configparser.c" /* yacc.c:1646 */ +#line 3995 "util/configparser.c" /* yacc.c:1646 */ break; - case 347: -#line 1178 "./util/configparser.y" /* yacc.c:1646 */ + case 366: +#line 1250 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_key_sentinel:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3852,21 +4005,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3856 "util/configparser.c" /* yacc.c:1646 */ +#line 4009 "util/configparser.c" /* yacc.c:1646 */ break; - case 348: -#line 1189 "./util/configparser.y" /* yacc.c:1646 */ + case 367: +#line 1261 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3866 "util/configparser.c" /* yacc.c:1646 */ +#line 4019 "util/configparser.c" /* yacc.c:1646 */ break; - case 349: -#line 1196 "./util/configparser.y" /* yacc.c:1646 */ + case 368: +#line 1268 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3874,11 +4027,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3878 "util/configparser.c" /* yacc.c:1646 */ +#line 4031 "util/configparser.c" /* yacc.c:1646 */ break; - case 350: -#line 1205 "./util/configparser.y" /* yacc.c:1646 */ + case 369: +#line 1277 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3886,11 +4039,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3890 "util/configparser.c" /* yacc.c:1646 */ +#line 4043 "util/configparser.c" /* yacc.c:1646 */ break; - case 351: -#line 1214 "./util/configparser.y" /* yacc.c:1646 */ + case 370: +#line 1286 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3898,53 +4051,72 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3902 "util/configparser.c" /* yacc.c:1646 */ +#line 4055 "util/configparser.c" /* yacc.c:1646 */ break; - case 352: -#line 1223 "./util/configparser.y" /* yacc.c:1646 */ + case 371: +#line 1295 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 3912 "util/configparser.c" /* yacc.c:1646 */ +#line 4065 "util/configparser.c" /* yacc.c:1646 */ break; - case 353: -#line 1230 "./util/configparser.y" /* yacc.c:1646 */ + case 372: +#line 1302 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 3922 "util/configparser.c" /* yacc.c:1646 */ +#line 4075 "util/configparser.c" /* yacc.c:1646 */ break; - case 354: -#line 1237 "./util/configparser.y" /* yacc.c:1646 */ + case 373: +#line 1309 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_nsid:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->nsid_cfg_str); + cfg_parser->cfg->nsid_cfg_str = (yyvsp[0].str); + free(cfg_parser->cfg->nsid); + cfg_parser->cfg->nsid = NULL; + cfg_parser->cfg->nsid_len = 0; + if (*(yyvsp[0].str) == 0) + ; /* pass; empty string is not setting nsid */ + else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( + (yyvsp[0].str), &cfg_parser->cfg->nsid_len))) + yyerror("the NSID must be either a hex string or an " + "ascii character string prepended with ascii_."); + } +#line 4094 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 374: +#line 1325 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3933 "util/configparser.c" /* yacc.c:1646 */ +#line 4105 "util/configparser.c" /* yacc.c:1646 */ break; - case 355: -#line 1245 "./util/configparser.y" /* yacc.c:1646 */ + case 375: +#line 1333 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3944 "util/configparser.c" /* yacc.c:1646 */ +#line 4116 "util/configparser.c" /* yacc.c:1646 */ break; - case 356: -#line 1253 "./util/configparser.y" /* yacc.c:1646 */ + case 376: +#line 1341 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3953,11 +4125,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3957 "util/configparser.c" /* yacc.c:1646 */ +#line 4129 "util/configparser.c" /* yacc.c:1646 */ break; - case 357: -#line 1263 "./util/configparser.y" /* yacc.c:1646 */ + case 377: +#line 1351 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3966,11 +4138,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3970 "util/configparser.c" /* yacc.c:1646 */ +#line 4142 "util/configparser.c" /* yacc.c:1646 */ break; - case 358: -#line 1273 "./util/configparser.y" /* yacc.c:1646 */ + case 378: +#line 1361 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3979,11 +4151,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3983 "util/configparser.c" /* yacc.c:1646 */ +#line 4155 "util/configparser.c" /* yacc.c:1646 */ break; - case 359: -#line 1283 "./util/configparser.y" /* yacc.c:1646 */ + case 379: +#line 1371 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_dscp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3996,22 +4168,22 @@ yyreduce: cfg_parser->cfg->ip_dscp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4000 "util/configparser.c" /* yacc.c:1646 */ +#line 4172 "util/configparser.c" /* yacc.c:1646 */ break; - case 360: -#line 1297 "./util/configparser.y" /* yacc.c:1646 */ + case 380: +#line 1385 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_stream_wait_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->stream_wait_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4011 "util/configparser.c" /* yacc.c:1646 */ +#line 4183 "util/configparser.c" /* yacc.c:1646 */ break; - case 361: -#line 1305 "./util/configparser.y" /* yacc.c:1646 */ + case 381: +#line 1393 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4023,11 +4195,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4027 "util/configparser.c" /* yacc.c:1646 */ +#line 4199 "util/configparser.c" /* yacc.c:1646 */ break; - case 362: -#line 1318 "./util/configparser.y" /* yacc.c:1646 */ + case 382: +#line 1406 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4037,22 +4209,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4041 "util/configparser.c" /* yacc.c:1646 */ +#line 4213 "util/configparser.c" /* yacc.c:1646 */ break; - case 363: -#line 1329 "./util/configparser.y" /* yacc.c:1646 */ + case 383: +#line 1417 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4052 "util/configparser.c" /* yacc.c:1646 */ +#line 4224 "util/configparser.c" /* yacc.c:1646 */ break; - case 364: -#line 1337 "./util/configparser.y" /* yacc.c:1646 */ + case 384: +#line 1425 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4064,11 +4236,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4068 "util/configparser.c" /* yacc.c:1646 */ +#line 4240 "util/configparser.c" /* yacc.c:1646 */ break; - case 365: -#line 1350 "./util/configparser.y" /* yacc.c:1646 */ + case 385: +#line 1438 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4076,11 +4248,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4080 "util/configparser.c" /* yacc.c:1646 */ +#line 4252 "util/configparser.c" /* yacc.c:1646 */ break; - case 366: -#line 1359 "./util/configparser.y" /* yacc.c:1646 */ + case 386: +#line 1447 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4088,11 +4260,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4092 "util/configparser.c" /* yacc.c:1646 */ +#line 4264 "util/configparser.c" /* yacc.c:1646 */ break; - case 367: -#line 1368 "./util/configparser.y" /* yacc.c:1646 */ + case 387: +#line 1456 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4100,11 +4272,23 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4104 "util/configparser.c" /* yacc.c:1646 */ +#line 4276 "util/configparser.c" /* yacc.c:1646 */ break; - case 368: -#line 1377 "./util/configparser.y" /* yacc.c:1646 */ + case 388: +#line 1465 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_udp_connect:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->udp_connect = (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4288 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 389: +#line 1474 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4113,11 +4297,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4117 "util/configparser.c" /* yacc.c:1646 */ +#line 4301 "util/configparser.c" /* yacc.c:1646 */ break; - case 369: -#line 1387 "./util/configparser.y" /* yacc.c:1646 */ + case 390: +#line 1484 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4126,22 +4310,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4130 "util/configparser.c" /* yacc.c:1646 */ +#line 4314 "util/configparser.c" /* yacc.c:1646 */ break; - case 370: -#line 1397 "./util/configparser.y" /* yacc.c:1646 */ + case 391: +#line 1494 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4141 "util/configparser.c" /* yacc.c:1646 */ +#line 4325 "util/configparser.c" /* yacc.c:1646 */ break; - case 371: -#line 1405 "./util/configparser.y" /* yacc.c:1646 */ + case 392: +#line 1502 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4153,11 +4337,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4157 "util/configparser.c" /* yacc.c:1646 */ +#line 4341 "util/configparser.c" /* yacc.c:1646 */ break; - case 372: -#line 1418 "./util/configparser.y" /* yacc.c:1646 */ + case 393: +#line 1515 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4165,22 +4349,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4169 "util/configparser.c" /* yacc.c:1646 */ +#line 4353 "util/configparser.c" /* yacc.c:1646 */ break; - case 373: -#line 1427 "./util/configparser.y" /* yacc.c:1646 */ + case 394: +#line 1524 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4180 "util/configparser.c" /* yacc.c:1646 */ +#line 4364 "util/configparser.c" /* yacc.c:1646 */ break; - case 374: -#line 1435 "./util/configparser.y" /* yacc.c:1646 */ + case 395: +#line 1532 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4188,22 +4372,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4192 "util/configparser.c" /* yacc.c:1646 */ +#line 4376 "util/configparser.c" /* yacc.c:1646 */ break; - case 375: -#line 1444 "./util/configparser.y" /* yacc.c:1646 */ + case 396: +#line 1541 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4203 "util/configparser.c" /* yacc.c:1646 */ +#line 4387 "util/configparser.c" /* yacc.c:1646 */ break; - case 376: -#line 1452 "./util/configparser.y" /* yacc.c:1646 */ + case 397: +#line 1549 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4215,11 +4399,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4219 "util/configparser.c" /* yacc.c:1646 */ +#line 4403 "util/configparser.c" /* yacc.c:1646 */ break; - case 377: -#line 1465 "./util/configparser.y" /* yacc.c:1646 */ + case 398: +#line 1562 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4227,21 +4411,34 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4231 "util/configparser.c" /* yacc.c:1646 */ +#line 4415 "util/configparser.c" /* yacc.c:1646 */ break; - case 378: -#line 1474 "./util/configparser.y" /* yacc.c:1646 */ + case 399: +#line 1571 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_infra_keep_probing:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->infra_keep_probing = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4428 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 400: +#line 1581 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 4241 "util/configparser.c" /* yacc.c:1646 */ +#line 4438 "util/configparser.c" /* yacc.c:1646 */ break; - case 379: -#line 1481 "./util/configparser.y" /* yacc.c:1646 */ + case 401: +#line 1588 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4250,11 +4447,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4254 "util/configparser.c" /* yacc.c:1646 */ +#line 4451 "util/configparser.c" /* yacc.c:1646 */ break; - case 380: -#line 1491 "./util/configparser.y" /* yacc.c:1646 */ + case 402: +#line 1598 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4263,11 +4460,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4267 "util/configparser.c" /* yacc.c:1646 */ +#line 4464 "util/configparser.c" /* yacc.c:1646 */ break; - case 381: -#line 1501 "./util/configparser.y" /* yacc.c:1646 */ + case 403: +#line 1608 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4276,11 +4473,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4280 "util/configparser.c" /* yacc.c:1646 */ +#line 4477 "util/configparser.c" /* yacc.c:1646 */ break; - case 382: -#line 1511 "./util/configparser.y" /* yacc.c:1646 */ + case 404: +#line 1618 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4289,11 +4486,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4293 "util/configparser.c" /* yacc.c:1646 */ +#line 4490 "util/configparser.c" /* yacc.c:1646 */ break; - case 383: -#line 1521 "./util/configparser.y" /* yacc.c:1646 */ + case 405: +#line 1628 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4302,11 +4499,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4306 "util/configparser.c" /* yacc.c:1646 */ +#line 4503 "util/configparser.c" /* yacc.c:1646 */ break; - case 384: -#line 1531 "./util/configparser.y" /* yacc.c:1646 */ + case 406: +#line 1638 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4315,11 +4512,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4319 "util/configparser.c" /* yacc.c:1646 */ +#line 4516 "util/configparser.c" /* yacc.c:1646 */ break; - case 385: -#line 1541 "./util/configparser.y" /* yacc.c:1646 */ + case 407: +#line 1648 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4328,11 +4525,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4332 "util/configparser.c" /* yacc.c:1646 */ +#line 4529 "util/configparser.c" /* yacc.c:1646 */ break; - case 386: -#line 1551 "./util/configparser.y" /* yacc.c:1646 */ + case 408: +#line 1658 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4341,41 +4538,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4345 "util/configparser.c" /* yacc.c:1646 */ +#line 4542 "util/configparser.c" /* yacc.c:1646 */ break; - case 387: -#line 1561 "./util/configparser.y" /* yacc.c:1646 */ + case 409: +#line 1668 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4355 "util/configparser.c" /* yacc.c:1646 */ +#line 4552 "util/configparser.c" /* yacc.c:1646 */ break; - case 388: -#line 1568 "./util/configparser.y" /* yacc.c:1646 */ + case 410: +#line 1675 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4365 "util/configparser.c" /* yacc.c:1646 */ +#line 4562 "util/configparser.c" /* yacc.c:1646 */ break; - case 389: -#line 1575 "./util/configparser.y" /* yacc.c:1646 */ + case 411: +#line 1682 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4375 "util/configparser.c" /* yacc.c:1646 */ +#line 4572 "util/configparser.c" /* yacc.c:1646 */ break; - case 390: -#line 1582 "./util/configparser.y" /* yacc.c:1646 */ + case 412: +#line 1689 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4383,11 +4580,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4387 "util/configparser.c" /* yacc.c:1646 */ +#line 4584 "util/configparser.c" /* yacc.c:1646 */ break; - case 391: -#line 1591 "./util/configparser.y" /* yacc.c:1646 */ + case 413: +#line 1698 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4395,11 +4592,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4399 "util/configparser.c" /* yacc.c:1646 */ +#line 4596 "util/configparser.c" /* yacc.c:1646 */ break; - case 392: -#line 1600 "./util/configparser.y" /* yacc.c:1646 */ + case 414: +#line 1707 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_deny_any:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4407,11 +4604,11 @@ yyreduce: else cfg_parser->cfg->deny_any = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4411 "util/configparser.c" /* yacc.c:1646 */ +#line 4608 "util/configparser.c" /* yacc.c:1646 */ break; - case 393: -#line 1609 "./util/configparser.y" /* yacc.c:1646 */ + case 415: +#line 1716 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4419,21 +4616,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4423 "util/configparser.c" /* yacc.c:1646 */ +#line 4620 "util/configparser.c" /* yacc.c:1646 */ break; - case 394: -#line 1618 "./util/configparser.y" /* yacc.c:1646 */ + case 416: +#line 1725 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4433 "util/configparser.c" /* yacc.c:1646 */ +#line 4630 "util/configparser.c" /* yacc.c:1646 */ break; - case 395: -#line 1625 "./util/configparser.y" /* yacc.c:1646 */ + case 417: +#line 1732 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4442,11 +4639,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4446 "util/configparser.c" /* yacc.c:1646 */ +#line 4643 "util/configparser.c" /* yacc.c:1646 */ break; - case 396: -#line 1635 "./util/configparser.y" /* yacc.c:1646 */ + case 418: +#line 1742 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -4465,21 +4662,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 4469 "util/configparser.c" /* yacc.c:1646 */ +#line 4666 "util/configparser.c" /* yacc.c:1646 */ break; - case 397: -#line 1655 "./util/configparser.y" /* yacc.c:1646 */ + case 419: +#line 1762 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 4479 "util/configparser.c" /* yacc.c:1646 */ +#line 4676 "util/configparser.c" /* yacc.c:1646 */ break; - case 398: -#line 1662 "./util/configparser.y" /* yacc.c:1646 */ + case 420: +#line 1769 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4496,11 +4693,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4500 "util/configparser.c" /* yacc.c:1646 */ +#line 4697 "util/configparser.c" /* yacc.c:1646 */ break; - case 399: -#line 1680 "./util/configparser.y" /* yacc.c:1646 */ + case 421: +#line 1787 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4512,11 +4709,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4516 "util/configparser.c" /* yacc.c:1646 */ +#line 4713 "util/configparser.c" /* yacc.c:1646 */ break; - case 400: -#line 1693 "./util/configparser.y" /* yacc.c:1646 */ + case 422: +#line 1800 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -4528,11 +4725,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4532 "util/configparser.c" /* yacc.c:1646 */ +#line 4729 "util/configparser.c" /* yacc.c:1646 */ break; - case 401: -#line 1706 "./util/configparser.y" /* yacc.c:1646 */ + case 423: +#line 1813 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4540,11 +4737,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4544 "util/configparser.c" /* yacc.c:1646 */ +#line 4741 "util/configparser.c" /* yacc.c:1646 */ break; - case 402: -#line 1715 "./util/configparser.y" /* yacc.c:1646 */ + case 424: +#line 1822 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4552,11 +4749,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4556 "util/configparser.c" /* yacc.c:1646 */ +#line 4753 "util/configparser.c" /* yacc.c:1646 */ break; - case 403: -#line 1724 "./util/configparser.y" /* yacc.c:1646 */ + case 425: +#line 1831 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4564,11 +4761,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4568 "util/configparser.c" /* yacc.c:1646 */ +#line 4765 "util/configparser.c" /* yacc.c:1646 */ break; - case 404: -#line 1733 "./util/configparser.y" /* yacc.c:1646 */ + case 426: +#line 1840 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4576,11 +4773,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4580 "util/configparser.c" /* yacc.c:1646 */ +#line 4777 "util/configparser.c" /* yacc.c:1646 */ break; - case 405: -#line 1742 "./util/configparser.y" /* yacc.c:1646 */ + case 427: +#line 1849 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4589,11 +4786,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4593 "util/configparser.c" /* yacc.c:1646 */ +#line 4790 "util/configparser.c" /* yacc.c:1646 */ break; - case 406: -#line 1752 "./util/configparser.y" /* yacc.c:1646 */ + case 428: +#line 1859 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4602,11 +4799,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4606 "util/configparser.c" /* yacc.c:1646 */ +#line 4803 "util/configparser.c" /* yacc.c:1646 */ break; - case 407: -#line 1762 "./util/configparser.y" /* yacc.c:1646 */ + case 429: +#line 1869 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4616,11 +4813,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4620 "util/configparser.c" /* yacc.c:1646 */ +#line 4817 "util/configparser.c" /* yacc.c:1646 */ break; - case 408: -#line 1773 "./util/configparser.y" /* yacc.c:1646 */ + case 430: +#line 1880 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4628,11 +4825,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4632 "util/configparser.c" /* yacc.c:1646 */ +#line 4829 "util/configparser.c" /* yacc.c:1646 */ break; - case 409: -#line 1782 "./util/configparser.y" /* yacc.c:1646 */ + case 431: +#line 1889 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4640,11 +4837,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4644 "util/configparser.c" /* yacc.c:1646 */ +#line 4841 "util/configparser.c" /* yacc.c:1646 */ break; - case 410: -#line 1791 "./util/configparser.y" /* yacc.c:1646 */ + case 432: +#line 1898 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4652,11 +4849,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4656 "util/configparser.c" /* yacc.c:1646 */ +#line 4853 "util/configparser.c" /* yacc.c:1646 */ break; - case 411: -#line 1800 "./util/configparser.y" /* yacc.c:1646 */ + case 433: +#line 1907 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired_ttl_reset:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4664,11 +4861,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_ttl_reset = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4668 "util/configparser.c" /* yacc.c:1646 */ +#line 4865 "util/configparser.c" /* yacc.c:1646 */ break; - case 412: -#line 1809 "./util/configparser.y" /* yacc.c:1646 */ + case 434: +#line 1916 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired_reply_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4676,11 +4873,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_reply_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4680 "util/configparser.c" /* yacc.c:1646 */ +#line 4877 "util/configparser.c" /* yacc.c:1646 */ break; - case 413: -#line 1818 "./util/configparser.y" /* yacc.c:1646 */ + case 435: +#line 1925 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired_client_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4688,11 +4885,11 @@ yyreduce: else cfg_parser->cfg->serve_expired_client_timeout = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4692 "util/configparser.c" /* yacc.c:1646 */ +#line 4889 "util/configparser.c" /* yacc.c:1646 */ break; - case 414: -#line 1827 "./util/configparser.y" /* yacc.c:1646 */ + case 436: +#line 1934 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_original_ttl:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4700,11 +4897,11 @@ yyreduce: else cfg_parser->cfg->serve_original_ttl = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4704 "util/configparser.c" /* yacc.c:1646 */ +#line 4901 "util/configparser.c" /* yacc.c:1646 */ break; - case 415: -#line 1836 "./util/configparser.y" /* yacc.c:1646 */ + case 437: +#line 1943 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4716,11 +4913,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4720 "util/configparser.c" /* yacc.c:1646 */ +#line 4917 "util/configparser.c" /* yacc.c:1646 */ break; - case 416: -#line 1849 "./util/configparser.y" /* yacc.c:1646 */ + case 438: +#line 1956 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4732,11 +4929,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 4736 "util/configparser.c" /* yacc.c:1646 */ +#line 4933 "util/configparser.c" /* yacc.c:1646 */ break; - case 417: -#line 1862 "./util/configparser.y" /* yacc.c:1646 */ + case 439: +#line 1969 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4744,21 +4941,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4748 "util/configparser.c" /* yacc.c:1646 */ +#line 4945 "util/configparser.c" /* yacc.c:1646 */ break; - case 418: -#line 1871 "./util/configparser.y" /* yacc.c:1646 */ + case 440: +#line 1978 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 4758 "util/configparser.c" /* yacc.c:1646 */ +#line 4955 "util/configparser.c" /* yacc.c:1646 */ break; - case 419: -#line 1878 "./util/configparser.y" /* yacc.c:1646 */ + case 441: +#line 1985 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4766,11 +4963,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4770 "util/configparser.c" /* yacc.c:1646 */ +#line 4967 "util/configparser.c" /* yacc.c:1646 */ break; - case 420: -#line 1887 "./util/configparser.y" /* yacc.c:1646 */ + case 442: +#line 1994 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4778,11 +4975,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4782 "util/configparser.c" /* yacc.c:1646 */ +#line 4979 "util/configparser.c" /* yacc.c:1646 */ break; - case 421: -#line 1896 "./util/configparser.y" /* yacc.c:1646 */ + case 443: +#line 2003 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4790,11 +4987,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4794 "util/configparser.c" /* yacc.c:1646 */ +#line 4991 "util/configparser.c" /* yacc.c:1646 */ break; - case 422: -#line 1905 "./util/configparser.y" /* yacc.c:1646 */ + case 444: +#line 2012 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4803,22 +5000,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4807 "util/configparser.c" /* yacc.c:1646 */ +#line 5004 "util/configparser.c" /* yacc.c:1646 */ break; - case 423: -#line 1914 "./util/configparser.y" /* yacc.c:1646 */ + case 445: +#line 2021 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4818 "util/configparser.c" /* yacc.c:1646 */ +#line 5015 "util/configparser.c" /* yacc.c:1646 */ break; - case 424: -#line 1922 "./util/configparser.y" /* yacc.c:1646 */ + case 446: +#line 2029 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4830,22 +5027,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4834 "util/configparser.c" /* yacc.c:1646 */ +#line 5031 "util/configparser.c" /* yacc.c:1646 */ break; - case 425: -#line 1935 "./util/configparser.y" /* yacc.c:1646 */ + case 447: +#line 2042 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4845 "util/configparser.c" /* yacc.c:1646 */ +#line 5042 "util/configparser.c" /* yacc.c:1646 */ break; - case 426: -#line 1943 "./util/configparser.y" /* yacc.c:1646 */ + case 448: +#line 2050 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4855,6 +5052,9 @@ yyreduce: && strcmp((yyvsp[0].str), "always_transparent")!=0 && strcmp((yyvsp[0].str), "always_refuse")!=0 && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "always_nodata")!=0 + && strcmp((yyvsp[0].str), "always_deny")!=0 + && strcmp((yyvsp[0].str), "always_null")!=0 && strcmp((yyvsp[0].str), "noview")!=0 && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0 && strcmp((yyvsp[0].str), "inform_redirect") != 0 @@ -4863,8 +5063,9 @@ yyreduce: "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "inform_redirect, always_transparent, " - "always_refuse, always_nxdomain, noview " - ", nodefault or ipset"); + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); free((yyvsp[-1].str)); free((yyvsp[0].str)); } else if(strcmp((yyvsp[0].str), "nodefault")==0) { @@ -4885,21 +5086,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4889 "util/configparser.c" /* yacc.c:1646 */ +#line 5090 "util/configparser.c" /* yacc.c:1646 */ break; - case 427: -#line 1984 "./util/configparser.y" /* yacc.c:1646 */ + case 449: +#line 2095 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4899 "util/configparser.c" /* yacc.c:1646 */ +#line 5100 "util/configparser.c" /* yacc.c:1646 */ break; - case 428: -#line 1991 "./util/configparser.y" /* yacc.c:1646 */ + case 450: +#line 2102 "./util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4913,11 +5114,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4917 "util/configparser.c" /* yacc.c:1646 */ +#line 5118 "util/configparser.c" /* yacc.c:1646 */ break; - case 429: -#line 2006 "./util/configparser.y" /* yacc.c:1646 */ + case 451: +#line 2117 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4926,11 +5127,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4930 "util/configparser.c" /* yacc.c:1646 */ +#line 5131 "util/configparser.c" /* yacc.c:1646 */ break; - case 430: -#line 2016 "./util/configparser.y" /* yacc.c:1646 */ + case 452: +#line 2127 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4939,41 +5140,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4943 "util/configparser.c" /* yacc.c:1646 */ +#line 5144 "util/configparser.c" /* yacc.c:1646 */ break; - case 431: -#line 2026 "./util/configparser.y" /* yacc.c:1646 */ + case 453: +#line 2137 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unknown_server_time_limit:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->unknown_server_time_limit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4953 "util/configparser.c" /* yacc.c:1646 */ +#line 5154 "util/configparser.c" /* yacc.c:1646 */ break; - case 432: -#line 2033 "./util/configparser.y" /* yacc.c:1646 */ + case 454: +#line 2144 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4963 "util/configparser.c" /* yacc.c:1646 */ +#line 5164 "util/configparser.c" /* yacc.c:1646 */ break; - case 433: -#line 2040 "./util/configparser.y" /* yacc.c:1646 */ + case 455: +#line 2151 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4973 "util/configparser.c" /* yacc.c:1646 */ +#line 5174 "util/configparser.c" /* yacc.c:1646 */ break; - case 434: -#line 2047 "./util/configparser.y" /* yacc.c:1646 */ + case 456: +#line 2158 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4981,22 +5182,22 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4985 "util/configparser.c" /* yacc.c:1646 */ +#line 5186 "util/configparser.c" /* yacc.c:1646 */ break; - case 435: -#line 2056 "./util/configparser.y" /* yacc.c:1646 */ + case 457: +#line 2167 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_ignore_aaaa:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dns64_ignore_aaaa, (yyvsp[0].str))) fatal_exit("out of memory adding dns64-ignore-aaaa"); } -#line 4996 "util/configparser.c" /* yacc.c:1646 */ +#line 5197 "util/configparser.c" /* yacc.c:1646 */ break; - case 436: -#line 2064 "./util/configparser.y" /* yacc.c:1646 */ + case 458: +#line 2175 "./util/configparser.y" /* yacc.c:1646 */ { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -5009,11 +5210,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5013 "util/configparser.c" /* yacc.c:1646 */ +#line 5214 "util/configparser.c" /* yacc.c:1646 */ break; - case 437: -#line 2078 "./util/configparser.y" /* yacc.c:1646 */ + case 459: +#line 2189 "./util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5033,11 +5234,11 @@ yyreduce: } } } -#line 5037 "util/configparser.c" /* yacc.c:1646 */ +#line 5238 "util/configparser.c" /* yacc.c:1646 */ break; - case 438: -#line 2099 "./util/configparser.y" /* yacc.c:1646 */ + case 460: +#line 2210 "./util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5057,11 +5258,11 @@ yyreduce: } } } -#line 5061 "util/configparser.c" /* yacc.c:1646 */ +#line 5262 "util/configparser.c" /* yacc.c:1646 */ break; - case 439: -#line 2120 "./util/configparser.y" /* yacc.c:1646 */ + case 461: +#line 2231 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -5072,11 +5273,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5076 "util/configparser.c" /* yacc.c:1646 */ +#line 5277 "util/configparser.c" /* yacc.c:1646 */ break; - case 440: -#line 2132 "./util/configparser.y" /* yacc.c:1646 */ + case 462: +#line 2243 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -5087,11 +5288,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5091 "util/configparser.c" /* yacc.c:1646 */ +#line 5292 "util/configparser.c" /* yacc.c:1646 */ break; - case 441: -#line 2144 "./util/configparser.y" /* yacc.c:1646 */ + case 463: +#line 2255 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -5102,11 +5303,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 5106 "util/configparser.c" /* yacc.c:1646 */ +#line 5307 "util/configparser.c" /* yacc.c:1646 */ break; - case 442: -#line 2156 "./util/configparser.y" /* yacc.c:1646 */ + case 464: +#line 2267 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -5114,11 +5315,11 @@ yyreduce: yyerror("out of memory"); } } -#line 5118 "util/configparser.c" /* yacc.c:1646 */ +#line 5319 "util/configparser.c" /* yacc.c:1646 */ break; - case 443: -#line 2165 "./util/configparser.y" /* yacc.c:1646 */ + case 465: +#line 2276 "./util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -5138,11 +5339,11 @@ yyreduce: } } } -#line 5142 "util/configparser.c" /* yacc.c:1646 */ +#line 5343 "util/configparser.c" /* yacc.c:1646 */ break; - case 444: -#line 2186 "./util/configparser.y" /* yacc.c:1646 */ + case 466: +#line 2297 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5150,11 +5351,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5154 "util/configparser.c" /* yacc.c:1646 */ +#line 5355 "util/configparser.c" /* yacc.c:1646 */ break; - case 445: -#line 2196 "./util/configparser.y" /* yacc.c:1646 */ + case 467: +#line 2307 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5162,33 +5363,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5166 "util/configparser.c" /* yacc.c:1646 */ +#line 5367 "util/configparser.c" /* yacc.c:1646 */ break; - case 446: -#line 2205 "./util/configparser.y" /* yacc.c:1646 */ + case 468: +#line 2316 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5177 "util/configparser.c" /* yacc.c:1646 */ +#line 5378 "util/configparser.c" /* yacc.c:1646 */ break; - case 447: -#line 2213 "./util/configparser.y" /* yacc.c:1646 */ + case 469: +#line 2324 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5188 "util/configparser.c" /* yacc.c:1646 */ +#line 5389 "util/configparser.c" /* yacc.c:1646 */ break; - case 448: -#line 2221 "./util/configparser.y" /* yacc.c:1646 */ + case 470: +#line 2332 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5200,11 +5401,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5204 "util/configparser.c" /* yacc.c:1646 */ +#line 5405 "util/configparser.c" /* yacc.c:1646 */ break; - case 449: -#line 2234 "./util/configparser.y" /* yacc.c:1646 */ + case 471: +#line 2345 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5216,11 +5417,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5220 "util/configparser.c" /* yacc.c:1646 */ +#line 5421 "util/configparser.c" /* yacc.c:1646 */ break; - case 450: -#line 2247 "./util/configparser.y" /* yacc.c:1646 */ + case 472: +#line 2358 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5234,11 +5435,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 5238 "util/configparser.c" /* yacc.c:1646 */ +#line 5439 "util/configparser.c" /* yacc.c:1646 */ break; - case 451: -#line 2262 "./util/configparser.y" /* yacc.c:1646 */ + case 473: +#line 2373 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -5252,11 +5453,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 5256 "util/configparser.c" /* yacc.c:1646 */ +#line 5457 "util/configparser.c" /* yacc.c:1646 */ break; - case 452: -#line 2277 "./util/configparser.y" /* yacc.c:1646 */ + case 474: +#line 2388 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5264,11 +5465,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5268 "util/configparser.c" /* yacc.c:1646 */ +#line 5469 "util/configparser.c" /* yacc.c:1646 */ break; - case 453: -#line 2286 "./util/configparser.y" /* yacc.c:1646 */ + case 475: +#line 2397 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5276,20 +5477,20 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5280 "util/configparser.c" /* yacc.c:1646 */ +#line 5481 "util/configparser.c" /* yacc.c:1646 */ break; - case 454: -#line 2295 "./util/configparser.y" /* yacc.c:1646 */ + case 476: +#line 2406 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(low-rtt option is deprecated, use fast-server-num instead)\n")); free((yyvsp[0].str)); } -#line 5289 "util/configparser.c" /* yacc.c:1646 */ +#line 5490 "util/configparser.c" /* yacc.c:1646 */ break; - case 455: -#line 2301 "./util/configparser.y" /* yacc.c:1646 */ + case 477: +#line 2412 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fast_server_num:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) <= 0) @@ -5297,11 +5498,11 @@ yyreduce: else cfg_parser->cfg->fast_server_num = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5301 "util/configparser.c" /* yacc.c:1646 */ +#line 5502 "util/configparser.c" /* yacc.c:1646 */ break; - case 456: -#line 2310 "./util/configparser.y" /* yacc.c:1646 */ + case 478: +#line 2421 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fast_server_permil:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -5309,11 +5510,11 @@ yyreduce: else cfg_parser->cfg->fast_server_permil = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5313 "util/configparser.c" /* yacc.c:1646 */ +#line 5514 "util/configparser.c" /* yacc.c:1646 */ break; - case 457: -#line 2319 "./util/configparser.y" /* yacc.c:1646 */ + case 479: +#line 2430 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5322,11 +5523,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5326 "util/configparser.c" /* yacc.c:1646 */ +#line 5527 "util/configparser.c" /* yacc.c:1646 */ break; - case 458: -#line 2329 "./util/configparser.y" /* yacc.c:1646 */ + case 480: +#line 2440 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5335,11 +5536,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5339 "util/configparser.c" /* yacc.c:1646 */ +#line 5540 "util/configparser.c" /* yacc.c:1646 */ break; - case 459: -#line 2339 "./util/configparser.y" /* yacc.c:1646 */ + case 481: +#line 2450 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -5351,11 +5552,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5355 "util/configparser.c" /* yacc.c:1646 */ +#line 5556 "util/configparser.c" /* yacc.c:1646 */ break; - case 460: -#line 2352 "./util/configparser.y" /* yacc.c:1646 */ + case 482: +#line 2463 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -5367,11 +5568,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 5371 "util/configparser.c" /* yacc.c:1646 */ +#line 5572 "util/configparser.c" /* yacc.c:1646 */ break; - case 461: -#line 2365 "./util/configparser.y" /* yacc.c:1646 */ + case 483: +#line 2476 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -5382,11 +5583,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5386 "util/configparser.c" /* yacc.c:1646 */ +#line 5587 "util/configparser.c" /* yacc.c:1646 */ break; - case 462: -#line 2377 "./util/configparser.y" /* yacc.c:1646 */ + case 484: +#line 2488 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -5399,11 +5600,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5403 "util/configparser.c" /* yacc.c:1646 */ +#line 5604 "util/configparser.c" /* yacc.c:1646 */ break; - case 463: -#line 2391 "./util/configparser.y" /* yacc.c:1646 */ + case 485: +#line 2502 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -5414,11 +5615,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5418 "util/configparser.c" /* yacc.c:1646 */ +#line 5619 "util/configparser.c" /* yacc.c:1646 */ break; - case 464: -#line 2403 "./util/configparser.y" /* yacc.c:1646 */ + case 486: +#line 2514 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -5431,11 +5632,38 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5435 "util/configparser.c" /* yacc.c:1646 */ +#line 5636 "util/configparser.c" /* yacc.c:1646 */ break; - case 465: -#line 2417 "./util/configparser.y" /* yacc.c:1646 */ + case 487: +#line 2528 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_edns_client_string:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); + if(!cfg_str2list_insert( + &cfg_parser->cfg->edns_client_strings, (yyvsp[-1].str), (yyvsp[0].str))) + fatal_exit("out of memory adding " + "edns-client-string"); + } +#line 5648 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 488: +#line 2537 "./util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(edns_client_string_opcode:%s)\n", (yyvsp[0].str))); + if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) + yyerror("option code expected"); + else if(atoi((yyvsp[0].str)) > 65535 || atoi((yyvsp[0].str)) < 0) + yyerror("option code must be in interval [0, 65535]"); + else cfg_parser->cfg->edns_client_string_opcode = atoi((yyvsp[0].str)); + free((yyvsp[0].str)); + + } +#line 5663 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 489: +#line 2549 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -5444,31 +5672,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 5448 "util/configparser.c" /* yacc.c:1646 */ +#line 5676 "util/configparser.c" /* yacc.c:1646 */ break; - case 466: -#line 2427 "./util/configparser.y" /* yacc.c:1646 */ + case 490: +#line 2559 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5458 "util/configparser.c" /* yacc.c:1646 */ +#line 5686 "util/configparser.c" /* yacc.c:1646 */ break; - case 467: -#line 2434 "./util/configparser.y" /* yacc.c:1646 */ + case 491: +#line 2566 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5468 "util/configparser.c" /* yacc.c:1646 */ +#line 5696 "util/configparser.c" /* yacc.c:1646 */ break; - case 468: -#line 2441 "./util/configparser.y" /* yacc.c:1646 */ + case 492: +#line 2573 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5476,11 +5704,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5480 "util/configparser.c" /* yacc.c:1646 */ +#line 5708 "util/configparser.c" /* yacc.c:1646 */ break; - case 469: -#line 2450 "./util/configparser.y" /* yacc.c:1646 */ + case 493: +#line 2582 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5488,11 +5716,11 @@ yyreduce: else cfg_parser->cfg->stubs->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5492 "util/configparser.c" /* yacc.c:1646 */ +#line 5720 "util/configparser.c" /* yacc.c:1646 */ break; - case 470: -#line 2459 "./util/configparser.y" /* yacc.c:1646 */ + case 494: +#line 2591 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5501,11 +5729,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5505 "util/configparser.c" /* yacc.c:1646 */ +#line 5733 "util/configparser.c" /* yacc.c:1646 */ break; - case 471: -#line 2469 "./util/configparser.y" /* yacc.c:1646 */ + case 495: +#line 2601 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5514,11 +5742,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5518 "util/configparser.c" /* yacc.c:1646 */ +#line 5746 "util/configparser.c" /* yacc.c:1646 */ break; - case 472: -#line 2479 "./util/configparser.y" /* yacc.c:1646 */ + case 496: +#line 2611 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -5527,31 +5755,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 5531 "util/configparser.c" /* yacc.c:1646 */ +#line 5759 "util/configparser.c" /* yacc.c:1646 */ break; - case 473: -#line 2489 "./util/configparser.y" /* yacc.c:1646 */ + case 497: +#line 2621 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5541 "util/configparser.c" /* yacc.c:1646 */ +#line 5769 "util/configparser.c" /* yacc.c:1646 */ break; - case 474: -#line 2496 "./util/configparser.y" /* yacc.c:1646 */ + case 498: +#line 2628 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5551 "util/configparser.c" /* yacc.c:1646 */ +#line 5779 "util/configparser.c" /* yacc.c:1646 */ break; - case 475: -#line 2503 "./util/configparser.y" /* yacc.c:1646 */ + case 499: +#line 2635 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5559,11 +5787,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5563 "util/configparser.c" /* yacc.c:1646 */ +#line 5791 "util/configparser.c" /* yacc.c:1646 */ break; - case 476: -#line 2512 "./util/configparser.y" /* yacc.c:1646 */ + case 500: +#line 2644 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-no-cache:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5571,11 +5799,11 @@ yyreduce: else cfg_parser->cfg->forwards->no_cache=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5575 "util/configparser.c" /* yacc.c:1646 */ +#line 5803 "util/configparser.c" /* yacc.c:1646 */ break; - case 477: -#line 2521 "./util/configparser.y" /* yacc.c:1646 */ + case 501: +#line 2653 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5584,11 +5812,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5588 "util/configparser.c" /* yacc.c:1646 */ +#line 5816 "util/configparser.c" /* yacc.c:1646 */ break; - case 478: -#line 2531 "./util/configparser.y" /* yacc.c:1646 */ + case 502: +#line 2663 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->auths->name) @@ -5597,52 +5825,52 @@ yyreduce: free(cfg_parser->cfg->auths->name); cfg_parser->cfg->auths->name = (yyvsp[0].str); } -#line 5601 "util/configparser.c" /* yacc.c:1646 */ +#line 5829 "util/configparser.c" /* yacc.c:1646 */ break; - case 479: -#line 2541 "./util/configparser.y" /* yacc.c:1646 */ + case 503: +#line 2673 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->auths->zonefile); cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); } -#line 5611 "util/configparser.c" /* yacc.c:1646 */ +#line 5839 "util/configparser.c" /* yacc.c:1646 */ break; - case 480: -#line 2548 "./util/configparser.y" /* yacc.c:1646 */ + case 504: +#line 2680 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(master:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5621 "util/configparser.c" /* yacc.c:1646 */ +#line 5849 "util/configparser.c" /* yacc.c:1646 */ break; - case 481: -#line 2555 "./util/configparser.y" /* yacc.c:1646 */ + case 505: +#line 2687 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(url:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5631 "util/configparser.c" /* yacc.c:1646 */ +#line 5859 "util/configparser.c" /* yacc.c:1646 */ break; - case 482: -#line 2562 "./util/configparser.y" /* yacc.c:1646 */ + case 506: +#line 2694 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(allow-notify:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->auths->allow_notify, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5642 "util/configparser.c" /* yacc.c:1646 */ +#line 5870 "util/configparser.c" /* yacc.c:1646 */ break; - case 483: -#line 2570 "./util/configparser.y" /* yacc.c:1646 */ + case 507: +#line 2702 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5651,11 +5879,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5655 "util/configparser.c" /* yacc.c:1646 */ +#line 5883 "util/configparser.c" /* yacc.c:1646 */ break; - case 484: -#line 2580 "./util/configparser.y" /* yacc.c:1646 */ + case 508: +#line 2712 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5664,11 +5892,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5668 "util/configparser.c" /* yacc.c:1646 */ +#line 5896 "util/configparser.c" /* yacc.c:1646 */ break; - case 485: -#line 2590 "./util/configparser.y" /* yacc.c:1646 */ + case 509: +#line 2722 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5677,11 +5905,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5681 "util/configparser.c" /* yacc.c:1646 */ +#line 5909 "util/configparser.c" /* yacc.c:1646 */ break; - case 486: -#line 2600 "./util/configparser.y" /* yacc.c:1646 */ + case 510: +#line 2732 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -5690,11 +5918,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 5694 "util/configparser.c" /* yacc.c:1646 */ +#line 5922 "util/configparser.c" /* yacc.c:1646 */ break; - case 487: -#line 2610 "./util/configparser.y" /* yacc.c:1646 */ + case 511: +#line 2742 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -5732,11 +5960,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 5736 "util/configparser.c" /* yacc.c:1646 */ +#line 5964 "util/configparser.c" /* yacc.c:1646 */ break; - case 488: -#line 2649 "./util/configparser.y" /* yacc.c:1646 */ + case 512: +#line 2781 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5745,33 +5973,33 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 5749 "util/configparser.c" /* yacc.c:1646 */ +#line 5977 "util/configparser.c" /* yacc.c:1646 */ break; - case 489: -#line 2659 "./util/configparser.y" /* yacc.c:1646 */ + case 513: +#line 2791 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5760 "util/configparser.c" /* yacc.c:1646 */ +#line 5988 "util/configparser.c" /* yacc.c:1646 */ break; - case 490: -#line 2667 "./util/configparser.y" /* yacc.c:1646 */ + case 514: +#line 2799 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { fatal_exit("out of memory adding local-data"); } } -#line 5771 "util/configparser.c" /* yacc.c:1646 */ +#line 5999 "util/configparser.c" /* yacc.c:1646 */ break; - case 491: -#line 2675 "./util/configparser.y" /* yacc.c:1646 */ + case 515: +#line 2807 "./util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -5785,11 +6013,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 5789 "util/configparser.c" /* yacc.c:1646 */ +#line 6017 "util/configparser.c" /* yacc.c:1646 */ break; - case 492: -#line 2690 "./util/configparser.y" /* yacc.c:1646 */ + case 516: +#line 2822 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5797,19 +6025,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5801 "util/configparser.c" /* yacc.c:1646 */ +#line 6029 "util/configparser.c" /* yacc.c:1646 */ break; - case 493: -#line 2699 "./util/configparser.y" /* yacc.c:1646 */ + case 517: +#line 2831 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(remote-control:)\n")); } -#line 5809 "util/configparser.c" /* yacc.c:1646 */ +#line 6037 "util/configparser.c" /* yacc.c:1646 */ break; - case 504: -#line 2710 "./util/configparser.y" /* yacc.c:1646 */ + case 528: +#line 2842 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5818,11 +6046,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5822 "util/configparser.c" /* yacc.c:1646 */ +#line 6050 "util/configparser.c" /* yacc.c:1646 */ break; - case 505: -#line 2720 "./util/configparser.y" /* yacc.c:1646 */ + case 529: +#line 2852 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5830,79 +6058,79 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5834 "util/configparser.c" /* yacc.c:1646 */ +#line 6062 "util/configparser.c" /* yacc.c:1646 */ break; - case 506: -#line 2729 "./util/configparser.y" /* yacc.c:1646 */ + case 530: +#line 2861 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 5844 "util/configparser.c" /* yacc.c:1646 */ +#line 6072 "util/configparser.c" /* yacc.c:1646 */ break; - case 507: -#line 2736 "./util/configparser.y" /* yacc.c:1646 */ + case 531: +#line 2868 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->control_use_cert = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5854 "util/configparser.c" /* yacc.c:1646 */ +#line 6082 "util/configparser.c" /* yacc.c:1646 */ break; - case 508: -#line 2743 "./util/configparser.y" /* yacc.c:1646 */ + case 532: +#line 2875 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 5864 "util/configparser.c" /* yacc.c:1646 */ +#line 6092 "util/configparser.c" /* yacc.c:1646 */ break; - case 509: -#line 2750 "./util/configparser.y" /* yacc.c:1646 */ + case 533: +#line 2882 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 5874 "util/configparser.c" /* yacc.c:1646 */ +#line 6102 "util/configparser.c" /* yacc.c:1646 */ break; - case 510: -#line 2757 "./util/configparser.y" /* yacc.c:1646 */ + case 534: +#line 2889 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 5884 "util/configparser.c" /* yacc.c:1646 */ +#line 6112 "util/configparser.c" /* yacc.c:1646 */ break; - case 511: -#line 2764 "./util/configparser.y" /* yacc.c:1646 */ + case 535: +#line 2896 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 5894 "util/configparser.c" /* yacc.c:1646 */ +#line 6122 "util/configparser.c" /* yacc.c:1646 */ break; - case 512: -#line 2771 "./util/configparser.y" /* yacc.c:1646 */ + case 536: +#line 2903 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnstap:)\n")); } -#line 5902 "util/configparser.c" /* yacc.c:1646 */ +#line 6130 "util/configparser.c" /* yacc.c:1646 */ break; - case 534: -#line 2791 "./util/configparser.y" /* yacc.c:1646 */ + case 558: +#line 2923 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5910,11 +6138,11 @@ yyreduce: else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5914 "util/configparser.c" /* yacc.c:1646 */ +#line 6142 "util/configparser.c" /* yacc.c:1646 */ break; - case 535: -#line 2800 "./util/configparser.y" /* yacc.c:1646 */ + case 559: +#line 2932 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_bidirectional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5923,31 +6151,31 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5927 "util/configparser.c" /* yacc.c:1646 */ +#line 6155 "util/configparser.c" /* yacc.c:1646 */ break; - case 536: -#line 2810 "./util/configparser.y" /* yacc.c:1646 */ + case 560: +#line 2942 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 5937 "util/configparser.c" /* yacc.c:1646 */ +#line 6165 "util/configparser.c" /* yacc.c:1646 */ break; - case 537: -#line 2817 "./util/configparser.y" /* yacc.c:1646 */ + case 561: +#line 2949 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_ip:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_ip); cfg_parser->cfg->dnstap_ip = (yyvsp[0].str); } -#line 5947 "util/configparser.c" /* yacc.c:1646 */ +#line 6175 "util/configparser.c" /* yacc.c:1646 */ break; - case 538: -#line 2824 "./util/configparser.y" /* yacc.c:1646 */ + case 562: +#line 2956 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_tls:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5955,51 +6183,51 @@ yyreduce: else cfg_parser->cfg->dnstap_tls = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5959 "util/configparser.c" /* yacc.c:1646 */ +#line 6187 "util/configparser.c" /* yacc.c:1646 */ break; - case 539: -#line 2833 "./util/configparser.y" /* yacc.c:1646 */ + case 563: +#line 2965 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_tls_server_name:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_server_name); cfg_parser->cfg->dnstap_tls_server_name = (yyvsp[0].str); } -#line 5969 "util/configparser.c" /* yacc.c:1646 */ +#line 6197 "util/configparser.c" /* yacc.c:1646 */ break; - case 540: -#line 2840 "./util/configparser.y" /* yacc.c:1646 */ + case 564: +#line 2972 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_tls_cert_bundle:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_cert_bundle); cfg_parser->cfg->dnstap_tls_cert_bundle = (yyvsp[0].str); } -#line 5979 "util/configparser.c" /* yacc.c:1646 */ +#line 6207 "util/configparser.c" /* yacc.c:1646 */ break; - case 541: -#line 2847 "./util/configparser.y" /* yacc.c:1646 */ + case 565: +#line 2979 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_tls_client_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_key_file); cfg_parser->cfg->dnstap_tls_client_key_file = (yyvsp[0].str); } -#line 5989 "util/configparser.c" /* yacc.c:1646 */ +#line 6217 "util/configparser.c" /* yacc.c:1646 */ break; - case 542: -#line 2854 "./util/configparser.y" /* yacc.c:1646 */ + case 566: +#line 2986 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_tls_client_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_tls_client_cert_file); cfg_parser->cfg->dnstap_tls_client_cert_file = (yyvsp[0].str); } -#line 5999 "util/configparser.c" /* yacc.c:1646 */ +#line 6227 "util/configparser.c" /* yacc.c:1646 */ break; - case 543: -#line 2861 "./util/configparser.y" /* yacc.c:1646 */ + case 567: +#line 2993 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6007,11 +6235,11 @@ yyreduce: else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6011 "util/configparser.c" /* yacc.c:1646 */ +#line 6239 "util/configparser.c" /* yacc.c:1646 */ break; - case 544: -#line 2870 "./util/configparser.y" /* yacc.c:1646 */ + case 568: +#line 3002 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6019,31 +6247,31 @@ yyreduce: else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6023 "util/configparser.c" /* yacc.c:1646 */ +#line 6251 "util/configparser.c" /* yacc.c:1646 */ break; - case 545: -#line 2879 "./util/configparser.y" /* yacc.c:1646 */ + case 569: +#line 3011 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 6033 "util/configparser.c" /* yacc.c:1646 */ +#line 6261 "util/configparser.c" /* yacc.c:1646 */ break; - case 546: -#line 2886 "./util/configparser.y" /* yacc.c:1646 */ + case 570: +#line 3018 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 6043 "util/configparser.c" /* yacc.c:1646 */ +#line 6271 "util/configparser.c" /* yacc.c:1646 */ break; - case 547: -#line 2893 "./util/configparser.y" /* yacc.c:1646 */ + case 571: +#line 3025 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6052,11 +6280,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6056 "util/configparser.c" /* yacc.c:1646 */ +#line 6284 "util/configparser.c" /* yacc.c:1646 */ break; - case 548: -#line 2903 "./util/configparser.y" /* yacc.c:1646 */ + case 572: +#line 3035 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6065,11 +6293,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6069 "util/configparser.c" /* yacc.c:1646 */ +#line 6297 "util/configparser.c" /* yacc.c:1646 */ break; - case 549: -#line 2913 "./util/configparser.y" /* yacc.c:1646 */ + case 573: +#line 3045 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6078,11 +6306,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6082 "util/configparser.c" /* yacc.c:1646 */ +#line 6310 "util/configparser.c" /* yacc.c:1646 */ break; - case 550: -#line 2923 "./util/configparser.y" /* yacc.c:1646 */ + case 574: +#line 3055 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6091,11 +6319,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6095 "util/configparser.c" /* yacc.c:1646 */ +#line 6323 "util/configparser.c" /* yacc.c:1646 */ break; - case 551: -#line 2933 "./util/configparser.y" /* yacc.c:1646 */ + case 575: +#line 3065 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6104,11 +6332,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6108 "util/configparser.c" /* yacc.c:1646 */ +#line 6336 "util/configparser.c" /* yacc.c:1646 */ break; - case 552: -#line 2943 "./util/configparser.y" /* yacc.c:1646 */ + case 576: +#line 3075 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6117,47 +6345,47 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6121 "util/configparser.c" /* yacc.c:1646 */ +#line 6349 "util/configparser.c" /* yacc.c:1646 */ break; - case 553: -#line 2953 "./util/configparser.y" /* yacc.c:1646 */ + case 577: +#line 3085 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(python:)\n")); } -#line 6129 "util/configparser.c" /* yacc.c:1646 */ +#line 6357 "util/configparser.c" /* yacc.c:1646 */ break; - case 557: -#line 2962 "./util/configparser.y" /* yacc.c:1646 */ + case 581: +#line 3094 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->python_script, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6139 "util/configparser.c" /* yacc.c:1646 */ +#line 6367 "util/configparser.c" /* yacc.c:1646 */ break; - case 558: -#line 2968 "./util/configparser.y" /* yacc.c:1646 */ + case 582: +#line 3100 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dynlib:)\n")); } -#line 6147 "util/configparser.c" /* yacc.c:1646 */ +#line 6375 "util/configparser.c" /* yacc.c:1646 */ break; - case 562: -#line 2977 "./util/configparser.y" /* yacc.c:1646 */ + case 586: +#line 3109 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dynlib-file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_append_ex(&cfg_parser->cfg->dynlib_file, (yyvsp[0].str))) yyerror("out of memory"); } -#line 6157 "util/configparser.c" /* yacc.c:1646 */ +#line 6385 "util/configparser.c" /* yacc.c:1646 */ break; - case 563: -#line 2983 "./util/configparser.y" /* yacc.c:1646 */ + case 587: +#line 3115 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6166,21 +6394,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6170 "util/configparser.c" /* yacc.c:1646 */ +#line 6398 "util/configparser.c" /* yacc.c:1646 */ break; - case 564: -#line 2993 "./util/configparser.y" /* yacc.c:1646 */ + case 588: +#line 3125 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 6180 "util/configparser.c" /* yacc.c:1646 */ +#line 6408 "util/configparser.c" /* yacc.c:1646 */ break; - case 565: -#line 3000 "./util/configparser.y" /* yacc.c:1646 */ + case 589: +#line 3132 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -6188,30 +6416,30 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 6192 "util/configparser.c" /* yacc.c:1646 */ +#line 6420 "util/configparser.c" /* yacc.c:1646 */ break; - case 566: -#line 3009 "./util/configparser.y" /* yacc.c:1646 */ + case 590: +#line 3141 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 6203 "util/configparser.c" /* yacc.c:1646 */ +#line 6431 "util/configparser.c" /* yacc.c:1646 */ break; - case 567: -#line 3017 "./util/configparser.y" /* yacc.c:1646 */ + case 591: +#line 3149 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnscrypt:)\n")); } -#line 6211 "util/configparser.c" /* yacc.c:1646 */ +#line 6439 "util/configparser.c" /* yacc.c:1646 */ break; - case 580: -#line 3033 "./util/configparser.y" /* yacc.c:1646 */ + case 604: +#line 3165 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -6219,11 +6447,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 6223 "util/configparser.c" /* yacc.c:1646 */ +#line 6451 "util/configparser.c" /* yacc.c:1646 */ break; - case 581: -#line 3043 "./util/configparser.y" /* yacc.c:1646 */ + case 605: +#line 3175 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6231,21 +6459,21 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 6235 "util/configparser.c" /* yacc.c:1646 */ +#line 6463 "util/configparser.c" /* yacc.c:1646 */ break; - case 582: -#line 3052 "./util/configparser.y" /* yacc.c:1646 */ + case 606: +#line 3184 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 6245 "util/configparser.c" /* yacc.c:1646 */ +#line 6473 "util/configparser.c" /* yacc.c:1646 */ break; - case 583: -#line 3059 "./util/configparser.y" /* yacc.c:1646 */ + case 607: +#line 3191 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) @@ -6253,21 +6481,21 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 6257 "util/configparser.c" /* yacc.c:1646 */ +#line 6485 "util/configparser.c" /* yacc.c:1646 */ break; - case 584: -#line 3068 "./util/configparser.y" /* yacc.c:1646 */ + case 608: +#line 3200 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); } -#line 6267 "util/configparser.c" /* yacc.c:1646 */ +#line 6495 "util/configparser.c" /* yacc.c:1646 */ break; - case 585: -#line 3075 "./util/configparser.y" /* yacc.c:1646 */ + case 609: +#line 3207 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) @@ -6275,22 +6503,22 @@ yyreduce: if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 6279 "util/configparser.c" /* yacc.c:1646 */ +#line 6507 "util/configparser.c" /* yacc.c:1646 */ break; - case 586: -#line 3084 "./util/configparser.y" /* yacc.c:1646 */ + case 610: +#line 3216 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6290 "util/configparser.c" /* yacc.c:1646 */ +#line 6518 "util/configparser.c" /* yacc.c:1646 */ break; - case 587: -#line 3092 "./util/configparser.y" /* yacc.c:1646 */ + case 611: +#line 3224 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6302,22 +6530,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6306 "util/configparser.c" /* yacc.c:1646 */ +#line 6534 "util/configparser.c" /* yacc.c:1646 */ break; - case 588: -#line 3105 "./util/configparser.y" /* yacc.c:1646 */ + case 612: +#line 3237 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 6317 "util/configparser.c" /* yacc.c:1646 */ +#line 6545 "util/configparser.c" /* yacc.c:1646 */ break; - case 589: -#line 3113 "./util/configparser.y" /* yacc.c:1646 */ + case 613: +#line 3245 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -6329,19 +6557,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 6333 "util/configparser.c" /* yacc.c:1646 */ +#line 6561 "util/configparser.c" /* yacc.c:1646 */ break; - case 590: -#line 3126 "./util/configparser.y" /* yacc.c:1646 */ + case 614: +#line 3258 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(cachedb:)\n")); } -#line 6341 "util/configparser.c" /* yacc.c:1646 */ +#line 6569 "util/configparser.c" /* yacc.c:1646 */ break; - case 599: -#line 3137 "./util/configparser.y" /* yacc.c:1646 */ + case 623: +#line 3269 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -6352,11 +6580,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6356 "util/configparser.c" /* yacc.c:1646 */ +#line 6584 "util/configparser.c" /* yacc.c:1646 */ break; - case 600: -#line 3149 "./util/configparser.y" /* yacc.c:1646 */ + case 624: +#line 3281 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -6367,11 +6595,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6371 "util/configparser.c" /* yacc.c:1646 */ +#line 6599 "util/configparser.c" /* yacc.c:1646 */ break; - case 601: -#line 3161 "./util/configparser.y" /* yacc.c:1646 */ + case 625: +#line 3293 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str))); @@ -6382,11 +6610,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6386 "util/configparser.c" /* yacc.c:1646 */ +#line 6614 "util/configparser.c" /* yacc.c:1646 */ break; - case 602: -#line 3173 "./util/configparser.y" /* yacc.c:1646 */ + case 626: +#line 3305 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) int port; @@ -6400,11 +6628,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6404 "util/configparser.c" /* yacc.c:1646 */ +#line 6632 "util/configparser.c" /* yacc.c:1646 */ break; - case 603: -#line 3188 "./util/configparser.y" /* yacc.c:1646 */ + case 627: +#line 3320 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str))); @@ -6416,11 +6644,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6420 "util/configparser.c" /* yacc.c:1646 */ +#line 6648 "util/configparser.c" /* yacc.c:1646 */ break; - case 604: -#line 3201 "./util/configparser.y" /* yacc.c:1646 */ + case 628: +#line 3333 "./util/configparser.y" /* yacc.c:1646 */ { #if defined(USE_CACHEDB) && defined(USE_REDIS) OUTYY(("P(redis_expire_records:%s)\n", (yyvsp[0].str))); @@ -6432,11 +6660,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 6436 "util/configparser.c" /* yacc.c:1646 */ +#line 6664 "util/configparser.c" /* yacc.c:1646 */ break; - case 605: -#line 3214 "./util/configparser.y" /* yacc.c:1646 */ + case 629: +#line 3346 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_connection_limit:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if (atoi((yyvsp[0].str)) < 0) @@ -6446,19 +6674,19 @@ yyreduce: fatal_exit("out of memory adding tcp connection limit"); } } -#line 6450 "util/configparser.c" /* yacc.c:1646 */ +#line 6678 "util/configparser.c" /* yacc.c:1646 */ break; - case 606: -#line 3225 "./util/configparser.y" /* yacc.c:1646 */ + case 630: +#line 3357 "./util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(ipset:)\n")); } -#line 6458 "util/configparser.c" /* yacc.c:1646 */ +#line 6686 "util/configparser.c" /* yacc.c:1646 */ break; - case 611: -#line 3234 "./util/configparser.y" /* yacc.c:1646 */ + case 635: +#line 3366 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSET OUTYY(("P(name-v4:%s)\n", (yyvsp[0].str))); @@ -6472,11 +6700,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6476 "util/configparser.c" /* yacc.c:1646 */ +#line 6704 "util/configparser.c" /* yacc.c:1646 */ break; - case 612: -#line 3249 "./util/configparser.y" /* yacc.c:1646 */ + case 636: +#line 3381 "./util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSET OUTYY(("P(name-v6:%s)\n", (yyvsp[0].str))); @@ -6490,11 +6718,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 6494 "util/configparser.c" /* yacc.c:1646 */ +#line 6722 "util/configparser.c" /* yacc.c:1646 */ break; -#line 6498 "util/configparser.c" /* yacc.c:1646 */ +#line 6726 "util/configparser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -6722,7 +6950,7 @@ yyreturn: #endif return yyresult; } -#line 3263 "./util/configparser.y" /* yacc.c:1906 */ +#line 3395 "./util/configparser.y" /* yacc.c:1906 */ /* parse helper routines could be here */ diff --git a/util/configparser.h b/util/configparser.h index 053f40035..5bc78024f 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -184,157 +184,169 @@ extern int yydebug; VAR_STUB_SSL_UPSTREAM = 394, VAR_FORWARD_SSL_UPSTREAM = 395, VAR_TLS_CERT_BUNDLE = 396, - VAR_STUB_FIRST = 397, - VAR_MINIMAL_RESPONSES = 398, - VAR_RRSET_ROUNDROBIN = 399, - VAR_MAX_UDP_SIZE = 400, - VAR_DELAY_CLOSE = 401, - VAR_UNBLOCK_LAN_ZONES = 402, - VAR_INSECURE_LAN_ZONES = 403, - VAR_INFRA_CACHE_MIN_RTT = 404, - VAR_DNS64_PREFIX = 405, - VAR_DNS64_SYNTHALL = 406, - VAR_DNS64_IGNORE_AAAA = 407, - VAR_DNSTAP = 408, - VAR_DNSTAP_ENABLE = 409, - VAR_DNSTAP_SOCKET_PATH = 410, - VAR_DNSTAP_IP = 411, - VAR_DNSTAP_TLS = 412, - VAR_DNSTAP_TLS_SERVER_NAME = 413, - VAR_DNSTAP_TLS_CERT_BUNDLE = 414, - VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 415, - VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 416, - VAR_DNSTAP_SEND_IDENTITY = 417, - VAR_DNSTAP_SEND_VERSION = 418, - VAR_DNSTAP_BIDIRECTIONAL = 419, - VAR_DNSTAP_IDENTITY = 420, - VAR_DNSTAP_VERSION = 421, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 422, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 423, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 424, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 425, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 426, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 427, - VAR_RESPONSE_IP_TAG = 428, - VAR_RESPONSE_IP = 429, - VAR_RESPONSE_IP_DATA = 430, - VAR_HARDEN_ALGO_DOWNGRADE = 431, - VAR_IP_TRANSPARENT = 432, - VAR_IP_DSCP = 433, - VAR_DISABLE_DNSSEC_LAME_CHECK = 434, - VAR_IP_RATELIMIT = 435, - VAR_IP_RATELIMIT_SLABS = 436, - VAR_IP_RATELIMIT_SIZE = 437, - VAR_RATELIMIT = 438, - VAR_RATELIMIT_SLABS = 439, - VAR_RATELIMIT_SIZE = 440, - VAR_RATELIMIT_FOR_DOMAIN = 441, - VAR_RATELIMIT_BELOW_DOMAIN = 442, - VAR_IP_RATELIMIT_FACTOR = 443, - VAR_RATELIMIT_FACTOR = 444, - VAR_SEND_CLIENT_SUBNET = 445, - VAR_CLIENT_SUBNET_ZONE = 446, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 447, - VAR_CLIENT_SUBNET_OPCODE = 448, - VAR_MAX_CLIENT_SUBNET_IPV4 = 449, - VAR_MAX_CLIENT_SUBNET_IPV6 = 450, - VAR_MIN_CLIENT_SUBNET_IPV4 = 451, - VAR_MIN_CLIENT_SUBNET_IPV6 = 452, - VAR_MAX_ECS_TREE_SIZE_IPV4 = 453, - VAR_MAX_ECS_TREE_SIZE_IPV6 = 454, - VAR_CAPS_WHITELIST = 455, - VAR_CACHE_MAX_NEGATIVE_TTL = 456, - VAR_PERMIT_SMALL_HOLDDOWN = 457, - VAR_QNAME_MINIMISATION = 458, - VAR_QNAME_MINIMISATION_STRICT = 459, - VAR_IP_FREEBIND = 460, - VAR_DEFINE_TAG = 461, - VAR_LOCAL_ZONE_TAG = 462, - VAR_ACCESS_CONTROL_TAG = 463, - VAR_LOCAL_ZONE_OVERRIDE = 464, - VAR_ACCESS_CONTROL_TAG_ACTION = 465, - VAR_ACCESS_CONTROL_TAG_DATA = 466, - VAR_VIEW = 467, - VAR_ACCESS_CONTROL_VIEW = 468, - VAR_VIEW_FIRST = 469, - VAR_SERVE_EXPIRED = 470, - VAR_SERVE_EXPIRED_TTL = 471, - VAR_SERVE_EXPIRED_TTL_RESET = 472, - VAR_SERVE_EXPIRED_REPLY_TTL = 473, - VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 474, - VAR_SERVE_ORIGINAL_TTL = 475, - VAR_FAKE_DSA = 476, - VAR_FAKE_SHA1 = 477, - VAR_LOG_IDENTITY = 478, - VAR_HIDE_TRUSTANCHOR = 479, - VAR_TRUST_ANCHOR_SIGNALING = 480, - VAR_AGGRESSIVE_NSEC = 481, - VAR_USE_SYSTEMD = 482, - VAR_SHM_ENABLE = 483, - VAR_SHM_KEY = 484, - VAR_ROOT_KEY_SENTINEL = 485, - VAR_DNSCRYPT = 486, - VAR_DNSCRYPT_ENABLE = 487, - VAR_DNSCRYPT_PORT = 488, - VAR_DNSCRYPT_PROVIDER = 489, - VAR_DNSCRYPT_SECRET_KEY = 490, - VAR_DNSCRYPT_PROVIDER_CERT = 491, - VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 492, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 493, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 494, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 495, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 496, - VAR_IPSECMOD_ENABLED = 497, - VAR_IPSECMOD_HOOK = 498, - VAR_IPSECMOD_IGNORE_BOGUS = 499, - VAR_IPSECMOD_MAX_TTL = 500, - VAR_IPSECMOD_WHITELIST = 501, - VAR_IPSECMOD_STRICT = 502, - VAR_CACHEDB = 503, - VAR_CACHEDB_BACKEND = 504, - VAR_CACHEDB_SECRETSEED = 505, - VAR_CACHEDB_REDISHOST = 506, - VAR_CACHEDB_REDISPORT = 507, - VAR_CACHEDB_REDISTIMEOUT = 508, - VAR_CACHEDB_REDISEXPIRERECORDS = 509, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 510, - VAR_FOR_UPSTREAM = 511, - VAR_AUTH_ZONE = 512, - VAR_ZONEFILE = 513, - VAR_MASTER = 514, - VAR_URL = 515, - VAR_FOR_DOWNSTREAM = 516, - VAR_FALLBACK_ENABLED = 517, - VAR_TLS_ADDITIONAL_PORT = 518, - VAR_LOW_RTT = 519, - VAR_LOW_RTT_PERMIL = 520, - VAR_FAST_SERVER_PERMIL = 521, - VAR_FAST_SERVER_NUM = 522, - VAR_ALLOW_NOTIFY = 523, - VAR_TLS_WIN_CERT = 524, - VAR_TCP_CONNECTION_LIMIT = 525, - VAR_FORWARD_NO_CACHE = 526, - VAR_STUB_NO_CACHE = 527, - VAR_LOG_SERVFAIL = 528, - VAR_DENY_ANY = 529, - VAR_UNKNOWN_SERVER_TIME_LIMIT = 530, - VAR_LOG_TAG_QUERYREPLY = 531, - VAR_STREAM_WAIT_SIZE = 532, - VAR_TLS_CIPHERS = 533, - VAR_TLS_CIPHERSUITES = 534, - VAR_TLS_USE_SNI = 535, - VAR_IPSET = 536, - VAR_IPSET_NAME_V4 = 537, - VAR_IPSET_NAME_V6 = 538, - VAR_TLS_SESSION_TICKET_KEYS = 539, - VAR_RPZ = 540, - VAR_TAGS = 541, - VAR_RPZ_ACTION_OVERRIDE = 542, - VAR_RPZ_CNAME_OVERRIDE = 543, - VAR_RPZ_LOG = 544, - VAR_RPZ_LOG_NAME = 545, - VAR_DYNLIB = 546, - VAR_DYNLIB_FILE = 547 + VAR_HTTPS_PORT = 397, + VAR_HTTP_ENDPOINT = 398, + VAR_HTTP_MAX_STREAMS = 399, + VAR_HTTP_QUERY_BUFFER_SIZE = 400, + VAR_HTTP_RESPONSE_BUFFER_SIZE = 401, + VAR_HTTP_NODELAY = 402, + VAR_HTTP_NOTLS_DOWNSTREAM = 403, + VAR_STUB_FIRST = 404, + VAR_MINIMAL_RESPONSES = 405, + VAR_RRSET_ROUNDROBIN = 406, + VAR_MAX_UDP_SIZE = 407, + VAR_DELAY_CLOSE = 408, + VAR_UDP_CONNECT = 409, + VAR_UNBLOCK_LAN_ZONES = 410, + VAR_INSECURE_LAN_ZONES = 411, + VAR_INFRA_CACHE_MIN_RTT = 412, + VAR_INFRA_KEEP_PROBING = 413, + VAR_DNS64_PREFIX = 414, + VAR_DNS64_SYNTHALL = 415, + VAR_DNS64_IGNORE_AAAA = 416, + VAR_DNSTAP = 417, + VAR_DNSTAP_ENABLE = 418, + VAR_DNSTAP_SOCKET_PATH = 419, + VAR_DNSTAP_IP = 420, + VAR_DNSTAP_TLS = 421, + VAR_DNSTAP_TLS_SERVER_NAME = 422, + VAR_DNSTAP_TLS_CERT_BUNDLE = 423, + VAR_DNSTAP_TLS_CLIENT_KEY_FILE = 424, + VAR_DNSTAP_TLS_CLIENT_CERT_FILE = 425, + VAR_DNSTAP_SEND_IDENTITY = 426, + VAR_DNSTAP_SEND_VERSION = 427, + VAR_DNSTAP_BIDIRECTIONAL = 428, + VAR_DNSTAP_IDENTITY = 429, + VAR_DNSTAP_VERSION = 430, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 431, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 432, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 433, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 434, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 435, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 436, + VAR_RESPONSE_IP_TAG = 437, + VAR_RESPONSE_IP = 438, + VAR_RESPONSE_IP_DATA = 439, + VAR_HARDEN_ALGO_DOWNGRADE = 440, + VAR_IP_TRANSPARENT = 441, + VAR_IP_DSCP = 442, + VAR_DISABLE_DNSSEC_LAME_CHECK = 443, + VAR_IP_RATELIMIT = 444, + VAR_IP_RATELIMIT_SLABS = 445, + VAR_IP_RATELIMIT_SIZE = 446, + VAR_RATELIMIT = 447, + VAR_RATELIMIT_SLABS = 448, + VAR_RATELIMIT_SIZE = 449, + VAR_RATELIMIT_FOR_DOMAIN = 450, + VAR_RATELIMIT_BELOW_DOMAIN = 451, + VAR_IP_RATELIMIT_FACTOR = 452, + VAR_RATELIMIT_FACTOR = 453, + VAR_SEND_CLIENT_SUBNET = 454, + VAR_CLIENT_SUBNET_ZONE = 455, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 456, + VAR_CLIENT_SUBNET_OPCODE = 457, + VAR_MAX_CLIENT_SUBNET_IPV4 = 458, + VAR_MAX_CLIENT_SUBNET_IPV6 = 459, + VAR_MIN_CLIENT_SUBNET_IPV4 = 460, + VAR_MIN_CLIENT_SUBNET_IPV6 = 461, + VAR_MAX_ECS_TREE_SIZE_IPV4 = 462, + VAR_MAX_ECS_TREE_SIZE_IPV6 = 463, + VAR_CAPS_WHITELIST = 464, + VAR_CACHE_MAX_NEGATIVE_TTL = 465, + VAR_PERMIT_SMALL_HOLDDOWN = 466, + VAR_QNAME_MINIMISATION = 467, + VAR_QNAME_MINIMISATION_STRICT = 468, + VAR_IP_FREEBIND = 469, + VAR_DEFINE_TAG = 470, + VAR_LOCAL_ZONE_TAG = 471, + VAR_ACCESS_CONTROL_TAG = 472, + VAR_LOCAL_ZONE_OVERRIDE = 473, + VAR_ACCESS_CONTROL_TAG_ACTION = 474, + VAR_ACCESS_CONTROL_TAG_DATA = 475, + VAR_VIEW = 476, + VAR_ACCESS_CONTROL_VIEW = 477, + VAR_VIEW_FIRST = 478, + VAR_SERVE_EXPIRED = 479, + VAR_SERVE_EXPIRED_TTL = 480, + VAR_SERVE_EXPIRED_TTL_RESET = 481, + VAR_SERVE_EXPIRED_REPLY_TTL = 482, + VAR_SERVE_EXPIRED_CLIENT_TIMEOUT = 483, + VAR_SERVE_ORIGINAL_TTL = 484, + VAR_FAKE_DSA = 485, + VAR_FAKE_SHA1 = 486, + VAR_LOG_IDENTITY = 487, + VAR_HIDE_TRUSTANCHOR = 488, + VAR_TRUST_ANCHOR_SIGNALING = 489, + VAR_AGGRESSIVE_NSEC = 490, + VAR_USE_SYSTEMD = 491, + VAR_SHM_ENABLE = 492, + VAR_SHM_KEY = 493, + VAR_ROOT_KEY_SENTINEL = 494, + VAR_DNSCRYPT = 495, + VAR_DNSCRYPT_ENABLE = 496, + VAR_DNSCRYPT_PORT = 497, + VAR_DNSCRYPT_PROVIDER = 498, + VAR_DNSCRYPT_SECRET_KEY = 499, + VAR_DNSCRYPT_PROVIDER_CERT = 500, + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 501, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 502, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 503, + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 504, + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 505, + VAR_IPSECMOD_ENABLED = 506, + VAR_IPSECMOD_HOOK = 507, + VAR_IPSECMOD_IGNORE_BOGUS = 508, + VAR_IPSECMOD_MAX_TTL = 509, + VAR_IPSECMOD_WHITELIST = 510, + VAR_IPSECMOD_STRICT = 511, + VAR_CACHEDB = 512, + VAR_CACHEDB_BACKEND = 513, + VAR_CACHEDB_SECRETSEED = 514, + VAR_CACHEDB_REDISHOST = 515, + VAR_CACHEDB_REDISPORT = 516, + VAR_CACHEDB_REDISTIMEOUT = 517, + VAR_CACHEDB_REDISEXPIRERECORDS = 518, + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 519, + VAR_FOR_UPSTREAM = 520, + VAR_AUTH_ZONE = 521, + VAR_ZONEFILE = 522, + VAR_MASTER = 523, + VAR_URL = 524, + VAR_FOR_DOWNSTREAM = 525, + VAR_FALLBACK_ENABLED = 526, + VAR_TLS_ADDITIONAL_PORT = 527, + VAR_LOW_RTT = 528, + VAR_LOW_RTT_PERMIL = 529, + VAR_FAST_SERVER_PERMIL = 530, + VAR_FAST_SERVER_NUM = 531, + VAR_ALLOW_NOTIFY = 532, + VAR_TLS_WIN_CERT = 533, + VAR_TCP_CONNECTION_LIMIT = 534, + VAR_FORWARD_NO_CACHE = 535, + VAR_STUB_NO_CACHE = 536, + VAR_LOG_SERVFAIL = 537, + VAR_DENY_ANY = 538, + VAR_UNKNOWN_SERVER_TIME_LIMIT = 539, + VAR_LOG_TAG_QUERYREPLY = 540, + VAR_STREAM_WAIT_SIZE = 541, + VAR_TLS_CIPHERS = 542, + VAR_TLS_CIPHERSUITES = 543, + VAR_TLS_USE_SNI = 544, + VAR_IPSET = 545, + VAR_IPSET_NAME_V4 = 546, + VAR_IPSET_NAME_V6 = 547, + VAR_TLS_SESSION_TICKET_KEYS = 548, + VAR_RPZ = 549, + VAR_TAGS = 550, + VAR_RPZ_ACTION_OVERRIDE = 551, + VAR_RPZ_CNAME_OVERRIDE = 552, + VAR_RPZ_LOG = 553, + VAR_RPZ_LOG_NAME = 554, + VAR_DYNLIB = 555, + VAR_DYNLIB_FILE = 556, + VAR_EDNS_CLIENT_STRING = 557, + VAR_EDNS_CLIENT_STRING_OPCODE = 558, + VAR_NSID = 559 }; #endif /* Tokens. */ @@ -477,157 +489,169 @@ extern int yydebug; #define VAR_STUB_SSL_UPSTREAM 394 #define VAR_FORWARD_SSL_UPSTREAM 395 #define VAR_TLS_CERT_BUNDLE 396 -#define VAR_STUB_FIRST 397 -#define VAR_MINIMAL_RESPONSES 398 -#define VAR_RRSET_ROUNDROBIN 399 -#define VAR_MAX_UDP_SIZE 400 -#define VAR_DELAY_CLOSE 401 -#define VAR_UNBLOCK_LAN_ZONES 402 -#define VAR_INSECURE_LAN_ZONES 403 -#define VAR_INFRA_CACHE_MIN_RTT 404 -#define VAR_DNS64_PREFIX 405 -#define VAR_DNS64_SYNTHALL 406 -#define VAR_DNS64_IGNORE_AAAA 407 -#define VAR_DNSTAP 408 -#define VAR_DNSTAP_ENABLE 409 -#define VAR_DNSTAP_SOCKET_PATH 410 -#define VAR_DNSTAP_IP 411 -#define VAR_DNSTAP_TLS 412 -#define VAR_DNSTAP_TLS_SERVER_NAME 413 -#define VAR_DNSTAP_TLS_CERT_BUNDLE 414 -#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 415 -#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 416 -#define VAR_DNSTAP_SEND_IDENTITY 417 -#define VAR_DNSTAP_SEND_VERSION 418 -#define VAR_DNSTAP_BIDIRECTIONAL 419 -#define VAR_DNSTAP_IDENTITY 420 -#define VAR_DNSTAP_VERSION 421 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 422 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 423 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 424 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 425 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 426 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 427 -#define VAR_RESPONSE_IP_TAG 428 -#define VAR_RESPONSE_IP 429 -#define VAR_RESPONSE_IP_DATA 430 -#define VAR_HARDEN_ALGO_DOWNGRADE 431 -#define VAR_IP_TRANSPARENT 432 -#define VAR_IP_DSCP 433 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 434 -#define VAR_IP_RATELIMIT 435 -#define VAR_IP_RATELIMIT_SLABS 436 -#define VAR_IP_RATELIMIT_SIZE 437 -#define VAR_RATELIMIT 438 -#define VAR_RATELIMIT_SLABS 439 -#define VAR_RATELIMIT_SIZE 440 -#define VAR_RATELIMIT_FOR_DOMAIN 441 -#define VAR_RATELIMIT_BELOW_DOMAIN 442 -#define VAR_IP_RATELIMIT_FACTOR 443 -#define VAR_RATELIMIT_FACTOR 444 -#define VAR_SEND_CLIENT_SUBNET 445 -#define VAR_CLIENT_SUBNET_ZONE 446 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 447 -#define VAR_CLIENT_SUBNET_OPCODE 448 -#define VAR_MAX_CLIENT_SUBNET_IPV4 449 -#define VAR_MAX_CLIENT_SUBNET_IPV6 450 -#define VAR_MIN_CLIENT_SUBNET_IPV4 451 -#define VAR_MIN_CLIENT_SUBNET_IPV6 452 -#define VAR_MAX_ECS_TREE_SIZE_IPV4 453 -#define VAR_MAX_ECS_TREE_SIZE_IPV6 454 -#define VAR_CAPS_WHITELIST 455 -#define VAR_CACHE_MAX_NEGATIVE_TTL 456 -#define VAR_PERMIT_SMALL_HOLDDOWN 457 -#define VAR_QNAME_MINIMISATION 458 -#define VAR_QNAME_MINIMISATION_STRICT 459 -#define VAR_IP_FREEBIND 460 -#define VAR_DEFINE_TAG 461 -#define VAR_LOCAL_ZONE_TAG 462 -#define VAR_ACCESS_CONTROL_TAG 463 -#define VAR_LOCAL_ZONE_OVERRIDE 464 -#define VAR_ACCESS_CONTROL_TAG_ACTION 465 -#define VAR_ACCESS_CONTROL_TAG_DATA 466 -#define VAR_VIEW 467 -#define VAR_ACCESS_CONTROL_VIEW 468 -#define VAR_VIEW_FIRST 469 -#define VAR_SERVE_EXPIRED 470 -#define VAR_SERVE_EXPIRED_TTL 471 -#define VAR_SERVE_EXPIRED_TTL_RESET 472 -#define VAR_SERVE_EXPIRED_REPLY_TTL 473 -#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 474 -#define VAR_SERVE_ORIGINAL_TTL 475 -#define VAR_FAKE_DSA 476 -#define VAR_FAKE_SHA1 477 -#define VAR_LOG_IDENTITY 478 -#define VAR_HIDE_TRUSTANCHOR 479 -#define VAR_TRUST_ANCHOR_SIGNALING 480 -#define VAR_AGGRESSIVE_NSEC 481 -#define VAR_USE_SYSTEMD 482 -#define VAR_SHM_ENABLE 483 -#define VAR_SHM_KEY 484 -#define VAR_ROOT_KEY_SENTINEL 485 -#define VAR_DNSCRYPT 486 -#define VAR_DNSCRYPT_ENABLE 487 -#define VAR_DNSCRYPT_PORT 488 -#define VAR_DNSCRYPT_PROVIDER 489 -#define VAR_DNSCRYPT_SECRET_KEY 490 -#define VAR_DNSCRYPT_PROVIDER_CERT 491 -#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 492 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 493 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 494 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 495 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 496 -#define VAR_IPSECMOD_ENABLED 497 -#define VAR_IPSECMOD_HOOK 498 -#define VAR_IPSECMOD_IGNORE_BOGUS 499 -#define VAR_IPSECMOD_MAX_TTL 500 -#define VAR_IPSECMOD_WHITELIST 501 -#define VAR_IPSECMOD_STRICT 502 -#define VAR_CACHEDB 503 -#define VAR_CACHEDB_BACKEND 504 -#define VAR_CACHEDB_SECRETSEED 505 -#define VAR_CACHEDB_REDISHOST 506 -#define VAR_CACHEDB_REDISPORT 507 -#define VAR_CACHEDB_REDISTIMEOUT 508 -#define VAR_CACHEDB_REDISEXPIRERECORDS 509 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 510 -#define VAR_FOR_UPSTREAM 511 -#define VAR_AUTH_ZONE 512 -#define VAR_ZONEFILE 513 -#define VAR_MASTER 514 -#define VAR_URL 515 -#define VAR_FOR_DOWNSTREAM 516 -#define VAR_FALLBACK_ENABLED 517 -#define VAR_TLS_ADDITIONAL_PORT 518 -#define VAR_LOW_RTT 519 -#define VAR_LOW_RTT_PERMIL 520 -#define VAR_FAST_SERVER_PERMIL 521 -#define VAR_FAST_SERVER_NUM 522 -#define VAR_ALLOW_NOTIFY 523 -#define VAR_TLS_WIN_CERT 524 -#define VAR_TCP_CONNECTION_LIMIT 525 -#define VAR_FORWARD_NO_CACHE 526 -#define VAR_STUB_NO_CACHE 527 -#define VAR_LOG_SERVFAIL 528 -#define VAR_DENY_ANY 529 -#define VAR_UNKNOWN_SERVER_TIME_LIMIT 530 -#define VAR_LOG_TAG_QUERYREPLY 531 -#define VAR_STREAM_WAIT_SIZE 532 -#define VAR_TLS_CIPHERS 533 -#define VAR_TLS_CIPHERSUITES 534 -#define VAR_TLS_USE_SNI 535 -#define VAR_IPSET 536 -#define VAR_IPSET_NAME_V4 537 -#define VAR_IPSET_NAME_V6 538 -#define VAR_TLS_SESSION_TICKET_KEYS 539 -#define VAR_RPZ 540 -#define VAR_TAGS 541 -#define VAR_RPZ_ACTION_OVERRIDE 542 -#define VAR_RPZ_CNAME_OVERRIDE 543 -#define VAR_RPZ_LOG 544 -#define VAR_RPZ_LOG_NAME 545 -#define VAR_DYNLIB 546 -#define VAR_DYNLIB_FILE 547 +#define VAR_HTTPS_PORT 397 +#define VAR_HTTP_ENDPOINT 398 +#define VAR_HTTP_MAX_STREAMS 399 +#define VAR_HTTP_QUERY_BUFFER_SIZE 400 +#define VAR_HTTP_RESPONSE_BUFFER_SIZE 401 +#define VAR_HTTP_NODELAY 402 +#define VAR_HTTP_NOTLS_DOWNSTREAM 403 +#define VAR_STUB_FIRST 404 +#define VAR_MINIMAL_RESPONSES 405 +#define VAR_RRSET_ROUNDROBIN 406 +#define VAR_MAX_UDP_SIZE 407 +#define VAR_DELAY_CLOSE 408 +#define VAR_UDP_CONNECT 409 +#define VAR_UNBLOCK_LAN_ZONES 410 +#define VAR_INSECURE_LAN_ZONES 411 +#define VAR_INFRA_CACHE_MIN_RTT 412 +#define VAR_INFRA_KEEP_PROBING 413 +#define VAR_DNS64_PREFIX 414 +#define VAR_DNS64_SYNTHALL 415 +#define VAR_DNS64_IGNORE_AAAA 416 +#define VAR_DNSTAP 417 +#define VAR_DNSTAP_ENABLE 418 +#define VAR_DNSTAP_SOCKET_PATH 419 +#define VAR_DNSTAP_IP 420 +#define VAR_DNSTAP_TLS 421 +#define VAR_DNSTAP_TLS_SERVER_NAME 422 +#define VAR_DNSTAP_TLS_CERT_BUNDLE 423 +#define VAR_DNSTAP_TLS_CLIENT_KEY_FILE 424 +#define VAR_DNSTAP_TLS_CLIENT_CERT_FILE 425 +#define VAR_DNSTAP_SEND_IDENTITY 426 +#define VAR_DNSTAP_SEND_VERSION 427 +#define VAR_DNSTAP_BIDIRECTIONAL 428 +#define VAR_DNSTAP_IDENTITY 429 +#define VAR_DNSTAP_VERSION 430 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 431 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 432 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 433 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 434 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 435 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 436 +#define VAR_RESPONSE_IP_TAG 437 +#define VAR_RESPONSE_IP 438 +#define VAR_RESPONSE_IP_DATA 439 +#define VAR_HARDEN_ALGO_DOWNGRADE 440 +#define VAR_IP_TRANSPARENT 441 +#define VAR_IP_DSCP 442 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 443 +#define VAR_IP_RATELIMIT 444 +#define VAR_IP_RATELIMIT_SLABS 445 +#define VAR_IP_RATELIMIT_SIZE 446 +#define VAR_RATELIMIT 447 +#define VAR_RATELIMIT_SLABS 448 +#define VAR_RATELIMIT_SIZE 449 +#define VAR_RATELIMIT_FOR_DOMAIN 450 +#define VAR_RATELIMIT_BELOW_DOMAIN 451 +#define VAR_IP_RATELIMIT_FACTOR 452 +#define VAR_RATELIMIT_FACTOR 453 +#define VAR_SEND_CLIENT_SUBNET 454 +#define VAR_CLIENT_SUBNET_ZONE 455 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 456 +#define VAR_CLIENT_SUBNET_OPCODE 457 +#define VAR_MAX_CLIENT_SUBNET_IPV4 458 +#define VAR_MAX_CLIENT_SUBNET_IPV6 459 +#define VAR_MIN_CLIENT_SUBNET_IPV4 460 +#define VAR_MIN_CLIENT_SUBNET_IPV6 461 +#define VAR_MAX_ECS_TREE_SIZE_IPV4 462 +#define VAR_MAX_ECS_TREE_SIZE_IPV6 463 +#define VAR_CAPS_WHITELIST 464 +#define VAR_CACHE_MAX_NEGATIVE_TTL 465 +#define VAR_PERMIT_SMALL_HOLDDOWN 466 +#define VAR_QNAME_MINIMISATION 467 +#define VAR_QNAME_MINIMISATION_STRICT 468 +#define VAR_IP_FREEBIND 469 +#define VAR_DEFINE_TAG 470 +#define VAR_LOCAL_ZONE_TAG 471 +#define VAR_ACCESS_CONTROL_TAG 472 +#define VAR_LOCAL_ZONE_OVERRIDE 473 +#define VAR_ACCESS_CONTROL_TAG_ACTION 474 +#define VAR_ACCESS_CONTROL_TAG_DATA 475 +#define VAR_VIEW 476 +#define VAR_ACCESS_CONTROL_VIEW 477 +#define VAR_VIEW_FIRST 478 +#define VAR_SERVE_EXPIRED 479 +#define VAR_SERVE_EXPIRED_TTL 480 +#define VAR_SERVE_EXPIRED_TTL_RESET 481 +#define VAR_SERVE_EXPIRED_REPLY_TTL 482 +#define VAR_SERVE_EXPIRED_CLIENT_TIMEOUT 483 +#define VAR_SERVE_ORIGINAL_TTL 484 +#define VAR_FAKE_DSA 485 +#define VAR_FAKE_SHA1 486 +#define VAR_LOG_IDENTITY 487 +#define VAR_HIDE_TRUSTANCHOR 488 +#define VAR_TRUST_ANCHOR_SIGNALING 489 +#define VAR_AGGRESSIVE_NSEC 490 +#define VAR_USE_SYSTEMD 491 +#define VAR_SHM_ENABLE 492 +#define VAR_SHM_KEY 493 +#define VAR_ROOT_KEY_SENTINEL 494 +#define VAR_DNSCRYPT 495 +#define VAR_DNSCRYPT_ENABLE 496 +#define VAR_DNSCRYPT_PORT 497 +#define VAR_DNSCRYPT_PROVIDER 498 +#define VAR_DNSCRYPT_SECRET_KEY 499 +#define VAR_DNSCRYPT_PROVIDER_CERT 500 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 501 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 502 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 503 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 504 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 505 +#define VAR_IPSECMOD_ENABLED 506 +#define VAR_IPSECMOD_HOOK 507 +#define VAR_IPSECMOD_IGNORE_BOGUS 508 +#define VAR_IPSECMOD_MAX_TTL 509 +#define VAR_IPSECMOD_WHITELIST 510 +#define VAR_IPSECMOD_STRICT 511 +#define VAR_CACHEDB 512 +#define VAR_CACHEDB_BACKEND 513 +#define VAR_CACHEDB_SECRETSEED 514 +#define VAR_CACHEDB_REDISHOST 515 +#define VAR_CACHEDB_REDISPORT 516 +#define VAR_CACHEDB_REDISTIMEOUT 517 +#define VAR_CACHEDB_REDISEXPIRERECORDS 518 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 519 +#define VAR_FOR_UPSTREAM 520 +#define VAR_AUTH_ZONE 521 +#define VAR_ZONEFILE 522 +#define VAR_MASTER 523 +#define VAR_URL 524 +#define VAR_FOR_DOWNSTREAM 525 +#define VAR_FALLBACK_ENABLED 526 +#define VAR_TLS_ADDITIONAL_PORT 527 +#define VAR_LOW_RTT 528 +#define VAR_LOW_RTT_PERMIL 529 +#define VAR_FAST_SERVER_PERMIL 530 +#define VAR_FAST_SERVER_NUM 531 +#define VAR_ALLOW_NOTIFY 532 +#define VAR_TLS_WIN_CERT 533 +#define VAR_TCP_CONNECTION_LIMIT 534 +#define VAR_FORWARD_NO_CACHE 535 +#define VAR_STUB_NO_CACHE 536 +#define VAR_LOG_SERVFAIL 537 +#define VAR_DENY_ANY 538 +#define VAR_UNKNOWN_SERVER_TIME_LIMIT 539 +#define VAR_LOG_TAG_QUERYREPLY 540 +#define VAR_STREAM_WAIT_SIZE 541 +#define VAR_TLS_CIPHERS 542 +#define VAR_TLS_CIPHERSUITES 543 +#define VAR_TLS_USE_SNI 544 +#define VAR_IPSET 545 +#define VAR_IPSET_NAME_V4 546 +#define VAR_IPSET_NAME_V6 547 +#define VAR_TLS_SESSION_TICKET_KEYS 548 +#define VAR_RPZ 549 +#define VAR_TAGS 550 +#define VAR_RPZ_ACTION_OVERRIDE 551 +#define VAR_RPZ_CNAME_OVERRIDE 552 +#define VAR_RPZ_LOG 553 +#define VAR_RPZ_LOG_NAME 554 +#define VAR_DYNLIB 555 +#define VAR_DYNLIB_FILE 556 +#define VAR_EDNS_CLIENT_STRING 557 +#define VAR_EDNS_CLIENT_STRING_OPCODE 558 +#define VAR_NSID 559 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -638,7 +662,7 @@ union YYSTYPE char* str; -#line 642 "util/configparser.h" /* yacc.c:1909 */ +#line 666 "util/configparser.h" /* yacc.c:1909 */ }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index 513e90e16..f3e7b223a 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -112,10 +112,13 @@ extern struct config_parser_state* cfg_parser; %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST %token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE +%token VAR_HTTPS_PORT VAR_HTTP_ENDPOINT VAR_HTTP_MAX_STREAMS +%token VAR_HTTP_QUERY_BUFFER_SIZE VAR_HTTP_RESPONSE_BUFFER_SIZE +%token VAR_HTTP_NODELAY VAR_HTTP_NOTLS_DOWNSTREAM %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN -%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE +%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UDP_CONNECT %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES -%token VAR_INFRA_CACHE_MIN_RTT +%token VAR_INFRA_CACHE_MIN_RTT VAR_INFRA_KEEP_PROBING %token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL VAR_DNS64_IGNORE_AAAA %token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH VAR_DNSTAP_IP %token VAR_DNSTAP_TLS VAR_DNSTAP_TLS_SERVER_NAME VAR_DNSTAP_TLS_CERT_BUNDLE @@ -175,7 +178,8 @@ extern struct config_parser_state* cfg_parser; %token VAR_IPSET VAR_IPSET_NAME_V4 VAR_IPSET_NAME_V6 %token VAR_TLS_SESSION_TICKET_KEYS VAR_RPZ VAR_TAGS VAR_RPZ_ACTION_OVERRIDE %token VAR_RPZ_CNAME_OVERRIDE VAR_RPZ_LOG VAR_RPZ_LOG_NAME -%token VAR_DYNLIB VAR_DYNLIB_FILE +%token VAR_DYNLIB VAR_DYNLIB_FILE VAR_EDNS_CLIENT_STRING +%token VAR_EDNS_CLIENT_STRING_OPCODE VAR_NSID %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; @@ -244,13 +248,16 @@ content_server: server_num_threads | server_verbosity | server_port | server_log_queries | server_log_replies | server_tcp_upstream | server_ssl_upstream | server_log_local_actions | server_ssl_service_key | server_ssl_service_pem | server_ssl_port | + server_https_port | server_http_endpoint | server_http_max_streams | + server_http_query_buffer_size | server_http_response_buffer_size | + server_http_nodelay | server_http_notls_downstream | server_minimal_responses | server_rrset_roundrobin | server_max_udp_size | - server_so_reuseport | server_delay_close | + server_so_reuseport | server_delay_close | server_udp_connect | server_unblock_lan_zones | server_insecure_lan_zones | server_dns64_prefix | server_dns64_synthall | server_dns64_ignore_aaaa | server_infra_cache_min_rtt | server_harden_algo_downgrade | server_ip_transparent | server_ip_ratelimit | server_ratelimit | - server_ip_dscp | + server_ip_dscp | server_infra_keep_probing | server_ip_ratelimit_slabs | server_ratelimit_slabs | server_ip_ratelimit_size | server_ratelimit_size | server_ratelimit_for_domain | @@ -286,7 +293,8 @@ content_server: server_num_threads | server_verbosity | server_port | server_unknown_server_time_limit | server_log_tag_queryreply | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys | - server_tls_use_sni + server_tls_use_sni | server_edns_client_string | + server_edns_client_string_opcode | server_nsid ; stubstart: VAR_STUB_ZONE { @@ -970,6 +978,70 @@ server_tls_use_sni: VAR_TLS_USE_SNI STRING_ARG free($2); } ; +server_https_port: VAR_HTTPS_PORT STRING_ARG + { + OUTYY(("P(server_https_port:%s)\n", $2)); + if(atoi($2) == 0) + yyerror("port number expected"); + else cfg_parser->cfg->https_port = atoi($2); + free($2); + }; +server_http_endpoint: VAR_HTTP_ENDPOINT STRING_ARG + { + OUTYY(("P(server_http_endpoint:%s)\n", $2)); + free(cfg_parser->cfg->http_endpoint); + if($2 && $2[0] != '/') { + cfg_parser->cfg->http_endpoint = malloc(strlen($2)+2); + if(!cfg_parser->cfg->http_endpoint) + yyerror("out of memory"); + cfg_parser->cfg->http_endpoint[0] = '/'; + memmove(cfg_parser->cfg->http_endpoint+1, $2, + strlen($2)+1); + free($2); + } else { + cfg_parser->cfg->http_endpoint = $2; + } + }; +server_http_max_streams: VAR_HTTP_MAX_STREAMS STRING_ARG + { + OUTYY(("P(server_http_max_streams:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("number expected"); + else cfg_parser->cfg->http_max_streams = atoi($2); + free($2); + }; +server_http_query_buffer_size: VAR_HTTP_QUERY_BUFFER_SIZE STRING_ARG + { + OUTYY(("P(server_http_query_buffer_size:%s)\n", $2)); + if(!cfg_parse_memsize($2, + &cfg_parser->cfg->http_query_buffer_size)) + yyerror("memory size expected"); + free($2); + }; +server_http_response_buffer_size: VAR_HTTP_RESPONSE_BUFFER_SIZE STRING_ARG + { + OUTYY(("P(server_http_response_buffer_size:%s)\n", $2)); + if(!cfg_parse_memsize($2, + &cfg_parser->cfg->http_response_buffer_size)) + yyerror("memory size expected"); + free($2); + }; +server_http_nodelay: VAR_HTTP_NODELAY STRING_ARG + { + OUTYY(("P(server_http_nodelay:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_nodelay = (strcmp($2, "yes")==0); + free($2); + } +server_http_notls_downstream: VAR_HTTP_NOTLS_DOWNSTREAM STRING_ARG + { + OUTYY(("P(server_http_notls_downstream:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->http_notls_downstream = (strcmp($2, "yes")==0); + free($2); + }; server_use_systemd: VAR_USE_SYSTEMD STRING_ARG { OUTYY(("P(server_use_systemd:%s)\n", $2)); @@ -1121,15 +1193,15 @@ server_root_hints: VAR_ROOT_HINTS STRING_ARG server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING_ARG { OUTYY(("P(server_dlv_anchor_file:%s)\n", $2)); - free(cfg_parser->cfg->dlv_anchor_file); - cfg_parser->cfg->dlv_anchor_file = $2; + log_warn("option dlv-anchor-file ignored: DLV is decommissioned"); + free($2); } ; server_dlv_anchor: VAR_DLV_ANCHOR STRING_ARG { OUTYY(("P(server_dlv_anchor:%s)\n", $2)); - if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2)) - yyerror("out of memory"); + log_warn("option dlv-anchor ignored: DLV is decommissioned"); + free($2); } ; server_auto_trust_anchor_file: VAR_AUTO_TRUST_ANCHOR_FILE STRING_ARG @@ -1233,6 +1305,22 @@ server_version: VAR_VERSION STRING_ARG cfg_parser->cfg->version = $2; } ; +server_nsid: VAR_NSID STRING_ARG + { + OUTYY(("P(server_nsid:%s)\n", $2)); + free(cfg_parser->cfg->nsid_cfg_str); + cfg_parser->cfg->nsid_cfg_str = $2; + free(cfg_parser->cfg->nsid); + cfg_parser->cfg->nsid = NULL; + cfg_parser->cfg->nsid_len = 0; + if (*$2 == 0) + ; /* pass; empty string is not setting nsid */ + else if (!(cfg_parser->cfg->nsid = cfg_parse_nsid( + $2, &cfg_parser->cfg->nsid_len))) + yyerror("the NSID must be either a hex string or an " + "ascii character string prepended with ascii_."); + } + ; server_so_rcvbuf: VAR_SO_RCVBUF STRING_ARG { OUTYY(("P(server_so_rcvbuf:%s)\n", $2)); @@ -1373,6 +1461,15 @@ server_delay_close: VAR_DELAY_CLOSE STRING_ARG free($2); } ; +server_udp_connect: VAR_UDP_CONNECT STRING_ARG + { + OUTYY(("P(server_udp_connect:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->udp_connect = (strcmp($2, "yes")==0); + free($2); + } + ; server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG { OUTYY(("P(server_unblock_lan_zones:%s)\n", $2)); @@ -1470,6 +1567,16 @@ server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG free($2); } ; +server_infra_keep_probing: VAR_INFRA_KEEP_PROBING STRING_ARG + { + OUTYY(("P(server_infra_keep_probing:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->infra_keep_probing = + (strcmp($2, "yes")==0); + free($2); + } + ; server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG { OUTYY(("P(server_target_fetch_policy:%s)\n", $2)); @@ -1949,6 +2056,9 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_transparent")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "always_nodata")!=0 + && strcmp($3, "always_deny")!=0 + && strcmp($3, "always_null")!=0 && strcmp($3, "noview")!=0 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0 && strcmp($3, "inform_redirect") != 0 @@ -1957,8 +2067,9 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "inform_redirect, always_transparent, " - "always_refuse, always_nxdomain, noview " - ", nodefault or ipset"); + "always_refuse, always_nxdomain, " + "always_nodata, always_deny, always_null, " + "noview, nodefault or ipset"); free($2); free($3); } else if(strcmp($3, "nodefault")==0) { @@ -2411,6 +2522,27 @@ server_ipsecmod_strict: VAR_IPSECMOD_STRICT STRING_ARG OUTYY(("P(Compiled without IPsec module, ignoring)\n")); free($2); #endif + } + ; +server_edns_client_string: VAR_EDNS_CLIENT_STRING STRING_ARG STRING_ARG + { + OUTYY(("P(server_edns_client_string:%s %s)\n", $2, $3)); + if(!cfg_str2list_insert( + &cfg_parser->cfg->edns_client_strings, $2, $3)) + fatal_exit("out of memory adding " + "edns-client-string"); + } + ; +server_edns_client_string_opcode: VAR_EDNS_CLIENT_STRING_OPCODE STRING_ARG + { + OUTYY(("P(edns_client_string_opcode:%s)\n", $2)); + if(atoi($2) == 0 && strcmp($2, "0") != 0) + yyerror("option code expected"); + else if(atoi($2) > 65535 || atoi($2) < 0) + yyerror("option code must be in interval [0, 65535]"); + else cfg_parser->cfg->edns_client_string_opcode = atoi($2); + free($2); + } ; stub_name: VAR_NAME STRING_ARG diff --git a/util/data/msgencode.c b/util/data/msgencode.c index 6798b1799..08bbfbd07 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -626,6 +626,9 @@ positive_answer(struct reply_info* rep, uint16_t qtype) { for(i=0;ian_numrrsets; i++) { if(ntohs(rep->rrsets[i]->rk.type) == qtype) { + /* for priming queries, type NS, include addresses */ + if(qtype == LDNS_RR_TYPE_NS) + return 0; /* in case it is a wildcard with DNSSEC, there will * be NSEC/NSEC3 records in the authority section * that we cannot remove */ diff --git a/util/data/msgreply.c b/util/data/msgreply.c index 072a69b33..4830b343f 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -1038,7 +1038,8 @@ static int inplace_cb_reply_call_generic( struct inplace_cb* callback_list, enum inplace_cb_list_type type, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { struct inplace_cb* cb; struct edns_option* opt_list_out = NULL; @@ -1051,7 +1052,7 @@ static int inplace_cb_reply_call_generic( fptr_ok(fptr_whitelist_inplace_cb_reply_generic( (inplace_cb_reply_func_type*)cb->cb, type)); (void)(*(inplace_cb_reply_func_type*)cb->cb)(qinfo, qstate, rep, - rcode, edns, &opt_list_out, repinfo, region, cb->id, cb->cb_arg); + rcode, edns, &opt_list_out, repinfo, region, start_time, cb->id, cb->cb_arg); } edns->opt_list = opt_list_out; return 1; @@ -1059,37 +1060,41 @@ static int inplace_cb_reply_call_generic( int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct comm_reply* repinfo, struct regional* region) + struct edns_data* edns, struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply], inplace_cb_reply, qinfo, - qstate, rep, rcode, edns, repinfo, region); + qstate, rep, rcode, edns, repinfo, region, start_time); } int inplace_cb_reply_cache_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply_cache], inplace_cb_reply_cache, - qinfo, qstate, rep, rcode, edns, repinfo, region); + qinfo, qstate, rep, rcode, edns, repinfo, region, start_time); } int inplace_cb_reply_local_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply_local], inplace_cb_reply_local, - qinfo, qstate, rep, rcode, edns, repinfo, region); + qinfo, qstate, rep, rcode, edns, repinfo, region, start_time); } int inplace_cb_reply_servfail_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region) + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time) { /* We are going to servfail. Remove any potential edns options. */ if(qstate) @@ -1097,7 +1102,7 @@ int inplace_cb_reply_servfail_call(struct module_env* env, return inplace_cb_reply_call_generic( env->inplace_cb_lists[inplace_cb_reply_servfail], inplace_cb_reply_servfail, qinfo, qstate, rep, rcode, edns, repinfo, - region); + region, start_time); } int inplace_cb_query_call(struct module_env* env, struct query_info* qinfo, diff --git a/util/data/msgreply.h b/util/data/msgreply.h index 8d75f9b12..c6b220ed8 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -552,13 +552,16 @@ struct edns_option* edns_opt_list_find(struct edns_option* list, uint16_t code); * @param rep: Reply info. Could be NULL. * @param rcode: return code. * @param edns: edns data of the reply. - * @param repinfo: comm_reply. NULL. + * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, - struct edns_data* edns, struct comm_reply* repinfo, struct regional* region); + struct edns_data* edns, struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_reply_cache linked list. @@ -571,12 +574,15 @@ int inplace_cb_reply_call(struct module_env* env, struct query_info* qinfo, * @param edns: edns data of the reply. Edns input can be found here. * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_cache_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_reply_local linked list. @@ -589,12 +595,15 @@ int inplace_cb_reply_cache_call(struct module_env* env, * @param edns: edns data of the reply. Edns input can be found here. * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_local_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_reply linked list. @@ -608,12 +617,15 @@ int inplace_cb_reply_local_call(struct module_env* env, * is NULL. * @param repinfo: comm_reply. Reply information for a communication point. * @param region: region to store data. + * @param start_time: the start time of recursion, when the packet arrived, + * or the current time for cache responses. * @return false on failure (a callback function returned an error). */ int inplace_cb_reply_servfail_call(struct module_env* env, struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, - struct comm_reply* repinfo, struct regional* region); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time); /** * Call the registered functions in the inplace_cb_query linked list. diff --git a/util/edns.c b/util/edns.c index d19952df0..bfb6d65ca 100644 --- a/util/edns.c +++ b/util/edns.c @@ -43,10 +43,91 @@ #include "util/edns.h" #include "util/config_file.h" #include "util/netevent.h" +#include "util/net_help.h" #include "util/regional.h" #include "util/data/msgparse.h" #include "util/data/msgreply.h" +struct edns_strings* edns_strings_create(void) +{ + struct edns_strings* edns_strings = calloc(1, + sizeof(struct edns_strings)); + if(!edns_strings) + return NULL; + if(!(edns_strings->region = regional_create())) { + edns_strings_delete(edns_strings); + return NULL; + } + return edns_strings; +} + +void edns_strings_delete(struct edns_strings* edns_strings) +{ + if(!edns_strings) + return; + regional_destroy(edns_strings->region); + free(edns_strings); +} + +static int +edns_strings_client_insert(struct edns_strings* edns_strings, + struct sockaddr_storage* addr, socklen_t addrlen, int net, + const char* string) +{ + struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region, + sizeof(struct edns_string_addr)); + if(!esa) + return 0; + esa->string_len = strlen(string); + esa->string = regional_alloc_init(edns_strings->region, string, + esa->string_len); + if(!esa->string) + return 0; + if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr, + addrlen, net)) { + verbose(VERB_QUERY, "duplicate EDNS client string ignored."); + } + return 1; +} + +int edns_strings_apply_cfg(struct edns_strings* edns_strings, + struct config_file* config) +{ + struct config_str2list* c; + regional_free_all(edns_strings->region); + addr_tree_init(&edns_strings->client_strings); + + for(c=config->edns_client_strings; c; c=c->next) { + struct sockaddr_storage addr; + socklen_t addrlen; + int net; + log_assert(c->str && c->str2); + + if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen, + &net)) { + log_err("cannot parse EDNS client string IP netblock: " + "%s", c->str); + return 0; + } + if(!edns_strings_client_insert(edns_strings, &addr, addrlen, + net, c->str2)) { + log_err("out of memory while adding EDNS strings"); + return 0; + } + } + edns_strings->client_string_opcode = config->edns_client_string_opcode; + + addr_tree_init_parents(&edns_strings->client_strings); + return 1; +} + +struct edns_string_addr* +edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, + socklen_t addrlen) +{ + return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen); +} + static int edns_keepalive(struct edns_data* edns_out, struct edns_data* edns_in, struct comm_point* c, struct regional* region) { @@ -79,5 +160,10 @@ int apply_edns_options(struct edns_data* edns_out, struct edns_data* edns_in, !edns_keepalive(edns_out, edns_in, c, region)) return 0; + if (cfg->nsid && edns_opt_list_find(edns_in->opt_list, LDNS_EDNS_NSID) + && !edns_opt_list_append(&edns_out->opt_list, + LDNS_EDNS_NSID, cfg->nsid_len, cfg->nsid, region)) + return 0; + return 1; } diff --git a/util/edns.h b/util/edns.h index a4ee7def6..11742eb5b 100644 --- a/util/edns.h +++ b/util/edns.h @@ -42,11 +42,70 @@ #ifndef UTIL_EDNS_H #define UTIL_EDNS_H +#include "util/storage/dnstree.h" + struct edns_data; struct config_file; struct comm_point; struct regional; +/** + * Structure containing all EDNS strings. + */ +struct edns_strings { + /** Tree of EDNS client strings to use in upstream queries, per address + * prefix. Contains nodes of type edns_string_addr. */ + rbtree_type client_strings; + /** EDNS opcode to use for client strings */ + uint16_t client_string_opcode; + /** region to allocate tree nodes in */ + struct regional* region; +}; + +/** + * EDNS string. Node of rbtree, containing string and prefix. + */ +struct edns_string_addr { + /** node in address tree, used for tree lookups. Need to be the first + * member of this struct. */ + struct addr_tree_node node; + /** string, ascii format */ + uint8_t* string; + /** length of string */ + size_t string_len; +}; + +/** + * Create structure to hold EDNS strings + * @return: newly created edns_strings, NULL on alloc failure. + */ +struct edns_strings* edns_strings_create(void); + +/** Delete EDNS strings structure + * @param edns_strings: struct to delete + */ +void edns_strings_delete(struct edns_strings* edns_strings); + +/** + * Add configured EDNS strings + * @param edns_strings: edns strings to apply config to + * @param config: struct containing EDNS strings configuration + * @return 0 on error + */ +int edns_strings_apply_cfg(struct edns_strings* edns_strings, + struct config_file* config); + +/** + * Find string for address. + * @param tree: tree containing EDNS strings per address prefix. + * @param addr: address to use for tree lookup + * @param addrlen: length of address + * @return: matching tree node, NULL otherwise + */ +struct edns_string_addr* +edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr, + socklen_t addrlen); + /** * Apply common EDNS options. * diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index aa275ed53..a9e9d3a03 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -138,6 +138,9 @@ fptr_whitelist_comm_timer(void (*fptr)(void*)) else if(fptr == &auth_xfer_probe_timer_callback) return 1; else if(fptr == &auth_xfer_transfer_timer_callback) return 1; else if(fptr == &mesh_serve_expired_callback) return 1; +#ifdef USE_DNSTAP + else if(fptr == &mq_wakeup_cb) return 1; +#endif return 0; } @@ -226,6 +229,8 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)) else if(fptr == &fwd_cmp) return 1; else if(fptr == &pending_cmp) return 1; else if(fptr == &serviced_cmp) return 1; + else if(fptr == &reuse_cmp) return 1; + else if(fptr == &reuse_id_cmp) return 1; else if(fptr == &name_tree_compare) return 1; else if(fptr == &order_lock_cmp) return 1; else if(fptr == &codeline_cmp) return 1; diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 79488f49a..875851e6a 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -2014,6 +2014,7 @@ 2368, 2370, 2372, +2378, 2381, 2382, 2383, @@ -3574,7 +3575,6 @@ 3977, 3978, 3979, -3980, 3981, 3982, 3983, @@ -4516,6 +4516,7 @@ 6679, 6689, 6696, +6699, 6701, 6702, 6703, @@ -4744,6 +4745,7 @@ 8023, 8025, 8026, +8027, 8032, 8033, 8034, @@ -5288,6 +5290,7 @@ 22005, 22273, 22305, +22333, 22335, 22343, 22347, diff --git a/util/mini_event.h b/util/mini_event.h index 1734ca574..fa71ca3d1 100644 --- a/util/mini_event.h +++ b/util/mini_event.h @@ -54,6 +54,10 @@ #if defined(USE_MINI_EVENT) && !defined(USE_WINSOCK) +#ifdef HAVE_SYS_SELECT_H +/* for fd_set on OpenBSD */ +#include +#endif #include #ifndef HAVE_EVENT_BASE_FREE diff --git a/util/module.h b/util/module.h index fa89c647e..81a31a9cc 100644 --- a/util/module.h +++ b/util/module.h @@ -257,8 +257,8 @@ struct inplace_cb { typedef int inplace_cb_reply_func_type(struct query_info* qinfo, struct module_qstate* qstate, struct reply_info* rep, int rcode, struct edns_data* edns, struct edns_option** opt_list_out, - struct comm_reply* repinfo, struct regional* region, int id, - void* callback); + struct comm_reply* repinfo, struct regional* region, + struct timeval* start_time, int id, void* callback); /** * Inplace callback function called before sending the query to a nameserver. @@ -520,6 +520,8 @@ struct module_env { struct edns_known_option* edns_known_options; /* Number of known edns options */ size_t edns_known_options_num; + /** EDNS client string information */ + struct edns_strings* edns_strings; /* Make every mesh state unique, do not aggregate mesh states. */ int unique_mesh; diff --git a/util/net_help.c b/util/net_help.c index f59a4d653..c5216bc2d 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -61,6 +61,9 @@ #ifdef USE_WINSOCK #include #endif +#ifdef HAVE_NGHTTP2_NGHTTP2_H +#include +#endif /** max length of an IP address (the address portion) that we allow */ #define MAX_ADDR_STRLEN 128 /* characters */ @@ -82,6 +85,7 @@ static struct tls_session_ticket_key { unsigned char *hmac_key; } *ticket_keys; +#ifdef HAVE_SSL /** * callback TLS session ticket encrypt and decrypt * For use with SSL_CTX_set_tlsext_ticket_key_cb or @@ -97,7 +101,6 @@ static struct tls_session_ticket_key { * @return 0 on no ticket, 1 for okay, and 2 for okay but renew the ticket * (the ticket is decrypt only). and <0 for failures. */ -#ifdef HAVE_SSL int tls_session_ticket_key_cb(SSL *s, unsigned char* key_name, unsigned char* iv, EVP_CIPHER_CTX *evp_ctx, #ifdef HAVE_SSL_CTX_SET_TLSEXT_TICKET_KEY_EVP_CB @@ -884,6 +887,21 @@ log_cert(unsigned level, const char* str, void* cert) } #endif /* HAVE_SSL */ +#if defined(HAVE_SSL) && defined(HAVE_NGHTTP2) +static int alpn_select_cb(SSL* ATTR_UNUSED(ssl), const unsigned char** out, + unsigned char* outlen, const unsigned char* in, unsigned int inlen, + void* ATTR_UNUSED(arg)) +{ + int rv = nghttp2_select_next_protocol((unsigned char **)out, outlen, in, + inlen); + if(rv == -1) { + return SSL_TLSEXT_ERR_NOACK; + } + /* either http/1.1 or h2 selected */ + return SSL_TLSEXT_ERR_OK; +} +#endif + int listen_sslctx_setup(void* ctxt) { @@ -942,6 +960,9 @@ listen_sslctx_setup(void* ctxt) #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL SSL_CTX_set_security_level(ctx, 0); #endif +#if defined(HAVE_SSL_CTX_SET_ALPN_SELECT_CB) && defined(HAVE_NGHTTP2) + SSL_CTX_set_alpn_select_cb(ctx, alpn_select_cb, NULL); +#endif #else (void)ctxt; #endif /* HAVE_SSL */ @@ -1478,7 +1499,11 @@ int tls_session_ticket_key_cb(SSL *ATTR_UNUSED(sslctx), unsigned char* key_name, params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); +#ifdef HAVE_EVP_MAC_CTX_SET_PARAMS + EVP_MAC_CTX_set_params(hmac_ctx, params); +#else EVP_MAC_set_ctx_params(hmac_ctx, params); +#endif #elif !defined(HMAC_INIT_EX_RETURNS_VOID) if (HMAC_Init_ex(hmac_ctx, ticket_keys->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); @@ -1509,7 +1534,11 @@ int tls_session_ticket_key_cb(SSL *ATTR_UNUSED(sslctx), unsigned char* key_name, params[1] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, "sha256", 0); params[2] = OSSL_PARAM_construct_end(); +#ifdef HAVE_EVP_MAC_CTX_SET_PARAMS + EVP_MAC_CTX_set_params(hmac_ctx, params); +#else EVP_MAC_set_ctx_params(hmac_ctx, params); +#endif #elif !defined(HMAC_INIT_EX_RETURNS_VOID) if (HMAC_Init_ex(hmac_ctx, key->hmac_key, 32, digest, NULL) != 1) { verbose(VERB_CLIENT, "HMAC_Init_ex failed"); @@ -1554,3 +1583,31 @@ listen_sslctx_delete_ticket_keys(void) free(ticket_keys); ticket_keys = NULL; } + +# ifndef USE_WINSOCK +char* +sock_strerror(int errn) +{ + return strerror(errn); +} + +void +sock_close(int socket) +{ + close(socket); +} + +# else +char* +sock_strerror(int ATTR_UNUSED(errn)) +{ + return wsa_strerror(WSAGetLastError()); +} + +void +sock_close(int socket) +{ + closesocket(socket); +} + +# endif /* USE_WINSOCK */ diff --git a/util/net_help.h b/util/net_help.h index 29943ada0..45b607a43 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -496,4 +496,10 @@ void listen_sslctx_delete_ticket_keys(void); */ int netblockdnametoaddr(uint8_t* dname, size_t dnamelen, struct sockaddr_storage* addr, socklen_t* addrlen, int* net, int* af); + +/** Return strerror or wsastrerror for socket error printout */ +char* sock_strerror(int errn); +/** close the socket with close, or wsa closesocket */ +void sock_close(int socket); + #endif /* NET_HELP_H */ diff --git a/util/netevent.c b/util/netevent.c index 3e7a433e5..a2c0e6073 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -333,7 +333,7 @@ int tcp_connect_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) /* send a UDP reply */ int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen) + struct sockaddr* addr, socklen_t addrlen, int is_connected) { ssize_t sent; log_assert(c->fd != -1); @@ -342,9 +342,14 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, log_err("error: send empty UDP packet"); #endif log_assert(addr && addrlen > 0); - sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), - sldns_buffer_remaining(packet), 0, - addr, addrlen); + if(!is_connected) { + sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0, + addr, addrlen); + } else { + sent = send(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0); + } if(sent == -1) { /* try again and block, waiting for IO to complete, * we want to send the answer, and we will wait for @@ -362,9 +367,14 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, #endif int e; fd_set_block(c->fd); - sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), - sldns_buffer_remaining(packet), 0, - addr, addrlen); + if (!is_connected) { + sent = sendto(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0, + addr, addrlen); + } else { + sent = send(c->fd, (void*)sldns_buffer_begin(packet), + sldns_buffer_remaining(packet), 0); + } e = errno; fd_set_nonblock(c->fd); errno = e; @@ -373,14 +383,14 @@ comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, if(sent == -1) { if(!udp_send_errno_needs_log(addr, addrlen)) return 0; -#ifndef USE_WINSOCK - verbose(VERB_OPS, "sendto failed: %s", strerror(errno)); -#else - verbose(VERB_OPS, "sendto failed: %s", - wsa_strerror(WSAGetLastError())); -#endif - log_addr(VERB_OPS, "remote address is", - (struct sockaddr_storage*)addr, addrlen); + if (!is_connected) { + verbose(VERB_OPS, "sendto failed: %s", sock_strerror(errno)); + } else { + verbose(VERB_OPS, "send failed: %s", sock_strerror(errno)); + } + if(addr) + log_addr(VERB_OPS, "remote address is", + (struct sockaddr_storage*)addr, addrlen); return 0; } else if((size_t)sent != sldns_buffer_remaining(packet)) { log_err("sent %d in place of %d bytes", @@ -579,6 +589,41 @@ comm_point_send_udp_msg_if(struct comm_point *c, sldns_buffer* packet, #endif /* AF_INET6 && IPV6_PKTINFO && HAVE_SENDMSG */ } +/** return true is UDP receive error needs to be logged */ +static int udp_recv_needs_log(int err) +{ + switch(err) { + case EACCES: /* some hosts send ICMP 'Permission Denied' */ +#ifndef USE_WINSOCK + case ECONNREFUSED: +# ifdef ENETUNREACH + case ENETUNREACH: +# endif +# ifdef EHOSTDOWN + case EHOSTDOWN: +# endif +# ifdef EHOSTUNREACH + case EHOSTUNREACH: +# endif +# ifdef ENETDOWN + case ENETDOWN: +# endif +#else /* USE_WINSOCK */ + case WSAECONNREFUSED: + case WSAENETUNREACH: + case WSAEHOSTDOWN: + case WSAEHOSTUNREACH: + case WSAENETDOWN: +#endif + if(verbosity >= VERB_ALGO) + return 1; + return 0; + default: + break; + } + return 1; +} + void comm_point_udp_ancil_callback(int fd, short event, void* arg) { @@ -621,7 +666,8 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) msg.msg_flags = 0; rcv = recvmsg(fd, &msg, 0); if(rcv == -1) { - if(errno != EAGAIN && errno != EINTR) { + if(errno != EAGAIN && errno != EINTR + && udp_recv_needs_log(errno)) { log_err("recvmsg failed: %s", strerror(errno)); } return; @@ -702,13 +748,15 @@ comm_point_udp_callback(int fd, short event, void* arg) (struct sockaddr*)&rep.addr, &rep.addrlen); if(rcv == -1) { #ifndef USE_WINSOCK - if(errno != EAGAIN && errno != EINTR) + if(errno != EAGAIN && errno != EINTR + && udp_recv_needs_log(errno)) log_err("recvfrom %d failed: %s", fd, strerror(errno)); #else if(WSAGetLastError() != WSAEINPROGRESS && WSAGetLastError() != WSAECONNRESET && - WSAGetLastError()!= WSAEWOULDBLOCK) + WSAGetLastError()!= WSAEWOULDBLOCK && + udp_recv_needs_log(WSAGetLastError())) log_err("recvfrom failed: %s", wsa_strerror(WSAGetLastError())); #endif @@ -726,7 +774,7 @@ comm_point_udp_callback(int fd, short event, void* arg) buffer = rep.c->buffer; #endif (void)comm_point_send_udp_msg(rep.c, buffer, - (struct sockaddr*)&rep.addr, rep.addrlen); + (struct sockaddr*)&rep.addr, rep.addrlen, 0); } if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ @@ -734,12 +782,19 @@ comm_point_udp_callback(int fd, short event, void* arg) } } +int adjusted_tcp_timeout(struct comm_point* c) +{ + if(c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM) + return TCP_QUERY_TIMEOUT_MINIMUM; + return c->tcp_timeout_msec; +} + /** Use a new tcp handler for new query fd, set to read query */ static void setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) { int handler_usage; - log_assert(c->type == comm_tcp); + log_assert(c->type == comm_tcp || c->type == comm_http); log_assert(c->fd == -1); sldns_buffer_clear(c->buffer); #ifdef USE_DNSCRYPT @@ -767,10 +822,7 @@ setup_tcp_handler(struct comm_point* c, int fd, int cur, int max) c->tcp_timeout_msec /= 500; else if (handler_usage > 80) c->tcp_timeout_msec = 0; - comm_point_start_listening(c, fd, - c->tcp_timeout_msec < TCP_QUERY_TIMEOUT_MINIMUM - ? TCP_QUERY_TIMEOUT_MINIMUM - : c->tcp_timeout_msec); + comm_point_start_listening(c, fd, adjusted_tcp_timeout(c)); } void comm_base_handle_slow_accept(int ATTR_UNUSED(fd), @@ -845,7 +897,6 @@ int comm_point_perform_accept(struct comm_point* c, return -1; } #endif - log_err_addr("accept failed", strerror(errno), addr, *addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAEINPROGRESS || WSAGetLastError() == WSAECONNRESET) @@ -854,9 +905,9 @@ int comm_point_perform_accept(struct comm_point* c, ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return -1; } - log_err_addr("accept failed", wsa_strerror(WSAGetLastError()), - addr, *addrlen); #endif + log_err_addr("accept failed", sock_strerror(errno), addr, + *addrlen); return -1; } if(c->tcp_conn_limit && c->type == comm_tcp_accept) { @@ -914,6 +965,42 @@ comm_point_tcp_win_bio_cb(struct comm_point* c, void* thessl) } #endif +#ifdef HAVE_NGHTTP2 +/** Create http2 session server. Per connection, after TCP accepted.*/ +static int http2_session_server_create(struct http2_session* h2_session) +{ + log_assert(h2_session->callbacks); + h2_session->is_drop = 0; + if(nghttp2_session_server_new(&h2_session->session, + h2_session->callbacks, + h2_session) == NGHTTP2_ERR_NOMEM) { + log_err("failed to create nghttp2 session server"); + return 0; + } + + return 1; +} + +/** Submit http2 setting to session. Once per session. */ +static int http2_submit_settings(struct http2_session* h2_session) +{ + int ret; + nghttp2_settings_entry settings[1] = { + {NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, + h2_session->c->http2_max_streams}}; + + ret = nghttp2_submit_settings(h2_session->session, NGHTTP2_FLAG_NONE, + settings, 1); + if(ret) { + verbose(VERB_QUERY, "http2: submit_settings failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + return 1; +} +#endif /* HAVE_NGHTTP2 */ + + void comm_point_tcp_accept_callback(int fd, short event, void* arg) { @@ -935,7 +1022,36 @@ comm_point_tcp_accept_callback(int fd, short event, void* arg) /* clear leftover flags from previous use, and then set the * correct event base for the event structure for libevent */ ub_event_free(c_hdl->ev->ev); - c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, comm_point_tcp_handle_callback, c_hdl); + if((c_hdl->type == comm_tcp && c_hdl->tcp_req_info) || + c_hdl->type == comm_local || c_hdl->type == comm_raw) + c_hdl->tcp_do_toggle_rw = 0; + else c_hdl->tcp_do_toggle_rw = 1; + + if(c_hdl->type == comm_http) { +#ifdef HAVE_NGHTTP2 + if(!c_hdl->h2_session || + !http2_session_server_create(c_hdl->h2_session)) { + log_warn("failed to create nghttp2"); + return; + } + if(!c_hdl->h2_session || + !http2_submit_settings(c_hdl->h2_session)) { + log_warn("failed to submit http2 settings"); + return; + } + if(!c->ssl) { + c_hdl->tcp_do_toggle_rw = 0; + c_hdl->use_h2 = 1; + } +#endif + c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, + UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, + comm_point_http_handle_callback, c_hdl); + } else { + c_hdl->ev->ev = ub_event_new(c_hdl->ev->base->eb->base, -1, + UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT, + comm_point_tcp_handle_callback, c_hdl); + } if(!c_hdl->ev->ev) { log_warn("could not ub_event_new, dropped tcp"); return; @@ -991,6 +1107,8 @@ reclaim_tcp_handler(struct comm_point* c) comm_point_start_listening(c->tcp_parent, -1, -1); } } + c->tcp_more_read_again = NULL; + c->tcp_more_write_again = NULL; } /** do the callback when writing is done */ @@ -998,16 +1116,28 @@ static void tcp_callback_writer(struct comm_point* c) { log_assert(c->type == comm_tcp); - sldns_buffer_clear(c->buffer); + if(!c->tcp_write_and_read) { + sldns_buffer_clear(c->buffer); + c->tcp_byte_count = 0; + } if(c->tcp_do_toggle_rw) c->tcp_is_reading = 1; - c->tcp_byte_count = 0; /* switch from listening(write) to listening(read) */ if(c->tcp_req_info) { tcp_req_info_handle_writedone(c->tcp_req_info); } else { comm_point_stop_listening(c); - comm_point_start_listening(c, -1, c->tcp_timeout_msec); + if(c->tcp_write_and_read) { + fptr_ok(fptr_whitelist_comm_point(c->callback)); + if( (*c->callback)(c, c->cb_arg, NETEVENT_PKT_WRITTEN, + &c->repinfo) ) { + comm_point_start_listening(c, -1, + adjusted_tcp_timeout(c)); + } + } else { + comm_point_start_listening(c, -1, + adjusted_tcp_timeout(c)); + } } } @@ -1027,7 +1157,8 @@ tcp_callback_reader(struct comm_point* c) comm_point_stop_listening(c); fptr_ok(fptr_whitelist_comm_point(c->callback)); if( (*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &c->repinfo) ) { - comm_point_start_listening(c, -1, c->tcp_timeout_msec); + comm_point_start_listening(c, -1, + adjusted_tcp_timeout(c)); } } } @@ -1169,6 +1300,18 @@ ssl_handshake(struct comm_point* c) c->repinfo.addrlen); } + /* check if http2 use is negotiated */ + if(c->type == comm_http && c->h2_session) { + const unsigned char *alpn; + unsigned int alpnlen = 0; + SSL_get0_alpn_selected(c->ssl, &alpn, &alpnlen); + if(alpnlen == 2 && memcmp("h2", alpn, 2) == 0) { + /* connection upgraded to HTTP2 */ + c->tcp_do_toggle_rw = 0; + c->use_h2 = 1; + } + } + /* setup listen rw correctly */ if(c->tcp_is_reading) { if(c->ssl_shake_state != comm_ssl_shake_read) @@ -1298,10 +1441,28 @@ ssl_handle_write(struct comm_point* c) } /* ignore return, if fails we may simply block */ (void)SSL_set_mode(c->ssl, (long)SSL_MODE_ENABLE_PARTIAL_WRITE); - if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(c->buffer)); + if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) { + uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(c->buffer)); ERR_clear_error(); - if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) < + if(c->tcp_write_and_read) { + if(c->tcp_write_pkt_len + 2 < LDNS_RR_BUF_SIZE) { + /* combine the tcp length and the query for + * write, this emulates writev */ + uint8_t buf[LDNS_RR_BUF_SIZE]; + memmove(buf, &len, sizeof(uint16_t)); + memmove(buf+sizeof(uint16_t), + c->tcp_write_pkt, + c->tcp_write_pkt_len); + r = SSL_write(c->ssl, + (void*)(buf+c->tcp_write_byte_count), + c->tcp_write_pkt_len + 2 - + c->tcp_write_byte_count); + } else { + r = SSL_write(c->ssl, + (void*)(((uint8_t*)&len)+c->tcp_write_byte_count), + (int)(sizeof(uint16_t)-c->tcp_write_byte_count)); + } + } else if(sizeof(uint16_t)+sldns_buffer_remaining(c->buffer) < LDNS_RR_BUF_SIZE) { /* combine the tcp length and the query for write, * this emulates writev */ @@ -1343,20 +1504,32 @@ ssl_handle_write(struct comm_point* c) log_crypto_err("could not SSL_write"); return 0; } - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(c->buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(c->buffer) == 0) { + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + if(c->tcp_write_byte_count < sizeof(uint16_t)) + return 1; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(c->buffer, c->tcp_byte_count - + sizeof(uint16_t)); + } + if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); return 1; } } - log_assert(sldns_buffer_remaining(c->buffer) > 0); + log_assert(c->tcp_write_and_read || sldns_buffer_remaining(c->buffer) > 0); + log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2); ERR_clear_error(); - r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), - (int)sldns_buffer_remaining(c->buffer)); + if(c->tcp_write_and_read) { + r = SSL_write(c->ssl, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2), + (int)(c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count)); + } else { + r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), + (int)sldns_buffer_remaining(c->buffer)); + } if(r <= 0) { int want = SSL_get_error(c->ssl, r); if(want == SSL_ERROR_ZERO_RETURN) { @@ -1381,9 +1554,13 @@ ssl_handle_write(struct comm_point* c) log_crypto_err("could not SSL_write"); return 0; } - sldns_buffer_skip(c->buffer, (ssize_t)r); + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + } else { + sldns_buffer_skip(c->buffer, (ssize_t)r); + } - if(sldns_buffer_remaining(c->buffer) == 0) { + if((!c->tcp_write_and_read && sldns_buffer_remaining(c->buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); } return 1; @@ -1395,9 +1572,17 @@ ssl_handle_write(struct comm_point* c) /** handle ssl tcp connection with dns contents */ static int -ssl_handle_it(struct comm_point* c) +ssl_handle_it(struct comm_point* c, int is_write) { - if(c->tcp_is_reading) + /* handle case where renegotiation wants read during write call + * or write during read calls */ + if(is_write && c->ssl_shake_state == comm_ssl_shake_hs_write) + return ssl_handle_read(c); + else if(!is_write && c->ssl_shake_state == comm_ssl_shake_hs_read) + return ssl_handle_write(c); + /* handle read events for read operation and write events for a + * write operation */ + else if(!is_write) return ssl_handle_read(c); return ssl_handle_write(c); } @@ -1414,8 +1599,8 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) ssize_t r; log_assert(c->type == comm_tcp || c->type == comm_local); if(c->ssl) - return ssl_handle_it(c); - if(!c->tcp_is_reading) + return ssl_handle_it(c, 0); + if(!c->tcp_is_reading && !c->tcp_write_and_read) return 0; log_assert(fd != -1); @@ -1435,8 +1620,33 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif - log_err_addr("read (in tcp s)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); +#ifdef ENETUNREACH + if(errno == ENETUNREACH && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef EHOSTDOWN + if(errno == EHOSTDOWN && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef EHOSTUNREACH + if(errno == EHOSTUNREACH && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef ENETDOWN + if(errno == ENETDOWN && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef EACCES + if(errno == EACCES && verbosity < 2) + return 0; /* silence it */ +#endif +#ifdef ENOTCONN + if(errno == ENOTCONN) { + log_err_addr("read (in tcp s) failed and this could be because TCP Fast Open is enabled [--disable-tfo-client --disable-tfo-server] but does not work", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); + return 0; + } +#endif #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAECONNRESET) return 0; @@ -1447,10 +1657,9 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) UB_EV_READ); return 1; } - log_err_addr("read (in tcp s)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("read (in tcp s)", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } c->tcp_byte_count += r; @@ -1483,8 +1692,6 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err_addr("read (in tcp r)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAECONNRESET) return 0; @@ -1494,10 +1701,9 @@ comm_point_tcp_handle_read(int fd, struct comm_point* c, int short_ok) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return 1; } - log_err_addr("read (in tcp r)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("read (in tcp r)", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } sldns_buffer_skip(c->buffer, r); @@ -1524,10 +1730,10 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) #else buffer = c->buffer; #endif - if(c->tcp_is_reading && !c->ssl) + if(c->tcp_is_reading && !c->ssl && !c->tcp_write_and_read) return 0; log_assert(fd != -1); - if(c->tcp_byte_count == 0 && c->tcp_check_nb_connect) { + if(((!c->tcp_write_and_read && c->tcp_byte_count == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == 0)) && c->tcp_check_nb_connect) { /* check for pending error from nonblocking connect */ /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ int error = 0; @@ -1568,7 +1774,7 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } } if(c->ssl) - return ssl_handle_it(c); + return ssl_handle_it(c, 1); #ifdef USE_MSG_FASTOPEN /* Only try this on first use of a connection that uses tfo, @@ -1577,15 +1783,22 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(c->tcp_do_fastopen == 1) { /* this form of sendmsg() does both a connect() and send() so need to look for various flavours of error*/ - uint16_t len = htons(sldns_buffer_limit(buffer)); + uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer)); struct msghdr msg; struct iovec iov[2]; c->tcp_do_fastopen = 0; memset(&msg, 0, sizeof(msg)); - iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; - iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(buffer); - iov[1].iov_len = sldns_buffer_limit(buffer); + if(c->tcp_write_and_read) { + iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count; + iov[1].iov_base = c->tcp_write_pkt; + iov[1].iov_len = c->tcp_write_pkt_len; + } else { + iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; + iov[1].iov_base = sldns_buffer_begin(buffer); + iov[1].iov_len = sldns_buffer_limit(buffer); + } log_assert(iov[0].iov_len > 0); msg.msg_name = &c->repinfo.addr; msg.msg_namelen = c->repinfo.addrlen; @@ -1631,12 +1844,18 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } } else { - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(buffer) == 0) { + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + if(c->tcp_write_byte_count < sizeof(uint16_t)) + return 1; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(buffer, c->tcp_byte_count - + sizeof(uint16_t)); + } + if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); return 1; } @@ -1644,19 +1863,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } #endif /* USE_MSG_FASTOPEN */ - if(c->tcp_byte_count < sizeof(uint16_t)) { - uint16_t len = htons(sldns_buffer_limit(buffer)); + if((c->tcp_write_and_read?c->tcp_write_byte_count:c->tcp_byte_count) < sizeof(uint16_t)) { + uint16_t len = htons(c->tcp_write_and_read?c->tcp_write_pkt_len:sldns_buffer_limit(buffer)); #ifdef HAVE_WRITEV struct iovec iov[2]; - iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; - iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; - iov[1].iov_base = sldns_buffer_begin(buffer); - iov[1].iov_len = sldns_buffer_limit(buffer); + if(c->tcp_write_and_read) { + iov[0].iov_base = (uint8_t*)&len + c->tcp_write_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_write_byte_count; + iov[1].iov_base = c->tcp_write_pkt; + iov[1].iov_len = c->tcp_write_pkt_len; + } else { + iov[0].iov_base = (uint8_t*)&len + c->tcp_byte_count; + iov[0].iov_len = sizeof(uint16_t) - c->tcp_byte_count; + iov[1].iov_base = sldns_buffer_begin(buffer); + iov[1].iov_len = sldns_buffer_limit(buffer); + } log_assert(iov[0].iov_len > 0); r = writev(fd, iov, 2); #else /* HAVE_WRITEV */ - r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count), - sizeof(uint16_t)-c->tcp_byte_count, 0); + if(c->tcp_write_and_read) { + r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_write_byte_count), + sizeof(uint16_t)-c->tcp_write_byte_count, 0); + } else { + r = send(fd, (void*)(((uint8_t*)&len)+c->tcp_byte_count), + sizeof(uint16_t)-c->tcp_byte_count, 0); + } #endif /* HAVE_WRITEV */ if(r == -1) { #ifndef USE_WINSOCK @@ -1695,19 +1926,31 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) #endif return 0; } - c->tcp_byte_count += r; - if(c->tcp_byte_count < sizeof(uint16_t)) - return 1; - sldns_buffer_set_position(buffer, c->tcp_byte_count - - sizeof(uint16_t)); - if(sldns_buffer_remaining(buffer) == 0) { + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + if(c->tcp_write_byte_count < sizeof(uint16_t)) + return 1; + } else { + c->tcp_byte_count += r; + if(c->tcp_byte_count < sizeof(uint16_t)) + return 1; + sldns_buffer_set_position(buffer, c->tcp_byte_count - + sizeof(uint16_t)); + } + if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); return 1; } } - log_assert(sldns_buffer_remaining(buffer) > 0); - r = send(fd, (void*)sldns_buffer_current(buffer), - sldns_buffer_remaining(buffer), 0); + log_assert(c->tcp_write_and_read || sldns_buffer_remaining(buffer) > 0); + log_assert(!c->tcp_write_and_read || c->tcp_write_byte_count < c->tcp_write_pkt_len + 2); + if(c->tcp_write_and_read) { + r = send(fd, (void*)(c->tcp_write_pkt + c->tcp_write_byte_count - 2), + c->tcp_write_pkt_len + 2 - c->tcp_write_byte_count, 0); + } else { + r = send(fd, (void*)sldns_buffer_current(buffer), + sldns_buffer_remaining(buffer), 0); + } if(r == -1) { #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) @@ -1716,8 +1959,6 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) if(errno == ECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ #endif - log_err_addr("tcp send r", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else if(WSAGetLastError() == WSAEINPROGRESS) return 1; @@ -1727,14 +1968,18 @@ comm_point_tcp_handle_write(int fd, struct comm_point* c) } if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) return 0; /* silence reset by peer */ - log_err_addr("tcp send r", wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("tcp send r", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } - sldns_buffer_skip(buffer, r); + if(c->tcp_write_and_read) { + c->tcp_write_byte_count += r; + } else { + sldns_buffer_skip(buffer, r); + } - if(sldns_buffer_remaining(buffer) == 0) { + if((!c->tcp_write_and_read && sldns_buffer_remaining(buffer) == 0) || (c->tcp_write_and_read && c->tcp_write_byte_count == c->tcp_write_pkt_len + 2)) { tcp_callback_writer(c); } @@ -1764,6 +2009,54 @@ tcp_req_info_read_again(int fd, struct comm_point* c) } } +/** read again to drain buffers when there could be more to read */ +static void +tcp_more_read_again(int fd, struct comm_point* c) +{ + /* if the packet is done, but another one could be waiting on + * the connection, the callback signals this, and we try again */ + /* this continues until the read routines get EAGAIN or so, + * and thus does not call the callback, and the bool is 0 */ + int* moreread = c->tcp_more_read_again; + while(moreread && *moreread) { + *moreread = 0; + if(!comm_point_tcp_handle_read(fd, c, 0)) { + reclaim_tcp_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point( + c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_CLOSED, NULL); + } + return; + } + } +} + +/** write again to fill up when there could be more to write */ +static void +tcp_more_write_again(int fd, struct comm_point* c) +{ + /* if the packet is done, but another is waiting to be written, + * the callback signals it and we try again. */ + /* this continues until the write routines get EAGAIN or so, + * and thus does not call the callback, and the bool is 0 */ + int* morewrite = c->tcp_more_write_again; + while(morewrite && *morewrite) { + *morewrite = 0; + if(!comm_point_tcp_handle_write(fd, c)) { + reclaim_tcp_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point( + c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_CLOSED, NULL); + } + return; + } + } +} + void comm_point_tcp_handle_callback(int fd, short event, void* arg) { @@ -1784,7 +2077,7 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } return; @@ -1802,34 +2095,46 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) } return; } - if(event&UB_EV_READ) { + if(event&UB_EV_READ +#ifdef USE_MSG_FASTOPEN + && !(c->tcp_do_fastopen && (event&UB_EV_WRITE)) +#endif + ) { int has_tcpq = (c->tcp_req_info != NULL); + int* moreread = c->tcp_more_read_again; if(!comm_point_tcp_handle_read(fd, c, 0)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } + return; } if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) tcp_req_info_read_again(fd, c); + if(moreread && *moreread) + tcp_more_read_again(fd, c); return; } if(event&UB_EV_WRITE) { int has_tcpq = (c->tcp_req_info != NULL); + int* morewrite = c->tcp_more_write_again; if(!comm_point_tcp_handle_write(fd, c)) { reclaim_tcp_handler(c); if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } + return; } if(has_tcpq && c->tcp_req_info && c->tcp_req_info->read_again) tcp_req_info_read_again(fd, c); + if(morewrite && *morewrite) + tcp_more_write_again(fd, c); return; } log_err("Ignored event %d for tcphdl.", event); @@ -1914,8 +2219,6 @@ http_read_more(int fd, struct comm_point* c) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err_addr("read (in http r)", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else /* USE_WINSOCK */ if(WSAGetLastError() == WSAECONNRESET) return 0; @@ -1925,10 +2228,9 @@ http_read_more(int fd, struct comm_point* c) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); return 1; } - log_err_addr("read (in http r)", - wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("read (in http r)", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } sldns_buffer_skip(c->buffer, r); @@ -2111,7 +2413,7 @@ http_nonchunk_segment(struct comm_point* c) return 1; } -/** handle nonchunked data segment, return 0=fail, 1=wait, 2=process more */ +/** handle chunked data segment, return 0=fail, 1=wait, 2=process more */ static int http_chunked_segment(struct comm_point* c) { @@ -2121,6 +2423,7 @@ http_chunked_segment(struct comm_point* c) */ size_t remainbufferlen; size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; + verbose(VERB_ALGO, "http_chunked_segment: got now %d, tcpbytcount %d, http_stored %d, buffer pos %d, buffer limit %d", (int)got_now, (int)c->tcp_byte_count, (int)c->http_stored, (int)sldns_buffer_position(c->buffer), (int)sldns_buffer_limit(c->buffer)); if(c->tcp_byte_count <= got_now) { /* the chunk has completed (with perhaps some extra data * from next chunk header and next chunk) */ @@ -2186,11 +2489,239 @@ http_chunked_segment(struct comm_point* c) return 1; } +#ifdef HAVE_NGHTTP2 +/** Create new http2 session. Called when creating handling comm point. */ +static struct http2_session* http2_session_create(struct comm_point* c) +{ + struct http2_session* session = calloc(1, sizeof(*session)); + if(!session) { + log_err("malloc failure while creating http2 session"); + return NULL; + } + session->c = c; + + return session; +} +#endif + +/** Delete http2 session. After closing connection or on error */ +static void http2_session_delete(struct http2_session* h2_session) +{ +#ifdef HAVE_NGHTTP2 + if(h2_session->callbacks) + nghttp2_session_callbacks_del(h2_session->callbacks); + free(h2_session); +#else + (void)h2_session; +#endif +} + +#ifdef HAVE_NGHTTP2 +struct http2_stream* http2_stream_create(int32_t stream_id) +{ + struct http2_stream* h2_stream = calloc(1, sizeof(*h2_stream)); + if(!h2_stream) { + log_err("malloc failure while creating http2 stream"); + return NULL; + } + h2_stream->stream_id = stream_id; + return h2_stream; +} + +/** Delete http2 stream. After session delete or stream close callback */ +static void http2_stream_delete(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + if(h2_stream->mesh_state) { + mesh_state_remove_reply(h2_stream->mesh, h2_stream->mesh_state, + h2_session->c); + h2_stream->mesh_state = NULL; + } + http2_req_stream_clear(h2_stream); + free(h2_stream); +} +#endif + +void http2_stream_add_meshstate(struct http2_stream* h2_stream, + struct mesh_area* mesh, struct mesh_state* m) +{ + h2_stream->mesh = mesh; + h2_stream->mesh_state = m; +} + +/** delete http2 session server. After closing connection. */ +static void http2_session_server_delete(struct http2_session* h2_session) +{ +#ifdef HAVE_NGHTTP2 + struct http2_stream* h2_stream, *next; + nghttp2_session_del(h2_session->session); /* NULL input is fine */ + h2_session->session = NULL; + for(h2_stream = h2_session->first_stream; h2_stream;) { + next = h2_stream->next; + http2_stream_delete(h2_session, h2_stream); + h2_stream = next; + } + h2_session->first_stream = NULL; + h2_session->is_drop = 0; + h2_session->postpone_drop = 0; + h2_session->c->h2_stream = NULL; +#endif + (void)h2_session; +} + +#ifdef HAVE_NGHTTP2 +void http2_session_add_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + if(h2_session->first_stream) + h2_session->first_stream->prev = h2_stream; + h2_stream->next = h2_session->first_stream; + h2_session->first_stream = h2_stream; +} + +/** remove stream from session linked list. After stream close callback or + * closing connection */ +static void http2_session_remove_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream) +{ + if(h2_stream->prev) + h2_stream->prev->next = h2_stream->next; + else + h2_session->first_stream = h2_stream->next; + if(h2_stream->next) + h2_stream->next->prev = h2_stream->prev; + +} + +int http2_stream_close_cb(nghttp2_session* ATTR_UNUSED(session), + int32_t stream_id, uint32_t ATTR_UNUSED(error_code), void* cb_arg) +{ + struct http2_stream* h2_stream; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + if(!(h2_stream = nghttp2_session_get_stream_user_data( + h2_session->session, stream_id))) { + return 0; + } + http2_session_remove_stream(h2_session, h2_stream); + http2_stream_delete(h2_session, h2_stream); + return 0; +} + +ssize_t http2_recv_cb(nghttp2_session* ATTR_UNUSED(session), uint8_t* buf, + size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + struct http2_session* h2_session = (struct http2_session*)cb_arg; + ssize_t ret; + + log_assert(h2_session->c->type == comm_http); + log_assert(h2_session->c->h2_session); + +#ifdef HAVE_SSL + if(h2_session->c->ssl) { + int r; + ERR_clear_error(); + r = SSL_read(h2_session->c->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->c->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_EOF; + } else if(want == SSL_ERROR_WANT_READ) { + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_WANT_WRITE) { + h2_session->c->ssl_shake_state = comm_ssl_shake_hs_write; + comm_point_listen_for_rw(h2_session->c, 0, 1); + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + if(errno != 0) + log_err("SSL_read syscall: %s", + strerror(errno)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + log_crypto_err("could not SSL_read"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return r; + } +#endif /* HAVE_SSL */ + + ret = recv(h2_session->c->fd, buf, len, 0); + if(ret == 0) { + return NGHTTP2_ERR_EOF; + } else if(ret < 0) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return NGHTTP2_ERR_WOULDBLOCK; +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + log_err_addr("could not http2 recv: %s", strerror(errno), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAECONNRESET) + return NGHTTP2_ERR_CALLBACK_FAILURE; + if(WSAGetLastError() == WSAEINPROGRESS) + return NGHTTP2_ERR_WOULDBLOCK; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(h2_session->c->ev->ev, + UB_EV_READ); + return NGHTTP2_ERR_WOULDBLOCK; + } + log_err_addr("could not http2 recv: %s", + wsa_strerror(WSAGetLastError()), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#endif + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return ret; +} +#endif /* HAVE_NGHTTP2 */ + +/** Handle http2 read */ +static int +comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c) +{ +#ifdef HAVE_NGHTTP2 + int ret; + log_assert(c->h2_session); + + /* reading until recv cb returns NGHTTP2_ERR_WOULDBLOCK */ + ret = nghttp2_session_recv(c->h2_session->session); + if(ret) { + if(ret != NGHTTP2_ERR_EOF && + ret != NGHTTP2_ERR_CALLBACK_FAILURE) { + char a[256]; + addr_to_str(&c->repinfo.addr, c->repinfo.addrlen, + a, sizeof(a)); + verbose(VERB_QUERY, "http2: session_recv from %s failed, " + "error: %s", a, nghttp2_strerror(ret)); + } + return 0; + } + if(nghttp2_session_want_write(c->h2_session->session)) { + c->tcp_is_reading = 0; + comm_point_stop_listening(c); + comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); + } else if(!nghttp2_session_want_read(c->h2_session->session)) + return 0; /* connection can be closed */ + return 1; +#else + (void)c; + return 0; +#endif +} + /** - * Handle http reading callback. + * Handle http reading callback. * @param fd: file descriptor of socket. * @param c: comm point to read from into buffer. - * @return: 0 on error + * @return: 0 on error */ static int comm_point_http_handle_read(int fd, struct comm_point* c) @@ -2210,6 +2741,18 @@ comm_point_http_handle_read(int fd, struct comm_point* c) if(!c->tcp_is_reading) return 1; + + if(c->use_h2) { + return comm_point_http2_handle_read(fd, c); + } + + /* http version is <= http/1.1 */ + + if(c->http_min_version >= http_version_2) { + /* HTTP/2 failed, not allowed to use lower version. */ + return 0; + } + /* read more data */ if(c->ssl) { if(!ssl_http_read_more(c)) @@ -2220,7 +2763,14 @@ comm_point_http_handle_read(int fd, struct comm_point* c) } sldns_buffer_flip(c->buffer); + /* if we are partway in a segment of data, position us at the point + * where we left off previously */ + if(c->http_stored < sldns_buffer_limit(c->buffer)) + sldns_buffer_set_position(c->buffer, c->http_stored); + else sldns_buffer_set_position(c->buffer, sldns_buffer_limit(c->buffer)); + while(sldns_buffer_remaining(c->buffer) > 0) { + /* Handle HTTP/1.x data */ /* if we are reading headers, read more headers */ if(c->http_in_headers || c->http_in_chunk_headers) { /* if header is done, process the header */ @@ -2364,8 +2914,6 @@ http_write_more(int fd, struct comm_point* c) #ifndef USE_WINSOCK if(errno == EINTR || errno == EAGAIN) return 1; - log_err_addr("http send r", strerror(errno), - &c->repinfo.addr, c->repinfo.addrlen); #else if(WSAGetLastError() == WSAEINPROGRESS) return 1; @@ -2373,15 +2921,125 @@ http_write_more(int fd, struct comm_point* c) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); return 1; } - log_err_addr("http send r", wsa_strerror(WSAGetLastError()), - &c->repinfo.addr, c->repinfo.addrlen); #endif + log_err_addr("http send r", sock_strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); return 0; } sldns_buffer_skip(c->buffer, r); return 1; } +#ifdef HAVE_NGHTTP2 +ssize_t http2_send_cb(nghttp2_session* ATTR_UNUSED(session), const uint8_t* buf, + size_t len, int ATTR_UNUSED(flags), void* cb_arg) +{ + ssize_t ret; + struct http2_session* h2_session = (struct http2_session*)cb_arg; + log_assert(h2_session->c->type == comm_http); + log_assert(h2_session->c->h2_session); + +#ifdef HAVE_SSL + if(h2_session->c->ssl) { + int r; + ERR_clear_error(); + r = SSL_write(h2_session->c->ssl, buf, len); + if(r <= 0) { + int want = SSL_get_error(h2_session->c->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } else if(want == SSL_ERROR_WANT_READ) { + h2_session->c->ssl_shake_state = comm_ssl_shake_hs_read; + comm_point_listen_for_rw(h2_session->c, 1, 0); + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_WANT_WRITE) { + return NGHTTP2_ERR_WOULDBLOCK; + } else if(want == SSL_ERROR_SYSCALL) { +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + if(errno != 0) + log_err("SSL_write syscall: %s", + strerror(errno)); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + log_crypto_err("could not SSL_write"); + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return r; + } +#endif /* HAVE_SSL */ + + ret = send(h2_session->c->fd, buf, len, 0); + if(ret == 0) { + return NGHTTP2_ERR_CALLBACK_FAILURE; + } else if(ret < 0) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return NGHTTP2_ERR_WOULDBLOCK; +#ifdef EPIPE + if(errno == EPIPE && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif +#ifdef ECONNRESET + if(errno == ECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; +#endif + log_err_addr("could not http2 write: %s", strerror(errno), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAENOTCONN) + return NGHTTP2_ERR_WOULDBLOCK; + if(WSAGetLastError() == WSAEINPROGRESS) + return NGHTTP2_ERR_WOULDBLOCK; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(h2_session->c->ev->ev, + UB_EV_WRITE); + return NGHTTP2_ERR_WOULDBLOCK; + } + if(WSAGetLastError() == WSAECONNRESET && verbosity < 2) + return NGHTTP2_ERR_CALLBACK_FAILURE; + log_err_addr("could not http2 write: %s", + wsa_strerror(WSAGetLastError()), + &h2_session->c->repinfo.addr, + h2_session->c->repinfo.addrlen); +#endif + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + return ret; +} +#endif /* HAVE_NGHTTP2 */ + +/** Handle http2 writing */ +static int +comm_point_http2_handle_write(int ATTR_UNUSED(fd), struct comm_point* c) +{ +#ifdef HAVE_NGHTTP2 + int ret; + log_assert(c->h2_session); + + ret = nghttp2_session_send(c->h2_session->session); + if(ret) { + verbose(VERB_QUERY, "http2: session_send failed, " + "error: %s", nghttp2_strerror(ret)); + return 0; + } + + if(nghttp2_session_want_read(c->h2_session->session)) { + c->tcp_is_reading = 1; + comm_point_stop_listening(c); + comm_point_start_listening(c, -1, adjusted_tcp_timeout(c)); + } else if(!nghttp2_session_want_write(c->h2_session->session)) + return 0; /* connection can be closed */ + return 1; +#else + (void)c; + return 0; +#endif +} + /** * Handle http writing callback. * @param fd: file descriptor of socket. @@ -2413,6 +3071,18 @@ comm_point_http_handle_write(int fd, struct comm_point* c) #endif /* HAVE_SSL */ if(c->tcp_is_reading) return 1; + + if(c->use_h2) { + return comm_point_http2_handle_write(fd, c); + } + + /* http version is <= http/1.1 */ + + if(c->http_min_version >= http_version_2) { + /* HTTP/2 failed, not allowed to use lower version. */ + return 0; + } + /* if we are writing, write more */ if(c->ssl) { if(!ssl_http_write_more(c)) @@ -2460,7 +3130,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } } @@ -2472,7 +3142,7 @@ comm_point_http_handle_callback(int fd, short event, void* arg) if(!c->tcp_do_close) { fptr_ok(fptr_whitelist_comm_point( c->callback)); - (void)(*c->callback)(c, c->cb_arg, + (void)(*c->callback)(c, c->cb_arg, NETEVENT_CLOSED, NULL); } } @@ -2567,6 +3237,7 @@ comm_point_create_udp(struct comm_base *base, int fd, sldns_buffer* buffer, comm_point_delete(c); return NULL; } + c->event_added = 1; return c; } @@ -2626,6 +3297,7 @@ comm_point_create_udp_ancil(struct comm_base *base, int fd, comm_point_delete(c); return NULL; } + c->event_added = 1; return c; } @@ -2724,11 +3396,129 @@ comm_point_create_tcp_handler(struct comm_base *base, return c; } +static struct comm_point* +comm_point_create_http_handler(struct comm_base *base, + struct comm_point* parent, size_t bufsize, int harden_large_queries, + uint32_t http_max_streams, char* http_endpoint, + comm_point_callback_type* callback, void* callback_arg) +{ + struct comm_point* c = (struct comm_point*)calloc(1, + sizeof(struct comm_point)); + short evbits; + if(!c) + return NULL; + c->ev = (struct internal_event*)calloc(1, + sizeof(struct internal_event)); + if(!c->ev) { + free(c); + return NULL; + } + c->ev->base = base; + c->fd = -1; + c->buffer = sldns_buffer_new(bufsize); + if(!c->buffer) { + free(c->ev); + free(c); + return NULL; + } + c->timeout = (struct timeval*)malloc(sizeof(struct timeval)); + if(!c->timeout) { + sldns_buffer_free(c->buffer); + free(c->ev); + free(c); + return NULL; + } + c->tcp_is_reading = 0; + c->tcp_byte_count = 0; + c->tcp_parent = parent; + c->tcp_timeout_msec = parent->tcp_timeout_msec; + c->tcp_conn_limit = parent->tcp_conn_limit; + c->tcl_addr = NULL; + c->tcp_keepalive = 0; + c->max_tcp_count = 0; + c->cur_tcp_count = 0; + c->tcp_handlers = NULL; + c->tcp_free = NULL; + c->type = comm_http; + c->tcp_do_close = 1; + c->do_not_close = 0; + c->tcp_do_toggle_rw = 1; /* will be set to 0 after http2 upgrade */ + c->tcp_check_nb_connect = 0; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 0; +#endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = NULL; +#endif + c->repinfo.c = c; + c->callback = callback; + c->cb_arg = callback_arg; + + c->http_min_version = http_version_2; + c->http2_stream_max_qbuffer_size = bufsize; + if(harden_large_queries && bufsize > 512) + c->http2_stream_max_qbuffer_size = 512; + c->http2_max_streams = http_max_streams; + if(!(c->http_endpoint = strdup(http_endpoint))) { + log_err("could not strdup http_endpoint"); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } + c->use_h2 = 0; +#ifdef HAVE_NGHTTP2 + if(!(c->h2_session = http2_session_create(c))) { + log_err("could not create http2 session"); + free(c->http_endpoint); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } + if(!(c->h2_session->callbacks = http2_req_callbacks_create())) { + log_err("could not create http2 callbacks"); + http2_session_delete(c->h2_session); + free(c->http_endpoint); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } +#endif + + /* add to parent free list */ + c->tcp_free = parent->tcp_free; + parent->tcp_free = c; + /* ub_event stuff */ + evbits = UB_EV_PERSIST | UB_EV_READ | UB_EV_TIMEOUT; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_http_handle_callback, c); + if(c->ev->ev == NULL) + { + log_err("could not set http handler event"); + parent->tcp_free = c->tcp_free; + http2_session_delete(c->h2_session); + sldns_buffer_free(c->buffer); + free(c->timeout); + free(c->ev); + free(c); + return NULL; + } + return c; +} + struct comm_point* comm_point_create_tcp(struct comm_base *base, int fd, int num, - int idle_timeout, struct tcl_list* tcp_conn_limit, size_t bufsize, - struct sldns_buffer* spoolbuf, comm_point_callback_type* callback, - void* callback_arg) + int idle_timeout, int harden_large_queries, + uint32_t http_max_streams, char* http_endpoint, + struct tcl_list* tcp_conn_limit, size_t bufsize, + struct sldns_buffer* spoolbuf, enum listen_type port_type, + comm_point_callback_type* callback, void* callback_arg) { struct comm_point* c = (struct comm_point*)calloc(1, sizeof(struct comm_point)); @@ -2792,10 +3582,25 @@ comm_point_create_tcp(struct comm_base *base, int fd, int num, comm_point_delete(c); return NULL; } - /* now prealloc the tcp handlers */ + c->event_added = 1; + /* now prealloc the handlers */ for(i=0; itcp_handlers[i] = comm_point_create_tcp_handler(base, - c, bufsize, spoolbuf, callback, callback_arg); + if(port_type == listen_type_tcp || + port_type == listen_type_ssl || + port_type == listen_type_tcp_dnscrypt) { + c->tcp_handlers[i] = comm_point_create_tcp_handler(base, + c, bufsize, spoolbuf, callback, callback_arg); + } else if(port_type == listen_type_http) { + c->tcp_handlers[i] = comm_point_create_http_handler( + base, c, bufsize, harden_large_queries, + http_max_streams, http_endpoint, + callback, callback_arg); + } + else { + log_err("could not create tcp handler, unknown listen " + "type"); + return NULL; + } if(!c->tcp_handlers[i]) { comm_point_delete(c); return NULL; @@ -3001,6 +3806,7 @@ comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, free(c); return NULL; } + c->event_added = 1; return c; } @@ -3063,6 +3869,7 @@ comm_point_create_raw(struct comm_base* base, int fd, int writing, free(c); return NULL; } + c->event_added = 1; return c; } @@ -3072,13 +3879,20 @@ comm_point_close(struct comm_point* c) if(!c) return; if(c->fd != -1) { - if(ub_event_del(c->ev->ev) != 0) { - log_err("could not event_del on close"); + verbose(5, "comm_point_close of %d: event_del", c->fd); + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("could not event_del on close"); + } + c->event_added = 0; } } tcl_close_connection(c->tcl_addr); if(c->tcp_req_info) tcp_req_info_clear(c->tcp_req_info); + if(c->h2_session) + http2_session_server_delete(c->h2_session); + /* close fd after removing from event lists, or epoll.. is messed up */ if(c->fd != -1 && !c->do_not_close) { if(c->type == comm_tcp || c->type == comm_http) { @@ -3087,11 +3901,7 @@ comm_point_close(struct comm_point* c) ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); } verbose(VERB_ALGO, "close fd %d", c->fd); -#ifndef USE_WINSOCK - close(c->fd); -#else - closesocket(c->fd); -#endif + sock_close(c->fd); } c->fd = -1; } @@ -3107,6 +3917,10 @@ comm_point_delete(struct comm_point* c) SSL_free(c->ssl); #endif } + if(c->type == comm_http && c->http_endpoint) { + free(c->http_endpoint); + c->http_endpoint = NULL; + } comm_point_close(c); if(c->tcp_handlers) { int i; @@ -3125,6 +3939,9 @@ comm_point_delete(struct comm_point* c) if(c->tcp_req_info) { tcp_req_info_delete(c->tcp_req_info); } + if(c->h2_session) { + http2_session_delete(c->h2_session); + } } ub_event_free(c->ev->ev); free(c->ev); @@ -3151,7 +3968,7 @@ comm_point_send_reply(struct comm_reply *repinfo) repinfo->addrlen, repinfo); else comm_point_send_udp_msg(repinfo->c, buffer, - (struct sockaddr*)&repinfo->addr, repinfo->addrlen); + (struct sockaddr*)&repinfo->addr, repinfo->addrlen, 0); #ifdef USE_DNSTAP if(repinfo->c->dtenv != NULL && repinfo->c->dtenv->log_client_response_messages) @@ -3170,9 +3987,20 @@ comm_point_send_reply(struct comm_reply *repinfo) #endif if(repinfo->c->tcp_req_info) { tcp_req_info_send_reply(repinfo->c->tcp_req_info); + } else if(repinfo->c->use_h2) { + if(!http2_submit_dns_response(repinfo->c->h2_session)) { + comm_point_drop_reply(repinfo); + return; + } + repinfo->c->h2_stream = NULL; + repinfo->c->tcp_is_reading = 0; + comm_point_stop_listening(repinfo->c); + comm_point_start_listening(repinfo->c, -1, + adjusted_tcp_timeout(repinfo->c)); + return; } else { comm_point_start_listening(repinfo->c, -1, - repinfo->c->tcp_timeout_msec); + adjusted_tcp_timeout(repinfo->c)); } } } @@ -3188,6 +4016,16 @@ comm_point_drop_reply(struct comm_reply* repinfo) return; if(repinfo->c->tcp_req_info) repinfo->c->tcp_req_info->is_drop = 1; + if(repinfo->c->type == comm_http) { + if(repinfo->c->h2_session) { + repinfo->c->h2_session->is_drop = 1; + if(!repinfo->c->h2_session->postpone_drop) + reclaim_http_handler(repinfo->c); + return; + } + reclaim_http_handler(repinfo->c); + return; + } reclaim_tcp_handler(repinfo->c); } @@ -3195,8 +4033,11 @@ void comm_point_stop_listening(struct comm_point* c) { verbose(VERB_ALGO, "comm point stop listening %d", c->fd); - if(ub_event_del(c->ev->ev) != 0) { - log_err("event_del error to stoplisten"); + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("event_del error to stoplisten"); + } + c->event_added = 0; } } @@ -3209,6 +4050,12 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) /* no use to start listening no free slots. */ return; } + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("event_del error to startlisten"); + } + c->event_added = 0; + } if(msec != -1 && msec != 0) { if(!c->timeout) { c->timeout = (struct timeval*)malloc(sizeof( @@ -3226,17 +4073,21 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) } if(c->type == comm_tcp || c->type == comm_http) { ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); - if(c->tcp_is_reading) + if(c->tcp_write_and_read) { + verbose(5, "startlistening %d mode rw", (newfd==-1?c->fd:newfd)); + ub_event_add_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); + } else if(c->tcp_is_reading) { + verbose(5, "startlistening %d mode r", (newfd==-1?c->fd:newfd)); ub_event_add_bits(c->ev->ev, UB_EV_READ); - else ub_event_add_bits(c->ev->ev, UB_EV_WRITE); + } else { + verbose(5, "startlistening %d mode w", (newfd==-1?c->fd:newfd)); + ub_event_add_bits(c->ev->ev, UB_EV_WRITE); + } } if(newfd != -1) { - if(c->fd != -1) { -#ifndef USE_WINSOCK - close(c->fd); -#else - closesocket(c->fd); -#endif + if(c->fd != -1 && c->fd != newfd) { + verbose(5, "cpsl close of fd %d for %d", c->fd, newfd); + sock_close(c->fd); } c->fd = newfd; ub_event_set_fd(c->ev->ev, c->fd); @@ -3244,13 +4095,17 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) if(ub_event_add(c->ev->ev, msec==0?NULL:c->timeout) != 0) { log_err("event_add failed. in cpsl."); } + c->event_added = 1; } void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) { verbose(VERB_ALGO, "comm point listen_for_rw %d %d", c->fd, wr); - if(ub_event_del(c->ev->ev) != 0) { - log_err("event_del error to cplf"); + if(c->event_added) { + if(ub_event_del(c->ev->ev) != 0) { + log_err("event_del error to cplf"); + } + c->event_added = 0; } ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); if(rd) ub_event_add_bits(c->ev->ev, UB_EV_READ); @@ -3258,6 +4113,7 @@ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr) if(ub_event_add(c->ev->ev, c->timeout) != 0) { log_err("event_add failed. in cplf."); } + c->event_added = 1; } size_t comm_point_get_mem(struct comm_point* c) diff --git a/util/netevent.h b/util/netevent.h index bb2cd1e53..4a2aa1677 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -61,6 +61,9 @@ #define NET_EVENT_H #include "dnscrypt/dnscrypt.h" +#ifdef HAVE_NGHTTP2_NGHTTP2_H +#include +#endif struct sldns_buffer; struct comm_point; @@ -68,11 +71,16 @@ struct comm_reply; struct tcl_list; struct ub_event_base; +struct mesh_state; +struct mesh_area; + /* internal event notification data storage structure. */ struct internal_event; struct internal_base; struct internal_timer; /* A sub struct of the comm_timer super struct */ +enum listen_type; + /** callback from communication point function type */ typedef int comm_point_callback_type(struct comm_point*, void*, int, struct comm_reply*); @@ -87,6 +95,9 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int, #define NETEVENT_CAPSFAIL -3 /** to pass done transfer to callback function; http file is complete */ #define NETEVENT_DONE -4 +/** to pass write of the write packet is done to callback function + * used when tcp_write_and_read is enabled */ +#define NETEVENT_PKT_WRITTEN -5 /** timeout to slow accept calls when not possible, in msec. */ #define NETEVENT_SLOW_ACCEPT_TIME 2000 @@ -155,6 +166,8 @@ struct comm_reply { struct comm_point { /** behind the scenes structure, with say libevent info. alloced. */ struct internal_event* ev; + /** if the event is added or not */ + int event_added; /** file descriptor for communication point */ int fd; @@ -205,6 +218,15 @@ struct comm_point { } ssl_shake_state; /* -------- HTTP ------- */ + /** Do not allow connection to use HTTP version lower than this. 0=no + * minimum. */ + enum { + http_version_none = 0, + http_version_2 = 2 + } http_min_version; + /** http endpoint */ + char* http_endpoint; + /* -------- HTTP/1.1 ------- */ /** Currently reading in http headers */ int http_in_headers; /** Currently reading in chunk headers, 0=not, 1=firstline, 2=unused @@ -216,6 +238,18 @@ struct comm_point { struct sldns_buffer* http_temp; /** http stored content in buffer */ size_t http_stored; + /* -------- HTTP/2 ------- */ + /** http2 session */ + struct http2_session* h2_session; + /** set to 1 if h2 is negotiated to be used (using alpn) */ + int use_h2; + /** stream currently being handled */ + struct http2_stream* h2_stream; + /** maximum allowed query buffer size, per stream */ + size_t http2_stream_max_qbuffer_size; + /** maximum number of HTTP/2 streams per connection. Send in HTTP/2 + * SETTINGS frame. */ + uint32_t http2_max_streams; /* -------- dnstap ------- */ /** the dnstap environment */ @@ -247,6 +281,44 @@ struct comm_point { and after read/write completes. No callback is done. */ int tcp_do_close; + /** flag that indicates the stream is both written and read from. */ + int tcp_write_and_read; + + /** byte count for written length over write channel, for when + * tcp_write_and_read is enabled. When tcp_write_and_read is enabled, + * this is the counter for writing, the one for reading is in the + * commpoint.buffer sldns buffer. The counter counts from 0 to + * 2+tcp_write_pkt_len, and includes the tcp length bytes. */ + size_t tcp_write_byte_count; + + /** packet to write currently over the write channel. for when + * tcp_write_and_read is enabled. When tcp_write_and_read is enabled, + * this is the buffer for the written packet, the commpoint.buffer + * sldns buffer is the buffer for the received packet. */ + uint8_t* tcp_write_pkt; + /** length of tcp_write_pkt in bytes */ + size_t tcp_write_pkt_len; + + /** if set try to read another packet again (over connection with + * multiple packets), once set, tries once, then zero again, + * so set it in the packet complete section. + * The pointer itself has to be set before the callback is invoked, + * when you set things up, and continue to exist also after the + * commpoint is closed and deleted in your callback. So that after + * the callback cleans up netevent can see what it has to do. + * Or leave NULL if it is not used at all. */ + int* tcp_more_read_again; + + /** if set try to write another packet (over connection with + * multiple packets), once set, tries once, then zero again, + * so set it in the packet complete section. + * The pointer itself has to be set before the callback is invoked, + * when you set things up, and continue to exist also after the + * commpoint is closed and deleted in your callback. So that after + * the callback cleans up netevent can see what it has to do. + * Or leave NULL if it is not used at all. */ + int* tcp_more_write_again; + /** if set, read/write completes: read/write state of tcp is toggled. buffer reset/bytecount reset. @@ -456,10 +528,15 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, * @param num: becomes max_tcp_count, the routine allocates that * many tcp handler commpoints. * @param idle_timeout: TCP idle timeout in ms. + * @param harden_large_queries: whether query size should be limited. + * @param http_max_streams: maximum number of HTTP/2 streams per connection. + * @param http_endpoint: HTTP endpoint to service queries on * @param tcp_conn_limit: TCP connection limit info. * @param bufsize: size of buffer to create for handlers. * @param spoolbuf: shared spool buffer for tcp_req_info structures. * or NULL to not create those structures in the tcp handlers. + * @param port_type: the type of port we are creating a TCP listener for. Used + * to select handler type to use. * @param callback: callback function pointer for TCP handlers. * @param callback_arg: will be passed to your callback function. * @return: returns the TCP listener commpoint. You can find the @@ -468,8 +545,11 @@ struct comm_point* comm_point_create_udp_ancil(struct comm_base* base, * Inits timeout to NULL. All handlers are on the free list. */ struct comm_point* comm_point_create_tcp(struct comm_base* base, - int fd, int num, int idle_timeout, struct tcl_list* tcp_conn_limit, + int fd, int num, int idle_timeout, int harden_large_queries, + uint32_t http_max_streams, char* http_endpoint, + struct tcl_list* tcp_conn_limit, size_t bufsize, struct sldns_buffer* spoolbuf, + enum listen_type port_type, comm_point_callback_type* callback, void* callback_arg); /** @@ -552,12 +632,14 @@ void comm_point_drop_reply(struct comm_reply* repinfo); * Send an udp message over a commpoint. * @param c: commpoint to send it from. * @param packet: what to send. - * @param addr: where to send it to. + * @param addr: where to send it to. If NULL, send is performed, + * for connected sockets, to the connected address. * @param addrlen: length of addr. + * @param is_connected: if the UDP socket is connect()ed. * @return: false on a failure. */ int comm_point_send_udp_msg(struct comm_point* c, struct sldns_buffer* packet, - struct sockaddr* addr, socklen_t addrlen); + struct sockaddr* addr, socklen_t addrlen,int is_connected); /** * Stop listening for input on the commpoint. No callbacks will happen. @@ -582,6 +664,16 @@ void comm_point_start_listening(struct comm_point* c, int newfd, int msec); */ void comm_point_listen_for_rw(struct comm_point* c, int rd, int wr); +/** + * For TCP handlers that use c->tcp_timeout_msec, this routine adjusts + * it with the minimum. Otherwise, a 0 value advertised without the + * minimum applied moves to a 0 in comm_point_start_listening and that + * routine treats it as no timeout, listen forever, which is not wanted. + * @param c: comm point to use the tcp_timeout_msec of. + * @return adjusted tcp_timeout_msec value with the minimum if smaller. + */ +int adjusted_tcp_timeout(struct comm_point* c); + /** * Get size of memory used by comm point. * For TCP handlers this includes subhandlers. @@ -723,6 +815,110 @@ void comm_point_tcp_handle_callback(int fd, short event, void* arg); */ void comm_point_http_handle_callback(int fd, short event, void* arg); +/** + * HTTP2 session. HTTP2 related info per comm point. + */ +struct http2_session { + /** first item in list of streams */ + struct http2_stream* first_stream; +#ifdef HAVE_NGHTTP2 + /** nghttp2 session */ + nghttp2_session *session; + /** store nghttp2 callbacks for easy reuse */ + nghttp2_session_callbacks* callbacks; +#endif + /** comm point containing buffer used to build answer in worker or + * module */ + struct comm_point* c; + /** session is instructed to get dropped (comm port will be closed) */ + int is_drop; + /** postpone dropping the session, can be used to prevent dropping + * while being in a callback */ + int postpone_drop; +}; + +/** enum of HTTP status */ +enum http_status { + HTTP_STATUS_OK = 200, + HTTP_STATUS_BAD_REQUEST = 400, + HTTP_STATUS_NOT_FOUND = 404, + HTTP_STATUS_PAYLOAD_TOO_LARGE = 413, + HTTP_STATUS_URI_TOO_LONG = 414, + HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE = 415, + HTTP_STATUS_NOT_IMPLEMENTED = 501 +}; + +/** + * HTTP stream. Part of list of HTTP2 streams per session. + */ +struct http2_stream { + /** next stream in list per session */ + struct http2_stream* next; + /** previous stream in list per session */ + struct http2_stream* prev; + /** HTTP2 stream ID is an unsigned 31-bit integer */ + int32_t stream_id; + /** HTTP method used for this stream */ + enum { + HTTP_METHOD_POST = 1, + HTTP_METHOD_GET, + HTTP_METHOD_UNSUPPORTED + } http_method; + /** message contains invalid content type */ + int invalid_content_type; + /** message body content type */ + size_t content_length; + /** HTTP response status */ + enum http_status status; + /** request for non existing endpoint */ + int invalid_endpoint; + /** query in request is too large */ + int query_too_large; + /** buffer to store query into. Can't use session shared buffer as query + * can arrive in parts, intertwined with frames for other queries. */ + struct sldns_buffer* qbuffer; + /** buffer to store response into. Can't use shared buffer as a next + * query read callback can overwrite it before it is send out. */ + struct sldns_buffer* rbuffer; + /** mesh area containing mesh state */ + struct mesh_area* mesh; + /** mesh state for query. Used to remove mesh reply before closing + * stream. */ + struct mesh_state* mesh_state; +}; + +#ifdef HAVE_NGHTTP2 +/** nghttp2 receive cb. Read from SSL connection into nghttp2 buffer */ +ssize_t http2_recv_cb(nghttp2_session* session, uint8_t* buf, + size_t len, int flags, void* cb_arg); +/** nghttp2 send callback. Send from nghttp2 buffer to ssl socket */ +ssize_t http2_send_cb(nghttp2_session* session, const uint8_t* buf, + size_t len, int flags, void* cb_arg); +/** nghttp2 callback on closing stream */ +int http2_stream_close_cb(nghttp2_session* session, int32_t stream_id, + uint32_t error_code, void* cb_arg); +#endif + +/** + * Create new http2 stream + * @param stream_id: ID for stream to create. + * @return malloc'ed stream, NULL on error + */ +struct http2_stream* http2_stream_create(int32_t stream_id); + +/** + * Add new stream to session linked list + * @param h2_session: http2 session to add stream to + * @param h2_stream: stream to add to session list + */ +void http2_session_add_stream(struct http2_session* h2_session, + struct http2_stream* h2_stream); + +/** Add mesh state to stream. To be able to remove mesh reply on stream closure + */ +void http2_stream_add_meshstate(struct http2_stream* h2_stream, + struct mesh_area* mesh, struct mesh_state* m); + /** * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. diff --git a/util/regional.c b/util/regional.c index ff36d0e21..bd67ecf50 100644 --- a/util/regional.c +++ b/util/regional.c @@ -80,18 +80,39 @@ regional_init(struct regional* r) r->total_large = 0; } -struct regional* -regional_create_custom(size_t size) +/** + * Create a new region, with custom first block and large-object sizes. + * @param size: length of first block. + * @param large_object_size: outside of chunk allocation threshold. + * @return: newly allocated regional. + */ +static struct regional* +regional_create_custom_large_object(size_t size, size_t large_object_size) { - struct regional* r = (struct regional*)malloc(size); + struct regional* r; size = ALIGN_UP(size, ALIGNMENT); + r = (struct regional*)malloc(size); log_assert(sizeof(struct regional) <= size); if(!r) return NULL; r->first_size = size; + r->large_object_size = large_object_size; regional_init(r); return r; } +struct regional* +regional_create_custom(size_t size) +{ + return regional_create_custom_large_object(size, + REGIONAL_LARGE_OBJECT_SIZE); +} + +struct regional* +regional_create_nochunk(size_t size) +{ + return regional_create_custom_large_object(size, 0); +} + void regional_free_all(struct regional *r) { @@ -134,7 +155,7 @@ regional_alloc(struct regional *r, size_t size) malloc and ALIGN_UP */ a = ALIGN_UP(size, ALIGNMENT); /* large objects */ - if(a > REGIONAL_LARGE_OBJECT_SIZE) { + if(a > r->large_object_size) { s = malloc(ALIGNMENT + size); if(!s) return NULL; r->total_large += ALIGNMENT+size; @@ -219,7 +240,7 @@ regional_log_stats(struct regional *r) /* some basic assertions put here (non time critical code) */ log_assert(ALIGNMENT >= sizeof(char*)); log_assert(REGIONAL_CHUNK_SIZE > ALIGNMENT); - log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > REGIONAL_LARGE_OBJECT_SIZE); + log_assert(REGIONAL_CHUNK_SIZE-ALIGNMENT > r->large_object_size); log_assert(REGIONAL_CHUNK_SIZE >= sizeof(struct regional)); /* debug print */ log_info("regional %u chunks, %u large", diff --git a/util/regional.h b/util/regional.h index e8b2cb8d0..b439897d5 100644 --- a/util/regional.h +++ b/util/regional.h @@ -74,6 +74,11 @@ struct regional size_t available; /** current chunk data position. */ char* data; + /** threshold for outside of chunk allocations */ + size_t large_object_size; + /** padding for sizeof8 alignment of sizeof(struct regional) + * for 32bit systems */ + size_t padding; }; /** @@ -88,6 +93,14 @@ struct regional* regional_create(void); * @return: newly allocated regional. */ struct regional* regional_create_custom(size_t size); + +/** + * Create a new region, with custom settings, that will allocate everything + * outside the region chunk. + * @param size: length of first block. + * @return: newly allocated regional. + */ +struct regional* regional_create_nochunk(size_t size); /** * Free all memory associated with regional. Only keeps the first block with diff --git a/util/storage/lruhash.c b/util/storage/lruhash.c index 0003ff491..3500a4ef0 100644 --- a/util/storage/lruhash.c +++ b/util/storage/lruhash.c @@ -398,13 +398,13 @@ lruhash_remove(struct lruhash* table, hashvalue_type hash, void* key) return; } table->num--; - table->space_used -= (*table->sizefunc)(entry->key, entry->data); - lock_quick_unlock(&table->lock); + table->space_used -= (*table->sizefunc)(entry->key, entry->data); lock_rw_wrlock(&entry->lock); if(table->markdelfunc) (*table->markdelfunc)(entry->key); lock_rw_unlock(&entry->lock); lock_quick_unlock(&bin->lock); + lock_quick_unlock(&table->lock); /* finish removal */ d = entry->data; (*table->delkeyfunc)(entry->key, table->cb_arg); diff --git a/validator/val_anchor.c b/validator/val_anchor.c index 7224f00a2..9b6574c5d 100644 --- a/validator/val_anchor.c +++ b/validator/val_anchor.c @@ -1030,8 +1030,6 @@ anchors_assemble_rrsets(struct val_anchors* anchors) ")", b); (void)rbtree_delete(anchors->tree, &ta->node); lock_basic_unlock(&ta->lock); - if(anchors->dlv_anchor == ta) - anchors->dlv_anchor = NULL; anchors_delfunc(&ta->node, NULL); ta = next; continue; @@ -1103,37 +1101,6 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg) return 0; } } - if(cfg->dlv_anchor_file && cfg->dlv_anchor_file[0] != 0) { - struct trust_anchor* dlva; - nm = cfg->dlv_anchor_file; - if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, - cfg->chrootdir, strlen(cfg->chrootdir)) == 0) - nm += strlen(cfg->chrootdir); - if(!(dlva = anchor_read_file(anchors, parsebuf, - nm, 1))) { - log_err("error reading dlv-anchor-file: %s", - cfg->dlv_anchor_file); - sldns_buffer_free(parsebuf); - return 0; - } - lock_basic_lock(&anchors->lock); - anchors->dlv_anchor = dlva; - lock_basic_unlock(&anchors->lock); - } - for(f = cfg->dlv_anchor_list; f; f = f->next) { - struct trust_anchor* dlva; - if(!f->str || f->str[0] == 0) /* empty "" */ - continue; - if(!(dlva = anchor_store_str( - anchors, parsebuf, f->str))) { - log_err("error in dlv-anchor: \"%s\"", f->str); - sldns_buffer_free(parsebuf); - return 0; - } - lock_basic_lock(&anchors->lock); - anchors->dlv_anchor = dlva; - lock_basic_unlock(&anchors->lock); - } /* do autr last, so that it sees what anchors are filled by other * means can can print errors about double config for the name */ for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) { diff --git a/validator/val_anchor.h b/validator/val_anchor.h index a2a795d09..1597a7d62 100644 --- a/validator/val_anchor.h +++ b/validator/val_anchor.h @@ -67,8 +67,6 @@ struct val_anchors { * contents of type trust_anchor. */ rbtree_type* tree; - /** The DLV trust anchor (if one is configured, else NULL) */ - struct trust_anchor* dlv_anchor; /** Autotrust global data, anchors sorted by next probe time */ struct autr_global_data* autr; }; diff --git a/validator/val_neg.c b/validator/val_neg.c index 4c08e6bbc..67699b1f7 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -965,108 +965,6 @@ static int neg_closest_data(struct val_neg_zone* zone, } } -int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, time_t now) -{ - /* lookup closest zone */ - struct val_neg_zone* zone; - struct val_neg_data* data; - int labs; - struct ub_packed_rrset_key* nsec; - struct packed_rrset_data* d; - uint32_t flags; - uint8_t* wc; - struct query_info qinfo; - if(!neg) return 0; - - log_nametypeclass(VERB_ALGO, "negcache dlvlookup", qname, - LDNS_RR_TYPE_DLV, qclass); - - labs = dname_count_labels(qname); - lock_basic_lock(&neg->lock); - zone = neg_closest_zone_parent(neg, qname, len, labs, qclass); - while(zone && !zone->in_use) - zone = zone->parent; - if(!zone) { - lock_basic_unlock(&neg->lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "negcache zone", zone->name, 0, - zone->dclass); - - /* DLV is defined to use NSEC only */ - if(zone->nsec3_hash) { - lock_basic_unlock(&neg->lock); - return 0; - } - - /* lookup closest data record */ - (void)neg_closest_data(zone, qname, len, labs, &data); - while(data && !data->in_use) - data = data->parent; - if(!data) { - lock_basic_unlock(&neg->lock); - return 0; - } - log_nametypeclass(VERB_ALGO, "negcache rr", data->name, - LDNS_RR_TYPE_NSEC, zone->dclass); - - /* lookup rrset in rrset cache */ - flags = 0; - if(query_dname_compare(data->name, zone->name) == 0) - flags = PACKED_RRSET_NSEC_AT_APEX; - nsec = rrset_cache_lookup(rrset_cache, data->name, data->len, - LDNS_RR_TYPE_NSEC, zone->dclass, flags, now, 0); - - /* check if secure and TTL ok */ - if(!nsec) { - lock_basic_unlock(&neg->lock); - return 0; - } - d = (struct packed_rrset_data*)nsec->entry.data; - if(!d || now > d->ttl) { - lock_rw_unlock(&nsec->entry.lock); - /* delete data record if expired */ - neg_delete_data(neg, data); - lock_basic_unlock(&neg->lock); - return 0; - } - if(d->security != sec_status_secure) { - lock_rw_unlock(&nsec->entry.lock); - neg_delete_data(neg, data); - lock_basic_unlock(&neg->lock); - return 0; - } - verbose(VERB_ALGO, "negcache got secure rrset"); - - /* check NSEC security */ - /* check if NSEC proves no DLV type exists */ - /* check if NSEC proves NXDOMAIN for qname */ - qinfo.qname = qname; - qinfo.qtype = LDNS_RR_TYPE_DLV; - qinfo.qclass = qclass; - qinfo.local_alias = NULL; - if(!nsec_proves_nodata(nsec, &qinfo, &wc) && - !val_nsec_proves_name_error(nsec, qname)) { - /* the NSEC is not a denial for the DLV */ - lock_rw_unlock(&nsec->entry.lock); - lock_basic_unlock(&neg->lock); - verbose(VERB_ALGO, "negcache not proven"); - return 0; - } - /* so the NSEC was a NODATA proof, or NXDOMAIN proof. */ - - /* no need to check for wildcard NSEC; no wildcards in DLV repos */ - /* no need to lookup SOA record for client; no response message */ - - lock_rw_unlock(&nsec->entry.lock); - /* if OK touch the LRU for neg_data element */ - neg_lru_touch(neg, data); - lock_basic_unlock(&neg->lock); - verbose(VERB_ALGO, "negcache DLV denial proven"); - return 1; -} - void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, uint8_t* zone_name) { diff --git a/validator/val_neg.h b/validator/val_neg.h index 877f5c944..5643ca331 100644 --- a/validator/val_neg.h +++ b/validator/val_neg.h @@ -218,26 +218,6 @@ void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep); void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, uint8_t* zone); -/** - * Perform a DLV style lookup - * During the lookup, we could find out that data has expired. In that - * case the neg_cache entries are removed, and lookup fails. - * - * @param neg: negative cache. - * @param qname: name to look for - * @param len: length of qname. - * @param qclass: class to look in. - * @param rrset_cache: the rrset cache, for NSEC lookups. - * @param now: current time for ttl checks. - * @return - * 0 on error - * 0 if no proof of negative - * 1 if indeed negative was proven - * thus, qname DLV qclass does not exist. - */ -int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, - uint16_t qclass, struct rrset_cache* rrset_cache, time_t now); - /** * For the given query, try to get a reply out of the negative cache. * The reply still needs to be validated. diff --git a/validator/val_nsec.c b/validator/val_nsec.c index a795e7733..032d2ae03 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -541,86 +541,3 @@ val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, } return 0; } - -/** - * Find shared topdomain that exists - */ -static void -dlv_topdomain(struct ub_packed_rrset_key* nsec, uint8_t* qname, - uint8_t** nm, size_t* nm_len) -{ - /* make sure reply is part of nm */ - /* take shared topdomain with left of NSEC. */ - - /* because, if empty nonterminal, then right is subdomain of qname. - * and any shared topdomain would be empty nonterminals. - * - * If nxdomain, then the right is bigger, and could have an - * interesting shared topdomain, but if it does have one, it is - * an empty nonterminal. An empty nonterminal shared with the left - * one. */ - int n; - uint8_t* common = dname_get_shared_topdomain(qname, nsec->rk.dname); - n = dname_count_labels(*nm) - dname_count_labels(common); - dname_remove_labels(nm, nm_len, n); -} - -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len) -{ - uint8_t* next; - size_t i, nlen; - int c; - /* we should now have a NOERROR/NODATA or NXDOMAIN message */ - if(rep->an_numrrsets != 0) { - return 0; - } - /* is this NOERROR ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { - /* it can be a plain NSEC match - go up one more level. */ - /* or its an empty nonterminal - go up to nonempty level */ - for(i=0; ins_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type)!=LDNS_RR_TYPE_NSEC || - !nsec_get_next(rep->rrsets[i], &next, &nlen)) - continue; - c = dname_canonical_compare( - rep->rrsets[i]->rk.dname, qinfo->qname); - if(c == 0) { - /* plain match */ - if(nsec_has_type(rep->rrsets[i], - LDNS_RR_TYPE_DLV)) - return 0; - dname_remove_label(nm, nm_len); - return 1; - } else if(c < 0 && - dname_strict_subdomain_c(next, qinfo->qname)) { - /* ENT */ - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - - /* is this NXDOMAIN ? */ - if(FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN) { - /* find the qname denial NSEC record. It can tell us - * a closest encloser name; or that we not need bother */ - for(i=0; ins_numrrsets; i++) { - if(htons(rep->rrsets[i]->rk.type) != LDNS_RR_TYPE_NSEC) - continue; - if(val_nsec_proves_name_error(rep->rrsets[i], - qinfo->qname)) { - log_nametypeclass(VERB_ALGO, "topdomain on", - rep->rrsets[i]->rk.dname, - ntohs(rep->rrsets[i]->rk.type), 0); - dlv_topdomain(rep->rrsets[i], qinfo->qname, - nm, nm_len); - return 1; - } - } - return 0; - } - return 0; -} diff --git a/validator/val_nsec.h b/validator/val_nsec.h index 4e71257bc..7117809d6 100644 --- a/validator/val_nsec.h +++ b/validator/val_nsec.h @@ -158,19 +158,6 @@ uint8_t* nsec_closest_encloser(uint8_t* qname, int val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, size_t qnamelen); -/** - * Determine the DLV result, what to do with NSEC DLV reply. - * @param qinfo: what was queried for. - * @param rep: the nonpositive reply. - * @param nm: dlv lookup name, to adjust for new lookup name (if needed). - * @param nm_len: length of lookup name. - * @return 0 on error, 1 if a higher point is found. - * If the higher point is above the dlv repo anchor, the qname does - * not exist. - */ -int val_nsec_check_dlv(struct query_info* qinfo, - struct reply_info* rep, uint8_t** nm, size_t* nm_len); - /** * Determine if an nsec proves an insecure delegation towards the qname. * @param nsec: nsec rrset. diff --git a/validator/val_secalgo.c b/validator/val_secalgo.c index 65bca8b69..15cccf017 100644 --- a/validator/val_secalgo.c +++ b/validator/val_secalgo.c @@ -990,6 +990,7 @@ static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo) return pk; } +#if defined(USE_DSA) && defined(USE_SHA1) static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) { SECKEYPublicKey* pk; @@ -1050,6 +1051,7 @@ static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) } return pk; } +#endif /* USE_DSA && USE_SHA1 */ static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len) { diff --git a/validator/validator.c b/validator/validator.c index c3ca0a27d..e12180b4b 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -390,10 +390,8 @@ generate_request(struct module_qstate* qstate, int id, uint8_t* name, ask.local_alias = NULL; log_query_info(VERB_ALGO, "generate request", &ask); /* enable valrec flag to avoid recursion to the same validation - * routine, this lookup is simply a lookup. DLVs need validation */ - if(qtype == LDNS_RR_TYPE_DLV) - valrec = 0; - else valrec = 1; + * routine, this lookup is simply a lookup. */ + valrec = 1; fptr_ok(fptr_whitelist_modenv_detect_cycle(qstate->env->detect_cycle)); if((*qstate->env->detect_cycle)(qstate, &ask, @@ -1585,7 +1583,7 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len, vq->qchase.qclass, qstate->region, *qstate->env->now); - /* there is no key(from DLV) and no trust anchor */ + /* there is no key and no trust anchor */ if(vq->key_entry == NULL && anchor == NULL) { /*response isn't under a trust anchor, so we cannot validate.*/ vq->chase_reply->security = sec_status_indeterminate; @@ -1603,7 +1601,6 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, val_mark_insecure(vq->chase_reply, anchor->name, qstate->env->rrset_cache, qstate->env); lock_basic_unlock(&anchor->lock); - vq->dlv_checked=1; /* skip DLV check */ /* go to finished state to cache this result */ vq->state = VAL_FINISHED_STATE; return 1; @@ -1679,9 +1676,8 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id) /* We know that state.key_entry is not 0 or bad key -- if it were, * then previous processing should have directed this event to * a different state. - * It could be an isnull key, which signals that a DLV was just - * done and the DNSKEY after the DLV failed with dnssec-retry state - * and the DNSKEY has to be performed again. */ + * It could be an isnull key, which signals the DNSKEY failed + * with retry and has to be looked up again. */ log_assert(vq->key_entry && !key_entry_isbad(vq->key_entry)); if(key_entry_isnull(vq->key_entry)) { if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, @@ -1985,148 +1981,6 @@ processValidate(struct module_qstate* qstate, struct val_qstate* vq, return 1; } -/** - * Init DLV check. - * DLV is going to be decommissioned, but the code is still here for some time. - * - * Called when a query is determined by other trust anchors to be insecure - * (or indeterminate). Then we look if there is a key in the DLV. - * Performs aggressive negative cache check to see if there is no key. - * Otherwise, spawns a DLV query, and changes to the DLV wait state. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if there is no DLV. - * false: processing is finished for the validator operate(). - * This function may exit in three ways: - * o no DLV (aggressive cache), so insecure. (true) - * o error - stop processing (false) - * o DLV lookup was started, stop processing (false) - */ -static int -val_dlv_init(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - uint8_t* nm; - size_t nm_len; - struct module_qstate* newq = NULL; - /* there must be a DLV configured */ - log_assert(qstate->env->anchors->dlv_anchor); - /* this bool is true to avoid looping in the DLV checks */ - log_assert(vq->dlv_checked); - - /* init the DLV lookup variables */ - vq->dlv_lookup_name = NULL; - vq->dlv_lookup_name_len = 0; - vq->dlv_insecure_at = NULL; - vq->dlv_insecure_at_len = 0; - - /* Determine the name for which we want to lookup DLV. - * This name is for the current message, or - * for the current RRset for CNAME, referral subtypes. - * If there is a signer, use that, otherwise the domain name */ - if(vq->signer_name) { - nm = vq->signer_name; - nm_len = vq->signer_len; - } else { - /* use qchase */ - nm = vq->qchase.qname; - nm_len = vq->qchase.qname_len; - if(vq->qchase.qtype == LDNS_RR_TYPE_DS) - dname_remove_label(&nm, &nm_len); - } - log_nametypeclass(VERB_ALGO, "DLV init look", nm, LDNS_RR_TYPE_DS, - vq->qchase.qclass); - log_assert(nm && nm_len); - /* sanity check: no DLV lookups below the DLV anchor itself. - * Like, an securely insecure delegation there makes no sense. */ - if(dname_subdomain_c(nm, qstate->env->anchors->dlv_anchor->name)) { - verbose(VERB_ALGO, "DLV lookup within DLV repository denied"); - return 1; - } - /* concat name (minus root label) + dlv name */ - vq->dlv_lookup_name_len = nm_len - 1 + - qstate->env->anchors->dlv_anchor->namelen; - vq->dlv_lookup_name = regional_alloc(qstate->region, - vq->dlv_lookup_name_len); - if(!vq->dlv_lookup_name) { - log_err("Out of memory preparing DLV lookup"); - return val_error(qstate, id); - } - memmove(vq->dlv_lookup_name, nm, nm_len-1); - memmove(vq->dlv_lookup_name+nm_len-1, - qstate->env->anchors->dlv_anchor->name, - qstate->env->anchors->dlv_anchor->namelen); - log_nametypeclass(VERB_ALGO, "DLV name", vq->dlv_lookup_name, - LDNS_RR_TYPE_DLV, vq->qchase.qclass); - - /* determine where the insecure point was determined, the DLV must - * be equal or below that to continue building the trust chain - * down. May be NULL if no trust chain was built yet */ - nm = NULL; - if(vq->key_entry && key_entry_isnull(vq->key_entry)) { - nm = vq->key_entry->name; - nm_len = vq->key_entry->namelen; - } - if(nm) { - vq->dlv_insecure_at_len = nm_len - 1 + - qstate->env->anchors->dlv_anchor->namelen; - vq->dlv_insecure_at = regional_alloc(qstate->region, - vq->dlv_insecure_at_len); - if(!vq->dlv_insecure_at) { - log_err("Out of memory preparing DLV lookup"); - return val_error(qstate, id); - } - memmove(vq->dlv_insecure_at, nm, nm_len-1); - memmove(vq->dlv_insecure_at+nm_len-1, - qstate->env->anchors->dlv_anchor->name, - qstate->env->anchors->dlv_anchor->namelen); - log_nametypeclass(VERB_ALGO, "insecure_at", - vq->dlv_insecure_at, 0, vq->qchase.qclass); - } - - /* If we can find the name in the aggressive negative cache, - * give up; insecure is the answer */ - while(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, vq->qchase.qclass, - qstate->env->rrset_cache, *qstate->env->now)) { - /* go up */ - dname_remove_label(&vq->dlv_lookup_name, - &vq->dlv_lookup_name_len); - /* too high? */ - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - verbose(VERB_ALGO, "ask above dlv repo"); - return 1; /* Above the repo is insecure */ - } - /* above chain of trust? */ - if(vq->dlv_insecure_at && !dname_subdomain_c( - vq->dlv_lookup_name, vq->dlv_insecure_at)) { - verbose(VERB_ALGO, "ask above insecure endpoint"); - return 1; - } - } - - /* perform a lookup for the DLV; with validation */ - vq->state = VAL_DLVLOOKUP_STATE; - if(!generate_request(qstate, id, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, - vq->qchase.qclass, 0, &newq, 0)) { - return val_error(qstate, id); - } - - /* Find the closest encloser DLV from the repository. - * then that is used to build another chain of trust - * This may first require a query 'too low' that has NSECs in - * the answer, from which we determine the closest encloser DLV. - * When determine the closest encloser, skip empty nonterminals, - * since we want a nonempty node in the DLV repository. */ - - return 0; -} - /** * The Finished state. The validation status (good or bad) has been determined. * @@ -2145,16 +1999,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, qstate->query_flags, &qstate->qinfo, &vq->qchase, vq->orig_msg->rep, vq->rrset_skip); - /* if the result is insecure or indeterminate and we have not - * checked the DLV yet, check the DLV */ - if((vq->chase_reply->security == sec_status_insecure || - vq->chase_reply->security == sec_status_indeterminate) && - qstate->env->anchors->dlv_anchor && !vq->dlv_checked) { - vq->dlv_checked = 1; - if(!val_dlv_init(qstate, vq, ve, id)) - return 0; - } - /* store overall validation result in orig_msg */ if(vq->rrset_skip == 0) vq->orig_msg->rep->security = vq->chase_reply->security; @@ -2177,7 +2021,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, /* and restart for this rrset */ verbose(VERB_ALGO, "validator: go to next rrset"); vq->chase_reply->security = sec_status_unchecked; - vq->dlv_checked = 0; /* can do DLV for this RR */ vq->state = VAL_INIT_STATE; return 1; } @@ -2195,7 +2038,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, log_query_info(VERB_ALGO, "validator: chased to", &vq->qchase); vq->chase_reply->security = sec_status_unchecked; - vq->dlv_checked = 0; /* can do DLV for this RR */ vq->state = VAL_INIT_STATE; return 1; } @@ -2321,119 +2163,6 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, return 0; } -/** - * The DLVLookup state. Process DLV lookups. - * - * @param qstate: query state. - * @param vq: validator query state. - * @param ve: validator shared global environment. - * @param id: module id. - * @return true if the event should be processed further on return, false if - * not. - */ -static int -processDLVLookup(struct module_qstate* qstate, struct val_qstate* vq, - struct val_env* ve, int id) -{ - struct module_qstate* newq = NULL; - /* see if this we are ready to continue normal resolution */ - /* we may need more DLV lookups */ - if(vq->dlv_status==dlv_error) - verbose(VERB_ALGO, "DLV woke up with status dlv_error"); - else if(vq->dlv_status==dlv_success) - verbose(VERB_ALGO, "DLV woke up with status dlv_success"); - else if(vq->dlv_status==dlv_ask_higher) - verbose(VERB_ALGO, "DLV woke up with status dlv_ask_higher"); - else if(vq->dlv_status==dlv_there_is_no_dlv) - verbose(VERB_ALGO, "DLV woke up with status dlv_there_is_no_dlv"); - else verbose(VERB_ALGO, "DLV woke up with status unknown"); - - if(vq->dlv_status == dlv_error) { - verbose(VERB_QUERY, "failed DLV lookup"); - errinf(qstate, "failed DLV lookup"); - return val_error(qstate, id); - } else if(vq->dlv_status == dlv_success) { - uint8_t* nm; - size_t nmlen; - /* chain continues with DNSKEY, continue in FINDKEY */ - vq->state = VAL_FINDKEY_STATE; - - /* strip off the DLV suffix from the name; could result in . */ - log_assert(dname_subdomain_c(vq->ds_rrset->rk.dname, - qstate->env->anchors->dlv_anchor->name)); - nmlen = vq->ds_rrset->rk.dname_len - - qstate->env->anchors->dlv_anchor->namelen + 1; - nm = regional_alloc_init(qstate->region, - vq->ds_rrset->rk.dname, nmlen); - if(!nm) { - log_err("Out of memory in DLVLook"); - return val_error(qstate, id); - } - nm[nmlen-1] = 0; - - vq->ds_rrset->rk.dname = nm; - vq->ds_rrset->rk.dname_len = nmlen; - - /* create a nullentry for the key so the dnskey lookup - * can be retried after a validation failure for it */ - vq->key_entry = key_entry_create_null(qstate->region, - nm, nmlen, vq->qchase.qclass, 0, 0); - if(!vq->key_entry) { - log_err("Out of memory in DLVLook"); - return val_error(qstate, id); - } - - if(!generate_request(qstate, id, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len, LDNS_RR_TYPE_DNSKEY, - vq->qchase.qclass, BIT_CD, &newq, 0)) { - verbose(VERB_ALGO, "error generating DNSKEY request"); - return val_error(qstate, id); - } - return 0; - } else if(vq->dlv_status == dlv_there_is_no_dlv) { - /* continue with the insecure result we got */ - vq->state = VAL_FINISHED_STATE; - return 1; - } - log_assert(vq->dlv_status == dlv_ask_higher); - - /* ask higher, make sure we stay in DLV repo, below dlv_at */ - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - /* just like, there is no DLV */ - verbose(VERB_ALGO, "ask above dlv repo"); - vq->state = VAL_FINISHED_STATE; - return 1; - } - if(vq->dlv_insecure_at && !dname_subdomain_c(vq->dlv_lookup_name, - vq->dlv_insecure_at)) { - /* already checked a chain lower than dlv_lookup_name */ - verbose(VERB_ALGO, "ask above insecure endpoint"); - log_nametypeclass(VERB_ALGO, "enpt", vq->dlv_insecure_at, 0, 0); - vq->state = VAL_FINISHED_STATE; - return 1; - } - - /* check negative cache before making new request */ - if(val_neg_dlvlookup(ve->neg_cache, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, vq->qchase.qclass, - qstate->env->rrset_cache, *qstate->env->now)) { - /* does not exist, go up one (go higher). */ - dname_remove_label(&vq->dlv_lookup_name, - &vq->dlv_lookup_name_len); - /* limit number of labels, limited number of recursion */ - return processDLVLookup(qstate, vq, ve, id); - } - - if(!generate_request(qstate, id, vq->dlv_lookup_name, - vq->dlv_lookup_name_len, LDNS_RR_TYPE_DLV, - vq->qchase.qclass, 0, &newq, 0)) { - return val_error(qstate, id); - } - - return 0; -} - /** * Handle validator state. * If a method returns true, the next state is started. If false, then @@ -2464,9 +2193,6 @@ val_handle(struct module_qstate* qstate, struct val_qstate* vq, case VAL_FINISHED_STATE: cont = processFinished(qstate, vq, ve, id); break; - case VAL_DLVLOOKUP_STATE: - cont = processDLVLookup(qstate, vq, ve, id); - break; default: log_warn("validator: invalid state %d", vq->state); @@ -3105,99 +2831,6 @@ process_prime_response(struct module_qstate* qstate, struct val_qstate* vq, /* the qstate will be reactivated after inform_super is done */ } -/** - * Process DLV response. Called from inform_supers. - * Because it is in inform_supers, the mesh itself is busy doing callbacks - * for a state that is to be deleted soon; don't touch the mesh; instead - * set a state in the super, as the super will be reactivated soon. - * Perform processing to determine what state to set in the super. - * - * @param qstate: query state that is validating and asked for a DLV. - * @param vq: validator query state - * @param id: module id. - * @param rcode: rcode result value. - * @param msg: result message (if rcode is OK). - * @param qinfo: from the sub query state, query info. - */ -static void -process_dlv_response(struct module_qstate* qstate, struct val_qstate* vq, - int id, int rcode, struct dns_msg* msg, struct query_info* qinfo) -{ - struct val_env* ve = (struct val_env*)qstate->env->modinfo[id]; - - verbose(VERB_ALGO, "process dlv response to super"); - if(rcode != LDNS_RCODE_NOERROR) { - /* lookup failed, set in vq to give up */ - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is error"); - return; - } - if(msg->rep->security != sec_status_secure) { - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "response is not secure, %s", - sec_status_to_string(msg->rep->security)); - return; - } - /* was the lookup a success? validated DLV? */ - if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NOERROR && - msg->rep->an_numrrsets == 1 && - msg->rep->security == sec_status_secure && - ntohs(msg->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DLV && - ntohs(msg->rep->rrsets[0]->rk.rrset_class) == qinfo->qclass && - query_dname_compare(msg->rep->rrsets[0]->rk.dname, - vq->dlv_lookup_name) == 0) { - /* yay! it is just like a DS */ - vq->ds_rrset = (struct ub_packed_rrset_key*) - regional_alloc_init(qstate->region, - msg->rep->rrsets[0], sizeof(*vq->ds_rrset)); - if(!vq->ds_rrset) { - log_err("out of memory in process_dlv"); - return; - } - vq->ds_rrset->entry.key = vq->ds_rrset; - vq->ds_rrset->rk.dname = (uint8_t*)regional_alloc_init( - qstate->region, vq->ds_rrset->rk.dname, - vq->ds_rrset->rk.dname_len); - if(!vq->ds_rrset->rk.dname) { - log_err("out of memory in process_dlv"); - vq->dlv_status = dlv_error; - return; - } - vq->ds_rrset->entry.data = regional_alloc_init(qstate->region, - vq->ds_rrset->entry.data, - packed_rrset_sizeof(vq->ds_rrset->entry.data)); - if(!vq->ds_rrset->entry.data) { - log_err("out of memory in process_dlv"); - vq->dlv_status = dlv_error; - return; - } - packed_rrset_ptr_fixup(vq->ds_rrset->entry.data); - /* make vq do a DNSKEY query next up */ - vq->dlv_status = dlv_success; - return; - } - /* store NSECs into negative cache */ - val_neg_addreply(ve->neg_cache, msg->rep); - - /* was the lookup a failure? - * if we have to go up into the DLV for a higher DLV anchor - * then set this in the vq, so it can make queries when activated. - * See if the NSECs indicate that we should look for higher DLV - * or, that there is no DLV securely */ - if(!val_nsec_check_dlv(qinfo, msg->rep, &vq->dlv_lookup_name, - &vq->dlv_lookup_name_len)) { - vq->dlv_status = dlv_error; - verbose(VERB_ALGO, "nsec error"); - return; - } - if(!dname_subdomain_c(vq->dlv_lookup_name, - qstate->env->anchors->dlv_anchor->name)) { - vq->dlv_status = dlv_there_is_no_dlv; - return; - } - vq->dlv_status = dlv_ask_higher; -} - /* * inform validator super. * @@ -3233,10 +2866,6 @@ val_inform_super(struct module_qstate* qstate, int id, qstate->return_msg, &qstate->qinfo, qstate->reply_origin); return; - } else if(qstate->qinfo.qtype == LDNS_RR_TYPE_DLV) { - process_dlv_response(super, vq, id, qstate->return_rcode, - qstate->return_msg, &qstate->qinfo); - return; } log_err("internal error in validator: no inform_supers possible"); } @@ -3284,7 +2913,6 @@ val_state_to_string(enum val_state state) case VAL_FINDKEY_STATE: return "VAL_FINDKEY_STATE"; case VAL_VALIDATE_STATE: return "VAL_VALIDATE_STATE"; case VAL_FINISHED_STATE: return "VAL_FINISHED_STATE"; - case VAL_DLVLOOKUP_STATE: return "VAL_DLVLOOKUP_STATE"; } return "UNKNOWN VALIDATOR STATE"; } diff --git a/validator/validator.h b/validator/validator.h index 9e4c8a941..35da1920a 100644 --- a/validator/validator.h +++ b/validator/validator.h @@ -137,8 +137,6 @@ enum val_state { VAL_VALIDATE_STATE, /** finish up */ VAL_FINISHED_STATE, - /** DLV lookup state, processing DLV queries */ - VAL_DLVLOOKUP_STATE }; /** @@ -217,27 +215,6 @@ struct val_qstate { /** true if this state is waiting to prime a trust anchor */ int wait_prime_ta; - - /** have we already checked the DLV? */ - int dlv_checked; - /** The name for which the DLV is looked up. For the current message - * or for the current RRset (for CNAME, REFERRAL types). - * If there is signer name, that may be it, else a domain name */ - uint8_t* dlv_lookup_name; - /** length of dlv lookup name */ - size_t dlv_lookup_name_len; - /** Name at which chain of trust stopped with insecure, starting DLV - * DLV must result in chain going further down */ - uint8_t* dlv_insecure_at; - /** length of dlv insecure point name */ - size_t dlv_insecure_at_len; - /** status of DLV lookup. Indication to VAL_DLV_STATE what to do */ - enum dlv_status { - dlv_error, /* server failure */ - dlv_success, /* got a DLV */ - dlv_ask_higher, /* ask again */ - dlv_there_is_no_dlv /* got no DLV, sure of it */ - } dlv_status; }; /**