diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-05-12 11:56:38 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2018-05-12 11:56:38 +0000 |
commit | 197f1a0fe3e81cde0cd25a3a1f37ebedf9a99488 (patch) | |
tree | 9a121ad4cef31a32608c065400c31246d549c0dc | |
parent | b5c63b395d5df7ff6ee4d41a7dfecd938d894037 (diff) | |
download | src-test2-197f1a0fe3e81cde0cd25a3a1f37ebedf9a99488.tar.gz src-test2-197f1a0fe3e81cde0cd25a3a1f37ebedf9a99488.zip |
Notes
125 files changed, 17469 insertions, 5419 deletions
diff --git a/Makefile.in b/Makefile.in index 1c33070336ef..923bb4fd7372 100644 --- a/Makefile.in +++ b/Makefile.in @@ -137,8 +137,7 @@ slabhash.lo timehist.lo tube.lo winsock_event.lo autotrust.lo val_anchor.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ -$(IPSECMOD_OBJ) -COMMON_OBJ_WITHOUT_NETCALL+=respip.lo +$(IPSECMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo @@ -265,7 +264,7 @@ ALL_OBJ=$(COMMON_OBJ) $(UNITTEST_OBJ) $(DAEMON_OBJ) \ COMPILE=$(LIBTOOL) --tag=CC --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) @PTHREAD_CFLAGS_ONLY@ LINK=$(LIBTOOL) --tag=CC --mode=link $(CC) $(staticexe) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(staticexe) -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined +LINK_LIB=$(LIBTOOL) --tag=CC --mode=link $(CC) $(RUNTIME_PATH) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -version-info @LIBUNBOUND_CURRENT@:@LIBUNBOUND_REVISION@:@LIBUNBOUND_AGE@ -no-undefined .PHONY: clean realclean doc lint all install uninstall tests test strip lib longtest longcheck check alltargets @@ -390,7 +389,7 @@ dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h dnstap/dnstap_config.h \ dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h: $(srcdir)/dnstap/dnstap.proto @-if test ! -d dnstap; then $(INSTALL) -d dnstap; fi - $(PROTOC_C) --c_out=. $(srcdir)/dnstap/dnstap.proto + $(PROTOC_C) --c_out=. --proto_path=$(srcdir) $(srcdir)/dnstap/dnstap.proto dnstap.pb-c.lo dnstap.pb-c.o: dnstap/dnstap.pb-c.c dnstap/dnstap.pb-c.h @@ -533,6 +532,8 @@ install-all: all $(PYTHONMOD_INSTALL) $(PYUNBOUND_INSTALL) $(UNBOUND_EVENT_INSTA $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man8 $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man5 $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1 + $(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig + $(INSTALL) -m 644 contrib/libunbound.pc $(DESTDIR)$(libdir)/pkgconfig $(LIBTOOL) --mode=install cp -f unbound$(EXEEXT) $(DESTDIR)$(sbindir)/unbound$(EXEEXT) $(LIBTOOL) --mode=install cp -f unbound-checkconf$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-checkconf$(EXEEXT) $(LIBTOOL) --mode=install cp -f unbound-control$(EXEEXT) $(DESTDIR)$(sbindir)/unbound-control$(EXEEXT) @@ -627,102 +628,107 @@ depend: # Dependencies dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h infra.lo infra.o: $(srcdir)/services/cache/infra.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h rrset.lo rrset.o: $(srcdir)/services/cache/rrset.c config.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h dname.lo dname.o: $(srcdir)/util/data/dname.c config.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/sldns/sbuffer.h msgencode.lo msgencode.o: $(srcdir)/util/data/msgencode.c config.h $(srcdir)/util/data/msgencode.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \ + $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/services/view.h msgparse.lo msgparse.o: $(srcdir)/util/data/msgparse.c config.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/regional.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h msgreply.lo msgreply.o: $(srcdir)/util/data/msgreply.c config.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/module.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h packed_rrset.lo packed_rrset.o: $(srcdir)/util/data/packed_rrset.c config.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h iterator.lo iterator.o: $(srcdir)/iterator/iterator.c config.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_donotq.h \ - $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h $(srcdir)/iterator/iter_priv.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ + $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_scrub.h \ + $(srcdir)/iterator/iter_priv.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/sbuffer.h iter_delegpt.lo iter_delegpt.o: $(srcdir)/iterator/iter_delegpt.c config.h $(srcdir)/iterator/iter_delegpt.h \ $(srcdir)/util/log.h $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/regional.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/sbuffer.h iter_donotq.lo iter_donotq.o: $(srcdir)/iterator/iter_donotq.c config.h $(srcdir)/iterator/iter_donotq.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h iter_fwd.lo iter_fwd.o: $(srcdir)/iterator/iter_fwd.c config.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h + $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h iter_hints.lo iter_hints.o: $(srcdir)/iterator/iter_hints.c config.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h iter_priv.lo iter_priv.o: $(srcdir)/iterator/iter_priv.c config.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/regional.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h iter_resptype.lo iter_resptype.o: $(srcdir)/iterator/iter_resptype.c config.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ $(srcdir)/services/cache/dns.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h iter_scrub.lo iter_scrub.o: $(srcdir)/iterator/iter_scrub.c config.h $(srcdir)/iterator/iter_scrub.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_priv.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h \ + $(srcdir)/sldns/sbuffer.h iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/iterator/iter_donotq.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_priv.h \ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ @@ -736,33 +742,34 @@ iter_utils.lo iter_utils.o: $(srcdir)/iterator/iter_utils.c config.h $(srcdir)/i listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c config.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/testcode/checklocks.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ + $(srcdir)/sldns/sbuffer.h localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ $(srcdir)/util/data/msgencode.h $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ $(srcdir)/util/as112.h mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/timehist.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/alloc.h $(srcdir)/util/config_file.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/util/data/dname.h $(srcdir)/respip/respip.h modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/services/modstack.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/dns64/dns64.h \ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h \ $(srcdir)/validator/val_utils.h $(srcdir)/respip/respip.h $(srcdir)/services/localzone.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(PYTHONMOD_HEADER) \ @@ -770,168 +777,186 @@ modstack.lo modstack.o: $(srcdir)/services/modstack.c config.h $(srcdir)/service $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h view.lo view.o: $(srcdir)/services/view.c config.h $(srcdir)/services/view.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c config.h \ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h config_file.lo config_file.o: $(srcdir)/util/config_file.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/configyyrename.h $(srcdir)/util/config_file.h util/configparser.h \ $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc + $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h $(srcdir)/util/rtt.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/iana_ports.inc configlexer.lo configlexer.o: util/configlexer.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h util/configparser.h configparser.lo configparser.o: util/configparser.c config.h $(srcdir)/util/configyyrename.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h shm_main.lo shm_main.o: $(srcdir)/util/shm_side/shm_main.c config.h $(srcdir)/util/shm_side/shm_main.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h authzone.lo authzone.o: $(srcdir)/services/authzone.c config.h $(srcdir)/services/authzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/validator/val_nsec3.h \ - $(srcdir)/validator/val_secalgo.h + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/random.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/outside_network.h \ + $(srcdir)/services/listen_dnsport.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_secalgo.h fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.c config.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/authzone.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \ - $(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \ - $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h -locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h -log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h -mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/validator/validator.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \ + $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \ + $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \ + $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h +locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/testcode/checklocks.h +log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/sldns/sbuffer.h +mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ $(srcdir)/services/modstack.h module.lo module.o: $(srcdir)/util/module.c config.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h netevent.lo netevent.o: $(srcdir)/util/netevent.c config.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/ub_event.h $(srcdir)/util/net_help.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/dnstap/dnstap.h \ + \ net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ random.lo random.o: $(srcdir)/util/random.c config.h $(srcdir)/util/random.h $(srcdir)/util/log.h rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h regional.lo regional.o: $(srcdir)/util/regional.c config.h $(srcdir)/util/log.h $(srcdir)/util/regional.h rtt.lo rtt.o: $(srcdir)/util/rtt.c config.h $(srcdir)/util/rtt.h dnstree.lo dnstree.o: $(srcdir)/util/storage/dnstree.c config.h $(srcdir)/util/storage/dnstree.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/net_help.h + $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h lookup3.lo lookup3.o: $(srcdir)/util/storage/lookup3.c config.h $(srcdir)/util/storage/lookup3.h lruhash.lo lruhash.o: $(srcdir)/util/storage/lruhash.c config.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h slabhash.lo slabhash.o: $(srcdir)/util/storage/slabhash.c config.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h timehist.lo timehist.o: $(srcdir)/util/timehist.c config.h $(srcdir)/util/timehist.h $(srcdir)/util/log.h tube.lo tube.o: $(srcdir)/util/tube.c config.h $(srcdir)/util/tube.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/ub_event.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/ub_event.h ub_event.lo ub_event.o: $(srcdir)/util/ub_event.c config.h $(srcdir)/util/ub_event.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/tube.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/tube.h \ + $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h ub_event_pluggable.lo ub_event_pluggable.o: $(srcdir)/util/ub_event_pluggable.c config.h $(srcdir)/util/ub_event.h \ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \ + $(srcdir)/util/rbtree.h winsock_event.lo winsock_event.o: $(srcdir)/util/winsock_event.c config.h autotrust.lo autotrust.o: $(srcdir)/validator/autotrust.c config.h $(srcdir)/validator/autotrust.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_utils.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/dname.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kcache.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/val_sigcrypt.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/validator/val_kcache.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/keyraw.h \ val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/validator/val_anchor.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/as112.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/autotrust.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/as112.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/sldns/str2wire.h validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_nsec.h \ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_neg.h $(srcdir)/validator/val_sigcrypt.h \ @@ -942,59 +967,64 @@ validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/val $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h val_kcache.lo val_kcache.o: $(srcdir)/validator/val_kcache.c config.h $(srcdir)/validator/val_kcache.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h + $(srcdir)/testcode/checklocks.h $(srcdir)/validator/val_kentry.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h val_kentry.lo val_kentry.o: $(srcdir)/validator/val_kentry.c config.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lookup3.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ val_neg.lo val_neg.o: $(srcdir)/validator/val_neg.c config.h \ - $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/validator/val_neg.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h val_nsec3.lo val_nsec3.o: $(srcdir)/validator/val_nsec3.c config.h $(srcdir)/validator/val_nsec3.h \ $(srcdir)/util/rbtree.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/validator/val_secalgo.h \ + $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/validator/val_kentry.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/validator/val_nsec.h \ + $(srcdir)/sldns/sbuffer.h val_nsec.lo val_nsec.o: $(srcdir)/validator/val_nsec.c config.h $(srcdir)/validator/val_nsec.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h + $(srcdir)/testcode/checklocks.h $(srcdir)/validator/val_utils.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/sldns/sbuffer.h \ val_sigcrypt.lo val_sigcrypt.o: $(srcdir)/validator/val_sigcrypt.c config.h \ $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/validator/val_utils.h $(srcdir)/util/data/dname.h $(srcdir)/util/rbtree.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ val_utils.lo val_utils.o: $(srcdir)/validator/val_utils.c config.h $(srcdir)/validator/val_utils.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/parseutil.h + $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_anchor.h \ + $(srcdir)/util/rbtree.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_neg.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/parseutil.h dns64.lo dns64.o: $(srcdir)/dns64/dns64.c config.h $(srcdir)/dns64/dns64.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ @@ -1003,37 +1033,38 @@ edns-subnet.lo edns-subnet.o: $(srcdir)/edns-subnet/edns-subnet.c config.h \ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h subnetmod.lo subnetmod.o: $(srcdir)/edns-subnet/subnetmod.c config.h $(srcdir)/edns-subnet/subnetmod.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h \ - $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/edns-subnet/subnet-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/services/modstack.h $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h \ + $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h \ + $(srcdir)/services/cache/dns.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h addrtree.lo addrtree.o: $(srcdir)/edns-subnet/addrtree.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/edns-subnet/addrtree.h subnet-whitelist.lo subnet-whitelist.o: $(srcdir)/edns-subnet/subnet-whitelist.c config.h \ $(srcdir)/edns-subnet/edns-subnet.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/edns-subnet/subnet-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/checklocks.h cachedb.lo cachedb.o: $(srcdir)/cachedb/cachedb.c config.h $(srcdir)/cachedb/cachedb.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h $(srcdir)/validator/val_neg.h \ - $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h $(srcdir)/iterator/iter_utils.h \ - $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h \ - $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/data/msgencode.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/validator/val_secalgo.h \ + $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h $(srcdir)/sldns/parseutil.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h respip.lo respip.o: $(srcdir)/respip/respip.c config.h $(srcdir)/services/localzone.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/config_file.h \ - $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/services/view.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ $(srcdir)/services/modstack.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h $(srcdir)/respip/respip.h checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ @@ -1041,59 +1072,66 @@ checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h $(srcdir)/u dnscrypt.lo dnscrypt.o: $(srcdir)/dnscrypt/dnscrypt.c config.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h \ $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/storage/lookup3.h + $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/lookup3.h ipsecmod.lo ipsecmod.o: $(srcdir)/ipsecmod/ipsecmod.c config.h $(srcdir)/ipsecmod/ipsecmod.h \ $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h $(srcdir)/sldns/wire2str.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ + $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/fptr_wlist.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/wire2str.h ipsecmod-whitelist.lo ipsecmod-whitelist.o: $(srcdir)/ipsecmod/ipsecmod-whitelist.c config.h \ $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h \ - $(srcdir)/ipsecmod/ipsecmod-whitelist.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/rbtree.h $(srcdir)/ipsecmod/ipsecmod-whitelist.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/data/dname.h $(srcdir)/sldns/str2wire.h unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/rrdef.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/rrdef.h unitdname.lo unitdname.o: $(srcdir)/testcode/unitdname.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h + $(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h unitlruhash.lo unitlruhash.o: $(srcdir)/testcode/unitlruhash.c config.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/storage/slabhash.h + $(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/storage/slabhash.h unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/keyraw.h \ - $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/random.h $(srcdir)/respip/respip.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h + $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/random.h $(srcdir)/respip/respip.h $(srcdir)/util/module.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/testcode/readhex.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h + $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/dname.h $(srcdir)/util/alloc.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h \ + $(srcdir)/testcode/readhex.h $(srcdir)/testcode/testpkts.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/wire2str.h unitneg.lo unitneg.o: $(srcdir)/testcode/unitneg.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h \ - $(srcdir)/sldns/rrdef.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/dname.h $(srcdir)/testcode/unitmain.h \ + $(srcdir)/validator/val_neg.h $(srcdir)/util/rbtree.h $(srcdir)/sldns/rrdef.h unitregional.lo unitregional.o: $(srcdir)/testcode/unitregional.c config.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/util/log.h $(srcdir)/util/regional.h unitslabhash.lo unitslabhash.o: $(srcdir)/testcode/unitslabhash.c config.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h + $(srcdir)/util/log.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/checklocks.h unitverify.lo unitverify.o: $(srcdir)/testcode/unitverify.c config.h $(srcdir)/util/log.h \ $(srcdir)/testcode/unitmain.h $(srcdir)/validator/val_sigcrypt.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/validator/val_secalgo.h \ - $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h $(srcdir)/util/rbtree.h \ - $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/validator/val_secalgo.h $(srcdir)/validator/val_nsec.h $(srcdir)/validator/val_nsec3.h \ + $(srcdir)/util/rbtree.h $(srcdir)/validator/validator.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/rrdef.h $(srcdir)/validator/val_utils.h \ $(srcdir)/testcode/testpkts.h $(srcdir)/util/data/dname.h $(srcdir)/util/regional.h $(srcdir)/util/alloc.h \ $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/keyraw.h \ $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h @@ -1105,84 +1143,89 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod unitldns.lo unitldns.o: $(srcdir)/testcode/unitldns.c config.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h unitecs.lo unitecs.o: $(srcdir)/testcode/unitecs.c config.h $(srcdir)/util/log.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/edns-subnet/addrtree.h \ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/services/outbound_list.h $(srcdir)/util/alloc.h \ $(srcdir)/util/net_help.h $(srcdir)/util/storage/slabhash.h $(srcdir)/edns-subnet/edns-subnet.h unitauth.lo unitauth.o: $(srcdir)/testcode/unitauth.c config.h $(srcdir)/services/authzone.h \ - $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h \ - $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/dns.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/modstack.h \ + $(srcdir)/testcode/unitmain.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h cachedump.lo cachedump.o: $(srcdir)/daemon/cachedump.c config.h \ $(srcdir)/daemon/cachedump.h $(srcdir)/daemon/remote.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ - $(srcdir)/dnstap/dnstap.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/util/regional.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ + $(srcdir)/util/regional.h $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h $(srcdir)/iterator/iterator.h \ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/iterator/iter_utils.h \ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ + $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h remote.lo remote.o: $(srcdir)/daemon/remote.c config.h \ $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h \ - $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h $(srcdir)/validator/validator.h \ - $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h $(srcdir)/validator/val_kentry.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/iterator/iter_delegpt.h \ - $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/parseutil.h \ - $(srcdir)/sldns/wire2str.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rbtree.h $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/view.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h \ + $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h \ + $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h \ + $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/iterator/iter_delegpt.h $(srcdir)/services/outside_network.h $(srcdir)/sldns/str2wire.h \ + $(srcdir)/sldns/parseutil.h $(srcdir)/sldns/wire2str.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $(srcdir)/daemon/daemon.h \ - $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h \ + $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h \ @@ -1193,25 +1236,27 @@ unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h $ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \ + $(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \ $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/daemon/remote.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/keyraw.h $(srcdir)/daemon/unbound.c $(srcdir)/daemon/daemon.h \ $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h $(srcdir)/services/listen_dnsport.h \ @@ -1225,180 +1270,191 @@ testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h $(srcdir)/testcod worker.lo worker.o: $(srcdir)/daemon/worker.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/random.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/remote.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h \ + $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/regional.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/services/cache/infra.h \ - $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/mesh.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h \ - $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h $(srcdir)/validator/autotrust.h \ - $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h $(srcdir)/libunbound/context.h \ - $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h + $(srcdir)/util/rtt.h $(srcdir)/services/cache/dns.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \ + $(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/util/shm_side/shm_main.h acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \ $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h + $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/module.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h \ $(srcdir)/util/config_file.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/util/storage/lookup3.h \ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h $(srcdir)/util/random.h \ - $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/services/localzone.h \ + $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/util/random.h $(srcdir)/util/tube.h \ + $(srcdir)/util/net_help.h $(srcdir)/sldns/keyraw.h $(srcdir)/respip/respip.h stats.lo stats.o: $(srcdir)/daemon/stats.c config.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h \ $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \ - $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \ - $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/iterator/iterator.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/validator/val_kcache.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/alloc.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \ + $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/outside_network.h $(srcdir)/services/listen_dnsport.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/tube.h $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ $(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h \ - $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h \ - $(srcdir)/sldns/rrdef.h + $(srcdir)/testcode/checklocks.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/rbtree.h \ + $(srcdir)/testcode/fake_event.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h fake_event.lo fake_event.o: $(srcdir)/testcode/fake_event.c config.h $(srcdir)/testcode/fake_event.h \ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \ - $(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h \ - $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h \ - $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h \ - $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \ + $(srcdir)/util/config_file.h $(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \ + $(srcdir)/util/rbtree.h $(srcdir)/services/cache/infra.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h \ + $(srcdir)/services/modstack.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h + $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h pktview.lo pktview.o: $(srcdir)/testcode/pktview.c config.h $(srcdir)/util/log.h $(srcdir)/util/data/dname.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/parseutil.h + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/testcode/unitmain.h \ + $(srcdir)/testcode/readhex.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h readhex.lo readhex.o: $(srcdir)/testcode/readhex.c config.h $(srcdir)/testcode/readhex.h $(srcdir)/util/log.h \ $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parseutil.h memstats.lo memstats.o: $(srcdir)/testcode/memstats.c config.h $(srcdir)/util/log.h $(srcdir)/util/rbtree.h \ - $(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h \ - $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h + $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ + $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/smallapp/unbound-checkconf.c config.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h $(srcdir)/util/regional.h \ - $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h \ - $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h $(srcdir)/services/localzone.h \ - $(srcdir)/services/view.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h $(PYTHONMOD_HEADER) \ - $(srcdir)/edns-subnet/subnet-whitelist.h + $(srcdir)/testcode/checklocks.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/regional.h $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h \ + $(srcdir)/iterator/iter_fwd.h $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h \ + $(srcdir)/services/localzone.h $(srcdir)/services/view.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/modstack.h $(srcdir)/respip/respip.h $(srcdir)/sldns/sbuffer.h \ + $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h \ - $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/tube.h $(srcdir)/services/mesh.h context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \ - $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \ + $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ + $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \ $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \ - $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/libworker.h \ - $(srcdir)/util/config_file.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h $(srcdir)/util/ub_event.h \ - $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h \ - $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/services/cache/rrset.h \ - $(srcdir)/util/storage/slabhash.h $(srcdir)/sldns/sbuffer.h + $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ + $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/libunbound/libworker.h $(srcdir)/util/config_file.h $(srcdir)/util/module.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/regional.h $(srcdir)/util/random.h $(srcdir)/util/net_help.h $(srcdir)/util/tube.h \ + $(srcdir)/util/ub_event.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ + $(srcdir)/services/view.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h \ + $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h $(srcdir)/services/authzone.h \ + $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h libworker.lo libworker.o: $(srcdir)/libunbound/libworker.c config.h \ $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h \ - $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/services/outside_network.h \ - $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/services/mesh.h \ - $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \ - $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \ - $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ - $(srcdir)/services/outbound_list.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h \ - $(srcdir)/util/random.h $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ + $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/libunbound/context.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h \ + $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/dnscrypt/cert.h \ + $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h \ + $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \ + $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h $(srcdir)/services/authzone.h \ + $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h \ + $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h \ $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \ $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \ - $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/sldns/rrdef.h + $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ - $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgparse.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h $(srcdir)/sldns/sbuffer.h \ - $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/dname.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/wire2str.h \ -perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h +perf.lo perf.o: $(srcdir)/testcode/perf.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h \ + $(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/sbuffer.h \ + $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/str2wire.h delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h \ $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c config.h \ - $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h \ - $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h $(srcdir)/daemon/stats.h \ - $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h + $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/net_help.h $(srcdir)/util/shm_side/shm_main.h $(srcdir)/libunbound/unbound.h \ + $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/pkthdr.h unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c config.h $(srcdir)/libunbound/unbound.h \ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h \ petal.lo petal.o: $(srcdir)/testcode/petal.c config.h \ pythonmod_utils.lo pythonmod_utils.o: $(srcdir)/pythonmod/pythonmod_utils.c config.h $(srcdir)/util/module.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/data/msgreply.h \ - $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ + $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \ + $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ $(srcdir)/dnscrypt/cert.h $(srcdir)/util/net_help.h \ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \ $(srcdir)/util/regional.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/sldns/sbuffer.h \ win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h $(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \ - $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ - $(srcdir)/daemon/worker.h \ - $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h \ - $(srcdir)/util/storage/lruhash.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \ - $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h \ - $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h \ - $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \ + $(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \ + $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \ + $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \ + $(srcdir)/sldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \ + $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h $(srcdir)/dnscrypt/cert.h $(srcdir)/util/data/msgreply.h \ + $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/daemon/stats.h \ + $(srcdir)/util/timehist.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/module.h $(srcdir)/dnstap/dnstap.h \ + $(srcdir)/daemon/remote.h \ $(srcdir)/util/config_file.h $(srcdir)/util/ub_event.h w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h $(srcdir)/winrc/win_svc.h unbound-service-install.lo unbound-service-install.o: $(srcdir)/winrc/unbound-service-install.c config.h \ @@ -1421,7 +1477,8 @@ parseutil.lo parseutil.o: $(srcdir)/sldns/parseutil.c config.h $(srcdir)/sldns/p rrdef.lo rrdef.o: $(srcdir)/sldns/rrdef.c config.h $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/parseutil.h str2wire.lo str2wire.o: $(srcdir)/sldns/str2wire.c config.h $(srcdir)/sldns/str2wire.h $(srcdir)/sldns/rrdef.h \ $(srcdir)/sldns/wire2str.h $(srcdir)/sldns/sbuffer.h $(srcdir)/sldns/parse.h $(srcdir)/sldns/parseutil.h -ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h +ctime_r.lo ctime_r.o: $(srcdir)/compat/ctime_r.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \ + $(srcdir)/testcode/checklocks.h fake-rfc2553.lo fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c $(srcdir)/compat/fake-rfc2553.h config.h gmtime_r.lo gmtime_r.o: $(srcdir)/compat/gmtime_r.c config.h inet_aton.lo inet_aton.o: $(srcdir)/compat/inet_aton.c config.h diff --git a/cachedb/cachedb.c b/cachedb/cachedb.c index d07d76973fd2..80bdc380f3f6 100644 --- a/cachedb/cachedb.c +++ b/cachedb/cachedb.c @@ -568,14 +568,17 @@ cachedb_intcache_lookup(struct module_qstate* qstate) msg = dns_cache_lookup(qstate->env, qstate->qinfo.qname, qstate->qinfo.qname_len, qstate->qinfo.qtype, qstate->qinfo.qclass, qstate->query_flags, - qstate->region, qstate->env->scratch); + qstate->region, qstate->env->scratch, + 1 /* no partial messages with only a CNAME */ + ); if(!msg && qstate->env->neg_cache) { /* lookup in negative cache; may result in * NOERROR/NODATA or NXDOMAIN answers that need validation */ msg = val_neg_getmsg(qstate->env->neg_cache, &qstate->qinfo, qstate->region, qstate->env->rrset_cache, qstate->env->scratch_buffer, - *qstate->env->now, 1/*add SOA*/, NULL); + *qstate->env->now, 1/*add SOA*/, NULL, + qstate->env->cfg); } if(!msg) return 0; diff --git a/compat/arc4_lock.c b/compat/arc4_lock.c index 0c45ad01b042..a78f75232350 100644 --- a/compat/arc4_lock.c +++ b/compat/arc4_lock.c @@ -33,6 +33,9 @@ */ #include "config.h" #define LOCKRET(func) func +#ifdef ENABLE_LOCK_CHECKS +#undef ENABLE_LOCK_CHECKS +#endif #include "util/locks.h" void _ARC4_LOCK(void); @@ -46,6 +49,10 @@ void _ARC4_LOCK(void) void _ARC4_UNLOCK(void) { } + +void _ARC4_LOCK_DESTROY(void) +{ +} #else /* !THREADS_DISABLED */ static lock_quick_type arc4lock; @@ -64,4 +71,12 @@ void _ARC4_UNLOCK(void) { lock_quick_unlock(&arc4lock); } + +void _ARC4_LOCK_DESTROY(void) +{ + if(arc4lockinit) { + arc4lockinit = 0; + lock_quick_destroy(&arc4lock); + } +} #endif /* THREADS_DISABLED */ diff --git a/config.h.in b/config.h.in index 16a7b0281a1f..e7405603ddad 100644 --- a/config.h.in +++ b/config.h.in @@ -425,6 +425,12 @@ /* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL +/* Define to 1 if you have the `SSL_get0_peername' function. */ +#undef HAVE_SSL_GET0_PEERNAME + +/* Define to 1 if you have the `SSL_set1_host' function. */ +#undef HAVE_SSL_SET1_HOST + /* Define to 1 if you have the <stdarg.h> header file. */ #undef HAVE_STDARG_H @@ -646,6 +652,9 @@ /* define if (v)snprintf does not return length needed, (but length used) */ #undef SNPRINTF_RET_BROKEN +/* Define to 1 if libsodium supports sodium_set_misuse_handler */ +#undef SODIUM_MISUSE_HANDLER + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS @@ -1147,6 +1156,7 @@ uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); void _ARC4_LOCK(void); void _ARC4_UNLOCK(void); +void _ARC4_LOCK_DESTROY(void); #endif #ifndef HAVE_ARC4RANDOM_UNIFORM uint32_t arc4random_uniform(uint32_t upper_bound); diff --git a/configure b/configure index 96fb7eb19bab..8f830dc15ceb 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for unbound 1.6.8. +# Generated by GNU Autoconf 2.69 for unbound 1.7.0. # # Report bugs to <unbound-bugs@nlnetlabs.nl>. # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.6.8' -PACKAGE_STRING='unbound 1.6.8' +PACKAGE_VERSION='1.7.0' +PACKAGE_STRING='unbound 1.7.0' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl' PACKAGE_URL='' @@ -848,6 +848,7 @@ with_pthreads with_solaris_threads with_pyunbound with_pythonmodule +enable_swig_version_check with_nss with_nettle with_ssl @@ -1437,7 +1438,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.6.8 to adapt to many kinds of systems. +\`configure' configures unbound 1.7.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1502,7 +1503,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.6.8:";; + short | recursive ) echo "Configuration of unbound 1.7.0:";; esac cat <<\_ACEOF @@ -1532,6 +1533,9 @@ Optional Features: enable nonregional allocs, slow but exposes regional allocations to other memory purifiers, for debug purposes + --disable-swig-version-check + Disable swig version check to build python modules + with older swig even though that is unreliable --disable-sha1 Disable SHA1 RRSIG support, does not disable nsec3 support --disable-sha2 Disable SHA256 and SHA512 RRSIG support @@ -1714,7 +1718,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.6.8 +unbound configure 1.7.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2423,7 +2427,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.6.8, which was +It was created by unbound $as_me 1.7.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2773,13 +2777,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu UNBOUND_VERSION_MAJOR=1 -UNBOUND_VERSION_MINOR=6 +UNBOUND_VERSION_MINOR=7 -UNBOUND_VERSION_MICRO=8 +UNBOUND_VERSION_MICRO=0 LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=7 +LIBUNBOUND_REVISION=8 LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -2838,6 +2842,7 @@ LIBUNBOUND_AGE=5 # 1.6.6 had 7:5:5 # 1.6.7 had 7:6:5 # 1.6.8 had 7:7:5 +# 1.7.0 had 7:8:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -4429,6 +4434,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu # allow user to override the -g -O2 flags. +default_cflags=no if test "x$CFLAGS" = "x" ; then @@ -4492,6 +4498,7 @@ $as_echo "no" >&6; } fi +default_cflags=yes fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -5945,6 +5952,10 @@ $as_echo "#define UNBOUND_DEBUG /**/" >>confdefs.h # nothing to do. ;; esac +if test "$default_cflags" = "yes"; then + # only when CFLAGS was "" at the start, if the users wants to + # override we shouldn't add default cflags, because they wouldn't + # be able to turn off these options and set the CFLAGS wanted. # Check whether --enable-flto was given. if test "${enable_flto+set}" = set; then : @@ -6079,6 +6090,7 @@ rm -f core conftest.err conftest.$ac_objext \ fi +fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } @@ -16915,6 +16927,12 @@ $as_echo "#define HAVE_PYTHON 1" >>confdefs.h # Check for SWIG ub_have_swig=no + # Check whether --enable-swig-version-check was given. +if test "${enable_swig_version_check+set}" = set; then : + enableval=$enable_swig_version_check; +fi + + if test "$enable_swig_version_check" = "yes"; then # Extract the first word of "swig", so it can be a program name with args. set dummy swig; ac_word=$2 @@ -17031,6 +17049,124 @@ $as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;} fi + else + + # Extract the first word of "swig", so it can be a program name with args. +set dummy swig; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SWIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SWIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +SWIG=$ac_cv_path_SWIG +if test -n "$SWIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5 +$as_echo "$SWIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test -z "$SWIG" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&5 +$as_echo "$as_me: WARNING: cannot find 'swig' program. You should look at http://www.swig.org" >&2;} + SWIG='echo "Error: SWIG is not installed. You should look at http://www.swig.org" ; false' + elif test -n "" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SWIG version" >&5 +$as_echo_n "checking for SWIG version... " >&6; } + swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $swig_version" >&5 +$as_echo "$swig_version" >&6; } + if test -n "$swig_version" ; then + # Calculate the required version number components + required= + required_major=`echo $required | sed 's/[^0-9].*//'` + if test -z "$required_major" ; then + required_major=0 + fi + required=`echo $required | sed 's/[0-9]*[^0-9]//'` + required_minor=`echo $required | sed 's/[^0-9].*//'` + if test -z "$required_minor" ; then + required_minor=0 + fi + required=`echo $required | sed 's/[0-9]*[^0-9]//'` + required_patch=`echo $required | sed 's/[^0-9].*//'` + if test -z "$required_patch" ; then + required_patch=0 + fi + # Calculate the available version number components + available=$swig_version + available_major=`echo $available | sed 's/[^0-9].*//'` + if test -z "$available_major" ; then + available_major=0 + fi + available=`echo $available | sed 's/[0-9]*[^0-9]//'` + available_minor=`echo $available | sed 's/[^0-9].*//'` + if test -z "$available_minor" ; then + available_minor=0 + fi + available=`echo $available | sed 's/[0-9]*[^0-9]//'` + available_patch=`echo $available | sed 's/[^0-9].*//'` + if test -z "$available_patch" ; then + available_patch=0 + fi + badversion=0 + if test $available_major -lt $required_major ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -lt $required_minor ; then + badversion=1 + fi + if test $available_major -eq $required_major \ + -a $available_minor -eq $required_minor \ + -a $available_patch -lt $required_patch ; then + badversion=1 + fi + if test $badversion -eq 1 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&5 +$as_echo "$as_me: WARNING: SWIG version >= is required. You have $swig_version. You should look at http://www.swig.org" >&2;} + SWIG='echo "Error: SWIG version >= is required. You have '"$swig_version"'. You should look at http://www.swig.org" ; false' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG executable is '$SWIG'" >&5 +$as_echo "$as_me: SWIG executable is '$SWIG'" >&6;} + SWIG_LIB=`$SWIG -swiglib` + { $as_echo "$as_me:${as_lineno-$LINENO}: SWIG library directory is '$SWIG_LIB'" >&5 +$as_echo "$as_me: SWIG library directory is '$SWIG_LIB'" >&6;} + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cannot determine SWIG version" >&5 +$as_echo "$as_me: WARNING: cannot determine SWIG version" >&2;} + SWIG='echo "Error: Cannot determine SWIG version. You should look at http://www.swig.org" ; false' + fi + fi + + + fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking SWIG" >&5 $as_echo_n "checking SWIG... " >&6; } if test ! -x "$SWIG"; then @@ -17651,7 +17787,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -18070,6 +18206,28 @@ case "$enable_dsa" in ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" if test "x$ac_cv_func_DSA_SIG_new" = xyes; then : + as_ac_Type=`$as_echo "ac_cv_type_DSA_SIG*" | $as_tr_sh` +ac_fn_c_check_type "$LINENO" "DSA_SIG*" "$as_ac_Type" " +$ac_includes_default +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif + +" +if eval test \"x\$"$as_ac_Type"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF #define USE_DSA 1 @@ -18081,6 +18239,12 @@ else fi fi + +else + if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5 + fi +fi + else cat >>confdefs.h <<_ACEOF @@ -20488,6 +20652,66 @@ else fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sodium_set_misuse_handler" >&5 +$as_echo_n "checking for library containing sodium_set_misuse_handler... " >&6; } +if ${ac_cv_search_sodium_set_misuse_handler+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sodium_set_misuse_handler (); +int +main () +{ +return sodium_set_misuse_handler (); + ; + return 0; +} +_ACEOF +for ac_lib in '' sodium; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_sodium_set_misuse_handler=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_sodium_set_misuse_handler+:} false; then : + break +fi +done +if ${ac_cv_search_sodium_set_misuse_handler+:} false; then : + +else + ac_cv_search_sodium_set_misuse_handler=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sodium_set_misuse_handler" >&5 +$as_echo "$ac_cv_search_sodium_set_misuse_handler" >&6; } +ac_res=$ac_cv_search_sodium_set_misuse_handler +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + +$as_echo "#define SODIUM_MISUSE_HANDLER 1" >>confdefs.h + + +fi + $as_echo "#define USE_DNSCRYPT 1" >>confdefs.h @@ -20601,6 +20825,15 @@ if test "${with_libunbound_only+set}" = set; then : fi +if test $ALLTARGET = "alltargets"; then + if test $USE_NSS = "yes"; then + as_fn_error $? "--with-nss can only be used in combination with --with-libunbound-only." "$LINENO" 5 + fi + if test $USE_NETTLE = "yes"; then + as_fn_error $? "--with-nettle can only be used in combination with --with-libunbound-only." "$LINENO" 5 + fi +fi + @@ -20695,7 +20928,7 @@ _ACEOF -version=1.6.8 +version=1.7.0 date=`date +'%b %e, %Y'` @@ -21214,7 +21447,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.6.8, which was +This file was extended by unbound $as_me 1.7.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -21280,7 +21513,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -unbound config.status 1.6.8 +unbound config.status 1.7.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 5c2059ed793f..5417160fb66d 100644 --- a/configure.ac +++ b/configure.ac @@ -10,15 +10,15 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[8]) +m4_define([VERSION_MINOR],[7]) +m4_define([VERSION_MICRO],[0]) AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=7 -LIBUNBOUND_REVISION=7 +LIBUNBOUND_REVISION=8 LIBUNBOUND_AGE=5 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -77,6 +77,7 @@ LIBUNBOUND_AGE=5 # 1.6.6 had 7:5:5 # 1.6.7 had 7:6:5 # 1.6.8 had 7:7:5 +# 1.7.0 had 7:8:5 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -246,9 +247,11 @@ AC_DEFINE_UNQUOTED(RSRC_PACKAGE_VERSION, [$wnvs], [version number for resource f AC_C_CONST AC_LANG_C # allow user to override the -g -O2 flags. +default_cflags=no if test "x$CFLAGS" = "x" ; then ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="$CFLAGS -g"]) ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="$CFLAGS -O2"]) +default_cflags=yes fi AC_PROG_CC ACX_DEPFLAG @@ -272,9 +275,14 @@ case "$debug_enabled" in # nothing to do. ;; esac -ACX_CHECK_FLTO -ACX_CHECK_PIE -ACX_CHECK_RELRO_NOW +if test "$default_cflags" = "yes"; then + # only when CFLAGS was "" at the start, if the users wants to + # override we shouldn't add default cflags, because they wouldn't + # be able to turn off these options and set the CFLAGS wanted. + ACX_CHECK_FLTO + ACX_CHECK_PIE + ACX_CHECK_RELRO_NOW +fi AC_C_INLINE ACX_CHECK_FORMAT_ATTRIBUTE @@ -579,7 +587,12 @@ if test x_$ub_test_python != x_no; then # Check for SWIG ub_have_swig=no - AC_PROG_SWIG(2.0.1) + AC_ARG_ENABLE(swig-version-check, AC_HELP_STRING([--disable-swig-version-check], [Disable swig version check to build python modules with older swig even though that is unreliable])) + if test "$enable_swig_version_check" = "yes"; then + AC_PROG_SWIG(2.0.1) + else + AC_PROG_SWIG + fi AC_MSG_CHECKING(SWIG) if test ! -x "$SWIG"; then AC_ERROR([failed to find swig tool, install it, or do not build Python module and PyUnbound]) @@ -711,7 +724,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ @@ -927,8 +940,28 @@ case "$enable_dsa" in # detect if DSA is supported, and turn it off if not. if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then AC_CHECK_FUNC(DSA_SIG_new, [ + AC_CHECK_TYPE(DSA_SIG*, [ AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) + fi ], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_OPENSSL_ERR_H +#include <openssl/err.h> +#endif + +#ifdef HAVE_OPENSSL_RAND_H +#include <openssl/rand.h> +#endif + +#ifdef HAVE_OPENSSL_CONF_H +#include <openssl/conf.h> +#endif + +#ifdef HAVE_OPENSSL_ENGINE_H +#include <openssl/engine.h> +#endif + ]) + ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) fi ]) else AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) @@ -1471,6 +1504,15 @@ AC_ARG_WITH(libunbound-only, AC_HELP_STRING([--with-libunbound-only], INSTALLTARGET="install-lib" fi ]) +if test $ALLTARGET = "alltargets"; then + if test $USE_NSS = "yes"; then + AC_ERROR([--with-nss can only be used in combination with --with-libunbound-only.]) + fi + if test $USE_NETTLE = "yes"; then + AC_ERROR([--with-nettle can only be used in combination with --with-libunbound-only.]) + fi +fi + AC_SUBST(ALLTARGET) AC_SUBST(INSTALLTARGET) @@ -1644,6 +1686,7 @@ uint32_t arc4random(void); void arc4random_buf(void* buf, size_t n); void _ARC4_LOCK(void); void _ARC4_UNLOCK(void); +void _ARC4_LOCK_DESTROY(void); #endif #ifndef HAVE_ARC4RANDOM_UNIFORM uint32_t arc4random_uniform(uint32_t upper_bound); diff --git a/contrib/README b/contrib/README index 8aa5fb4eb064..2a59e0330f0d 100644 --- a/contrib/README +++ b/contrib/README @@ -34,3 +34,4 @@ distribution but may be helpful. * redirect-bogus.patch: Return configured address for bogus A and AAAA answers, instead of SERVFAIL. Contributed by SIDN. * fastrpz.patch: fastrpz support from Farsight Security. +* libunbound.so.conf: ltrace.conf file, see ltrace.conf(5), for libunbound. diff --git a/contrib/fastrpz.patch b/contrib/fastrpz.patch index 362e07cc6a8d..6e78bf1b7cf3 100644 --- a/contrib/fastrpz.patch +++ b/contrib/fastrpz.patch @@ -1,10 +1,15 @@ +Description: based on the included patch contrib/fastrpz.patch +Author: fastrpz@farsightsecurity.com +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ =================================================================== RCS file: ./RCS/Makefile.in,v retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./Makefile.in ---- ./Makefile.in -+++ ./Makefile.in -@@ -23,6 +23,8 @@ +Index: unbound-1.7.0~rc1/Makefile.in +=================================================================== +--- unbound-1.7.0~rc1.orig/Makefile.in ++++ unbound-1.7.0~rc1/Makefile.in +@@ -23,6 +23,8 @@ CHECKLOCK_SRC=testcode/checklocks.c CHECKLOCK_OBJ=@CHECKLOCK_OBJ@ DNSTAP_SRC=@DNSTAP_SRC@ DNSTAP_OBJ=@DNSTAP_OBJ@ @@ -13,7 +18,7 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in DNSCRYPT_SRC=@DNSCRYPT_SRC@ DNSCRYPT_OBJ=@DNSCRYPT_OBJ@ WITH_PYTHONMODULE=@WITH_PYTHONMODULE@ -@@ -125,7 +127,7 @@ +@@ -125,7 +127,7 @@ validator/val_sigcrypt.c validator/val_u edns-subnet/edns-subnet.c edns-subnet/subnetmod.c \ edns-subnet/addrtree.c edns-subnet/subnet-whitelist.c \ cachedb/cachedb.c respip/respip.c $(CHECKLOCK_SRC) \ @@ -22,16 +27,16 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \ as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \ iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \ -@@ -137,7 +139,7 @@ +@@ -137,7 +139,7 @@ slabhash.lo timehist.lo tube.lo winsock_ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ - val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo \ + val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo cachedb.lo authzone.lo\ $(SUBNET_OBJ) $(PYTHONMOD_OBJ) $(CHECKLOCK_OBJ) $(DNSTAP_OBJ) $(DNSCRYPT_OBJ) \ --$(IPSECMOD_OBJ) -+$(FASTRPZ_OBJ) $(DNSCRYPT_OBJ) - COMMON_OBJ_WITHOUT_NETCALL+=respip.lo +-$(IPSECMOD_OBJ) respip.lo ++$(FASTRPZ_OBJ) $(IPSECMOD_OBJ) respip.lo COMMON_OBJ_WITHOUT_UB_EVENT=$(COMMON_OBJ_WITHOUT_NETCALL) netevent.lo listen_dnsport.lo \ outside_network.lo -@@ -398,6 +401,11 @@ + COMMON_OBJ=$(COMMON_OBJ_WITHOUT_UB_EVENT) ub_event.lo +@@ -400,6 +402,11 @@ dnscrypt.lo dnscrypt.o: $(srcdir)/dnscry $(srcdir)/util/config_file.h $(srcdir)/util/log.h \ $(srcdir)/util/netevent.h @@ -43,13 +48,11 @@ diff -u --unidirectional-new-file -r1.1 ./Makefile.in # Python Module pythonmod.lo pythonmod.o: $(srcdir)/pythonmod/pythonmod.c config.h \ pythonmod/interface.h \ +Index: unbound-1.7.0~rc1/config.h.in =================================================================== -RCS file: ./RCS/config.h.in,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./config.h.in ---- ./config.h.in -+++ ./config.h.in -@@ -1199,4 +1199,11 @@ +--- unbound-1.7.0~rc1.orig/config.h.in ++++ unbound-1.7.0~rc1/config.h.in +@@ -1228,4 +1228,11 @@ void *unbound_stat_realloc_log(void *ptr /** the version of unbound-control that this software implements */ #define UNBOUND_CONTROL_VERSION 1 @@ -62,13 +65,11 @@ diff -u --unidirectional-new-file -r1.1 ./config.h.in +#undef FASTRPZ_LIB_OPEN +/** turn on fastrpz response policy zones */ +#undef ENABLE_FASTRPZ +Index: unbound-1.7.0~rc1/configure.ac =================================================================== -RCS file: ./RCS/configure.ac,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./configure.ac ---- ./configure.ac -+++ ./configure.ac -@@ -6,6 +6,7 @@ +--- unbound-1.7.0~rc1.orig/configure.ac ++++ unbound-1.7.0~rc1/configure.ac +@@ -6,6 +6,7 @@ sinclude(ax_pthread.m4) sinclude(acx_python.m4) sinclude(ac_pkg_swig.m4) sinclude(dnstap/dnstap.m4) @@ -76,8 +77,8 @@ diff -u --unidirectional-new-file -r1.1 ./configure.ac sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing -@@ -1352,6 +1353,9 @@ - ;; +@@ -1453,6 +1454,9 @@ case "$enable_ipsecmod" in + ;; esac +# check for Fastrpz with fastrpz/rpz.m4 @@ -86,13 +87,11 @@ diff -u --unidirectional-new-file -r1.1 ./configure.ac AC_MSG_CHECKING([if ${MAKE:-make} supports $< with implicit rule in scope]) # on openBSD, the implicit rule make $< work. # on Solaris, it does not work ($? is changed sources, $^ lists dependencies). +Index: unbound-1.7.0~rc1/daemon/daemon.c =================================================================== -RCS file: ./daemon/RCS/daemon.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c ---- ./daemon/daemon.c -+++ ./daemon/daemon.c -@@ -89,6 +89,9 @@ +--- unbound-1.7.0~rc1.orig/daemon/daemon.c ++++ unbound-1.7.0~rc1/daemon/daemon.c +@@ -90,6 +90,9 @@ #include "sldns/keyraw.h" #include "respip/respip.h" #include <signal.h> @@ -102,7 +101,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c #ifdef HAVE_SYSTEMD #include <systemd/sd-daemon.h> -@@ -451,6 +454,14 @@ +@@ -461,6 +464,14 @@ daemon_create_workers(struct daemon* dae fatal_exit("dnstap enabled in config but not built with dnstap support"); #endif } @@ -117,9 +116,9 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c for(i=0; i<daemon->num; i++) { if(!(daemon->workers[i] = worker_create(daemon, i, shufport+numport*i/daemon->num, -@@ -691,6 +702,9 @@ - #ifdef USE_DNSTAP - dt_delete(daemon->dtenv); +@@ -710,6 +721,9 @@ daemon_cleanup(struct daemon* daemon) + #ifdef USE_DNSCRYPT + dnsc_delete(daemon->dnscenv); #endif +#ifdef ENABLE_FASTRPZ + rpz_delete(&daemon->rpz_clist, &daemon->rpz_client); @@ -127,13 +126,11 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.c daemon->cfg = NULL; } +Index: unbound-1.7.0~rc1/daemon/daemon.h =================================================================== -RCS file: ./daemon/RCS/daemon.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h ---- ./daemon/daemon.h -+++ ./daemon/daemon.h -@@ -134,6 +134,11 @@ +--- unbound-1.7.0~rc1.orig/daemon/daemon.h ++++ unbound-1.7.0~rc1/daemon/daemon.h +@@ -134,6 +134,11 @@ struct daemon { /** the dnscrypt environment */ struct dnsc_env* dnscenv; #endif @@ -145,13 +142,11 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/daemon.h }; /** +Index: unbound-1.7.0~rc1/daemon/worker.c =================================================================== -RCS file: ./daemon/RCS/worker.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c ---- ./daemon/worker.c -+++ ./daemon/worker.c -@@ -73,6 +73,9 @@ +--- unbound-1.7.0~rc1.orig/daemon/worker.c ++++ unbound-1.7.0~rc1/daemon/worker.c +@@ -74,6 +74,9 @@ #include "libunbound/context.h" #include "libunbound/libworker.h" #include "sldns/sbuffer.h" @@ -161,7 +156,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c #include "sldns/wire2str.h" #include "util/shm_side/shm_main.h" #include "dnscrypt/dnscrypt.h" -@@ -526,8 +529,27 @@ +@@ -527,8 +530,27 @@ answer_norec_from_cache(struct worker* w /* not secure */ secure = 0; break; @@ -189,7 +184,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c /* return this delegation from the cache */ edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; -@@ -688,6 +710,23 @@ +@@ -689,6 +711,23 @@ answer_from_cache(struct worker* worker, secure = 0; } } else secure = 0; @@ -213,7 +208,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c edns->edns_version = EDNS_ADVERTISED_VERSION; edns->udp_size = EDNS_ADVERTISED_SIZE; -@@ -1267,6 +1306,15 @@ +@@ -1291,6 +1330,15 @@ worker_handle_request(struct comm_point* log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", &repinfo->addr, repinfo->addrlen); goto send_reply; @@ -229,16 +224,16 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c } /* If we've found a local alias, replace the qname with the alias -@@ -1315,12 +1363,21 @@ +@@ -1339,12 +1387,21 @@ lookup_cache: h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ -- if(answer_from_cache(worker, &qinfo, -+ ret = answer_from_cache(worker, &qinfo, +- if(answer_from_cache(worker, &qinfo, ++ ret = answer_from_cache(worker, &qinfo, cinfo, &need_drop, &alias_rrset, &partial_rep, - (struct reply_info*)e->data, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, + (struct reply_info*)e->data, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, - &edns)) { + &edns); +#ifdef ENABLE_FASTRPZ @@ -253,7 +248,7 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass * its qname must be that used for cache -@@ -1371,11 +1428,19 @@ +@@ -1398,11 +1455,19 @@ lookup_cache: lock_rw_unlock(&e->lock); } if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) { @@ -275,13 +270,11 @@ diff -u --unidirectional-new-file -r1.1 ./daemon/worker.c goto send_reply; } verbose(VERB_ALGO, "answer norec from cache -- " +Index: unbound-1.7.0~rc1/doc/unbound.conf.5.in =================================================================== -RCS file: ./doc/RCS/unbound.conf.5.in,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in ---- ./doc/unbound.conf.5.in -+++ ./doc/unbound.conf.5.in -@@ -1446,6 +1446,81 @@ +--- unbound-1.7.0~rc1.orig/doc/unbound.conf.5.in ++++ unbound-1.7.0~rc1/doc/unbound.conf.5.in +@@ -1581,6 +1581,81 @@ It must be /96 or shorter. The default .B dns64\-synthall: \fI<yes or no>\fR Debug option, default no. If enabled, synthesize all AAAA records despite the presence of actual AAAA records. @@ -363,12 +356,10 @@ diff -u --unidirectional-new-file -r1.1 ./doc/unbound.conf.5.in .SS "DNSCrypt Options" .LP The +Index: unbound-1.7.0~rc1/fastrpz/librpz.h =================================================================== -RCS file: ./fastrpz/RCS/librpz.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h ---- ./fastrpz/librpz.h -+++ ./fastrpz/librpz.h +--- /dev/null ++++ unbound-1.7.0~rc1/fastrpz/librpz.h @@ -0,0 +1,957 @@ +/* + * Define the interface from a DNS resolver to the Response Policy Zone @@ -1327,12 +1318,10 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/librpz.h +#endif /* LIBRPZ_LIB_OPEN */ + +#endif /* LIBRPZ_H */ +Index: unbound-1.7.0~rc1/fastrpz/rpz.c =================================================================== -RCS file: ./fastrpz/RCS/rpz.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c ---- ./fastrpz/rpz.c -+++ ./fastrpz/rpz.c +--- /dev/null ++++ unbound-1.7.0~rc1/fastrpz/rpz.c @@ -0,0 +1,1357 @@ +/* + * fastrpz/rpz.c - interface to the fastrpz response policy zone library @@ -2691,12 +2680,10 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.c +} + +#endif /* ENABLE_FASTRPZ */ +Index: unbound-1.7.0~rc1/fastrpz/rpz.h =================================================================== -RCS file: ./fastrpz/RCS/rpz.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h ---- ./fastrpz/rpz.h -+++ ./fastrpz/rpz.h +--- /dev/null ++++ unbound-1.7.0~rc1/fastrpz/rpz.h @@ -0,0 +1,138 @@ +/* + * fastrpz/rpz.h - interface to the fastrpz response policy zone library @@ -2836,12 +2823,10 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.h + +#endif /* ENABLE_FASTRPZ */ +#endif /* UNBOUND_FASTRPZ_RPZ_H */ +Index: unbound-1.7.0~rc1/fastrpz/rpz.m4 =================================================================== -RCS file: ./fastrpz/RCS/rpz.m4,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4 ---- ./fastrpz/rpz.m4 -+++ ./fastrpz/rpz.m4 +--- /dev/null ++++ unbound-1.7.0~rc1/fastrpz/rpz.m4 @@ -0,0 +1,64 @@ +# fastrpz/rpz.m4 + @@ -2907,13 +2892,11 @@ diff -u --unidirectional-new-file -r1.1 ./fastrpz/rpz.m4 + AC_MSG_WARN([[dlopen and librpz.so needed for fastrpz]]) + fi +]) +Index: unbound-1.7.0~rc1/iterator/iterator.c =================================================================== -RCS file: ./iterator/RCS/iterator.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c ---- ./iterator/iterator.c -+++ ./iterator/iterator.c -@@ -67,6 +67,9 @@ +--- unbound-1.7.0~rc1.orig/iterator/iterator.c ++++ unbound-1.7.0~rc1/iterator/iterator.c +@@ -68,6 +68,9 @@ #include "sldns/str2wire.h" #include "sldns/parseutil.h" #include "sldns/sbuffer.h" @@ -2923,7 +2906,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c int iter_init(struct module_env* env, int id) -@@ -487,6 +490,23 @@ +@@ -511,6 +514,23 @@ handle_cname_response(struct module_qsta if(ntohs(r->rk.type) == LDNS_RR_TYPE_CNAME && query_dname_compare(*mname, r->rk.dname) == 0 && !iter_find_rrset_in_prepend_answer(iq, r)) { @@ -2947,7 +2930,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c /* Add this relevant CNAME rrset to the prepend list.*/ if(!iter_add_prepend_answer(qstate, iq, r)) return 0; -@@ -495,6 +515,9 @@ +@@ -519,6 +539,9 @@ handle_cname_response(struct module_qsta /* Other rrsets in the section are ignored. */ } @@ -2957,7 +2940,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c /* add authority rrsets to authority prepend, for wildcarded CNAMEs */ for(i=msg->rep->an_numrrsets; i<msg->rep->an_numrrsets + msg->rep->ns_numrrsets; i++) { -@@ -996,6 +1019,7 @@ +@@ -1148,6 +1171,7 @@ processInitRequest(struct module_qstate* uint8_t* delname; size_t delnamelen; struct dns_msg* msg = NULL; @@ -2965,7 +2948,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c log_query_info(VERB_DETAIL, "resolving", &qstate->qinfo); /* check effort */ -@@ -1056,8 +1080,7 @@ +@@ -1223,8 +1247,7 @@ processInitRequest(struct module_qstate* } if(msg) { /* handle positive cache response */ @@ -2975,7 +2958,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c if(verbosity >= VERB_ALGO) { log_dns_msg("msg from cache lookup", &msg->qinfo, msg->rep); -@@ -1065,7 +1088,22 @@ +@@ -1232,7 +1255,22 @@ processInitRequest(struct module_qstate* (int)msg->rep->ttl, (int)msg->rep->prefetch_ttl); } @@ -2998,7 +2981,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c if(type == RESPONSE_TYPE_CNAME) { uint8_t* sname = 0; size_t slen = 0; -@@ -2321,6 +2359,62 @@ +@@ -2552,6 +2590,62 @@ processQueryResponse(struct module_qstat sock_list_insert(&qstate->reply_origin, &qstate->reply->addr, qstate->reply->addrlen, qstate->region); @@ -3061,7 +3044,7 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c if(iq->minimisation_state != DONOT_MINIMISE_STATE) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != LDNS_RCODE_NOERROR) { -@@ -3022,12 +3116,44 @@ +@@ -3273,12 +3367,44 @@ processFinished(struct module_qstate* qs * but only if we did recursion. The nonrecursion referral * from cache does not need to be stored in the msg cache. */ if(!qstate->no_cache_store && qstate->query_flags&BIT_RD) { @@ -3106,13 +3089,11 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.c qstate->return_rcode = LDNS_RCODE_NOERROR; qstate->return_msg = iq->response; return 0; +Index: unbound-1.7.0~rc1/iterator/iterator.h =================================================================== -RCS file: ./iterator/RCS/iterator.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h ---- ./iterator/iterator.h -+++ ./iterator/iterator.h -@@ -381,6 +381,16 @@ +--- unbound-1.7.0~rc1.orig/iterator/iterator.h ++++ unbound-1.7.0~rc1/iterator/iterator.h +@@ -383,6 +383,16 @@ struct iter_qstate { */ int minimise_count; @@ -3129,17 +3110,15 @@ diff -u --unidirectional-new-file -r1.1 ./iterator/iterator.h /** * Count number of time-outs. Used to prevent resolving failures when * the QNAME minimisation QTYPE is blocked. */ +Index: unbound-1.7.0~rc1/services/cache/dns.c =================================================================== -RCS file: ./services/cache/RCS/dns.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c ---- ./services/cache/dns.c -+++ ./services/cache/dns.c -@@ -838,6 +838,14 @@ - struct regional* region, uint16_t flags) +--- unbound-1.7.0~rc1.orig/services/cache/dns.c ++++ unbound-1.7.0~rc1/services/cache/dns.c +@@ -876,6 +876,14 @@ dns_cache_store(struct module_env* env, + struct regional* region, uint32_t flags) { struct reply_info* rep = NULL; -+ ++ +#ifdef ENABLE_FASTRPZ + /* Never save RPZ rewritten data. */ + if (msgrep->security == sec_status_rpz_drop || @@ -3150,12 +3129,10 @@ diff -u --unidirectional-new-file -r1.1 ./services/cache/dns.c /* alloc, malloc properly (not in region, like msg is) */ rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) +Index: unbound-1.7.0~rc1/services/mesh.c =================================================================== -RCS file: ./services/RCS/mesh.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./services/mesh.c ---- ./services/mesh.c -+++ ./services/mesh.c +--- unbound-1.7.0~rc1.orig/services/mesh.c ++++ unbound-1.7.0~rc1/services/mesh.c @@ -59,6 +59,9 @@ #include "sldns/wire2str.h" #include "services/localzone.h" @@ -3166,7 +3143,7 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c #include "respip/respip.h" /** subtract timers and the values do not overflow or become negative */ -@@ -1011,6 +1014,13 @@ +@@ -1050,6 +1053,13 @@ mesh_send_reply(struct mesh_state* m, in else secure = 0; if(!rep && rcode == LDNS_RCODE_NOERROR) rcode = LDNS_RCODE_SERVFAIL; @@ -3180,7 +3157,7 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c /* send the reply */ /* We don't reuse the encoded answer if either the previous or current * response has a local alias. We could compare the alias records -@@ -1160,6 +1170,7 @@ +@@ -1199,6 +1209,7 @@ struct mesh_state* mesh_area_find(struct key.s.is_valrec = valrec; key.s.qinfo = *qinfo; key.s.query_flags = qflags; @@ -3188,7 +3165,7 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c /* We are searching for a similar mesh state when we DO want to * aggregate the state. Thus unique is set to NULL. (default when we * desire aggregation).*/ -@@ -1206,6 +1217,10 @@ +@@ -1245,6 +1256,10 @@ int mesh_state_add_reply(struct mesh_sta if(!r) return 0; r->query_reply = *rep; @@ -3199,13 +3176,11 @@ diff -u --unidirectional-new-file -r1.1 ./services/mesh.c r->edns = *edns; if(edns->opt_list) { r->edns.opt_list = edns_opt_copy_region(edns->opt_list, +Index: unbound-1.7.0~rc1/util/config_file.c =================================================================== -RCS file: ./util/RCS/config_file.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/config_file.c ---- ./util/config_file.c -+++ ./util/config_file.c -@@ -1167,6 +1167,8 @@ +--- unbound-1.7.0~rc1.orig/util/config_file.c ++++ unbound-1.7.0~rc1/util/config_file.c +@@ -1323,6 +1323,8 @@ config_delete(struct config_file* cfg) free(cfg->dnstap_socket_path); free(cfg->dnstap_identity); free(cfg->dnstap_version); @@ -3213,14 +3188,12 @@ diff -u --unidirectional-new-file -r1.1 ./util/config_file.c + free(cfg->rpz_cstr); config_deldblstrlist(cfg->ratelimit_for_domain); config_deldblstrlist(cfg->ratelimit_below_domain); - free(cfg); + #ifdef USE_IPSECMOD +Index: unbound-1.7.0~rc1/util/config_file.h =================================================================== -RCS file: ./util/RCS/config_file.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/config_file.h ---- ./util/config_file.h -+++ ./util/config_file.h -@@ -416,6 +416,11 @@ +--- unbound-1.7.0~rc1.orig/util/config_file.h ++++ unbound-1.7.0~rc1/util/config_file.h +@@ -431,6 +431,11 @@ struct config_file { /** true to disable DNSSEC lameness check in iterator */ int disable_dnssec_lame_check; @@ -3232,13 +3205,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/config_file.h /** ratelimit for ip addresses. 0 is off, otherwise qps (unless overridden) */ int ip_ratelimit; /** number of slabs for ip_ratelimit cache */ +Index: unbound-1.7.0~rc1/util/configlexer.lex =================================================================== -RCS file: ./util/RCS/configlexer.lex,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex ---- ./util/configlexer.lex -+++ ./util/configlexer.lex -@@ -395,6 +395,10 @@ +--- unbound-1.7.0~rc1.orig/util/configlexer.lex ++++ unbound-1.7.0~rc1/util/configlexer.lex +@@ -412,6 +412,10 @@ dnstap-log-forwarder-query-messages{COLO YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } dnstap-log-forwarder-response-messages{COLON} { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } @@ -3249,13 +3220,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/configlexer.lex disable-dnssec-lame-check{COLON} { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } ip-ratelimit{COLON} { YDVAR(1, VAR_IP_RATELIMIT) } ratelimit{COLON} { YDVAR(1, VAR_RATELIMIT) } +Index: unbound-1.7.0~rc1/util/configparser.y =================================================================== -RCS file: ./util/RCS/configparser.y,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/configparser.y ---- ./util/configparser.y -+++ ./util/configparser.y -@@ -124,6 +124,7 @@ +--- unbound-1.7.0~rc1.orig/util/configparser.y ++++ unbound-1.7.0~rc1/util/configparser.y +@@ -124,6 +124,7 @@ extern struct config_parser_state* cfg_p %token VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES %token VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES @@ -3263,16 +3232,16 @@ diff -u --unidirectional-new-file -r1.1 ./util/configparser.y %token VAR_RESPONSE_IP_TAG VAR_RESPONSE_IP VAR_RESPONSE_IP_DATA %token VAR_HARDEN_ALGO_DOWNGRADE VAR_IP_TRANSPARENT %token VAR_DISABLE_DNSSEC_LAME_CHECK -@@ -153,7 +154,7 @@ - toplevelvar: serverstart contents_server | stubstart contents_stub | +@@ -158,7 +159,7 @@ extern struct config_parser_state* cfg_p + + %% + toplevelvars: /* empty */ | toplevelvars toplevelvar ; +-toplevelvar: serverstart contents_server | stubstart contents_stub | ++toplevelvar: serverstart contents_server | stubstart contents_stub | rpzstart contents_rpz | forwardstart contents_forward | pythonstart contents_py | - rcstart contents_rc | dtstart contents_dt | viewstart -- contents_view | -+ contents_view | rpzstart contents_rpz | - dnscstart contents_dnsc | - cachedbstart contents_cachedb - ; -@@ -2160,6 +2161,50 @@ + rcstart contents_rc | dtstart contents_dt | viewstart contents_view | + dnscstart contents_dnsc | cachedbstart contents_cachedb | +@@ -2384,6 +2385,50 @@ dt_dnstap_log_forwarder_response_message (strcmp($2, "yes")==0); } ; @@ -3323,13 +3292,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/configparser.y pythonstart: VAR_PYTHON { OUTYY(("\nP(python:)\n")); +Index: unbound-1.7.0~rc1/util/data/msgencode.c =================================================================== -RCS file: ./util/data/RCS/msgencode.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c ---- ./util/data/msgencode.c -+++ ./util/data/msgencode.c -@@ -585,6 +585,35 @@ +--- unbound-1.7.0~rc1.orig/util/data/msgencode.c ++++ unbound-1.7.0~rc1/util/data/msgencode.c +@@ -585,6 +585,35 @@ insert_section(struct reply_info* rep, s return RETVAL_OK; } @@ -3365,7 +3332,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c /** store query section in wireformat buffer, return RETVAL */ static int insert_query(struct query_info* qinfo, struct compress_tree_node** tree, -@@ -748,6 +777,19 @@ +@@ -750,6 +779,19 @@ reply_info_encode(struct query_info* qin return 0; } sldns_buffer_write_u16_at(buffer, 10, arcount); @@ -3385,13 +3352,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/msgencode.c } sldns_buffer_flip(buffer); return 1; +Index: unbound-1.7.0~rc1/util/data/packed_rrset.c =================================================================== -RCS file: ./util/data/RCS/packed_rrset.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c ---- ./util/data/packed_rrset.c -+++ ./util/data/packed_rrset.c -@@ -254,6 +254,10 @@ +--- unbound-1.7.0~rc1.orig/util/data/packed_rrset.c ++++ unbound-1.7.0~rc1/util/data/packed_rrset.c +@@ -254,6 +254,10 @@ sec_status_to_string(enum sec_status s) case sec_status_indeterminate: return "sec_status_indeterminate"; case sec_status_insecure: return "sec_status_insecure"; case sec_status_secure: return "sec_status_secure"; @@ -3402,13 +3367,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.c } return "unknown_sec_status_value"; } +Index: unbound-1.7.0~rc1/util/data/packed_rrset.h =================================================================== -RCS file: ./util/data/RCS/packed_rrset.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h ---- ./util/data/packed_rrset.h -+++ ./util/data/packed_rrset.h -@@ -189,7 +189,15 @@ +--- unbound-1.7.0~rc1.orig/util/data/packed_rrset.h ++++ unbound-1.7.0~rc1/util/data/packed_rrset.h +@@ -189,7 +189,15 @@ enum sec_status { sec_status_insecure, /** SECURE means that the object (RRset or message) validated * according to local policy. */ @@ -3425,12 +3388,10 @@ diff -u --unidirectional-new-file -r1.1 ./util/data/packed_rrset.h }; /** +Index: unbound-1.7.0~rc1/util/netevent.c =================================================================== -RCS file: ./util/RCS/netevent.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/netevent.c ---- ./util/netevent.c -+++ ./util/netevent.c +--- unbound-1.7.0~rc1.orig/util/netevent.c ++++ unbound-1.7.0~rc1/util/netevent.c @@ -54,6 +54,9 @@ #ifdef HAVE_OPENSSL_ERR_H #include <openssl/err.h> @@ -3441,7 +3402,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c /* -------- Start of local definitions -------- */ /** if CMSG_ALIGN is not defined on this platform, a workaround */ -@@ -579,6 +582,9 @@ +@@ -585,6 +588,9 @@ comm_point_udp_ancil_callback(int fd, sh struct cmsghdr* cmsg; #endif /* S_SPLINT_S */ @@ -3451,9 +3412,9 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); -@@ -668,6 +674,9 @@ +@@ -674,6 +680,9 @@ comm_point_udp_callback(int fd, short ev int i; - struct sldns_buffer *buffer; + struct sldns_buffer *buffer; +#ifdef ENABLE_FASTRPZ + rep.rpz = NULL; @@ -3461,17 +3422,17 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c rep.c = (struct comm_point*)arg; log_assert(rep.c->type == comm_udp); -@@ -711,6 +720,9 @@ +@@ -717,6 +726,9 @@ comm_point_udp_callback(int fd, short ev (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } +#ifdef ENABLE_FASTRPZ + rpz_end(&rep); +#endif - if(rep.c->fd != fd) /* commpoint closed to -1 or reused for + if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; -@@ -2145,6 +2157,9 @@ +@@ -2956,6 +2968,9 @@ comm_point_send_reply(struct comm_reply comm_point_start_listening(repinfo->c, -1, repinfo->c->tcp_timeout_msec); } @@ -3481,7 +3442,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c } void -@@ -2154,6 +2169,9 @@ +@@ -2965,6 +2980,9 @@ comm_point_drop_reply(struct comm_reply* return; log_assert(repinfo && repinfo->c); log_assert(repinfo->c->type != comm_tcp_accept); @@ -3491,7 +3452,7 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c if(repinfo->c->type == comm_udp) return; reclaim_tcp_handler(repinfo->c); -@@ -2173,6 +2191,9 @@ +@@ -2984,6 +3002,9 @@ comm_point_start_listening(struct comm_p { verbose(VERB_ALGO, "comm point start listening %d", c->fd==-1?newfd:c->fd); @@ -3501,13 +3462,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.c if(c->type == comm_tcp_accept && !c->tcp_free) { /* no use to start listening no free slots. */ return; +Index: unbound-1.7.0~rc1/util/netevent.h =================================================================== -RCS file: ./util/RCS/netevent.h,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./util/netevent.h ---- ./util/netevent.h -+++ ./util/netevent.h -@@ -117,6 +117,10 @@ +--- unbound-1.7.0~rc1.orig/util/netevent.h ++++ unbound-1.7.0~rc1/util/netevent.h +@@ -119,6 +119,10 @@ struct comm_reply { /** return type 0 (none), 4(IP4), 6(IP6) */ int srctype; /* DnsCrypt context */ @@ -3518,13 +3477,11 @@ diff -u --unidirectional-new-file -r1.1 ./util/netevent.h #ifdef USE_DNSCRYPT uint8_t client_nonce[crypto_box_HALF_NONCEBYTES]; uint8_t nmkey[crypto_box_BEFORENMBYTES]; +Index: unbound-1.7.0~rc1/validator/validator.c =================================================================== -RCS file: ./validator/RCS/validator.c,v -retrieving revision 1.1 -diff -u --unidirectional-new-file -r1.1 ./validator/validator.c ---- ./validator/validator.c -+++ ./validator/validator.c -@@ -2552,6 +2552,12 @@ +--- unbound-1.7.0~rc1.orig/validator/validator.c ++++ unbound-1.7.0~rc1/validator/validator.c +@@ -2688,6 +2688,12 @@ ds_response_to_ke(struct module_qstate* default: /* NSEC proof did not work, try next */ break; @@ -3537,7 +3494,7 @@ diff -u --unidirectional-new-file -r1.1 ./validator/validator.c } sec = nsec3_prove_nods(qstate->env, ve, -@@ -2584,6 +2590,12 @@ +@@ -2721,6 +2727,12 @@ ds_response_to_ke(struct module_qstate* default: /* NSEC3 proof did not work */ break; @@ -3550,3 +3507,4 @@ diff -u --unidirectional-new-file -r1.1 ./validator/validator.c } /* Apparently, no available NSEC/NSEC3 proved NODATA, so + diff --git a/contrib/libunbound.so.conf b/contrib/libunbound.so.conf new file mode 100644 index 000000000000..3b78fca7f378 --- /dev/null +++ b/contrib/libunbound.so.conf @@ -0,0 +1,41 @@ +# See ltrace.conf(5) for description of syntax of this file. +typedef ub_type = enum(TYPE_A=1,TYPE_NS=2,TYPE_SOA=6,TYPE_MX=15,TYPE_TXT=16,TYPE_AAAA=28,TYPE_DS=43,TYPE_DNSKEY=48,TYPE_TLSA=52,TYPE_ANY=255); +typedef ub_class = enum(CLASS_IN=1,CLASS_CH=3,CLASS_NONE=254,CLASS_ANY=255); +typedef ub_rcode = enum(RCODE_NOERROR,RCODE_FORMERR,RCODE_SERVFAIL,RCODE_NXDOMAIN,RCODE_NOTIMPL,RCODE_REFUSED,RCODE_YXDOMAIN,RCODE_YXRRSET,RCODE_NXRRSET,RCODE_NOTAUTH,RCODE_NOTZONE); +typedef ub_havedata = enum(no_data, have_data); +typedef ub_nxdomain = enum(name_exists, nxdomain); +typedef ub_secure = enum(not_secure, secure); +typedef ub_bogus = enum(not_bogus, bogus); +typedef ub_result = struct(string, ub_type, ub_class, array(void*,zero)*, array(int,zero)*, string, ub_rcode, void*, int, ub_havedata, ub_nxdomain, ub_secure, ub_bogus, string, int); +typedef ub_ctx = void; +ub_ctx* ub_ctx_create(void); +void ub_ctx_delete(ub_ctx*); +int ub_ctx_set_option(ub_ctx*, string, string); +int ub_ctx_get_option(ub_ctx*, string, +string*); +int ub_ctx_config(ub_ctx*, string); +int ub_ctx_set_fwd(ub_ctx*, string); +int ub_ctx_set_stub(ub_ctx*, string, string, bool(int)); +int ub_ctx_resolvconf(ub_ctx*, string); +int ub_ctx_hosts(ub_ctx*, string); +int ub_ctx_add_ta(ub_ctx*, string); +int ub_ctx_add_ta_file(ub_ctx*, string); +int ub_ctx_add_ta_autr(ub_ctx*, string); +int ub_ctx_trustedkeys(ub_ctx*, string); +int ub_ctx_debugout(ub_ctx*, void*); +int ub_ctx_debuglevel(ub_ctx*, int); +int ub_ctx_async(ub_ctx*, bool(int)); +int ub_poll(ub_ctx*); +int ub_wait(ub_ctx*); +int ub_fd(ub_ctx*); +int ub_process(ub_ctx*); +int ub_resolve(ub_ctx*, string, ub_type, ub_class, +ub_result**); +int ub_resolve_async(ub_ctx*, string, ub_type, ub_class, void*, void*, +int*); +int ub_cancel(ub_ctx*, int); +void ub_resolve_free(ub_result*); +string ub_strerror(int); +int ub_ctx_print_local_zones(ub_ctx*); +int ub_ctx_zone_add(ub_ctx*, string, string); +int ub_ctx_zone_remove(ub_ctx*, string); +int ub_ctx_data_add(ub_ctx*, string); +int ub_ctx_data_remove(ub_ctx*, string); +string ub_version(void); diff --git a/daemon/cachedump.c b/daemon/cachedump.c index 8992e6cb8f3d..81061870b581 100644 --- a/daemon/cachedump.c +++ b/daemon/cachedump.c @@ -79,6 +79,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, size_t i; /* rd lock held by caller */ if(!k || !d) return 1; + if(k->id == 0) return 1; /* deleted */ if(d->ttl < now) return 1; /* expired */ /* meta line */ diff --git a/daemon/daemon.c b/daemon/daemon.c index 7411fabe7573..f68bd981b01b 100644 --- a/daemon/daemon.c +++ b/daemon/daemon.c @@ -82,6 +82,7 @@ #include "services/localzone.h" #include "services/view.h" #include "services/modstack.h" +#include "services/authzone.h" #include "util/module.h" #include "util/random.h" #include "util/tube.h" @@ -281,6 +282,13 @@ daemon_init(void) if(gettimeofday(&daemon->time_boot, NULL) < 0) log_err("gettimeofday: %s", strerror(errno)); daemon->time_last_stat = daemon->time_boot; + if((daemon->env->auth_zones = auth_zones_create()) == 0) { + acl_list_delete(daemon->acl); + edns_known_options_delete(daemon->env); + free(daemon->env); + free(daemon); + return NULL; + } return daemon; } @@ -603,6 +611,10 @@ daemon_fork(struct daemon* daemon) fatal_exit("Could not set up per-view response IP sets"); daemon->use_response_ip = !respip_set_is_empty(daemon->respip_set) || have_view_respip_cfg; + + /* read auth zonefiles */ + if(!auth_zones_apply_cfg(daemon->env->auth_zones, daemon->cfg, 1)) + fatal_exit("auth_zones could not be setup"); /* setup modules */ daemon_setup_modules(daemon); @@ -683,6 +695,8 @@ daemon_cleanup(struct daemon* daemon) daemon->respip_set = NULL; views_delete(daemon->views); daemon->views = NULL; + if(daemon->env->auth_zones) + auth_zones_cleanup(daemon->env->auth_zones); /* key cache is cleared by module desetup during next daemon_fork() */ daemon_remote_clear(daemon->rc); for(i=0; i<daemon->num; i++) @@ -716,6 +730,7 @@ daemon_delete(struct daemon* daemon) rrset_cache_delete(daemon->env->rrset_cache); infra_delete(daemon->env->infra_cache); edns_known_options_delete(daemon->env); + auth_zones_delete(daemon->env->auth_zones); } ub_randfree(daemon->rand); alloc_clear(&daemon->superalloc); @@ -763,6 +778,9 @@ daemon_delete(struct daemon* daemon) # if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED) ub_openssl_lock_delete(); # endif +#ifndef HAVE_ARC4RANDOM + _ARC4_LOCK_DESTROY(); +#endif #elif defined(HAVE_NSS) NSS_Shutdown(); #endif /* HAVE_SSL or HAVE_NSS */ diff --git a/daemon/unbound.c b/daemon/unbound.c index 432aa912e681..e4caf004819e 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -421,17 +421,6 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, w_config_adjust_directory(cfg); #endif - /* init syslog (as root) if needed, before daemonize, otherwise - * a fork error could not be printed since daemonize closed stderr.*/ - if(cfg->use_syslog) { - log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); - } - /* if using a logfile, we cannot open it because the logfile would - * be created with the wrong permissions, we cannot chown it because - * we cannot chown system logfiles, so we do not open at all. - * So, using a logfile, the user does not see errors unless -d is - * given to unbound on the commandline. */ - /* read ssl keys while superuser and outside chroot */ #ifdef HAVE_SSL if(!(daemon->rc = daemon_remote_create(cfg))) @@ -441,10 +430,22 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, cfg->ssl_service_key, cfg->ssl_service_pem, NULL))) fatal_exit("could not set up listen SSL_CTX"); } - if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL, NULL))) + if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL, + cfg->tls_cert_bundle))) fatal_exit("could not set up connect SSL_CTX"); #endif + /* init syslog (as root) if needed, before daemonize, otherwise + * a fork error could not be printed since daemonize closed stderr.*/ + if(cfg->use_syslog) { + log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); + } + /* if using a logfile, we cannot open it because the logfile would + * be created with the wrong permissions, we cannot chown it because + * we cannot chown system logfiles, so we do not open at all. + * So, using a logfile, the user does not see errors unless -d is + * given to unbound on the commandline. */ + #ifdef HAVE_KILL /* true if pidfile is inside chrootdir, or nochroot */ pidinchroot = need_pidfile && (!(cfg->chrootdir && cfg->chrootdir[0]) || @@ -744,5 +745,10 @@ main(int argc, char* argv[]) run_daemon(cfgfile, cmdline_verbose, debug_mode, log_ident_default, need_pidfile); log_init(NULL, 0, NULL); /* close logfile */ +#ifndef unbound_testbound + if(log_get_lock()) { + lock_quick_destroy((lock_quick_type*)log_get_lock()); + } +#endif return 0; } diff --git a/daemon/worker.c b/daemon/worker.c index ac7053abddf3..389a1de530ec 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -58,6 +58,7 @@ #include "services/cache/rrset.h" #include "services/cache/infra.h" #include "services/cache/dns.h" +#include "services/authzone.h" #include "services/mesh.h" #include "services/localzone.h" #include "util/data/msgparse.h" @@ -1046,7 +1047,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error, strcasecmp(buf, worker->daemon->dnscenv->provider_name) == 0)) { verbose(VERB_ALGO, - "dnscrypt: not TXT %s. Receive: %s %s", + "dnscrypt: not TXT \"%s\". Received: %s \"%s\"", worker->daemon->dnscenv->provider_name, sldns_rr_descript(qinfo.qtype)->_name, buf); @@ -1251,6 +1252,22 @@ worker_handle_request(struct comm_point* c, void* arg, int error, server_stats_insrcode(&worker->stats, c->buffer); goto send_reply; } + if(worker->env.auth_zones && + auth_zones_answer(worker->env.auth_zones, &worker->env, + &qinfo, &edns, c->buffer, worker->scratchpad)) { + regional_free_all(worker->scratchpad); + if(sldns_buffer_limit(c->buffer) == 0) { + comm_point_drop_reply(repinfo); + return 0; + } + /* set RA for everyone that can have recursion (based on + * access control list) */ + if(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer)) && + acl != acl_deny_non_local && acl != acl_refuse_non_local) + LDNS_RA_SET(sldns_buffer_begin(c->buffer)); + server_stats_insrcode(&worker->stats, c->buffer); + goto send_reply; + } /* We've looked in our local zones. If the answer isn't there, we * might need to bail out based on ACLs now. */ @@ -1266,13 +1283,9 @@ worker_handle_request(struct comm_point* c, void* arg, int error, * ACLs allow the snooping. */ if(!(LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) && acl != acl_allow_snoop ) { - sldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE); - sldns_buffer_write_at(c->buffer, 4, - (uint8_t*)"\0\0\0\0\0\0\0\0", 8); - LDNS_QR_SET(sldns_buffer_begin(c->buffer)); - LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), - LDNS_RCODE_REFUSED); - sldns_buffer_flip(c->buffer); + error_encode(c->buffer, LDNS_RCODE_REFUSED, &qinfo, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), NULL); regional_free_all(worker->scratchpad); server_stats_insrcode(&worker->stats, c->buffer); log_addr(VERB_ALGO, "refused nonrec (cache snoop) query from", @@ -1326,11 +1339,11 @@ lookup_cache: h = query_info_hash(lookup_qinfo, sldns_buffer_read_u16_at(c->buffer, 2)); if((e=slabhash_lookup(worker->env.msg_cache, h, lookup_qinfo, 0))) { /* answer from cache - we have acquired a readlock on it */ - if(answer_from_cache(worker, &qinfo, + if(answer_from_cache(worker, &qinfo, cinfo, &need_drop, &alias_rrset, &partial_rep, - (struct reply_info*)e->data, - *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), - sldns_buffer_read_u16_at(c->buffer, 2), repinfo, + (struct reply_info*)e->data, + *(uint16_t*)(void *)sldns_buffer_begin(c->buffer), + sldns_buffer_read_u16_at(c->buffer, 2), repinfo, &edns)) { /* prefetch it if the prefetch TTL expired. * Note that if there is more than one pass @@ -1672,8 +1685,10 @@ worker_init(struct worker* worker, struct config_file *cfg, if(worker->thread_num == 0) log_set_time(worker->env.now); worker->env.worker = worker; + worker->env.worker_base = worker->base; worker->env.send_query = &worker_send_query; worker->env.alloc = &worker->alloc; + worker->env.outnet = worker->back; worker->env.rnd = worker->rndstate; /* If case prefetch is triggered, the corresponding mesh will clear * the scratchpad for the module env in the middle of request handling. @@ -1723,6 +1738,14 @@ worker_init(struct worker* worker, struct config_file *cfg, comm_timer_set(worker->env.probe_timer, &tv); } } + /* zone transfer tasks, setup once per process, if any */ + if(worker->env.auth_zones +#ifndef THREADS_DISABLED + && worker->thread_num == 0 +#endif + ) { + auth_xfer_pickup_initial(worker->env.auth_zones, &worker->env); + } if(!worker->env.mesh || !worker->env.scratch_buffer) { worker_delete(worker); return 0; diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c index a0db12077093..3545d3d9b43f 100644 --- a/dnscrypt/dnscrypt.c +++ b/dnscrypt/dnscrypt.c @@ -5,6 +5,7 @@ #ifdef HAVE_TIME_H #include <time.h> #endif +#include <inttypes.h> #include <sys/time.h> #include <sys/types.h> #include "sldns/sbuffer.h" @@ -588,18 +589,26 @@ dnsc_chroot_path(struct config_file *cfg, char *path) static int dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg) { - struct config_strlist *head; + struct config_strlist *head, *head2; size_t signed_cert_id; + size_t rotated_cert_id; char *nm; env->signed_certs_count = 0U; + env->rotated_certs_count = 0U; for (head = cfg->dnscrypt_provider_cert; head; head = head->next) { env->signed_certs_count++; } + for (head = cfg->dnscrypt_provider_cert_rotated; head; head = head->next) { + env->rotated_certs_count++; + } env->signed_certs = sodium_allocarray(env->signed_certs_count, sizeof *env->signed_certs); + env->rotated_certs = sodium_allocarray(env->rotated_certs_count, + sizeof env->signed_certs); signed_cert_id = 0U; + rotated_cert_id = 0U; for(head = cfg->dnscrypt_provider_cert; head; head = head->next, signed_cert_id++) { nm = dnsc_chroot_path(cfg, head->str); if(dnsc_read_from_file( @@ -608,6 +617,14 @@ dnsc_parse_certs(struct dnsc_env *env, struct config_file *cfg) sizeof(struct SignedCert)) != 0) { fatal_exit("dnsc_parse_certs: failed to load %s: %s", head->str, strerror(errno)); } + for(head2 = cfg->dnscrypt_provider_cert_rotated; head2; head2 = head2->next) { + if(strcmp(head->str, head2->str) == 0) { + *(env->rotated_certs + rotated_cert_id) = env->signed_certs + signed_cert_id; + rotated_cert_id++; + verbose(VERB_OPS, "Cert %s is rotated and will not be distributed via DNS", head->str); + break; + } + } verbose(VERB_OPS, "Loaded cert %s", head->str); } return signed_cert_id; @@ -692,27 +709,54 @@ dnsc_load_local_data(struct dnsc_env* dnscenv, struct config_file *cfg) // 2.dnscrypt-cert.example.com 86400 IN TXT "DNSC......" for(i=0; i<dnscenv->signed_certs_count; i++) { const char *ttl_class_type = " 86400 IN TXT \""; + int rotated_cert = 0; + uint32_t serial; + uint16_t rrlen; + char* rr; struct SignedCert *cert = dnscenv->signed_certs + i; - uint16_t rrlen = strlen(dnscenv->provider_name) + + // Check if the certificate is being rotated and should not be published + for(j=0; j<dnscenv->rotated_certs_count; j++){ + if(cert == dnscenv->rotated_certs[j]) { + rotated_cert = 1; + break; + } + } + memcpy(&serial, cert->serial, sizeof serial); + serial = htonl(serial); + if(rotated_cert) { + verbose(VERB_OPS, + "DNSCrypt: not adding cert with serial #%" + PRIu32 + " to local-data as it is rotated", + serial + ); + continue; + } + rrlen = strlen(dnscenv->provider_name) + strlen(ttl_class_type) + 4 * sizeof(struct SignedCert) + // worst case scenario 1 + // trailing double quote 1; - char *rr = malloc(rrlen); + rr = malloc(rrlen); if(!rr) { log_err("Could not allocate memory"); return -2; } snprintf(rr, rrlen - 1, "%s 86400 IN TXT \"", dnscenv->provider_name); for(j=0; j<sizeof(struct SignedCert); j++) { - int c = (int)*((const uint8_t *) cert + j); + int c = (int)*((const uint8_t *) cert + j); if (isprint(c) && c != '"' && c != '\\') { snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "%c", c); } else { snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "\\%03d", c); } } - verbose(VERB_OPS, "DNSCrypt: adding local data to config: %s", rr); + verbose(VERB_OPS, + "DNSCrypt: adding cert with serial #%" + PRIu32 + " to local-data to config: %s", + serial, rr + ); snprintf(rr + strlen(rr), rrlen - 1 - strlen(rr), "\""); cfg_strlist_insert(&cfg->local_data, strdup(rr)); free(rr); @@ -826,6 +870,16 @@ dnsc_parse_keys(struct dnsc_env *env, struct config_file *cfg) return cert_id; } +static void +sodium_misuse_handler(void) +{ + fatal_exit( + "dnscrypt: libsodium could not be initialized, this typically" + " happens when no good source of entropy is found. If you run" + " unbound in a chroot, make sure /dev/random is available. See" + " https://www.unbound.net/documentation/unbound.conf.html"); +} + /** * ######################################################### @@ -889,6 +943,9 @@ struct dnsc_env * dnsc_create(void) { struct dnsc_env *env; +#ifdef SODIUM_MISUSE_HANDLER + sodium_set_misuse_handler(sodium_misuse_handler); +#endif if (sodium_init() == -1) { fatal_exit("dnsc_create: could not initialize libsodium."); } @@ -923,6 +980,7 @@ dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg) if(dnsc_load_local_data(env, cfg) <= 0) { fatal_exit("dnsc_apply_cfg: could not load local data"); } + lock_basic_lock(&env->shared_secrets_cache_lock); env->shared_secrets_cache = slabhash_create( cfg->dnscrypt_shared_secret_cache_slabs, HASH_DEFAULT_STARTARRAY, @@ -933,9 +991,11 @@ dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg) dnsc_shared_secrets_deldatafunc, NULL ); + lock_basic_unlock(&env->shared_secrets_cache_lock); if(!env->shared_secrets_cache){ fatal_exit("dnsc_apply_cfg: could not create shared secrets cache."); } + lock_basic_lock(&env->nonces_cache_lock); env->nonces_cache = slabhash_create( cfg->dnscrypt_nonce_cache_slabs, HASH_DEFAULT_STARTARRAY, @@ -946,6 +1006,7 @@ dnsc_apply_cfg(struct dnsc_env *env, struct config_file *cfg) dnsc_nonces_deldatafunc, NULL ); + lock_basic_unlock(&env->nonces_cache_lock); return 0; } @@ -957,12 +1018,13 @@ dnsc_delete(struct dnsc_env *env) } verbose(VERB_OPS, "DNSCrypt: Freeing environment."); sodium_free(env->signed_certs); + sodium_free(env->rotated_certs); sodium_free(env->certs); sodium_free(env->keypairs); - slabhash_delete(env->shared_secrets_cache); - slabhash_delete(env->nonces_cache); lock_basic_destroy(&env->shared_secrets_cache_lock); lock_basic_destroy(&env->nonces_cache_lock); + slabhash_delete(env->shared_secrets_cache); + slabhash_delete(env->nonces_cache); free(env); } diff --git a/dnscrypt/dnscrypt.h b/dnscrypt/dnscrypt.h index 7dec2c488cf3..666f54e62aa4 100644 --- a/dnscrypt/dnscrypt.h +++ b/dnscrypt/dnscrypt.h @@ -54,8 +54,10 @@ typedef struct cert_ { struct dnsc_env { struct SignedCert *signed_certs; + struct SignedCert **rotated_certs; dnsccert *certs; size_t signed_certs_count; + size_t rotated_certs_count; uint8_t provider_publickey[crypto_sign_ed25519_PUBLICKEYBYTES]; uint8_t provider_secretkey[crypto_sign_ed25519_SECRETKEYBYTES]; KeyPair *keypairs; diff --git a/dnscrypt/dnscrypt.m4 b/dnscrypt/dnscrypt.m4 index 7193519fcf03..591bd1375581 100644 --- a/dnscrypt/dnscrypt.m4 +++ b/dnscrypt/dnscrypt.m4 @@ -28,6 +28,14 @@ AC_DEFUN([dnsc_DNSCRYPT], [ AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0]) ]) + AC_SEARCH_LIBS([sodium_set_misuse_handler], [sodium], + [ + AC_DEFINE( + [SODIUM_MISUSE_HANDLER], [1], + [Define to 1 if libsodium supports sodium_set_misuse_handler]) + ], + [ + ]) $1 else AC_SUBST([ENABLE_DNSCRYPT_XCHACHA20], [0]) diff --git a/dnstap/dnstap.proto b/dnstap/dnstap.proto index 32871f409cfc..88bfb4e94129 100644 --- a/dnstap/dnstap.proto +++ b/dnstap/dnstap.proto @@ -13,6 +13,7 @@ // with this file. If not, see: // // <http://creativecommons.org/publicdomain/zero/1.0/>. +syntax = "proto2"; package dnstap; diff --git a/doc/Changelog b/doc/Changelog index 5c6be3ada8b7..f29935375ba7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,9 +1,244 @@ -19 January 2018: Wouter +12 March 2018: Wouter + - Added documentation for aggressive-nsec: yes. + - tag 1.7.0rc3. + +9 March 2018: Wouter + - Fix #3598: Fix swig build issue on rhel6 based system. + configure --disable-swig-version-check stops the swig version check. + +8 March 2018: Wouter + - tag 1.7.0rc2. + +7 March 2018: Wouter + - Fixed contrib/fastrpz.patch, even though this already applied + cleanly for me, now also for others. + - patch to log creates keytag queries, from A. Schulze. + - patch suggested by Debian lintian: allow to -> allow one to, from + A. Schulze. + - Attempt to remove warning about trailing whitespace. + +6 March 2018: Wouter + - Reverted fix for #3512, this may not be the best way forward; + although it could be changed at a later time, to stay similar to + other implementations. + - svn trunk contains 1.7.0, this is the number for the next release. + - Fix for windows compile. + - tag 1.7.0rc1. + +5 March 2018: Wouter + - Fix to check define of DSA for when openssl is without deprecated. + - iana port update. + - Fix #3582: Squelch address already in use log when reuseaddr option + causes same port to be used twice for tcp connections. + +27 February 2018: Wouter + - Fixup contrib/fastrpz.patch so that it applies. + - Fix compile without threads, and remove unused variable. + - Fix compile with staticexe and python module. + - Fix nettle compile. + +22 February 2018: Ralph + - Save wildcard RRset from answer with original owner for use in + aggressive NSEC. + +21 February 2018: Wouter + - Fix #3512: unbound incorrectly reports SERVFAIL for CAA query + when there is a CNAME loop. + - Fix validation for CNAME loops. When it detects a cname loop, + by finding the cname, cname in the existing list, it returns + the partial result with the validation result up to then. + - more robust cachedump rrset routine. + +19 February 2018: Wouter + - Fix #3505: Documentation for default local zones references + wrong RFC. + - Fix #3494: local-zone noview can be used to break out of the view + to the global local zone contents, for queries for that zone. + - Fix for more maintainable code in localzone. + +16 February 2018: Wouter + - Fixes for clang static analyzer, the missing ; in + edns-subnet/addrtree.c after the assert made clang analyzer + produce a failure to analyze it. + +13 February 2018: Ralph + - Aggressive NSEC tests + +13 February 2018: Wouter + - tls-cert-bundle option in unbound.conf enables TLS authentication. + - iana port update. + +12 February 2018: Wouter + - Unit test for auth zone https url download. + +12 February 2018: Ralph + - Added tests with wildcard expanded NSEC records (CVE-2017-15105 test) + - Processed aggressive NSEC code review remarks Wouter + +8 February 2018: Ralph + - Aggressive use of NSEC implementation. Use cached NSEC records to + generate NXDOMAIN, NODATA and positive wildcard answers. + +8 February 2018: Wouter + - iana port update. + - auth zone url config. + +5 February 2018: Wouter + - Fix #3451: dnstap not building when you have a separate build dir. + And removed protoc warning, set dnstap.proto syntax to proto2. + - auth-zone provides a way to configure RFC7706 from unbound.conf, + eg. with auth-zone: name: "." for-downstream: no for-upstream: yes + fallback-enabled: yes and masters or a zonefile with data. + +2 February 2018: Wouter + - Fix unfreed locks in log and arc4random at exit of unbound. + - unit test with valgrind + - Fix lock race condition in dns cache dname synthesis. + - lock subnet new item before insertion to please checklocks, + no modification of critical regions outside of lock region. + +1 February 2018: Wouter + - fix unaligned structure making a false positive in checklock + unitialised memory. + +29 January 2018: Ralph + - Use NSEC with longest ce to prove wildcard absence. + - Only use *.ce to prove wildcard absence, no longer names. + +25 January 2018: Wouter + - ltrace.conf file for libunbound in contrib. + +23 January 2018: Wouter + - Fix that unbound-checkconf -f flag works with auto-trust-anchor-file + for startup scripts to get the full pathname(s) of anchor file(s). + - Print fatal errors about remote control setup before log init, + so that it is printed to console. + +22 January 2018: Wouter + - Accept tls-upstream in unbound.conf, the ssl-upstream keyword is + also recognized and means the same. Also for tls-port, + tls-service-key, tls-service-pem, stub-tls-upstream and + forward-tls-upstream. + - Fix #3397: Fix that cachedb could return a partial CNAME chain. + - Fix #3397: Fix that when the cache contains an unsigned DNAME in + the middle of a cname chain, a result without the DNAME could + be returned. + +19 January 2018: Wouter + - tag 1.6.8 for release with CVE fix. + - trunk has 1.6.9 with fix and previous commits. - patch for CVE-2017-15105: vulnerability in the processing of wildcard synthesized NSEC records. + - iana port update. + - make depend: code dependencies updated in Makefile. + +4 January 2018: Ralph + - Copy query and correctly set flags on REFUSED answers when cache + snooping is not allowed. + +3 January 2018: Ralph + - Fix queries being leaked above stub when refetching glue. + +2 January 2017: Wouter + - Fix that DS queries with referral replies are answered straight + away, without a repeat query picking the DS from cache. + The correct reply should have been an answer, the reply is fixed + by the scrubber to have the answer in the answer section. + - Remove clang optimizer disable, + Fix that expiration date checks don't fail with clang -O2. + +15 December 2017: Wouter + - Fix timestamp failure because of clang optimizer failure, by + disabling -O2 when the compiler --version is clang. + - iana port update. + - Also disable -flto for clang, to make incep-expi signature check + work. + +12 December 2017: Ralph + - Fix qname-minimisation documentation (A QTYPE, not NS) + +12 December 2017: Wouter + - authzone work, transfer connect. + +7 December 2017: Ralph + - Check whether --with-libunbound-only is set when using --with-nettle + or --with-nss. + +4 December 2017: Wouter + - Fix link failure on OmniOS. + +1 December 2017: Wouter + - auth zone work. + +30 November 2017: Wouter + - Fix #3299 - forward CNAME daisy chain is not working + +14 November 2017: Wouter + - Fix #2882: Unbound behaviour changes (wrong) when domain-insecure is + set for stub zone. It no longer searches for DNSSEC information. + - auth xfer work on probe timer and lookup. + +13 November 2017: Wouter + - Fix #2801: Install libunbound.pc. + - Fix qname minimisation to send AAAA queries at zonecut like type A. + - reverted AAAA change. + +7 November 2017: Wouter + - Fix #2492: Documentation libunbound. + +3 November 2017: Wouter + - Fix #2362: TLS1.3/openssl-1.1.1 not working. + - Fix #2034 - Autoconf and -flto. + - Fix #2141 - for libsodium detect lack of entropy in chroot, print + a message and exit. + +2 November 2017: Wouter + - Fix #1913: ub_ctx_config is under circumstances thread-safe. + - make ip-transparent option work on OpenBSD. + +31 October 2017: Wouter + - Document that errno is left informative on libunbound config read + fail. + - lexer output. + - iana port update. + +25 October 2017: Ralph + - Fixed libunbound manual typo. + - Fix #1949: [dnscrypt] make provider name mismatch more obvious. + - Fix #2031: Double included headers + +24 October 2017: Ralph + - Update B root ipv4 address. + +19 October 2017: Wouter + - authzone work, probe timer setup. + +18 October 2017: Wouter + - lint for recent authzone commit. + +17 October 2017: Wouter + - Fix #1749: With harden-referral-path: performance drops, due to + circular dependency in NS and DS lookups. + - [dnscrypt] prevent dnscrypt-secret-key, dnscrypt-provider-cert + duplicates + - [dnscrypt] introduce dnscrypt-provider-cert-rotated option, + from Manu Bretelle. + This option allows handling multiple cert/key pairs while only + distributing some of them. + In order to reliably match a client magic with a given key without + strong assumption as to how those were generated, we need both key and + cert. Likewise, in order to know which ES version should be used. + On the other hand, when rotating a cert, it can be desirable to only + serve the new cert but still be able to handle clients that are still + using the old certs's public key. + The `dnscrypt-provider-cert-rotated` allow to instruct unbound to not + publish the cert as part of the DNS's provider_name's TXT answer. + - Better documentation for cache-max-negative-ttl. + - Work on local root zone code. 10 October 2017: Wouter - tag 1.6.7 + - trunk has version 1.6.8. 6 October 2017: Wouter - Fix spelling in unbound-control man page. diff --git a/doc/README b/doc/README index d3bea2e0bab2..58cd56fa8095 100644 --- a/doc/README +++ b/doc/README @@ -1,4 +1,4 @@ -README for Unbound 1.6.8 +README for Unbound 1.7.0 Copyright 2007 NLnet Labs http://unbound.net diff --git a/doc/example.conf.in b/doc/example.conf.in index b18513600700..73ed7fde0e5a 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -1,7 +1,7 @@ # # Example configuration file. # -# See unbound.conf(5) man page, version 1.6.8. +# See unbound.conf(5) man page, version 1.7.0. # # this is a comment. @@ -371,7 +371,7 @@ server: # Sent minimum amount of information to upstream servers to enhance # privacy. Only sent minimum required labels of the QNAME and set QTYPE - # to NS when possible. + # to A when possible. # qname-minimisation: no # QNAME minimisation in strict mode. Do not fall-back to sending full @@ -380,6 +380,10 @@ server: # This option only has effect when qname-minimisation is enabled. # qname-minimisation-strict: no + # Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN + # and other denials, using information from previous NXDOMAINs answers. + # aggressive-nsec: no + # Use 0x20-encoded random bits in the query to foil spoof attempts. # This feature is an experimental implementation of draft dns-0x20. # use-caps-for-id: no @@ -627,6 +631,7 @@ server: # o inform_deny drops queries and logs client IP address # o always_transparent, always_refuse, always_nxdomain, resolve in # that way but ignore local data for that name. + # o noview breaks out of that view towards global local-zones. # # defaults are localhost address, reverse for 127.0.0.1 and ::1 # and nxdomain for AS112 zones. If you configure one of these zones @@ -662,13 +667,16 @@ server: # service clients over SSL (on the TCP sockets), with plain DNS inside # the SSL stream. Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. - # ssl-service-key: "path/to/privatekeyfile.key" - # ssl-service-pem: "path/to/publiccertfile.pem" - # ssl-port: 853 + # tls-service-key: "path/to/privatekeyfile.key" + # tls-service-pem: "path/to/publiccertfile.pem" + # tls-port: 853 # request upstream over SSL (with plain DNS inside the SSL stream). # Default is no. Can be turned on and off with unbound-control. - # ssl-upstream: no + # tls-upstream: no + + # Certificates used to authenticate connections made upstream. + # tls-cert-bundle: "" # DNS64 prefix. Must be specified when DNS64 is use. # Enable dns64 in module-config. Used to synthesize IPv6 from IPv4. @@ -787,7 +795,7 @@ remote-control: # stub-addr: 192.0.2.68 # stub-prime: no # stub-first: no -# stub-ssl-upstream: no +# stub-tls-upstream: no # stub-zone: # name: "example.org" # stub-host: ns.example.com. @@ -803,11 +811,35 @@ remote-control: # forward-addr: 192.0.2.68 # forward-addr: 192.0.2.73@5355 # forward to port 5355. # forward-first: no -# forward-ssl-upstream: no +# forward-tls-upstream: no # forward-zone: # name: "example.org" # forward-host: fwd.example.com +# Authority zones +# The data for these zones is kept locally, from a file or downloaded. +# The data can be served to downstream clients, or used instead of the +# upstream (which saves a lookup to the upstream). The first example +# has a copy of the root for local usage. The second serves example.org +# authoritatively. zonefile: reads from file (and writes to it if you also +# download it), master: fetches with AXFR and IXFR, or url to zonefile. +# auth-zone: +# name: "." +# for-downstream: no +# for-upstream: yes +# fallback-enabled: yes +# master: b.root-servers.net +# master: c.root-servers.net +# master: e.root-servers.net +# master: f.root-servers.net +# master: g.root-servers.net +# master: k.root-servers.net +# auth-zone: +# name: "example.org" +# for-downstream: yes +# for-upstream: yes +# zonefile: "example.org.zone" + # Views # Create named views. Name must be unique. Map views to requests using # the access-control-view option. Views can contain zero or more local-zone diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 0b8ca2afe32c..357e981fff4b 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -1,4 +1,4 @@ -.TH "libunbound" "3" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "libunbound" "3" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" libunbound.3 -- unbound library functions manual .\" @@ -43,7 +43,7 @@ .B ub_ctx_zone_remove, .B ub_ctx_data_add, .B ub_ctx_data_remove -\- Unbound DNS validating resolver 1.6.8 functions. +\- Unbound DNS validating resolver 1.7.0 functions. .SH "SYNOPSIS" .B #include <unbound.h> .LP @@ -150,7 +150,8 @@ is an implementation of a DNS resolver, that does caching and DNSSEC validation. This is the library API, for using the \-lunbound library. The server daemon is described in \fIunbound\fR(8). -The library can be used to convert hostnames to ip addresses, and back, +The library works independent from a running unbound server, and +can be used to convert hostnames to ip addresses, and back, and obtain other information from the DNS. The library performs public\-key validation of results with DNSSEC. .P @@ -162,7 +163,7 @@ and deleting it with It can be created and deleted at any time. Creating it anew removes any previous configuration (such as trusted keys) and clears any cached results. .P -The functions are thread\-safe, and a context an be used in a threaded (as +The functions are thread\-safe, and a context can be used in a threaded (as well as in a non\-threaded) environment. Also resolution (and validation) can be performed blocking and non\-blocking (also called asynchronous). The async method returns from the call immediately, so that processing @@ -203,7 +204,10 @@ without trailing ':'. The returned value must be free(2)d by the caller. A power\-user interface that lets you specify an unbound config file, see \fIunbound.conf\fR(5), which is read for configuration. Not all options are relevant. For some specific options, such as adding trust anchors, special -routines exist. +routines exist. This function is thread\-safe only if a single instance of +ub_ctx* exists in the application. If several instances exist the +application has to ensure that ub_ctx_config is not called in parallel by +the different instances. .TP .B ub_ctx_set_fwd Set machine to forward DNS queries to, the caching resolver to use. @@ -407,6 +411,10 @@ returns NULL on an error (a malloc failure). returns true if some information may be available, false otherwise. .B ub_fd returns a file descriptor or \-1 on error. +.B ub_ctx_config +and +.B ub_ctx_resolvconf +attempt to leave errno informative on a function return with file read failure. .SH "SEE ALSO" \fIunbound.conf\fR(5), \fIunbound\fR(8). diff --git a/doc/unbound-anchor.8.in b/doc/unbound-anchor.8.in index 093b75aa7cd3..f50bf28af3f5 100644 --- a/doc/unbound-anchor.8.in +++ b/doc/unbound-anchor.8.in @@ -1,4 +1,4 @@ -.TH "unbound-anchor" "8" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "unbound-anchor" "8" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" unbound-anchor.8 -- unbound anchor maintenance utility manual .\" diff --git a/doc/unbound-checkconf.8.in b/doc/unbound-checkconf.8.in index bfc55bdc0919..a07124e57a26 100644 --- a/doc/unbound-checkconf.8.in +++ b/doc/unbound-checkconf.8.in @@ -1,4 +1,4 @@ -.TH "unbound-checkconf" "8" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "unbound-checkconf" "8" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" unbound-checkconf.8 -- unbound configuration checker manual .\" diff --git a/doc/unbound-control.8.in b/doc/unbound-control.8.in index 24e5ce23ad1d..53af91514eb7 100644 --- a/doc/unbound-control.8.in +++ b/doc/unbound-control.8.in @@ -1,4 +1,4 @@ -.TH "unbound-control" "8" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "unbound-control" "8" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" unbound-control.8 -- unbound remote control manual .\" diff --git a/doc/unbound-host.1.in b/doc/unbound-host.1.in index 42e6096ef597..6842514d287e 100644 --- a/doc/unbound-host.1.in +++ b/doc/unbound-host.1.in @@ -1,4 +1,4 @@ -.TH "unbound\-host" "1" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "unbound\-host" "1" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" unbound-host.1 -- unbound DNS lookup utility .\" diff --git a/doc/unbound.8.in b/doc/unbound.8.in index 1e2adb1ea53d..3c5786a79773 100644 --- a/doc/unbound.8.in +++ b/doc/unbound.8.in @@ -1,4 +1,4 @@ -.TH "unbound" "8" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "unbound" "8" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" unbound.8 -- unbound manual .\" @@ -9,7 +9,7 @@ .\" .SH "NAME" .B unbound -\- Unbound DNS validating resolver 1.6.8. +\- Unbound DNS validating resolver 1.7.0. .SH "SYNOPSIS" .B unbound .RB [ \-h ] diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index f6e53111d2d9..156e3bed5f47 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -1,4 +1,4 @@ -.TH "unbound.conf" "5" "Jan 19, 2018" "NLnet Labs" "unbound 1.6.8" +.TH "unbound.conf" "5" "Mar 15, 2018" "NLnet Labs" "unbound 1.7.0" .\" .\" unbound.conf.5 -- unbound.conf manual .\" @@ -293,7 +293,8 @@ are going to exist later on, with host failover configuration. This is a lot like interface\-automatic, but that one services all interfaces and with this option you can select which (future) interfaces unbound provides service on. This option needs unbound to be started with root -permissions on some systems. The option uses IP_BINDANY on FreeBSD systems. +permissions on some systems. The option uses IP_BINDANY on FreeBSD systems +and SO_BINDANY on OpenBSD systems. .TP .B ip\-freebind: \fI<yes or no> If yes, then use IP_FREEBIND socket option on sockets where unbound @@ -330,6 +331,7 @@ the data in the cache does not match up with the actual data any more. .B cache\-max\-negative\-ttl: \fI<seconds> Time to live maximum for negative responses, these have a SOA in the authority section that is limited in time. Default is 3600. +This applies to nxdomain and nodata answers. .TP .B infra\-host\-ttl: \fI<seconds> Time to live for entries in the host cache. The host cache contains @@ -396,30 +398,52 @@ Enable udp upstream even if do-udp is no. Default is no, and this does not change anything. Useful for TLS service providers, that want no udp downstream but use udp to fetch data upstream. .TP -.B ssl\-upstream: \fI<yes or no> +.B tls\-upstream: \fI<yes or no> Enabled or disable whether the upstream queries use SSL only for transport. Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in TCP wireformat. The other server must support this (see -\fBssl\-service\-key\fR). +\fBtls\-service\-key\fR). +.TP +.B ssl\-upstream: \fI<yes or no> +Alternate syntax for \fBtls\-upstream\fR. If both are present in the config +file the last is used. .TP -.B ssl\-service-key: \fI<file> +.B tls\-service\-key: \fI<file> If enabled, the server provider SSL service on its TCP sockets. The clients -have to use ssl\-upstream: yes. The file is the private key for the TLS -session. The public certificate is in the ssl\-service\-pem file. Default +have to use tls\-upstream: yes. The file is the private key for the TLS +session. The public certificate is in the tls\-service\-pem file. Default is "", turned off. Requires a restart (a reload is not enough) if changed, because the private key is read while root permissions are held and before chroot (if any). Normal DNS TCP service is not provided and gives errors, this service is best run with a different \fBport:\fR config or \fI@port\fR suffixes in the \fBinterface\fR config. .TP -.B ssl\-service\-pem: \fI<file> -The public key certificate pem file for the ssl service. Default is "", +.B ssl\-service\-key: \fI<file> +Alternate syntax for \fBtls\-service\-key\fR. +.TP +.B tls\-service\-pem: \fI<file> +The public key certificate pem file for the tls service. Default is "", turned off. .TP -.B ssl\-port: \fI<number> +.B ssl\-service\-pem: \fI<file> +Alternate syntax for \fBtls\-service\-pem\fR. +.TP +.B tls\-port: \fI<number> The port number on which to provide TCP SSL service, default 853, only interfaces configured with that port number as @number get the SSL service. .TP +.B ssl\-port: \fI<number> +Alternate syntax for \fBtls\-port\fR. +.TP +.B tls\-cert\-bundle: \fI<file> +If null or "", no file is used. Set it to the certificate bundle file, +for example "/etc/pki/tls/certs/ca\-bundle.crt". These certificates are used +for authenticating connections made to outside peers. For example auth\-zone +urls, and also DNS over TLS connections. +.TP +.B ssl\-cert\-bundle: \fI<file> +Alternate syntax for \fBtls\-cert\-bundle\fR. +.TP .B use\-systemd: \fI<yes or no> Enable or disable systemd socket activation. Default is no. @@ -690,7 +714,7 @@ Can be given multiple times, for different domains. .TP .B qname\-minimisation: \fI<yes or no> Send minimum amount of information to upstream servers to enhance privacy. -Only sent minimum required labels of the QNAME and set QTYPE to NS when +Only sent minimum required labels of the QNAME and set QTYPE to A when possible. Best effort approach; full QNAME and original QTYPE will be sent when upstream replies with a RCODE other than NOERROR, except when receiving NXDOMAIN from a DNSSEC signed zone. Default is off. @@ -701,6 +725,12 @@ potentially broken nameservers. A lot of domains will not be resolvable when this option in enabled. Only use if you know what you are doing. This option only has effect when qname-minimisation is enabled. Default is off. .TP +.B aggressive\-nsec: \fI<yes or no> +Aggressive NSEC uses the DNSSEC NSEC chain to synthesize NXDOMAIN +and other denials, using information from previous NXDOMAINs answers. +Default is off. It helps to reduce the query rate towards targets that get +a very high nonexistant name lookup rate. +.TP .B private\-address: \fI<IP address or subnet> Give IPv4 of IPv6 addresses or classless subnets. These are addresses on your private network, and are not allowed to be returned for @@ -976,7 +1006,7 @@ address space are not validated. This is usually required whenever Configure a local zone. The type determines the answer to give if there is no match from local\-data. The types are deny, refuse, static, transparent, redirect, nodefault, typetransparent, inform, inform_deny, -always_transparent, always_refuse, always_nxdomain, +always_transparent, always_refuse, always_nxdomain, noview, and are explained below. After that the default settings are listed. Use local\-data: to enter data into the local zone. Answers for local zones are authoritative DNS answers. By default the zones are class IN. @@ -1046,6 +1076,13 @@ Like refuse, but ignores local data and refuses the query. \h'5'\fIalways_nxdomain\fR Like static, but ignores local data and returns nxdomain for the query. .TP 10 +\h'5'\fInoview\fR +Breaks out of that view and moves towards the global local zones for answer +to the query. If the view first is no, it'll resolve normally. If view first +is enabled, it'll break perform that step and check the global answers. +For when the view has view specific overrides but some zone has to be +answered from global local zone contents. +.TP 10 \h'5'\fInodefault\fR Used to turn off default contents for AS112 zones. The other types also turn off default contents for the zone. The 'nodefault' option @@ -1109,7 +1146,7 @@ local\-data: "onion. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" .fi .TP 10 -\h'5'\fItest (RFC 7686)\fR +\h'5'\fItest (RFC 2606)\fR Default content: .nf local\-zone: "test." static @@ -1118,7 +1155,7 @@ local\-data: "test. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800" .fi .TP 10 -\h'5'\fIinvalid (RFC 7686)\fR +\h'5'\fIinvalid (RFC 2606)\fR Default content: .nf local\-zone: "invalid." static @@ -1378,9 +1415,12 @@ The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. .TP -.B stub\-ssl\-upstream: \fI<yes or no> +.B stub\-tls\-upstream: \fI<yes or no> Enabled or disable whether the queries to this stub use SSL for transport. Default is no. +.TP +.B stub\-ssl\-upstream: \fI<yes or no> +Alternate syntax for \fBstub\-tls\-upstream\fR. .SS "Forward Zone Options" .LP There may be multiple @@ -1392,6 +1432,9 @@ forward the queries to. The servers listed as \fBforward\-host:\fR and those servers are not authority servers, but are (just like unbound is) recursive servers too; unbound does not perform recursion itself for the forward zone, it lets the remote server do it. Class IN is assumed. +CNAMEs are chased by unbound itself, asking the remote server for every +name in the indirection chain, to protect the local cache from illegal +indirect referenced items. A forward\-zone entry with name "." and a forward\-addr target will forward all queries to that other server (unless it can answer from the cache). @@ -1412,9 +1455,73 @@ The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. .TP -.B forward\-ssl\-upstream: \fI<yes or no> +.B forward\-tls\-upstream: \fI<yes or no> Enabled or disable whether the queries to this forwarder use SSL for transport. Default is no. +.TP +.B forward\-ssl\-upstream: \fI<yes or no> +Alternate syntax for \fBforward\-tls\-upstream\fR. +.SS "Authority Zone Options" +.LP +Authority zones are configured with \fBauth\-zone:\fR, and each one must +have a \fBname:\fR. There can be multiple ones, by listing multiple auth\-zone clauses, each with a different name, pertaining to that part of the namespace. +The authority zone with the name closest to the name looked up is used. +Authority zones are processed after \fBlocal\-zones\fR and before +cache (\fBfor\-downstream:\fR \fIyes\fR), and when used in this manner +make unbound respond like an authority server. Authority zones are also +processed after cache, just before going to the network to fetch +information for recursion (\fBfor\-upstream:\fR \fIyes\fR), and when used +in this manner provide a local copy of an authority server that speeds up +lookups of that data. +.LP +Authority zones can be read from zonefile. And can be kept updated via +AXFR and IXFR. After update the zonefile is rewritten. The update mechanism +uses the SOA timer values and performs SOA UDP queries to detect zone changes. +.TP +.B name: \fI<zone name> +Name of the authority zone. +.TP +.B master: \fI<IP address or host name> +Where to download a copy of the zone from, with AXFR and IXFR. Multiple +masters can be specified. They are all tried if one fails. +.TP +.B url: \fI<url to zonefile> +Where to download a zonefile for the zone. With http or https. An example +for the url is "http://www.example.com/example.org.zone". Multiple url +statements can be given, they are tried in turn. If only urls are given +the SOA refresh timer is used to wait for making new downloads. If also +masters are listed, the masters are first probed with UDP SOA queries to +see if the SOA serial number has changed, reducing the number of downloads. +If none of the urls work, the masters are tried with IXFR and AXFR. +For https, the \fBtls\-cert\-bundle\fR and the hostname from the url are used +to authenticate the connection. +.TP +.B fallback\-enabled: \fI<yes or no> +Default no. If enabled, unbound falls back to querying the internet as +a resolver for this zone when lookups fail. For example for DNSSEC +validation failures. +.TP +.B for\-downstream: \fI<yes or no> +Default yes. If enabled, unbound serves authority responses to +downstream clients for this zone. This option makes unbound behave, for +the queries with names in this zone, like one of the authority servers for +that zone. Turn it off if you want unbound to provide recursion for the +zone but have a local copy of zone data. If for\-downstream is no and +for\-upstream is yes, then unbound will DNSSEC validate the contents of the +zone before serving the zone contents to clients and store validation +results in the cache. +.TP +.B for\-upstream: \fI<yes or no> +Default yes. If enabled, unbound fetches data from this data collection +for answering recursion queries. Instead of sending queries over the internet +to the authority servers for this zone, it'll fetch the data directly from +the zone data. Turn it on when you want unbound to provide recursion for +downstream clients, and use the zone data as a local copy to speed up lookups. +.TP +.B zonefile: \fI<filename> +The filename where the zone is stored. If not given then no zonefile is used. +If the file does not exist or is empty, unbound will attempt to fetch zone +data (eg. from the master servers). .SS "View Options" .LP There may be multiple @@ -1513,6 +1620,19 @@ times. Path to the certificate related to the \fBdnscrypt\-secret\-key\fRs. This option may be specified multiple times. .TP +.B dnscrypt\-provider\-cert\-rotated: \fI<path to cert file>\fR +Path to a certificate that we should be able to serve existing connection from +but do not want to advertise over \fBdnscrypt\-provider\fR's TXT record certs +distribution. +A typical use case is when rotating certificates, existing clients may still use +the client magic from the old cert in their queries until they fetch and update +the new cert. Likewise, it would allow one to prime the new cert/key without +distributing the new cert yet, this can be useful when using a network of +servers using anycast and on which the configuration may not get updated at the +exact same time. By priming the cert, the servers can handle both old and new +certs traffic while distributing only one. +This option may be specified multiple times. +.TP .B dnscrypt\-shared\-secret\-cache\-size: \fI<memory size> Give the size of the data structure in which the shared secret keys are kept in. Default 4m. In bytes or use m(mega), k(kilo), g(giga). diff --git a/edns-subnet/addrtree.c b/edns-subnet/addrtree.c index 050eb31fc98f..9a02db062c51 100644 --- a/edns-subnet/addrtree.c +++ b/edns-subnet/addrtree.c @@ -485,7 +485,7 @@ addrtree_find(struct addrtree *tree, const addrkey_t *addr, /* does this node have data? if yes, see if we have a match */ if (node->elem && node->ttl >= now) { /* saved at wrong depth */; - log_assert(node->scope >= depth) + log_assert(node->scope >= depth); if (depth == node->scope || (node->scope > sourcemask && depth == sourcemask)) { diff --git a/edns-subnet/subnetmod.c b/edns-subnet/subnetmod.c index 4b8a4b211275..ae2523b86c23 100644 --- a/edns-subnet/subnetmod.c +++ b/edns-subnet/subnetmod.c @@ -339,6 +339,7 @@ update_cache(struct module_qstate *qstate, int id) return; } lru_entry = &mrep_entry->entry; + lock_rw_wrlock(&lru_entry->lock); lru_entry->data = calloc(1, sizeof(struct subnet_msg_cache_data)); if (!lru_entry->data) { @@ -352,7 +353,9 @@ update_cache(struct module_qstate *qstate, int id) log_err("Subnet cache insertion failed"); return; } + lock_quick_lock(&sne->alloc.lock); rep = reply_info_copy(qstate->return_msg->rep, &sne->alloc, NULL); + lock_quick_unlock(&sne->alloc.lock); if (!rep) { if (acquired_lock) lock_rw_unlock(&lru_entry->lock); log_err("Subnet cache insertion failed"); @@ -374,6 +377,7 @@ update_cache(struct module_qstate *qstate, int id) if (acquired_lock) { lock_rw_unlock(&lru_entry->lock); } else { + lock_rw_unlock(&lru_entry->lock); slabhash_insert(subnet_msg_cache, h, lru_entry, lru_entry->data, NULL); } diff --git a/iterator/iter_delegpt.h b/iterator/iter_delegpt.h index 4bd79c81af09..24f0574901d9 100644 --- a/iterator/iter_delegpt.h +++ b/iterator/iter_delegpt.h @@ -83,6 +83,8 @@ struct delegpt { uint8_t dp_type_mlc; /** use SSL for upstream query */ uint8_t ssl_upstream; + /** delegpt from authoritative zone that is locally hosted */ + uint8_t auth_dp; }; /** diff --git a/iterator/iter_hints.c b/iterator/iter_hints.c index 47af96687fe6..1d4c228fabc2 100644 --- a/iterator/iter_hints.c +++ b/iterator/iter_hints.c @@ -129,7 +129,7 @@ compile_time_root_prime(int do_ip4, int do_ip6) dp->has_parent_side_NS = 1; if(do_ip4) { if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4")) goto failed; - if(!ah(dp, "B.ROOT-SERVERS.NET.", "192.228.79.201")) goto failed; + if(!ah(dp, "B.ROOT-SERVERS.NET.", "199.9.14.201")) goto failed; if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12")) goto failed; if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13")) goto failed; if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed; diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index 1bee85c0b991..12580dcdb539 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -503,6 +503,24 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, continue; } } + /* if this is type DS and we query for type DS we just got + * a referral answer for our type DS query, fix packet */ + if(rrset->type==LDNS_RR_TYPE_DS && + qinfo->qtype == LDNS_RR_TYPE_DS && + dname_pkt_compare(pkt, qinfo->qname, rrset->dname) == 0) { + rrset->section = LDNS_SECTION_ANSWER; + msg->ancount = rrset->rr_count + rrset->rrsig_count; + msg->nscount = 0; + msg->arcount = 0; + msg->an_rrsets = 1; + msg->ns_rrsets = 0; + msg->ar_rrsets = 0; + msg->rrset_count = 1; + msg->rrset_first = rrset; + msg->rrset_last = rrset; + rrset->rrset_all_next = NULL; + return 1; + } mark_additional_rrset(pkt, msg, rrset); prev = rrset; rrset = rrset->rrset_all_next; diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index 0b1b456113f7..70cab40faa80 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -656,6 +656,11 @@ iter_indicates_dnssec(struct module_env* env, struct delegpt* dp, /* a trust anchor exists with this name, RRSIGs expected */ if((a=anchor_find(env->anchors, dp->name, dp->namelabs, dp->namelen, dclass))) { + if(a->numDS == 0 && a->numDNSKEY == 0) { + /* insecure trust point */ + lock_basic_unlock(&a->lock); + return 0; + } lock_basic_unlock(&a->lock); return 1; } diff --git a/iterator/iter_utils.h b/iterator/iter_utils.h index d0629a83e0df..602fa6db3d0d 100644 --- a/iterator/iter_utils.h +++ b/iterator/iter_utils.h @@ -193,7 +193,7 @@ int iter_indicates_dnssec_fwd(struct module_env* env, * @param dp: delegation point. * @param msg: delegation message, with DS if a secure referral. * @param dclass: class of query. - * @return 1 if dnssec is expected, 0 if not. + * @return 1 if dnssec is expected, 0 if not or insecure point above qname. */ int iter_indicates_dnssec(struct module_env* env, struct delegpt* dp, struct dns_msg* msg, uint16_t dclass); diff --git a/iterator/iterator.c b/iterator/iterator.c index 6c49709adea3..7f3c65737d59 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -53,6 +53,7 @@ #include "validator/val_neg.h" #include "services/cache/dns.h" #include "services/cache/infra.h" +#include "services/authzone.h" #include "util/module.h" #include "util/netevent.h" #include "util/net_help.h" @@ -771,6 +772,11 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq, int id, if(!stub) return 0; stub_dp = stub->dp; + /* if we have an auth_zone dp, and stub is equal, don't prime stub + * yet, unless we want to fallback and avoid the auth_zone */ + if(!iq->auth_zone_avoid && iq->dp && iq->dp->auth_dp && + query_dname_compare(iq->dp->name, stub_dp->name) == 0) + return 0; /* is it a noprime stub (always use) */ if(stub->noprime) { @@ -832,6 +838,96 @@ prime_stub(struct module_qstate* qstate, struct iter_qstate* iq, int id, } /** + * Generate a delegation point for an auth zone (unless cached dp is better) + * false on alloc failure. + */ +static int +auth_zone_delegpt(struct module_qstate* qstate, struct iter_qstate* iq, + uint8_t* delname, size_t delnamelen) +{ + struct auth_zone* z; + if(iq->auth_zone_avoid) + return 1; + if(!delname) { + delname = iq->qchase.qname; + delnamelen = iq->qchase.qname_len; + } + lock_rw_rdlock(&qstate->env->auth_zones->lock); + z = auth_zones_find_zone(qstate->env->auth_zones, delname, delnamelen, + qstate->qinfo.qclass); + if(!z) { + lock_rw_unlock(&qstate->env->auth_zones->lock); + return 1; + } + lock_rw_rdlock(&z->lock); + lock_rw_unlock(&qstate->env->auth_zones->lock); + if(z->for_upstream) { + if(iq->dp && query_dname_compare(z->name, iq->dp->name) == 0 + && iq->dp->auth_dp && qstate->blacklist && + z->fallback_enabled) { + /* cache is blacklisted and fallback, and we + * already have an auth_zone dp */ + if(verbosity>=VERB_ALGO) { + char buf[255+1]; + dname_str(z->name, buf); + verbose(VERB_ALGO, "auth_zone %s " + "fallback because cache blacklisted", + buf); + } + lock_rw_unlock(&z->lock); + iq->dp = NULL; + return 1; + } + if(iq->dp==NULL || dname_subdomain_c(z->name, iq->dp->name)) { + struct delegpt* dp; + if(qstate->blacklist && z->fallback_enabled) { + /* cache is blacklisted because of a DNSSEC + * validation failure, and the zone allows + * fallback to the internet, query there. */ + if(verbosity>=VERB_ALGO) { + char buf[255+1]; + dname_str(z->name, buf); + verbose(VERB_ALGO, "auth_zone %s " + "fallback because cache blacklisted", + buf); + } + lock_rw_unlock(&z->lock); + return 1; + } + dp = (struct delegpt*)regional_alloc_zero( + qstate->region, sizeof(*dp)); + if(!dp) { + log_err("alloc failure"); + if(z->fallback_enabled) { + lock_rw_unlock(&z->lock); + return 1; /* just fallback */ + } + lock_rw_unlock(&z->lock); + return 0; + } + dp->name = regional_alloc_init(qstate->region, + z->name, z->namelen); + if(!dp->name) { + log_err("alloc failure"); + if(z->fallback_enabled) { + lock_rw_unlock(&z->lock); + return 1; /* just fallback */ + } + lock_rw_unlock(&z->lock); + return 0; + } + dp->namelen = z->namelen; + dp->namelabs = z->namelabs; + dp->auth_dp = 1; + iq->dp = dp; + } + } + + lock_rw_unlock(&z->lock); + return 1; +} + +/** * Generate A and AAAA checks for glue that is in-zone for the referral * we just got to obtain authoritative information on the addresses. * @@ -914,6 +1010,9 @@ generate_ns_check(struct module_qstate* qstate, struct iter_qstate* iq, int id) generate_a_aaaa_check(qstate, iq, id); return; } + /* no need to get the NS record for DS, it is above the zonecut */ + if(qstate->qinfo.qtype == LDNS_RR_TYPE_DS) + return; log_nametypeclass(VERB_ALGO, "schedule ns fetch", iq->dp->name, LDNS_RR_TYPE_NS, iq->qchase.qclass); @@ -1106,14 +1205,15 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, msg = dns_cache_lookup(qstate->env, iq->qchase.qname, iq->qchase.qname_len, iq->qchase.qtype, iq->qchase.qclass, qstate->query_flags, - qstate->region, qstate->env->scratch); + qstate->region, qstate->env->scratch, 0); if(!msg && qstate->env->neg_cache) { /* lookup in negative cache; may result in * NOERROR/NODATA or NXDOMAIN answers that need validation */ msg = val_neg_getmsg(qstate->env->neg_cache, &iq->qchase, qstate->region, qstate->env->rrset_cache, qstate->env->scratch_buffer, - *qstate->env->now, 1/*add SOA*/, NULL); + *qstate->env->now, 1/*add SOA*/, NULL, + qstate->env->cfg); } /* item taken from cache does not match our query name, thus * security needs to be re-examined later */ @@ -1164,7 +1264,7 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, iq->response = msg; return final_state(iq); } - + /* attempt to forward the request */ if(forward_request(qstate, iq)) { @@ -1225,8 +1325,15 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, /* If the cache has returned nothing, then we have a * root priming situation. */ if(iq->dp == NULL) { + int r; + /* if under auth zone, no prime needed */ + if(!auth_zone_delegpt(qstate, iq, delname, delnamelen)) + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + if(iq->dp) /* use auth zone dp */ + return next_state(iq, INIT_REQUEST_2_STATE); /* if there is a stub, then no root prime needed */ - int r = prime_stub(qstate, iq, id, delname, + r = prime_stub(qstate, iq, id, delname, iq->qchase.qclass); if(r == 2) break; /* got noprime-stub-zone, continue */ @@ -1371,22 +1478,36 @@ processInitRequest2(struct module_qstate* qstate, struct iter_qstate* iq, log_query_info(VERB_QUERY, "resolving (init part 2): ", &qstate->qinfo); + delname = iq->qchase.qname; + delnamelen = iq->qchase.qname_len; if(iq->refetch_glue) { + struct iter_hints_stub* stub; if(!iq->dp) { log_err("internal or malloc fail: no dp for refetch"); return error_response(qstate, id, LDNS_RCODE_SERVFAIL); } - delname = iq->dp->name; - delnamelen = iq->dp->namelen; - } else { - delname = iq->qchase.qname; - delnamelen = iq->qchase.qname_len; + /* Do not send queries above stub, do not set delname to dp if + * this is above stub without stub-first. */ + stub = hints_lookup_stub( + qstate->env->hints, iq->qchase.qname, iq->qchase.qclass, + iq->dp); + if(!stub || !stub->dp->has_parent_side_NS || + dname_subdomain_c(iq->dp->name, stub->dp->name)) { + delname = iq->dp->name; + delnamelen = iq->dp->namelen; + } } if(iq->qchase.qtype == LDNS_RR_TYPE_DS || iq->refetch_glue) { if(!dname_is_root(delname)) dname_remove_label(&delname, &delnamelen); iq->refetch_glue = 0; /* if CNAME causes restart, no refetch */ } + + /* see if we have an auth zone to answer from, improves dp from cache + * (if any dp from cache) with auth zone dp, if that is lower */ + if(!auth_zone_delegpt(qstate, iq, delname, delnamelen)) + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + /* Check to see if we need to prime a stub zone. */ if(prime_stub(qstate, iq, id, delname, iq->qchase.qclass)) { /* A priming sub request was made */ @@ -1871,6 +1992,7 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, int tf_policy; struct delegpt_addr* target; struct outbound_entry* outq; + int auth_fallback = 0; /* NOTE: a request will encounter this state for each target it * needs to send a query to. That is, at least one per referral, @@ -1915,6 +2037,152 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, return 0; } + if(iq->minimisation_state == INIT_MINIMISE_STATE) { + /* (Re)set qinfo_out to (new) delegation point, except when + * qinfo_out is already a subdomain of dp. This happens when + * increasing by more than one label at once (QNAMEs with more + * than MAX_MINIMISE_COUNT labels). */ + if(!(iq->qinfo_out.qname_len + && dname_subdomain_c(iq->qchase.qname, + iq->qinfo_out.qname) + && dname_subdomain_c(iq->qinfo_out.qname, + iq->dp->name))) { + iq->qinfo_out.qname = iq->dp->name; + iq->qinfo_out.qname_len = iq->dp->namelen; + iq->qinfo_out.qtype = LDNS_RR_TYPE_A; + iq->qinfo_out.qclass = iq->qchase.qclass; + iq->qinfo_out.local_alias = NULL; + iq->minimise_count = 0; + } + + iq->minimisation_state = MINIMISE_STATE; + } + if(iq->minimisation_state == MINIMISE_STATE) { + int qchaselabs = dname_count_labels(iq->qchase.qname); + int labdiff = qchaselabs - + dname_count_labels(iq->qinfo_out.qname); + + iq->qinfo_out.qname = iq->qchase.qname; + iq->qinfo_out.qname_len = iq->qchase.qname_len; + iq->minimise_count++; + iq->minimise_timeout_count = 0; + + iter_dec_attempts(iq->dp, 1); + + /* Limit number of iterations for QNAMEs with more + * than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB + * labels of QNAME always individually. + */ + if(qchaselabs > MAX_MINIMISE_COUNT && labdiff > 1 && + iq->minimise_count > MINIMISE_ONE_LAB) { + if(iq->minimise_count < MAX_MINIMISE_COUNT) { + int multilabs = qchaselabs - 1 - + MINIMISE_ONE_LAB; + int extralabs = multilabs / + MINIMISE_MULTIPLE_LABS; + + if (MAX_MINIMISE_COUNT - iq->minimise_count >= + multilabs % MINIMISE_MULTIPLE_LABS) + /* Default behaviour is to add 1 label + * every iteration. Therefore, decrement + * the extralabs by 1 */ + extralabs--; + if (extralabs < labdiff) + labdiff -= extralabs; + else + labdiff = 1; + } + /* Last minimised iteration, send all labels with + * QTYPE=NS */ + else + labdiff = 1; + } + + if(labdiff > 1) { + verbose(VERB_QUERY, "removing %d labels", labdiff-1); + dname_remove_labels(&iq->qinfo_out.qname, + &iq->qinfo_out.qname_len, + labdiff-1); + } + if(labdiff < 1 || (labdiff < 2 + && (iq->qchase.qtype == LDNS_RR_TYPE_DS + || iq->qchase.qtype == LDNS_RR_TYPE_A))) + /* Stop minimising this query, resolve "as usual" */ + iq->minimisation_state = DONOT_MINIMISE_STATE; + else if(!qstate->no_cache_lookup) { + struct dns_msg* msg = dns_cache_lookup(qstate->env, + iq->qinfo_out.qname, iq->qinfo_out.qname_len, + iq->qinfo_out.qtype, iq->qinfo_out.qclass, + qstate->query_flags, qstate->region, + qstate->env->scratch, 0); + if(msg && msg->rep->an_numrrsets == 0 + && FLAGS_GET_RCODE(msg->rep->flags) == + LDNS_RCODE_NOERROR) + /* no need to send query if it is already + * cached as NOERROR/NODATA */ + return 1; + } + } + if(iq->minimisation_state == SKIP_MINIMISE_STATE) { + if(iq->minimise_timeout_count < MAX_MINIMISE_TIMEOUT_COUNT) + /* Do not increment qname, continue incrementing next + * iteration */ + iq->minimisation_state = MINIMISE_STATE; + else if(!qstate->env->cfg->qname_minimisation_strict) + /* Too many time-outs detected for this QNAME and QTYPE. + * We give up, disable QNAME minimisation. */ + iq->minimisation_state = DONOT_MINIMISE_STATE; + } + if(iq->minimisation_state == DONOT_MINIMISE_STATE) + iq->qinfo_out = iq->qchase; + + /* now find an answer to this query */ + /* see if authority zones have an answer */ + /* now we know the dp, we can check the auth zone for locally hosted + * contents */ + if(!iq->auth_zone_avoid && qstate->blacklist) { + if(auth_zones_can_fallback(qstate->env->auth_zones, + iq->dp->name, iq->dp->namelen, iq->qinfo_out.qclass)) { + /* if cache is blacklisted and this zone allows us + * to fallback to the internet, then do so, and + * fetch results from the internet servers */ + iq->auth_zone_avoid = 1; + } + } + if(iq->auth_zone_avoid) { + iq->auth_zone_avoid = 0; + auth_fallback = 1; + } else if(auth_zones_lookup(qstate->env->auth_zones, &iq->qinfo_out, + qstate->region, &iq->response, &auth_fallback, iq->dp->name, + iq->dp->namelen)) { + /* use this as a response to be processed by the iterator */ + if(verbosity >= VERB_ALGO) { + log_dns_msg("msg from auth zone", + &iq->response->qinfo, iq->response->rep); + } + iq->num_current_queries++; + iq->chase_to_rd = 0; + iq->dnssec_lame_query = 0; + iq->auth_zone_response = 1; + return next_state(iq, QUERY_RESP_STATE); + } + iq->auth_zone_response = 0; + if(auth_fallback == 0) { + /* like we got servfail from the auth zone lookup, and + * no internet fallback */ + verbose(VERB_ALGO, "auth zone lookup failed, no fallback," + " servfail"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + if(iq->dp && iq->dp->auth_dp) { + /* we wanted to fallback, but had no delegpt, only the + * auth zone generated delegpt, create an actual one */ + iq->auth_zone_avoid = 1; + return next_state(iq, INIT_REQUEST_STATE); + } + /* but mostly, fallback==1 (like, when no such auth zone exists) + * and we continue with lookups */ + tf_policy = 0; /* < not <=, because although the array is large enough for <=, the * generated query will immediately be discarded due to depth and @@ -2082,105 +2350,6 @@ processQueryTargets(struct module_qstate* qstate, struct iter_qstate* iq, } } - if(iq->minimisation_state == INIT_MINIMISE_STATE) { - /* (Re)set qinfo_out to (new) delegation point, except when - * qinfo_out is already a subdomain of dp. This happens when - * increasing by more than one label at once (QNAMEs with more - * than MAX_MINIMISE_COUNT labels). */ - if(!(iq->qinfo_out.qname_len - && dname_subdomain_c(iq->qchase.qname, - iq->qinfo_out.qname) - && dname_subdomain_c(iq->qinfo_out.qname, - iq->dp->name))) { - iq->qinfo_out.qname = iq->dp->name; - iq->qinfo_out.qname_len = iq->dp->namelen; - iq->qinfo_out.qtype = LDNS_RR_TYPE_A; - iq->qinfo_out.qclass = iq->qchase.qclass; - iq->qinfo_out.local_alias = NULL; - iq->minimise_count = 0; - } - - iq->minimisation_state = MINIMISE_STATE; - } - if(iq->minimisation_state == MINIMISE_STATE) { - int qchaselabs = dname_count_labels(iq->qchase.qname); - int labdiff = qchaselabs - - dname_count_labels(iq->qinfo_out.qname); - - iq->qinfo_out.qname = iq->qchase.qname; - iq->qinfo_out.qname_len = iq->qchase.qname_len; - iq->minimise_count++; - iq->minimise_timeout_count = 0; - - iter_dec_attempts(iq->dp, 1); - - /* Limit number of iterations for QNAMEs with more - * than MAX_MINIMISE_COUNT labels. Send first MINIMISE_ONE_LAB - * labels of QNAME always individually. - */ - if(qchaselabs > MAX_MINIMISE_COUNT && labdiff > 1 && - iq->minimise_count > MINIMISE_ONE_LAB) { - if(iq->minimise_count < MAX_MINIMISE_COUNT) { - int multilabs = qchaselabs - 1 - - MINIMISE_ONE_LAB; - int extralabs = multilabs / - MINIMISE_MULTIPLE_LABS; - - if (MAX_MINIMISE_COUNT - iq->minimise_count >= - multilabs % MINIMISE_MULTIPLE_LABS) - /* Default behaviour is to add 1 label - * every iteration. Therefore, decrement - * the extralabs by 1 */ - extralabs--; - if (extralabs < labdiff) - labdiff -= extralabs; - else - labdiff = 1; - } - /* Last minimised iteration, send all labels with - * QTYPE=NS */ - else - labdiff = 1; - } - - if(labdiff > 1) { - verbose(VERB_QUERY, "removing %d labels", labdiff-1); - dname_remove_labels(&iq->qinfo_out.qname, - &iq->qinfo_out.qname_len, - labdiff-1); - } - if(labdiff < 1 || (labdiff < 2 - && (iq->qchase.qtype == LDNS_RR_TYPE_DS - || iq->qchase.qtype == LDNS_RR_TYPE_A))) - /* Stop minimising this query, resolve "as usual" */ - iq->minimisation_state = DONOT_MINIMISE_STATE; - else if(!qstate->no_cache_lookup) { - struct dns_msg* msg = dns_cache_lookup(qstate->env, - iq->qinfo_out.qname, iq->qinfo_out.qname_len, - iq->qinfo_out.qtype, iq->qinfo_out.qclass, - qstate->query_flags, qstate->region, - qstate->env->scratch); - if(msg && msg->rep->an_numrrsets == 0 - && FLAGS_GET_RCODE(msg->rep->flags) == - LDNS_RCODE_NOERROR) - /* no need to send query if it is already - * cached as NOERROR/NODATA */ - return 1; - } - } - if(iq->minimisation_state == SKIP_MINIMISE_STATE) { - if(iq->minimise_timeout_count < MAX_MINIMISE_TIMEOUT_COUNT) - /* Do not increment qname, continue incrementing next - * iteration */ - iq->minimisation_state = MINIMISE_STATE; - else if(!qstate->env->cfg->qname_minimisation_strict) - /* Too many time-outs detected for this QNAME and QTYPE. - * We give up, disable QNAME minimisation. */ - iq->minimisation_state = DONOT_MINIMISE_STATE; - } - if(iq->minimisation_state == DONOT_MINIMISE_STATE) - iq->qinfo_out = iq->qchase; - /* We have a valid target. */ if(verbosity >= VERB_QUERY) { log_query_info(VERB_QUERY, "sending query:", &iq->qinfo_out); @@ -2573,6 +2742,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iq->deleg_msg = NULL; iq->dp = NULL; iq->dsns_point = NULL; + iq->auth_zone_response = 0; /* Note the query restart. */ iq->query_restart_count++; iq->sent_count = 0; @@ -2645,6 +2815,25 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, if (qstate->env->cfg->qname_minimisation && !qstate->env->cfg->qname_minimisation_strict) iq->minimisation_state = DONOT_MINIMISE_STATE; + if(iq->auth_zone_response) { + /* can we fallback? */ + iq->auth_zone_response = 0; + if(!auth_zones_can_fallback(qstate->env->auth_zones, + iq->dp->name, iq->dp->namelen, qstate->qinfo.qclass)) { + verbose(VERB_ALGO, "auth zone response bad, and no" + " fallback possible, servfail"); + return error_response(qstate, id, LDNS_RCODE_SERVFAIL); + } + verbose(VERB_ALGO, "auth zone response was bad, " + "fallback enabled"); + iq->auth_zone_avoid = 1; + if(iq->dp->auth_dp) { + /* we are using a dp for the auth zone, with no + * nameservers, get one first */ + iq->dp = NULL; + return next_state(iq, INIT_REQUEST_STATE); + } + } return next_state(iq, QUERYTARGETS_STATE); } diff --git a/iterator/iterator.h b/iterator/iterator.h index 841a3643669c..67ffeb147631 100644 --- a/iterator/iterator.h +++ b/iterator/iterator.h @@ -387,6 +387,11 @@ struct iter_qstate { * Count number of time-outs. Used to prevent resolving failures when * the QNAME minimisation QTYPE is blocked. */ int minimise_timeout_count; + + /** True if the current response is from auth_zone */ + int auth_zone_response; + /** True if the auth_zones should not be consulted for the query */ + int auth_zone_avoid; }; /** diff --git a/libunbound/context.c b/libunbound/context.c index e203111b70d8..8bff713bca30 100644 --- a/libunbound/context.c +++ b/libunbound/context.c @@ -47,6 +47,7 @@ #include "services/localzone.h" #include "services/cache/rrset.h" #include "services/cache/infra.h" +#include "services/authzone.h" #include "util/data/msgreply.h" #include "util/storage/slabhash.h" #include "sldns/sbuffer.h" @@ -68,6 +69,8 @@ context_finalize(struct ub_ctx* ctx) return UB_NOMEM; if(!local_zones_apply_cfg(ctx->local_zones, cfg)) return UB_INITFAIL; + if(!auth_zones_apply_cfg(ctx->env->auth_zones, cfg, 1)) + return UB_INITFAIL; if(!ctx->env->msg_cache || cfg->msg_cache_size != slabhash_get_size(ctx->env->msg_cache) || cfg->msg_cache_slabs != ctx->env->msg_cache->size) { diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c index 9b4dcab15794..b4cd7fa0bcc2 100644 --- a/libunbound/libunbound.c +++ b/libunbound/libunbound.c @@ -62,6 +62,7 @@ #include "services/localzone.h" #include "services/cache/infra.h" #include "services/cache/rrset.h" +#include "services/authzone.h" #include "sldns/sbuffer.h" #ifdef HAVE_PTHREAD #include <signal.h> @@ -88,6 +89,7 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) WSADATA wsa_data; #endif + checklock_start(); log_init(NULL, 0, NULL); /* logs to stderr */ log_ident_set("libunbound"); #ifdef USE_WINSOCK @@ -141,6 +143,16 @@ static struct ub_ctx* ub_ctx_create_nopipe(void) errno = ENOMEM; return NULL; } + ctx->env->auth_zones = auth_zones_create(); + if(!ctx->env->auth_zones) { + edns_known_options_delete(ctx->env); + config_delete(ctx->env->cfg); + free(ctx->env); + ub_randfree(ctx->seed_rnd); + free(ctx); + errno = ENOMEM; + return NULL; + } ctx->env->alloc = &ctx->superalloc; ctx->env->worker = NULL; ctx->env->need_to_validate = 0; @@ -310,6 +322,7 @@ ub_ctx_delete(struct ub_ctx* ctx) infra_delete(ctx->env->infra_cache); config_delete(ctx->env->cfg); edns_known_options_delete(ctx->env); + auth_zones_delete(ctx->env->auth_zones); free(ctx->env); } ub_randfree(ctx->seed_rnd); diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 4067ef4d2853..2c7b2cf072ac 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -55,6 +55,7 @@ #include "services/localzone.h" #include "services/cache/rrset.h" #include "services/outbound_list.h" +#include "services/authzone.h" #include "util/fptr_wlist.h" #include "util/module.h" #include "util/regional.h" @@ -158,7 +159,8 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) w->env->hints = NULL; } if(cfg->ssl_upstream) { - w->sslctx = connect_sslctx_create(NULL, NULL, NULL); + w->sslctx = connect_sslctx_create(NULL, NULL, + cfg->tls_cert_bundle); if(!w->sslctx) { /* to make the setup fail after unlock */ hints_delete(w->env->hints); @@ -214,6 +216,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) libworker_delete(w); return NULL; } + w->env->worker_base = w->base; if(!w->is_bg || w->is_bg_thread) { lock_basic_lock(&ctx->cfglock); } @@ -235,6 +238,7 @@ libworker_setup(struct ub_ctx* ctx, int is_bg, struct ub_event_base* eb) cfg->outgoing_tcp_mss, &libworker_alloc_cleanup, w, cfg->do_udp || cfg->udp_upstream_without_downstream, w->sslctx, cfg->delay_close, NULL); + w->env->outnet = w->back; if(!w->is_bg || w->is_bg_thread) { lock_basic_unlock(&ctx->cfglock); } @@ -419,25 +423,6 @@ int libworker_bg(struct ub_ctx* ctx) return UB_NOERROR; } -/** get msg reply struct (in temp region) */ -static struct reply_info* -parse_reply(sldns_buffer* pkt, struct regional* region, struct query_info* qi) -{ - struct reply_info* rep; - struct msg_parse* msg; - if(!(msg = regional_alloc(region, sizeof(*msg)))) { - return NULL; - } - memset(msg, 0, sizeof(*msg)); - sldns_buffer_set_position(pkt, 0); - if(parse_packet(pkt, msg, region) != 0) - return 0; - if(!parse_create_msg(pkt, msg, NULL, qi, &rep, region)) { - return 0; - } - return rep; -} - /** insert canonname */ static int fill_canon(struct ub_result* res, uint8_t* s) @@ -511,7 +496,7 @@ libworker_enter_result(struct ub_result* res, sldns_buffer* buf, struct query_info rq; struct reply_info* rep; res->rcode = LDNS_RCODE_SERVFAIL; - rep = parse_reply(buf, temp, &rq); + rep = parse_reply_in_temp_region(buf, temp, &rq); if(!rep) { log_err("cannot parse buf"); return; /* error parsing buf, or out of memory */ @@ -621,6 +606,15 @@ int libworker_fg(struct ub_ctx* ctx, struct ctx_query* q) free(qinfo.qname); return UB_NOERROR; } + if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones, + w->env, &qinfo, &edns, w->back->udp_buff, w->env->scratch)) { + regional_free_all(w->env->scratch); + libworker_fillup_fg(q, LDNS_RCODE_NOERROR, + w->back->udp_buff, sec_status_insecure, NULL); + libworker_delete(w); + free(qinfo.qname); + return UB_NOERROR; + } /* process new query */ if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, w->back->udp_buff, qid, libworker_fg_done_cb, q)) { @@ -691,6 +685,14 @@ int libworker_attach_mesh(struct ub_ctx* ctx, struct ctx_query* q, w->back->udp_buff, sec_status_insecure, NULL); return UB_NOERROR; } + if(ctx->env->auth_zones && auth_zones_answer(ctx->env->auth_zones, + w->env, &qinfo, &edns, w->back->udp_buff, w->env->scratch)) { + regional_free_all(w->env->scratch); + free(qinfo.qname); + libworker_event_done_cb(q, LDNS_RCODE_NOERROR, + w->back->udp_buff, sec_status_insecure, NULL); + return UB_NOERROR; + } /* process new query */ if(async_id) *async_id = q->querynum; @@ -812,6 +814,14 @@ handle_newq(struct libworker* w, uint8_t* buf, uint32_t len) free(qinfo.qname); return; } + if(w->ctx->env->auth_zones && auth_zones_answer(w->ctx->env->auth_zones, + w->env, &qinfo, &edns, w->back->udp_buff, w->env->scratch)) { + regional_free_all(w->env->scratch); + q->msg_security = sec_status_insecure; + add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL); + free(qinfo.qname); + return; + } q->w = w; /* process new query */ if(!mesh_new_callback(w->env->mesh, &qinfo, qflags, &edns, diff --git a/services/authzone.c b/services/authzone.c index 88beddbf9229..1da924d841ea 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -44,26 +44,55 @@ #include "config.h" #include "services/authzone.h" #include "util/data/dname.h" +#include "util/data/msgparse.h" #include "util/data/msgreply.h" +#include "util/data/msgencode.h" #include "util/data/packed_rrset.h" #include "util/regional.h" #include "util/net_help.h" +#include "util/netevent.h" #include "util/config_file.h" #include "util/log.h" +#include "util/module.h" +#include "util/random.h" #include "services/cache/dns.h" +#include "services/outside_network.h" +#include "services/listen_dnsport.h" +#include "services/mesh.h" #include "sldns/rrdef.h" #include "sldns/pkthdr.h" #include "sldns/sbuffer.h" #include "sldns/str2wire.h" #include "sldns/wire2str.h" #include "sldns/parseutil.h" +#include "sldns/keyraw.h" #include "validator/val_nsec3.h" #include "validator/val_secalgo.h" +#include <ctype.h> /** bytes to use for NSEC3 hash buffer. 20 for sha1 */ #define N3HASHBUFLEN 32 /** max number of CNAMEs we are willing to follow (in one answer) */ #define MAX_CNAME_CHAIN 8 +/** timeout for probe packets for SOA */ +#define AUTH_PROBE_TIMEOUT 100 /* msec */ +/** when to stop with SOA probes (when exponential timeouts exceed this) */ +#define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */ +/* auth transfer timeout for TCP connections, in msec */ +#define AUTH_TRANSFER_TIMEOUT 10000 /* msec */ +/* auth transfer max backoff for failed tranfers and probes */ +#define AUTH_TRANSFER_MAX_BACKOFF 86400 /* sec */ +/* auth http port number */ +#define AUTH_HTTP_PORT 80 +/* auth https port number */ +#define AUTH_HTTPS_PORT 443 + +/** pick up nextprobe task to start waiting to perform transfer actions */ +static void xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env, + int failure); +/** move to sending the probe packets, next if fails. task_probe */ +static void xfr_probe_send_or_end(struct auth_xfer* xfr, + struct module_env* env); /** create new dns_msg */ static struct dns_msg* @@ -252,9 +281,11 @@ struct auth_zones* auth_zones_create(void) return NULL; } rbtree_init(&az->ztree, &auth_zone_cmp); + rbtree_init(&az->xtree, &auth_xfer_cmp); lock_rw_init(&az->lock); lock_protect(&az->lock, &az->ztree, sizeof(az->ztree)); - /* also lock protects the rbnode's in struct auth_zone */ + lock_protect(&az->lock, &az->xtree, sizeof(az->xtree)); + /* also lock protects the rbnode's in struct auth_zone, auth_xfer */ return az; } @@ -285,6 +316,23 @@ int auth_data_cmp(const void* z1, const void* z2) b->namelabs, &m); } +int auth_xfer_cmp(const void* z1, const void* z2) +{ + /* first sort on class, so that hierarchy can be maintained within + * a class */ + struct auth_xfer* a = (struct auth_xfer*)z1; + struct auth_xfer* b = (struct auth_xfer*)z2; + int m; + if(a->dclass != b->dclass) { + if(a->dclass < b->dclass) + return -1; + return 1; + } + /* sorted such that higher zones sort before lower zones (their + * contents) */ + return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); +} + /** delete auth rrset node */ static void auth_rrset_delete(struct auth_rrset* rrset) @@ -374,6 +422,19 @@ auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen, return (struct auth_zone*)rbtree_search(&az->ztree, &key); } +struct auth_xfer* +auth_xfer_find(struct auth_zones* az, uint8_t* nm, size_t nmlen, + uint16_t dclass) +{ + struct auth_xfer key; + key.node.key = &key; + key.dclass = dclass; + key.name = nm; + key.namelen = nmlen; + key.namelabs = dname_count_labels(nm); + return (struct auth_xfer*)rbtree_search(&az->xtree, &key); +} + /** find an auth zone or sorted less-or-equal, return true if exact */ static int auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen, @@ -388,30 +449,36 @@ auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen, return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z); } -/** find the auth zone that is above the given qname */ + +/** find the auth zone that is above the given name */ struct auth_zone* -auth_zones_find_zone(struct auth_zones* az, struct query_info* qinfo) +auth_zones_find_zone(struct auth_zones* az, uint8_t* name, size_t name_len, + uint16_t dclass) { - uint8_t* nm = qinfo->qname; - size_t nmlen = qinfo->qname_len; + uint8_t* nm = name; + size_t nmlen = name_len; struct auth_zone* z; - if(auth_zone_find_less_equal(az, nm, nmlen, qinfo->qclass, &z)) { + if(auth_zone_find_less_equal(az, nm, nmlen, dclass, &z)) { /* exact match */ return z; } else { /* less-or-nothing */ if(!z) return NULL; /* nothing smaller, nothing above it */ - /* we found smaller name; smaller may be above the qname, + /* we found smaller name; smaller may be above the name, * but not below it. */ - nm = dname_get_shared_topdomain(z->name, qinfo->qname); + nm = dname_get_shared_topdomain(z->name, name); dname_count_size_labels(nm, &nmlen); + z = NULL; } + /* search up */ - while(!z && !dname_is_root(nm)) { + while(!z) { + z = auth_zone_find(az, nm, nmlen, dclass); + if(z) return z; + if(dname_is_root(nm)) break; dname_remove_label(&nm, &nmlen); - z = auth_zone_find(az, nm, nmlen, qinfo->qclass); } - return z; + return NULL; } /** find or create zone with name str. caller must have lock on az. @@ -437,6 +504,22 @@ auth_zones_find_or_add_zone(struct auth_zones* az, char* name) return z; } +/** find or create xfer zone with name str. caller must have lock on az. + * returns a locked xfer */ +static struct auth_xfer* +auth_zones_find_or_add_xfer(struct auth_zones* az, struct auth_zone* z) +{ + struct auth_xfer* x; + x = auth_xfer_find(az, z->name, z->namelen, z->dclass); + if(!x) { + /* not found, create the zone */ + x = auth_xfer_create(az, z); + } else { + lock_basic_lock(&x->lock); + } + return x; +} + int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile) { @@ -564,6 +647,40 @@ domain_remove_rrset(struct auth_data* node, uint16_t rr_type) } } +/** find an rr index in the rrset. returns true if found */ +static int +az_rrset_find_rr(struct packed_rrset_data* d, uint8_t* rdata, size_t len, + size_t* index) +{ + size_t i; + for(i=0; i<d->count; i++) { + if(d->rr_len[i] != len) + continue; + if(memcmp(d->rr_data[i], rdata, len) == 0) { + *index = i; + return 1; + } + } + return 0; +} + +/** find an rrsig index in the rrset. returns true if found */ +static int +az_rrset_find_rrsig(struct packed_rrset_data* d, uint8_t* rdata, size_t len, + size_t* index) +{ + size_t i; + for(i=d->count; i<d->count + d->rrsig_count; i++) { + if(d->rr_len[i] != len) + continue; + if(memcmp(d->rr_data[i], rdata, len) == 0) { + *index = i; + return 1; + } + } + return 0; +} + /** see if rdata is duplicate */ static int rdata_duplicate(struct packed_rrset_data* d, uint8_t* rdata, size_t len) @@ -591,6 +708,68 @@ rrsig_rdata_get_type_covered(uint8_t* rdata, size_t rdatalen) return sldns_read_uint16(rdata+2); } +/** remove RR from existing RRset. Also sig, if it is a signature. + * reallocates the packed rrset for a new one, false on alloc failure */ +static int +rrset_remove_rr(struct auth_rrset* rrset, size_t index) +{ + struct packed_rrset_data* d, *old = rrset->data; + size_t i; + if(index >= old->count + old->rrsig_count) + return 0; /* index out of bounds */ + d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) - ( + sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) + + old->rr_len[index])); + if(!d) { + log_err("malloc failure"); + return 0; + } + d->ttl = old->ttl; + d->count = old->count; + d->rrsig_count = old->rrsig_count; + if(index < d->count) d->count--; + else d->rrsig_count--; + d->trust = old->trust; + d->security = old->security; + + /* set rr_len, needed for ptr_fixup */ + d->rr_len = (size_t*)((uint8_t*)d + + sizeof(struct packed_rrset_data)); + if(index > 0) + memmove(d->rr_len, old->rr_len, (index)*sizeof(size_t)); + if(index+1 < old->count+old->rrsig_count) + memmove(&d->rr_len[index], &old->rr_len[index+1], + (old->count+old->rrsig_count - (index+1))*sizeof(size_t)); + packed_rrset_ptr_fixup(d); + + /* move over ttls */ + if(index > 0) + memmove(d->rr_ttl, old->rr_ttl, (index)*sizeof(time_t)); + if(index+1 < old->count+old->rrsig_count) + memmove(&d->rr_ttl[index], &old->rr_ttl[index+1], + (old->count+old->rrsig_count - (index+1))*sizeof(time_t)); + + /* move over rr_data */ + for(i=0; i<d->count+d->rrsig_count; i++) { + size_t oldi; + if(i < index) oldi = i; + else oldi = i+1; + memmove(d->rr_data[i], old->rr_data[oldi], d->rr_len[i]); + } + + /* recalc ttl (lowest of remaining RR ttls) */ + if(d->count + d->rrsig_count > 0) + d->ttl = d->rr_ttl[0]; + for(i=0; i<d->count+d->rrsig_count; i++) { + if(d->rr_ttl[i] < d->ttl) + d->ttl = d->rr_ttl[i]; + } + + free(rrset->data); + rrset->data = d; + return 1; +} + /** add RR to existing RRset. If insert_sig is true, add to rrsigs. * This reallocates the packed rrset for a new one */ static int @@ -750,7 +929,6 @@ rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type, /* 0 rrsigs to move over, done */ return 1; } - log_info("moveover %d sigs size %d", (int)sigs, (int)sigsz); /* allocate rrset sigsz larger for extra sigs elements, and * allocate rrsig sigsz smaller for less sigs elements. */ @@ -867,11 +1045,38 @@ rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type, return 1; } +/** copy the rrsigs from the rrset to the rrsig rrset, because the rrset + * is going to be deleted. reallocates the RRSIG rrset data. */ +static int +rrsigs_copy_from_rrset_to_rrsigset(struct auth_rrset* rrset, + struct auth_rrset* rrsigset) +{ + size_t i; + if(rrset->data->rrsig_count == 0) + return 1; + + /* move them over one by one, because there might be duplicates, + * duplicates are ignored */ + for(i=rrset->data->count; + i<rrset->data->count+rrset->data->rrsig_count; i++) { + uint8_t* rdata = rrset->data->rr_data[i]; + size_t rdatalen = rrset->data->rr_len[i]; + time_t rr_ttl = rrset->data->rr_ttl[i]; + + if(rdata_duplicate(rrsigset->data, rdata, rdatalen)) { + continue; + } + if(!rrset_add_rr(rrsigset, rr_ttl, rdata, rdatalen, 0)) + return 0; + } + return 1; +} + /** Add rr to node, ignores duplicate RRs, * rdata points to buffer with rdatalen octets, starts with 2bytelength. */ static int az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, - uint8_t* rdata, size_t rdatalen) + uint8_t* rdata, size_t rdatalen, int* duplicate) { struct auth_rrset* rrset; /* packed rrsets have their rrsigs along with them, sort them out */ @@ -880,14 +1085,18 @@ az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, if((rrset=az_domain_rrset(node, ctype))!= NULL) { /* a node of the correct type exists, add the RRSIG * to the rrset of the covered data type */ - if(rdata_duplicate(rrset->data, rdata, rdatalen)) + if(rdata_duplicate(rrset->data, rdata, rdatalen)) { + if(duplicate) *duplicate = 1; return 1; + } if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 1)) return 0; } else if((rrset=az_domain_rrset(node, rr_type))!= NULL) { /* add RRSIG to rrset of type RRSIG */ - if(rdata_duplicate(rrset->data, rdata, rdatalen)) + if(rdata_duplicate(rrset->data, rdata, rdatalen)) { + if(duplicate) *duplicate = 1; return 1; + } if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0)) return 0; } else { @@ -900,8 +1109,10 @@ az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, /* normal RR type */ if((rrset=az_domain_rrset(node, rr_type))!= NULL) { /* add data to existing node with data type */ - if(rdata_duplicate(rrset->data, rdata, rdatalen)) + if(rdata_duplicate(rrset->data, rdata, rdatalen)) { + if(duplicate) *duplicate = 1; return 1; + } if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0)) return 0; } else { @@ -928,7 +1139,7 @@ az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl, /** insert RR into zone, ignore duplicates */ static int az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, - size_t dname_len) + size_t dname_len, int* duplicate) { struct auth_data* node; uint8_t* dname = rr; @@ -948,13 +1159,273 @@ az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, log_err("cannot create domain"); return 0; } - if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen)) { + if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen, + duplicate)) { log_err("cannot add RR to domain"); return 0; } return 1; } +/** Remove rr from node, ignores nonexisting RRs, + * rdata points to buffer with rdatalen octets, starts with 2bytelength. */ +static int +az_domain_remove_rr(struct auth_data* node, uint16_t rr_type, + uint8_t* rdata, size_t rdatalen, int* nonexist) +{ + struct auth_rrset* rrset; + size_t index = 0; + + /* find the plain RR of the given type */ + if((rrset=az_domain_rrset(node, rr_type))!= NULL) { + if(az_rrset_find_rr(rrset->data, rdata, rdatalen, &index)) { + if(rrset->data->count == 1 && + rrset->data->rrsig_count == 0) { + /* last RR, delete the rrset */ + domain_remove_rrset(node, rr_type); + } else if(rrset->data->count == 1 && + rrset->data->rrsig_count != 0) { + /* move RRSIGs to the RRSIG rrset, or + * this one becomes that RRset */ + struct auth_rrset* rrsigset = az_domain_rrset( + node, LDNS_RR_TYPE_RRSIG); + if(rrsigset) { + /* move left over rrsigs to the + * existing rrset of type RRSIG */ + rrsigs_copy_from_rrset_to_rrsigset( + rrset, rrsigset); + /* and then delete the rrset */ + domain_remove_rrset(node, rr_type); + } else { + /* no rrset of type RRSIG, this + * set is now of that type, + * just remove the rr */ + if(!rrset_remove_rr(rrset, index)) + return 0; + rrset->type = LDNS_RR_TYPE_RRSIG; + rrset->data->count = rrset->data->rrsig_count; + rrset->data->rrsig_count = 0; + } + } else { + /* remove the RR from the rrset */ + if(!rrset_remove_rr(rrset, index)) + return 0; + } + return 1; + } + /* rr not found in rrset */ + } + + /* is it a type RRSIG, look under the covered type */ + if(rr_type == LDNS_RR_TYPE_RRSIG) { + uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen); + if((rrset=az_domain_rrset(node, ctype))!= NULL) { + if(az_rrset_find_rrsig(rrset->data, rdata, rdatalen, + &index)) { + /* rrsig should have d->count > 0, be + * over some rr of that type */ + /* remove the rrsig from the rrsigs list of the + * rrset */ + if(!rrset_remove_rr(rrset, index)) + return 0; + return 1; + } + } + /* also RRSIG not found */ + } + + /* nothing found to delete */ + if(nonexist) *nonexist = 1; + return 1; +} + +/** remove RR from zone, ignore if it does not exist, false on alloc failure*/ +static int +az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len, + size_t dname_len, int* nonexist) +{ + struct auth_data* node; + uint8_t* dname = rr; + uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len); + uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len); + size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len, + dname_len))+2; + /* rdata points to rdata prefixed with uint16 rdatalength */ + uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len); + + if(rr_class != z->dclass) { + log_err("wrong class for RR"); + /* really also a nonexisting entry, because no records + * of that class in the zone, but return an error because + * getting records of the wrong class is a failure of the + * zone transfer */ + return 0; + } + node = az_find_name(z, dname, dname_len); + if(!node) { + /* node with that name does not exist */ + /* nonexisting entry, because no such name */ + *nonexist = 1; + return 1; + } + if(!az_domain_remove_rr(node, rr_type, rdata, rdatalen, nonexist)) { + /* alloc failure or so */ + return 0; + } + /* remove the node, if necessary */ + /* an rrsets==NULL entry is not kept around for empty nonterminals, + * and also parent nodes are not kept around, so we just delete it */ + if(node->rrsets == NULL) { + (void)rbtree_delete(&z->data, node); + auth_data_delete(node); + } + return 1; +} + +/** decompress an RR into the buffer where it'll be an uncompressed RR + * with uncompressed dname and uncompressed rdata (dnames) */ +static int +decompress_rr_into_buffer(struct sldns_buffer* buf, uint8_t* pkt, + size_t pktlen, uint8_t* dname, uint16_t rr_type, uint16_t rr_class, + uint32_t rr_ttl, uint8_t* rr_data, uint16_t rr_rdlen) +{ + sldns_buffer pktbuf; + size_t dname_len = 0; + size_t rdlenpos; + size_t rdlen; + uint8_t* rd; + const sldns_rr_descriptor* desc; + sldns_buffer_init_frm_data(&pktbuf, pkt, pktlen); + sldns_buffer_clear(buf); + + /* decompress dname */ + sldns_buffer_set_position(&pktbuf, + (size_t)(dname - sldns_buffer_current(&pktbuf))); + dname_len = pkt_dname_len(&pktbuf); + if(dname_len == 0) return 0; /* parse fail on dname */ + if(!sldns_buffer_available(buf, dname_len)) return 0; + dname_pkt_copy(&pktbuf, sldns_buffer_current(buf), dname); + sldns_buffer_skip(buf, (ssize_t)dname_len); + + /* type, class, ttl and rdatalength fields */ + if(!sldns_buffer_available(buf, 10)) return 0; + sldns_buffer_write_u16(buf, rr_type); + sldns_buffer_write_u16(buf, rr_class); + sldns_buffer_write_u32(buf, rr_ttl); + rdlenpos = sldns_buffer_position(buf); + sldns_buffer_write_u16(buf, 0); /* rd length position */ + + /* decompress rdata */ + desc = sldns_rr_descript(rr_type); + rd = rr_data; + rdlen = rr_rdlen; + if(rdlen > 0 && desc && desc->_dname_count > 0) { + int count = (int)desc->_dname_count; + int rdf = 0; + size_t len; /* how much rdata to plain copy */ + size_t uncompressed_len, compressed_len; + size_t oldpos; + /* decompress dnames. */ + while(rdlen > 0 && count) { + switch(desc->_wireformat[rdf]) { + case LDNS_RDF_TYPE_DNAME: + sldns_buffer_set_position(&pktbuf, + (size_t)(rd - + sldns_buffer_begin(&pktbuf))); + oldpos = sldns_buffer_position(&pktbuf); + /* moves pktbuf to right after the + * compressed dname, and returns uncompressed + * dname length */ + uncompressed_len = pkt_dname_len(&pktbuf); + if(!uncompressed_len) + return 0; /* parse error in dname */ + if(!sldns_buffer_available(buf, + uncompressed_len)) + /* dname too long for buffer */ + return 0; + dname_pkt_copy(&pktbuf, + sldns_buffer_current(buf), rd); + sldns_buffer_skip(buf, (ssize_t)uncompressed_len); + compressed_len = sldns_buffer_position( + &pktbuf) - oldpos; + rd += compressed_len; + rdlen -= compressed_len; + count--; + len = 0; + break; + case LDNS_RDF_TYPE_STR: + len = rd[0] + 1; + break; + default: + len = get_rdf_size(desc->_wireformat[rdf]); + break; + } + if(len) { + if(!sldns_buffer_available(buf, len)) + return 0; /* too long for buffer */ + sldns_buffer_write(buf, rd, len); + rd += len; + rdlen -= len; + } + rdf++; + } + } + /* copy remaining data */ + if(rdlen > 0) { + if(!sldns_buffer_available(buf, rdlen)) return 0; + sldns_buffer_write(buf, rd, rdlen); + } + /* fixup rdlength */ + sldns_buffer_write_u16_at(buf, rdlenpos, + sldns_buffer_position(buf)-rdlenpos-2); + sldns_buffer_flip(buf); + return 1; +} + +/** insert RR into zone, from packet, decompress RR, + * if duplicate is nonNULL set the flag but otherwise ignore duplicates */ +static int +az_insert_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen, + struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type, + uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data, + uint16_t rr_rdlen, int* duplicate) +{ + uint8_t* rr; + size_t rr_len; + size_t dname_len; + if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname, + rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) { + log_err("could not decompress RR"); + return 0; + } + rr = sldns_buffer_begin(scratch_buffer); + rr_len = sldns_buffer_limit(scratch_buffer); + dname_len = dname_valid(rr, rr_len); + return az_insert_rr(z, rr, rr_len, dname_len, duplicate); +} + +/** remove RR from zone, from packet, decompress RR, + * if nonexist is nonNULL set the flag but otherwise ignore nonexisting entries*/ +static int +az_remove_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen, + struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type, + uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data, + uint16_t rr_rdlen, int* nonexist) +{ + uint8_t* rr; + size_t rr_len; + size_t dname_len; + if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname, + rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) { + log_err("could not decompress RR"); + return 0; + } + rr = sldns_buffer_begin(scratch_buffer); + rr_len = sldns_buffer_limit(scratch_buffer); + dname_len = dname_valid(rr, rr_len); + return az_remove_rr(z, rr, rr_len, dname_len, nonexist); +} + /** * Parse zonefile * @param z: zone to read in. @@ -991,6 +1462,11 @@ az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen, /* skip spaces */ while(*incfile == ' ' || *incfile == '\t') incfile++; + incfile = strdup(incfile); + if(!incfile) { + log_err("malloc failure"); + return 0; + } verbose(VERB_ALGO, "opening $INCLUDE %s", incfile); inc = fopen(incfile, "r"); @@ -999,6 +1475,7 @@ az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen, "file %s: %s", z->zonefile, lineno_orig, incfile, strerror(errno)); + free(incfile); return 0; } /* recurse read that file now */ @@ -1013,6 +1490,7 @@ az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen, fclose(inc); verbose(VERB_ALGO, "done with $INCLUDE %s", incfile); + free(incfile); state->lineno = lineno_orig; } continue; @@ -1028,7 +1506,7 @@ az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen, continue; } /* insert wirerr in rrbuf */ - if(!az_insert_rr(z, rr, rr_len, dname_len)) { + if(!az_insert_rr(z, rr, rr_len, dname_len, NULL)) { char buf[17]; sldns_wire2str_type_buf(sldns_wirerr_get_type(rr, rr_len, dname_len), buf, sizeof(buf)); @@ -1048,10 +1526,21 @@ auth_zone_read_zonefile(struct auth_zone* z) FILE* in; if(!z || !z->zonefile || z->zonefile[0]==0) return 1; /* no file, or "", nothing to read */ - verbose(VERB_ALGO, "read zonefile %s", z->zonefile); + if(verbosity >= VERB_ALGO) { + char nm[255+1]; + dname_str(z->name, nm); + verbose(VERB_ALGO, "read zonefile %s for %s", z->zonefile, nm); + } in = fopen(z->zonefile, "r"); if(!in) { char* n = sldns_wire2str_dname(z->name, z->namelen); + if(z->zone_is_slave && errno == ENOENT) { + /* we fetch the zone contents later, no file yet */ + verbose(VERB_ALGO, "no zonefile %s for %s", + z->zonefile, n?n:"error"); + free(n); + return 1; + } log_err("cannot open zonefile %s for %s: %s", z->zonefile, n?n:"error", strerror(errno)); free(n); @@ -1096,6 +1585,42 @@ write_out(FILE* out, const char* str) return 1; } +/** convert auth rr to string */ +static int +auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl, + struct packed_rrset_data* data, size_t i, char* s, size_t buflen) +{ + int w = 0; + size_t slen = buflen, datlen; + uint8_t* dat; + if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG; + dat = nm; + datlen = nmlen; + w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0); + w += sldns_str_print(&s, &slen, "\t"); + w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]); + w += sldns_wire2str_class_print(&s, &slen, cl); + w += sldns_str_print(&s, &slen, "\t"); + w += sldns_wire2str_type_print(&s, &slen, tp); + w += sldns_str_print(&s, &slen, "\t"); + datlen = data->rr_len[i]-2; + dat = data->rr_data[i]+2; + w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0); + + if(tp == LDNS_RR_TYPE_DNSKEY) { + w += sldns_str_print(&s, &slen, " ;{id = %u}", + sldns_calc_keytag_raw(data->rr_data[i]+2, + data->rr_len[i]-2)); + } + w += sldns_str_print(&s, &slen, "\n"); + + if(w > (int)buflen) { + log_nametypeclass(0, "RR too long to print", nm, tp, cl); + return 0; + } + return 1; +} + /** write rrset to file */ static int auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node, @@ -1104,15 +1629,8 @@ auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node, size_t i, count = r->data->count + r->data->rrsig_count; char buf[LDNS_RR_BUF_SIZE]; for(i=0; i<count; i++) { - struct ub_packed_rrset_key key; - memset(&key, 0, sizeof(key)); - key.entry.key = &key; - key.entry.data = r->data; - key.rk.dname = node->name; - key.rk.dname_len = node->namelen; - key.rk.type = htons(r->type); - key.rk.rrset_class = htons(z->dclass); - if(!packed_rr_to_string(&key, i, 0, buf, sizeof(buf))) { + if(!auth_rr_to_string(node->name, node->namelen, r->type, + z->dclass, r->data, i, buf, sizeof(buf))) { verbose(VERB_ALGO, "failed to rr2str rr %d", (int)i); continue; } @@ -1185,68 +1703,243 @@ auth_zones_read_zones(struct auth_zones* az) return 1; } -/** set str2list with (zonename, zonefile) config items and create zones */ +/** Find auth_zone SOA and populate the values in xfr(soa values). */ +static int +xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr) +{ + struct auth_data* apex; + struct auth_rrset* soa; + struct packed_rrset_data* d; + apex = az_find_name(z, z->name, z->namelen); + if(!apex) return 0; + soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA); + if(!soa || soa->data->count==0) + return 0; /* no RRset or no RRs in rrset */ + if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */ + /* SOA record ends with serial, refresh, retry, expiry, minimum, + * as 4 byte fields */ + d = soa->data; + xfr->have_zone = 1; + xfr->serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20)); + xfr->refresh = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-16)); + xfr->retry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-12)); + xfr->expiry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-8)); + /* soa minimum at d->rr_len[0]-4 */ + return 1; +} + +/** + * Setup auth_xfer zone + * This populates the have_zone, soa values, and so on times. + * Doesn't do network traffic yet, can set option flags. + * @param z: locked by caller, and modified for setup + * @param x: locked by caller, and modified. + * @return false on failure. + */ +static int +auth_xfer_setup(struct auth_zone* z, struct auth_xfer* x) +{ + /* for a zone without zone transfers, x==NULL, so skip them, + * i.e. the zone config is fixed with no masters or urls */ + if(!z || !x) return 1; + if(!xfr_find_soa(z, x)) { + return 1; + } + /* nothing for probe, nextprobe and transfer tasks */ + return 1; +} + +/** + * Setup all zones + * @param az: auth zones structure + * @return false on failure. + */ static int -auth_zones_cfg_zonefile(struct auth_zones* az, struct config_str2list* zlist) +auth_zones_setup_zones(struct auth_zones* az) { struct auth_zone* z; - while(zlist) { - lock_rw_wrlock(&az->lock); - if(!(z=auth_zones_find_or_add_zone(az, zlist->str))) { - lock_rw_unlock(&az->lock); - return 0; + struct auth_xfer* x; + lock_rw_wrlock(&az->lock); + RBTREE_FOR(z, struct auth_zone*, &az->ztree) { + lock_rw_wrlock(&z->lock); + x = auth_xfer_find(az, z->name, z->namelen, z->dclass); + if(x) { + lock_basic_lock(&x->lock); } - lock_rw_unlock(&az->lock); - if(!auth_zone_set_zonefile(z, zlist->str2)) { + if(!auth_xfer_setup(z, x)) { + if(x) { + lock_basic_unlock(&x->lock); + } lock_rw_unlock(&z->lock); + lock_rw_unlock(&az->lock); return 0; } + if(x) { + lock_basic_unlock(&x->lock); + } lock_rw_unlock(&z->lock); - zlist = zlist->next; } + lock_rw_unlock(&az->lock); return 1; } -/** set str2list with (zonename, fallback) config items and create zones */ +/** set config items and create zones */ static int -auth_zones_cfg_fallback(struct auth_zones* az, struct config_str2list* zlist) +auth_zones_cfg(struct auth_zones* az, struct config_auth* c) { struct auth_zone* z; - while(zlist) { - lock_rw_wrlock(&az->lock); - if(!(z=auth_zones_find_or_add_zone(az, zlist->str))) { + struct auth_xfer* x = NULL; + + /* create zone */ + lock_rw_wrlock(&az->lock); + if(!(z=auth_zones_find_or_add_zone(az, c->name))) { + lock_rw_unlock(&az->lock); + return 0; + } + if(c->masters || c->urls) { + if(!(x=auth_zones_find_or_add_xfer(az, z))) { lock_rw_unlock(&az->lock); + lock_rw_unlock(&z->lock); return 0; } - lock_rw_unlock(&az->lock); - if(!auth_zone_set_fallback(z, zlist->str2)) { + } + if(c->for_downstream) + az->have_downstream = 1; + lock_rw_unlock(&az->lock); + + /* set options */ + if(!auth_zone_set_zonefile(z, c->zonefile)) { + if(x) { + lock_basic_unlock(&x->lock); + } + lock_rw_unlock(&z->lock); + return 0; + } + z->for_downstream = c->for_downstream; + z->for_upstream = c->for_upstream; + z->fallback_enabled = c->fallback_enabled; + + /* xfer zone */ + if(x) { + z->zone_is_slave = 1; + /* set options on xfer zone */ + if(!xfer_set_masters(&x->task_probe->masters, c, 0)) { + lock_basic_unlock(&x->lock); lock_rw_unlock(&z->lock); return 0; } - lock_rw_unlock(&z->lock); - zlist = zlist->next; + if(!xfer_set_masters(&x->task_transfer->masters, c, 1)) { + lock_basic_unlock(&x->lock); + lock_rw_unlock(&z->lock); + return 0; + } + lock_basic_unlock(&x->lock); } + + lock_rw_unlock(&z->lock); return 1; } -int auth_zones_apply_config(struct auth_zones* az, struct config_file* cfg) +int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, + int setup) { - (void)cfg; - /* TODO cfg str2lists */ - /* create config items for - * auth-zone: name: "example.com" - * zonefile: "zones/example.com" - * fallback: yes - */ - if(!auth_zones_cfg_zonefile(az, NULL /*cfg->auth_zones*/)) - return 0; - if(!auth_zones_cfg_fallback(az, NULL /*cfg->auth_zones*/)) - return 0; + struct config_auth* p; + for(p = cfg->auths; p; p = p->next) { + if(!p->name || p->name[0] == 0) { + log_warn("auth-zone without a name, skipped"); + continue; + } + if(!auth_zones_cfg(az, p)) { + log_err("cannot config auth zone %s", p->name); + return 0; + } + } if(!auth_zones_read_zones(az)) return 0; + if(setup) { + if(!auth_zones_setup_zones(az)) + return 0; + } return 1; } +/** delete chunks + * @param at: transfer structure with chunks list. The chunks and their + * data are freed. + */ +void +auth_chunks_delete(struct auth_transfer* at) +{ + if(at->chunks_first) { + struct auth_chunk* c, *cn; + c = at->chunks_first; + while(c) { + cn = c->next; + free(c->data); + free(c); + c = cn; + } + } + at->chunks_first = NULL; + at->chunks_last = NULL; +} + +/** free master addr list */ +static void +auth_free_master_addrs(struct auth_addr* list) +{ + struct auth_addr *n; + while(list) { + n = list->next; + free(list); + list = n; + } +} + +/** free the masters list */ +static void +auth_free_masters(struct auth_master* list) +{ + struct auth_master* n; + while(list) { + n = list->next; + auth_free_master_addrs(list->list); + free(list->host); + free(list->file); + free(list); + list = n; + } +} + +/** delete auth xfer structure + * @param xfr: delete this xfer and its tasks. + */ +void +auth_xfer_delete(struct auth_xfer* xfr) +{ + if(!xfr) return; + lock_basic_destroy(&xfr->lock); + free(xfr->name); + if(xfr->task_nextprobe) { + comm_timer_delete(xfr->task_nextprobe->timer); + free(xfr->task_nextprobe); + } + if(xfr->task_probe) { + auth_free_masters(xfr->task_probe->masters); + comm_point_delete(xfr->task_probe->cp); + free(xfr->task_probe); + } + if(xfr->task_transfer) { + auth_free_masters(xfr->task_transfer->masters); + comm_point_delete(xfr->task_transfer->cp); + if(xfr->task_transfer->chunks_first) { + auth_chunks_delete(xfr->task_transfer); + } + free(xfr->task_transfer); + } + free(xfr); +} + /** helper traverse to delete zones */ static void auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg)) @@ -1255,11 +1948,20 @@ auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg)) auth_zone_delete(z); } +/** helper traverse to delete xfer zones */ +static void +auth_xfer_del(rbnode_type* n, void* ATTR_UNUSED(arg)) +{ + struct auth_xfer* z = (struct auth_xfer*)n->key; + auth_xfer_delete(z); +} + void auth_zones_delete(struct auth_zones* az) { if(!az) return; lock_rw_destroy(&az->lock); traverse_postorder(&az->ztree, auth_zone_del, NULL); + traverse_postorder(&az->xtree, auth_xfer_del, NULL); free(az); } @@ -1360,9 +2062,9 @@ az_domain_go_up(struct auth_zone* z, struct auth_data* n) * return true if the node (param node) is existing, nonobscured and * can be used to generate answers from. It is then also node_exact. * returns false if the node is not good enough (or it wasn't node_exact) - * in this case the ce can be filled. - * if ce is NULL, no ce exists, and likely the zone is completely empty, - * not even with a zone apex. + * in this case the ce can be filled. + * if ce is NULL, no ce exists, and likely the zone is completely empty, + * not even with a zone apex. * if ce is nonNULL it is the closest enclosing upper name (that exists * itself for answer purposes). That name may have DNAME, NS or wildcard * rrset is the closest DNAME or NS rrset that was found. @@ -1848,7 +2550,7 @@ az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen, !az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) { node = (struct auth_data*)rbtree_previous(&node->node); } - if((rbnode_type*)node == RBTREE_NULL) + if((rbnode_type*)node == RBTREE_NULL) node = NULL; return node; } @@ -2160,12 +2862,6 @@ az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo, struct auth_data* wildcard, struct auth_data* node) { struct auth_rrset* rrset, *nsec; - if(verbosity>=VERB_ALGO) { - char wcname[256]; - sldns_wire2str_dname_buf(wildcard->name, wildcard->namelen, - wcname, sizeof(wcname)); - log_info("wildcard %s", wcname); - } if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) { /* wildcard has type, add it */ if(!msg_add_rrset_an(z, region, msg, wildcard, rrset)) @@ -2348,13 +3044,11 @@ int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, { int r; struct auth_zone* z; - /* find the zone that should contain the answer. */ lock_rw_rdlock(&az->lock); z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass); if(!z) { lock_rw_unlock(&az->lock); - verbose(VERB_ALGO, "no auth zone for query, fallback"); /* no auth zone, fallback to internet */ *fallback = 1; return 0; @@ -2362,8 +3056,2970 @@ int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, lock_rw_rdlock(&z->lock); lock_rw_unlock(&az->lock); + /* if not for upstream queries, fallback */ + if(!z->for_upstream) { + lock_rw_unlock(&z->lock); + *fallback = 1; + return 0; + } /* see what answer that zone would generate */ r = auth_zone_generate_answer(z, qinfo, region, msg, fallback); lock_rw_unlock(&z->lock); return r; } + +/** encode auth answer */ +static void +auth_answer_encode(struct query_info* qinfo, struct module_env* env, + struct edns_data* edns, sldns_buffer* buf, struct regional* temp, + struct dns_msg* msg) +{ + uint16_t udpsize; + udpsize = edns->udp_size; + edns->edns_version = EDNS_ADVERTISED_VERSION; + edns->udp_size = EDNS_ADVERTISED_SIZE; + edns->ext_rcode = 0; + edns->bits &= EDNS_DO; + + if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep, + (int)FLAGS_GET_RCODE(msg->rep->flags), edns, temp) + || !reply_info_answer_encode(qinfo, msg->rep, + *(uint16_t*)sldns_buffer_begin(buf), + sldns_buffer_read_u16_at(buf, 2), + buf, 0, 0, temp, udpsize, edns, + (int)(edns->bits&EDNS_DO), 0)) { + error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, + *(uint16_t*)sldns_buffer_begin(buf), + sldns_buffer_read_u16_at(buf, 2), edns); + } +} + +/** encode auth error answer */ +static void +auth_error_encode(struct query_info* qinfo, struct module_env* env, + struct edns_data* edns, sldns_buffer* buf, struct regional* temp, + int rcode) +{ + edns->edns_version = EDNS_ADVERTISED_VERSION; + edns->udp_size = EDNS_ADVERTISED_SIZE; + edns->ext_rcode = 0; + edns->bits &= EDNS_DO; + + if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, + rcode, edns, temp)) + edns->opt_list = NULL; + error_encode(buf, rcode|BIT_AA, qinfo, + *(uint16_t*)sldns_buffer_begin(buf), + sldns_buffer_read_u16_at(buf, 2), edns); +} + +int auth_zones_answer(struct auth_zones* az, struct module_env* env, + struct query_info* qinfo, struct edns_data* edns, struct sldns_buffer* buf, + struct regional* temp) +{ + struct dns_msg* msg = NULL; + struct auth_zone* z; + int r; + int fallback = 0; + + lock_rw_rdlock(&az->lock); + if(!az->have_downstream) { + /* no downstream auth zones */ + lock_rw_unlock(&az->lock); + return 0; + } + if(qinfo->qtype == LDNS_RR_TYPE_DS) { + uint8_t* delname = qinfo->qname; + size_t delnamelen = qinfo->qname_len; + dname_remove_label(&delname, &delnamelen); + z = auth_zones_find_zone(az, delname, delnamelen, + qinfo->qclass); + } else { + z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len, + qinfo->qclass); + } + if(!z) { + /* no zone above it */ + lock_rw_unlock(&az->lock); + return 0; + } + lock_rw_rdlock(&z->lock); + lock_rw_unlock(&az->lock); + if(!z->for_downstream) { + lock_rw_unlock(&z->lock); + return 0; + } + + /* answer it from zone z */ + r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback); + lock_rw_unlock(&z->lock); + if(fallback) { + /* fallback to regular answering (recursive) */ + return 0; + } + + /* encode answer */ + if(!r) + auth_error_encode(qinfo, env, edns, buf, temp, + LDNS_RCODE_SERVFAIL); + else auth_answer_encode(qinfo, env, edns, buf, temp, msg); + + return 1; +} + +int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen, + uint16_t dclass) +{ + int r; + struct auth_zone* z; + lock_rw_rdlock(&az->lock); + z = auth_zone_find(az, nm, nmlen, dclass); + if(!z) { + lock_rw_unlock(&az->lock); + /* no such auth zone, fallback */ + return 1; + } + lock_rw_rdlock(&z->lock); + lock_rw_unlock(&az->lock); + r = z->fallback_enabled || (!z->for_upstream); + lock_rw_unlock(&z->lock); + return r; +} + +/** set a zone expired */ +static void +auth_xfer_set_expired(struct auth_xfer* xfr, struct module_env* env, + int expired) +{ + struct auth_zone* z; + + /* expire xfr */ + lock_basic_lock(&xfr->lock); + xfr->zone_expired = expired; + lock_basic_unlock(&xfr->lock); + + /* find auth_zone */ + lock_rw_rdlock(&env->auth_zones->lock); + z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, + xfr->dclass); + if(!z) { + lock_rw_unlock(&env->auth_zones->lock); + return; + } + lock_rw_wrlock(&z->lock); + lock_rw_unlock(&env->auth_zones->lock); + + /* expire auth_zone */ + z->zone_expired = expired; + lock_rw_unlock(&z->lock); +} + +/** find master (from notify or probe) in list of masters */ +static struct auth_master* +find_master_by_host(struct auth_master* list, char* host) +{ + struct auth_master* p; + for(p=list; p; p=p->next) { + if(strcmp(p->host, host) == 0) + return p; + } + return NULL; +} + +/** delete the looked up auth_addrs for all the masters in the list */ +static void +xfr_masterlist_free_addrs(struct auth_master* list) +{ + struct auth_master* m; + for(m=list; m; m=m->next) { + if(m->list) { + auth_free_master_addrs(m->list); + m->list = NULL; + } + } +} + +/** start the lookups for task_transfer */ +static void +xfr_transfer_start_lookups(struct auth_xfer* xfr) +{ + /* delete all the looked up addresses in the list */ + xfr_masterlist_free_addrs(xfr->task_transfer->masters); + + /* start lookup at the first master */ + xfr->task_transfer->lookup_target = xfr->task_transfer->masters; + xfr->task_transfer->lookup_aaaa = 0; +} + +/** move to the next lookup of hostname for task_transfer */ +static void +xfr_transfer_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env) +{ + if(!xfr->task_transfer->lookup_target) + return; /* already at end of list */ + if(!xfr->task_transfer->lookup_aaaa && env->cfg->do_ip6) { + /* move to lookup AAAA */ + xfr->task_transfer->lookup_aaaa = 1; + return; + } + xfr->task_transfer->lookup_target = + xfr->task_transfer->lookup_target->next; + xfr->task_transfer->lookup_aaaa = 0; + if(!env->cfg->do_ip4 && xfr->task_transfer->lookup_target!=NULL) + xfr->task_transfer->lookup_aaaa = 1; +} + +/** start the lookups for task_probe */ +static void +xfr_probe_start_lookups(struct auth_xfer* xfr) +{ + /* delete all the looked up addresses in the list */ + xfr_masterlist_free_addrs(xfr->task_probe->masters); + + /* start lookup at the first master */ + xfr->task_probe->lookup_target = xfr->task_probe->masters; + xfr->task_probe->lookup_aaaa = 0; +} + +/** move to the next lookup of hostname for task_probe */ +static void +xfr_probe_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env) +{ + if(!xfr->task_probe->lookup_target) + return; /* already at end of list */ + if(!xfr->task_probe->lookup_aaaa && env->cfg->do_ip6) { + /* move to lookup AAAA */ + xfr->task_probe->lookup_aaaa = 1; + return; + } + xfr->task_probe->lookup_target = xfr->task_probe->lookup_target->next; + xfr->task_probe->lookup_aaaa = 0; + if(!env->cfg->do_ip4 && xfr->task_probe->lookup_target!=NULL) + xfr->task_probe->lookup_aaaa = 1; +} + +/** start the iteration of the task_transfer list of masters */ +static void +xfr_transfer_start_list(struct auth_xfer* xfr, struct auth_master* spec) +{ + if(spec) { + xfr->task_transfer->scan_specific = find_master_by_host( + xfr->task_transfer->masters, spec->host); + if(xfr->task_transfer->scan_specific) { + xfr->task_transfer->scan_target = NULL; + xfr->task_transfer->scan_addr = NULL; + if(xfr->task_transfer->scan_specific->list) + xfr->task_transfer->scan_addr = + xfr->task_transfer->scan_specific->list; + return; + } + } + /* no specific (notified) host to scan */ + xfr->task_transfer->scan_specific = NULL; + xfr->task_transfer->scan_addr = NULL; + /* pick up first scan target */ + xfr->task_transfer->scan_target = xfr->task_transfer->masters; + if(xfr->task_transfer->scan_target && xfr->task_transfer-> + scan_target->list) + xfr->task_transfer->scan_addr = + xfr->task_transfer->scan_target->list; +} + +/** start the iteration of the task_probe list of masters */ +static void +xfr_probe_start_list(struct auth_xfer* xfr, struct auth_master* spec) +{ + if(spec) { + xfr->task_probe->scan_specific = find_master_by_host( + xfr->task_probe->masters, spec->host); + if(xfr->task_probe->scan_specific) { + xfr->task_probe->scan_target = NULL; + xfr->task_probe->scan_addr = NULL; + if(xfr->task_probe->scan_specific->list) + xfr->task_probe->scan_addr = + xfr->task_probe->scan_specific->list; + return; + } + } + /* no specific (notified) host to scan */ + xfr->task_probe->scan_specific = NULL; + xfr->task_probe->scan_addr = NULL; + /* pick up first scan target */ + xfr->task_probe->scan_target = xfr->task_probe->masters; + if(xfr->task_probe->scan_target && xfr->task_probe->scan_target->list) + xfr->task_probe->scan_addr = + xfr->task_probe->scan_target->list; +} + +/** pick up the master that is being scanned right now, task_transfer */ +static struct auth_master* +xfr_transfer_current_master(struct auth_xfer* xfr) +{ + if(xfr->task_transfer->scan_specific) + return xfr->task_transfer->scan_specific; + return xfr->task_transfer->scan_target; +} + +/** pick up the master that is being scanned right now, task_probe */ +static struct auth_master* +xfr_probe_current_master(struct auth_xfer* xfr) +{ + if(xfr->task_probe->scan_specific) + return xfr->task_probe->scan_specific; + return xfr->task_probe->scan_target; +} + +/** true if at end of list, task_transfer */ +static int +xfr_transfer_end_of_list(struct auth_xfer* xfr) +{ + return !xfr->task_transfer->scan_specific && + !xfr->task_transfer->scan_target; +} + +/** true if at end of list, task_probe */ +static int +xfr_probe_end_of_list(struct auth_xfer* xfr) +{ + return !xfr->task_probe->scan_specific && !xfr->task_probe->scan_target; +} + +/** move to next master in list, task_transfer */ +static void +xfr_transfer_nextmaster(struct auth_xfer* xfr) +{ + if(!xfr->task_transfer->scan_specific && + !xfr->task_transfer->scan_target) + return; + if(xfr->task_transfer->scan_addr) { + xfr->task_transfer->scan_addr = + xfr->task_transfer->scan_addr->next; + if(xfr->task_transfer->scan_addr) + return; + } + if(xfr->task_transfer->scan_specific) { + xfr->task_transfer->scan_specific = NULL; + xfr->task_transfer->scan_target = xfr->task_transfer->masters; + return; + } + if(!xfr->task_transfer->scan_target) + return; + xfr->task_transfer->scan_target = xfr->task_transfer->scan_target->next; + return; +} + +/** move to next master in list, task_probe */ +static void +xfr_probe_nextmaster(struct auth_xfer* xfr) +{ + if(!xfr->task_probe->scan_specific && !xfr->task_probe->scan_target) + return; + if(xfr->task_probe->scan_addr) { + xfr->task_probe->scan_addr = xfr->task_probe->scan_addr->next; + if(xfr->task_probe->scan_addr) + return; + } + if(xfr->task_probe->scan_specific) { + xfr->task_probe->scan_specific = NULL; + xfr->task_probe->scan_target = xfr->task_probe->masters; + return; + } + if(!xfr->task_probe->scan_target) + return; + xfr->task_probe->scan_target = xfr->task_probe->scan_target->next; + return; +} + +/** create SOA probe packet for xfr */ +static void +xfr_create_soa_probe_packet(struct auth_xfer* xfr, sldns_buffer* buf, + uint16_t id) +{ + struct query_info qinfo; + + memset(&qinfo, 0, sizeof(qinfo)); + qinfo.qname = xfr->name; + qinfo.qname_len = xfr->namelen; + qinfo.qtype = LDNS_RR_TYPE_SOA; + qinfo.qclass = xfr->dclass; + qinfo_query_encode(buf, &qinfo); + sldns_buffer_write_u16_at(buf, 0, id); +} + +/** create IXFR/AXFR packet for xfr */ +static void +xfr_create_ixfr_packet(struct auth_xfer* xfr, sldns_buffer* buf, uint16_t id, + struct auth_master* master) +{ + struct query_info qinfo; + uint32_t serial; + int have_zone; + have_zone = xfr->have_zone; + serial = xfr->serial; + + memset(&qinfo, 0, sizeof(qinfo)); + qinfo.qname = xfr->name; + qinfo.qname_len = xfr->namelen; + xfr->task_transfer->got_xfr_serial = 0; + xfr->task_transfer->rr_scan_num = 0; + xfr->task_transfer->incoming_xfr_serial = 0; + xfr->task_transfer->on_ixfr_is_axfr = 0; + xfr->task_transfer->on_ixfr = 1; + qinfo.qtype = LDNS_RR_TYPE_IXFR; + if(!have_zone || xfr->task_transfer->ixfr_fail || !master->ixfr) { + qinfo.qtype = LDNS_RR_TYPE_AXFR; + xfr->task_transfer->ixfr_fail = 0; + xfr->task_transfer->on_ixfr = 0; + } + + qinfo.qclass = xfr->dclass; + qinfo_query_encode(buf, &qinfo); + sldns_buffer_write_u16_at(buf, 0, id); + + /* append serial for IXFR */ + if(qinfo.qtype == LDNS_RR_TYPE_IXFR) { + size_t end = sldns_buffer_limit(buf); + sldns_buffer_clear(buf); + sldns_buffer_set_position(buf, end); + /* auth section count 1 */ + sldns_buffer_write_u16_at(buf, LDNS_NSCOUNT_OFF, 1); + /* write SOA */ + sldns_buffer_write_u8(buf, 0xC0); /* compressed ptr to qname */ + sldns_buffer_write_u8(buf, 0x0C); + sldns_buffer_write_u16(buf, LDNS_RR_TYPE_SOA); + sldns_buffer_write_u16(buf, qinfo.qclass); + sldns_buffer_write_u32(buf, 0); /* ttl */ + sldns_buffer_write_u16(buf, 22); /* rdata length */ + sldns_buffer_write_u8(buf, 0); /* . */ + sldns_buffer_write_u8(buf, 0); /* . */ + sldns_buffer_write_u32(buf, serial); /* serial */ + sldns_buffer_write_u32(buf, 0); /* refresh */ + sldns_buffer_write_u32(buf, 0); /* retry */ + sldns_buffer_write_u32(buf, 0); /* expire */ + sldns_buffer_write_u32(buf, 0); /* minimum */ + sldns_buffer_flip(buf); + } +} + +/** check if returned packet is OK */ +static int +check_packet_ok(sldns_buffer* pkt, uint16_t qtype, struct auth_xfer* xfr, + uint32_t* serial) +{ + /* parse to see if packet worked, valid reply */ + + /* check serial number of SOA */ + if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) + return 0; + + /* check ID */ + if(LDNS_ID_WIRE(sldns_buffer_begin(pkt)) != xfr->task_probe->id) + return 0; + + /* check flag bits and rcode */ + if(!LDNS_QR_WIRE(sldns_buffer_begin(pkt))) + return 0; + if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY) + return 0; + if(LDNS_RCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_RCODE_NOERROR) + return 0; + + /* check qname */ + if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1) + return 0; + sldns_buffer_skip(pkt, LDNS_HEADER_SIZE); + if(sldns_buffer_remaining(pkt) < xfr->namelen) + return 0; + if(query_dname_compare(sldns_buffer_current(pkt), xfr->name) != 0) + return 0; + sldns_buffer_skip(pkt, (ssize_t)xfr->namelen); + + /* check qtype, qclass */ + if(sldns_buffer_remaining(pkt) < 4) + return 0; + if(sldns_buffer_read_u16(pkt) != qtype) + return 0; + if(sldns_buffer_read_u16(pkt) != xfr->dclass) + return 0; + + if(serial) { + uint16_t rdlen; + /* read serial number, from answer section SOA */ + if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0) + return 0; + /* read from first record SOA record */ + if(sldns_buffer_remaining(pkt) < 1) + return 0; + if(dname_pkt_compare(pkt, sldns_buffer_current(pkt), + xfr->name) != 0) + return 0; + if(!pkt_dname_len(pkt)) + return 0; + /* type, class, ttl, rdatalen */ + if(sldns_buffer_remaining(pkt) < 4+4+2) + return 0; + if(sldns_buffer_read_u16(pkt) != qtype) + return 0; + if(sldns_buffer_read_u16(pkt) != xfr->dclass) + return 0; + sldns_buffer_skip(pkt, 4); /* ttl */ + rdlen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdlen) + return 0; + if(sldns_buffer_remaining(pkt) < 1) + return 0; + if(!pkt_dname_len(pkt)) /* soa name */ + return 0; + if(sldns_buffer_remaining(pkt) < 1) + return 0; + if(!pkt_dname_len(pkt)) /* soa name */ + return 0; + if(sldns_buffer_remaining(pkt) < 20) + return 0; + *serial = sldns_buffer_read_u32(pkt); + } + return 1; +} + +/** see if the serial means the zone has to be updated, i.e. the serial + * is newer than the zone serial, or we have no zone */ +static int +xfr_serial_means_update(struct auth_xfer* xfr, uint32_t serial) +{ + if(!xfr->have_zone) + return 1; /* no zone, anything is better */ + if(xfr->zone_expired) + return 1; /* expired, the sent serial is better than expired + data */ + if(compare_serial(xfr->serial, serial) < 0) + return 1; /* our serial is smaller than the sent serial, + the data is newer, fetch it */ + return 0; +} + +/** read one line from chunks into buffer at current position */ +static int +chunkline_get_line(struct auth_chunk** chunk, size_t* chunk_pos, + sldns_buffer* buf) +{ + int readsome = 0; + while(*chunk) { + /* more text in this chunk? */ + if(*chunk_pos < (*chunk)->len) { + readsome = 1; + while(*chunk_pos < (*chunk)->len) { + char c = (char)((*chunk)->data[*chunk_pos]); + (*chunk_pos)++; + if(sldns_buffer_remaining(buf) < 2) { + /* buffer too short */ + verbose(VERB_ALGO, "http chunkline, " + "line too long"); + return 0; + } + sldns_buffer_write_u8(buf, (uint8_t)c); + if(c == '\n') { + /* we are done */ + return 1; + } + } + } + /* move to next chunk */ + *chunk = (*chunk)->next; + *chunk_pos = 0; + } + /* no more text */ + if(readsome) return 1; + return 0; +} + +/** count number of open and closed parenthesis in a chunkline */ +static int +chunkline_count_parens(sldns_buffer* buf, size_t start) +{ + size_t end = sldns_buffer_position(buf); + size_t i; + int count = 0; + int squote = 0, dquote = 0; + for(i=start; i<end; i++) { + char c = (char)sldns_buffer_read_u8_at(buf, i); + if(squote && c != '\'') continue; + if(dquote && c != '"') continue; + if(c == '"') + dquote = !dquote; /* skip quoted part */ + else if(c == '\'') + squote = !squote; /* skip quoted part */ + else if(c == '(') + count ++; + else if(c == ')') + count --; + else if(c == ';') { + /* rest is a comment */ + return count; + } + } + return count; +} + +/** remove trailing ;... comment from a line in the chunkline buffer */ +static void +chunkline_remove_trailcomment(sldns_buffer* buf, size_t start) +{ + size_t end = sldns_buffer_position(buf); + size_t i; + int squote = 0, dquote = 0; + for(i=start; i<end; i++) { + char c = (char)sldns_buffer_read_u8_at(buf, i); + if(squote && c != '\'') continue; + if(dquote && c != '"') continue; + if(c == '"') + dquote = !dquote; /* skip quoted part */ + else if(c == '\'') + squote = !squote; /* skip quoted part */ + else if(c == ';') { + /* rest is a comment */ + sldns_buffer_set_position(buf, i); + return; + } + } + /* nothing to remove */ +} + +/** see if a chunkline is a comment line (or empty line) */ +static int +chunkline_is_comment_line_or_empty(sldns_buffer* buf) +{ + size_t i, end = sldns_buffer_limit(buf); + for(i=0; i<end; i++) { + char c = (char)sldns_buffer_read_u8_at(buf, i); + if(c == ';') + return 1; /* comment */ + else if(c != ' ' && c != '\t' && c != '\r' && c != '\n') + return 0; /* not a comment */ + } + return 1; /* empty */ +} + +/** find a line with ( ) collated */ +static int +chunkline_get_line_collated(struct auth_chunk** chunk, size_t* chunk_pos, + sldns_buffer* buf) +{ + size_t pos; + int parens = 0; + sldns_buffer_clear(buf); + pos = sldns_buffer_position(buf); + if(!chunkline_get_line(chunk, chunk_pos, buf)) { + if(sldns_buffer_position(buf) < sldns_buffer_limit(buf)) + sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0); + else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0); + sldns_buffer_flip(buf); + return 0; + } + parens += chunkline_count_parens(buf, pos); + while(parens > 0) { + chunkline_remove_trailcomment(buf, pos); + pos = sldns_buffer_position(buf); + if(!chunkline_get_line(chunk, chunk_pos, buf)) { + if(sldns_buffer_position(buf) < sldns_buffer_limit(buf)) + sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0); + else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0); + sldns_buffer_flip(buf); + return 0; + } + parens += chunkline_count_parens(buf, pos); + } + + if(sldns_buffer_remaining(buf) < 1) { + verbose(VERB_ALGO, "http chunkline: " + "line too long"); + return 0; + } + sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0); + sldns_buffer_flip(buf); + return 1; +} + +/** process $ORIGIN for http */ +static int +http_parse_origin(sldns_buffer* buf, struct sldns_file_parse_state* pstate) +{ + char* line = (char*)sldns_buffer_begin(buf); + if(strncmp(line, "$ORIGIN", 7) == 0 && + isspace((unsigned char)line[7])) { + int s; + pstate->origin_len = sizeof(pstate->origin); + s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8), + pstate->origin, &pstate->origin_len); + if(s) pstate->origin_len = 0; + return 1; + } + return 0; +} + +/** process $TTL for http */ +static int +http_parse_ttl(sldns_buffer* buf, struct sldns_file_parse_state* pstate) +{ + char* line = (char*)sldns_buffer_begin(buf); + if(strncmp(line, "$TTL", 4) == 0 && + isspace((unsigned char)line[4])) { + const char* end = NULL; + pstate->default_ttl = sldns_str2period( + sldns_strip_ws(line+5), &end); + return 1; + } + return 0; +} + +/** find noncomment RR line in chunks, collates lines if ( ) format */ +static int +chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos, + sldns_buffer* buf, struct sldns_file_parse_state* pstate) +{ + while(chunkline_get_line_collated(chunk, chunk_pos, buf)) { + if(chunkline_is_comment_line_or_empty(buf)) { + /* a comment, go to next line */ + continue; + } + if(http_parse_origin(buf, pstate)) { + continue; /* $ORIGIN has been handled */ + } + if(http_parse_ttl(buf, pstate)) { + continue; /* $TTL has been handled */ + } + return 1; + } + /* no noncomments, fail */ + return 0; +} + +/** check syntax of chunklist zonefile, parse SOA RR, return false on + * failure and return a string in the scratch buffer (SOA RR string) + * on failure. */ +static int +http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf) +{ + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t rr_len, dname_len = 0; + struct sldns_file_parse_state pstate; + struct auth_chunk* chunk; + size_t chunk_pos; + int e; + memset(&pstate, 0, sizeof(pstate)); + pstate.default_ttl = 3600; + if(xfr->namelen < sizeof(pstate.origin)) { + pstate.origin_len = xfr->namelen; + memmove(pstate.origin, xfr->name, xfr->namelen); + } + chunk = xfr->task_transfer->chunks_first; + chunk_pos = 0; + if(!chunkline_non_comment_RR(&chunk, &chunk_pos, buf, &pstate)) { + return 0; + } + rr_len = sizeof(rr); + e=sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr, &rr_len, + &dname_len, pstate.default_ttl, + pstate.origin_len?pstate.origin:NULL, pstate.origin_len, + pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len); + if(e != 0) { + log_err("parse failure on SOA RR[%d]: %s", + LDNS_WIREPARSE_OFFSET(e), + sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e))); + return 0; + } + /* check that name is correct */ + if(query_dname_compare(rr, xfr->name) != 0) { + char nm[255+1], zname[255+1]; + dname_str(rr, nm); + dname_str(xfr->name, zname); + log_err("parse failure for %s, SOA RR for %s found instead", + zname, nm); + return 0; + } + /* check that type is SOA */ + if(sldns_wirerr_get_type(rr, rr_len, dname_len) != LDNS_RR_TYPE_SOA) { + log_err("parse failure: first record in downloaded zonefile " + "not of type SOA"); + return 0; + } + /* check that class is correct */ + if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) { + log_err("parse failure: first record in downloaded zonefile " + "from wrong RR class"); + return 0; + } + return 1; +} + +/** sum sizes of chunklist */ +static size_t +chunklist_sum(struct auth_chunk* list) +{ + struct auth_chunk* p; + size_t s = 0; + for(p=list; p; p=p->next) { + s += p->len; + } + return s; +} + +/** remove newlines from collated line */ +static void +chunkline_newline_removal(sldns_buffer* buf) +{ + size_t i, end=sldns_buffer_limit(buf); + for(i=0; i<end; i++) { + char c = (char)sldns_buffer_read_u8_at(buf, i); + if(c == '\n') + sldns_buffer_write_u8_at(buf, i, (uint8_t)' '); + } +} + +/** for http download, parse and add RR to zone */ +static int +http_parse_add_rr(struct auth_xfer* xfr, struct auth_zone* z, + sldns_buffer* buf, struct sldns_file_parse_state* pstate) +{ + uint8_t rr[LDNS_RR_BUF_SIZE]; + size_t rr_len, dname_len = 0; + int e; + char* line = (char*)sldns_buffer_begin(buf); + rr_len = sizeof(rr); + e = sldns_str2wire_rr_buf(line, rr, &rr_len, &dname_len, + pstate->default_ttl, + pstate->origin_len?pstate->origin:NULL, pstate->origin_len, + pstate->prev_rr_len?pstate->prev_rr:NULL, pstate->prev_rr_len); + if(e != 0) { + log_err("%s/%s parse failure RR[%d]: %s in '%s'", + xfr->task_transfer->master->host, + xfr->task_transfer->master->file, + LDNS_WIREPARSE_OFFSET(e), + sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)), + line); + return 0; + } + if(rr_len == 0) + return 1; /* empty line or so */ + + /* set prev */ + if(dname_len < sizeof(pstate->prev_rr)) { + memmove(pstate->prev_rr, rr, dname_len); + pstate->prev_rr_len = dname_len; + } + + return az_insert_rr(z, rr, rr_len, dname_len, NULL); +} + +/** RR list iterator, returns RRs from answer section one by one from the + * dns packets in the chunklist */ +static void +chunk_rrlist_start(struct auth_xfer* xfr, struct auth_chunk** rr_chunk, + int* rr_num, size_t* rr_pos) +{ + *rr_chunk = xfr->task_transfer->chunks_first; + *rr_num = 0; + *rr_pos = 0; +} + +/** RR list iterator, see if we are at the end of the list */ +static int +chunk_rrlist_end(struct auth_chunk* rr_chunk, int rr_num) +{ + while(rr_chunk) { + if(rr_chunk->len < LDNS_HEADER_SIZE) + return 1; + if(rr_num < (int)LDNS_ANCOUNT(rr_chunk->data)) + return 0; + /* no more RRs in this chunk */ + /* continue with next chunk, see if it has RRs */ + rr_chunk = rr_chunk->next; + rr_num = 0; + } + return 1; +} + +/** RR list iterator, move to next RR */ +static void +chunk_rrlist_gonext(struct auth_chunk** rr_chunk, int* rr_num, + size_t* rr_pos, size_t rr_nextpos) +{ + /* already at end of chunks? */ + if(!*rr_chunk) + return; + /* move within this chunk */ + if((*rr_chunk)->len >= LDNS_HEADER_SIZE && + (*rr_num)+1 < (int)LDNS_ANCOUNT((*rr_chunk)->data)) { + (*rr_num) += 1; + *rr_pos = rr_nextpos; + return; + } + /* no more RRs in this chunk */ + /* continue with next chunk, see if it has RRs */ + if(*rr_chunk) + *rr_chunk = (*rr_chunk)->next; + while(*rr_chunk) { + *rr_num = 0; + *rr_pos = 0; + if((*rr_chunk)->len >= LDNS_HEADER_SIZE && + LDNS_ANCOUNT((*rr_chunk)->data) > 0) { + return; + } + *rr_chunk = (*rr_chunk)->next; + } +} + +/** RR iterator, get current RR information, false on parse error */ +static int +chunk_rrlist_get_current(struct auth_chunk* rr_chunk, int rr_num, + size_t rr_pos, uint8_t** rr_dname, uint16_t* rr_type, + uint16_t* rr_class, uint32_t* rr_ttl, uint16_t* rr_rdlen, + uint8_t** rr_rdata, size_t* rr_nextpos) +{ + sldns_buffer pkt; + /* integrity checks on position */ + if(!rr_chunk) return 0; + if(rr_chunk->len < LDNS_HEADER_SIZE) return 0; + if(rr_num >= (int)LDNS_ANCOUNT(rr_chunk->data)) return 0; + if(rr_pos >= rr_chunk->len) return 0; + + /* fetch rr information */ + sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len); + if(rr_pos == 0) { + size_t i; + /* skip question section */ + sldns_buffer_set_position(&pkt, LDNS_HEADER_SIZE); + for(i=0; i<LDNS_QDCOUNT(rr_chunk->data); i++) { + if(pkt_dname_len(&pkt) == 0) return 0; + if(sldns_buffer_remaining(&pkt) < 4) return 0; + sldns_buffer_skip(&pkt, 4); /* type and class */ + } + } else { + sldns_buffer_set_position(&pkt, rr_pos); + } + *rr_dname = sldns_buffer_current(&pkt); + if(pkt_dname_len(&pkt) == 0) return 0; + if(sldns_buffer_remaining(&pkt) < 10) return 0; + *rr_type = sldns_buffer_read_u16(&pkt); + *rr_class = sldns_buffer_read_u16(&pkt); + *rr_ttl = sldns_buffer_read_u32(&pkt); + *rr_rdlen = sldns_buffer_read_u16(&pkt); + if(sldns_buffer_remaining(&pkt) < (*rr_rdlen)) return 0; + *rr_rdata = sldns_buffer_current(&pkt); + sldns_buffer_skip(&pkt, (ssize_t)(*rr_rdlen)); + *rr_nextpos = sldns_buffer_position(&pkt); + return 1; +} + +/** print log message where we are in parsing the zone transfer */ +static void +log_rrlist_position(const char* label, struct auth_chunk* rr_chunk, + uint8_t* rr_dname, uint16_t rr_type, size_t rr_counter) +{ + sldns_buffer pkt; + size_t dlen; + uint8_t buf[256]; + char str[256]; + char typestr[32]; + sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len); + sldns_buffer_set_position(&pkt, (size_t)(rr_dname - + sldns_buffer_begin(&pkt))); + if((dlen=pkt_dname_len(&pkt)) == 0) return; + if(dlen >= sizeof(buf)) return; + dname_pkt_copy(&pkt, buf, rr_dname); + dname_str(buf, str); + (void)sldns_wire2str_type_buf(rr_type, typestr, sizeof(typestr)); + verbose(VERB_ALGO, "%s at[%d] %s %s", label, (int)rr_counter, + str, typestr); +} + +/** apply IXFR to zone in memory. z is locked. false on failure(mallocfail) */ +static int +apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z, + struct sldns_buffer* scratch_buffer) +{ + struct auth_chunk* rr_chunk; + int rr_num; + size_t rr_pos; + uint8_t* rr_dname, *rr_rdata; + uint16_t rr_type, rr_class, rr_rdlen; + uint32_t rr_ttl; + size_t rr_nextpos; + int have_transfer_serial = 0; + uint32_t transfer_serial = 0; + size_t rr_counter = 0; + int delmode = 0; + int softfail = 0; + + /* start RR iterator over chunklist of packets */ + chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos); + while(!chunk_rrlist_end(rr_chunk, rr_num)) { + if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos, + &rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen, + &rr_rdata, &rr_nextpos)) { + /* failed to parse RR */ + return 0; + } + if(verbosity>=7) log_rrlist_position("apply ixfr", + rr_chunk, rr_dname, rr_type, rr_counter); + /* twiddle add/del mode and check for start and end */ + if(rr_counter == 0 && rr_type != LDNS_RR_TYPE_SOA) + return 0; + if(rr_counter == 1 && rr_type != LDNS_RR_TYPE_SOA) { + /* this is an AXFR returned from the IXFR master */ + /* but that should already have been detected, by + * on_ixfr_is_axfr */ + return 0; + } + if(rr_type == LDNS_RR_TYPE_SOA) { + uint32_t serial; + if(rr_rdlen < 22) return 0; /* bad SOA rdlen */ + serial = sldns_read_uint32(rr_rdata+rr_rdlen-20); + if(have_transfer_serial == 0) { + have_transfer_serial = 1; + transfer_serial = serial; + delmode = 1; /* gets negated below */ + } else if(transfer_serial == serial) { + have_transfer_serial++; + if(rr_counter == 1) { + /* empty AXFR, with SOA; SOA; */ + /* should have been detected by + * on_ixfr_is_axfr */ + return 0; + } + if(have_transfer_serial == 3) { + /* see serial three times for end */ + /* eg. IXFR: + * SOA 3 start + * SOA 1 second RR, followed by del + * SOA 2 followed by add + * SOA 2 followed by del + * SOA 3 followed by add + * SOA 3 end */ + /* ended by SOA record */ + xfr->serial = transfer_serial; + break; + } + } + /* twiddle add/del mode */ + /* switch from delete part to add part and back again + * just before the soa, it gets deleted and added too + * this means we switch to delete mode for the final + * SOA(so skip that one) */ + delmode = !delmode; + } + /* process this RR */ + /* if the RR is deleted twice or added twice, then we + * softfail, and continue with the rest of the IXFR, so + * that we serve something fairly nice during the refetch */ + if(verbosity>=7) log_rrlist_position((delmode?"del":"add"), + rr_chunk, rr_dname, rr_type, rr_counter); + if(delmode) { + /* delete this RR */ + int nonexist = 0; + if(!az_remove_rr_decompress(z, rr_chunk->data, + rr_chunk->len, scratch_buffer, rr_dname, + rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen, + &nonexist)) { + /* failed, malloc error or so */ + return 0; + } + if(nonexist) { + /* it was removal of a nonexisting RR */ + if(verbosity>=4) log_rrlist_position( + "IXFR error nonexistent RR", + rr_chunk, rr_dname, rr_type, rr_counter); + softfail = 1; + } + } else if(rr_counter != 0) { + /* skip first SOA RR for addition, it is added in + * the addition part near the end of the ixfr, when + * that serial is seen the second time. */ + int duplicate = 0; + /* add this RR */ + if(!az_insert_rr_decompress(z, rr_chunk->data, + rr_chunk->len, scratch_buffer, rr_dname, + rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen, + &duplicate)) { + /* failed, malloc error or so */ + return 0; + } + if(duplicate) { + /* it was a duplicate */ + if(verbosity>=4) log_rrlist_position( + "IXFR error duplicate RR", + rr_chunk, rr_dname, rr_type, rr_counter); + softfail = 1; + } + } + + rr_counter++; + chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos); + } + if(softfail) { + verbose(VERB_ALGO, "IXFR did not apply cleanly, fetching full zone"); + return 0; + } + return 1; +} + +/** apply AXFR to zone in memory. z is locked. false on failure(mallocfail) */ +static int +apply_axfr(struct auth_xfer* xfr, struct auth_zone* z, + struct sldns_buffer* scratch_buffer) +{ + struct auth_chunk* rr_chunk; + int rr_num; + size_t rr_pos; + uint8_t* rr_dname, *rr_rdata; + uint16_t rr_type, rr_class, rr_rdlen; + uint32_t rr_ttl; + uint32_t serial = 0; + size_t rr_nextpos; + size_t rr_counter = 0; + int have_end_soa = 0; + + /* clear the data tree */ + traverse_postorder(&z->data, auth_data_del, NULL); + rbtree_init(&z->data, &auth_data_cmp); + xfr->have_zone = 0; + xfr->serial = 0; + + /* insert all RRs in to the zone */ + /* insert the SOA only once, skip the last one */ + /* start RR iterator over chunklist of packets */ + chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos); + while(!chunk_rrlist_end(rr_chunk, rr_num)) { + if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos, + &rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen, + &rr_rdata, &rr_nextpos)) { + /* failed to parse RR */ + return 0; + } + if(verbosity>=7) log_rrlist_position("apply_axfr", + rr_chunk, rr_dname, rr_type, rr_counter); + if(rr_type == LDNS_RR_TYPE_SOA) { + if(rr_counter != 0) { + /* end of the axfr */ + have_end_soa = 1; + break; + } + if(rr_rdlen < 22) return 0; /* bad SOA rdlen */ + serial = sldns_read_uint32(rr_rdata+rr_rdlen-20); + } + + /* add this RR */ + if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len, + scratch_buffer, rr_dname, rr_type, rr_class, rr_ttl, + rr_rdata, rr_rdlen, NULL)) { + /* failed, malloc error or so */ + return 0; + } + + rr_counter++; + chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos); + } + if(!have_end_soa) { + log_err("no end SOA record for AXFR"); + return 0; + } + + xfr->serial = serial; + xfr->have_zone = 1; + return 1; +} + +/** apply HTTP to zone in memory. z is locked. false on failure(mallocfail) */ +static int +apply_http(struct auth_xfer* xfr, struct auth_zone* z, + struct sldns_buffer* scratch_buffer) +{ + /* parse data in chunks */ + /* parse RR's and read into memory. ignore $INCLUDE from the + * downloaded file*/ + struct sldns_file_parse_state pstate; + struct auth_chunk* chunk; + size_t chunk_pos; + memset(&pstate, 0, sizeof(pstate)); + pstate.default_ttl = 3600; + if(xfr->namelen < sizeof(pstate.origin)) { + pstate.origin_len = xfr->namelen; + memmove(pstate.origin, xfr->name, xfr->namelen); + } + + if(verbosity >= VERB_ALGO) + verbose(VERB_ALGO, "http download %s of size %d", + xfr->task_transfer->master->file, + (int)chunklist_sum(xfr->task_transfer->chunks_first)); + if(xfr->task_transfer->chunks_first && verbosity >= VERB_ALGO) { + char preview[1024]; + if(xfr->task_transfer->chunks_first->len+1 > sizeof(preview)) { + memmove(preview, xfr->task_transfer->chunks_first->data, + sizeof(preview)-1); + preview[sizeof(preview)-1]=0; + } else { + memmove(preview, xfr->task_transfer->chunks_first->data, + xfr->task_transfer->chunks_first->len); + preview[xfr->task_transfer->chunks_first->len]=0; + } + log_info("auth zone http downloaded content preview: %s", + preview); + } + + /* perhaps a little syntax check before we try to apply the data? */ + if(!http_zonefile_syntax_check(xfr, scratch_buffer)) { + log_err("http download %s/%s does not contain a zonefile, " + "but got '%s'", xfr->task_transfer->master->host, + xfr->task_transfer->master->file, + sldns_buffer_begin(scratch_buffer)); + return 0; + } + + /* clear the data tree */ + traverse_postorder(&z->data, auth_data_del, NULL); + rbtree_init(&z->data, &auth_data_cmp); + xfr->have_zone = 0; + xfr->serial = 0; + + chunk = xfr->task_transfer->chunks_first; + chunk_pos = 0; + pstate.lineno = 0; + while(chunkline_get_line_collated(&chunk, &chunk_pos, scratch_buffer)) { + /* process this line */ + pstate.lineno++; + chunkline_newline_removal(scratch_buffer); + if(chunkline_is_comment_line_or_empty(scratch_buffer)) { + continue; + } + /* parse line and add RR */ + if(http_parse_origin(scratch_buffer, &pstate)) { + continue; /* $ORIGIN has been handled */ + } + if(http_parse_ttl(scratch_buffer, &pstate)) { + continue; /* $TTL has been handled */ + } + if(!http_parse_add_rr(xfr, z, scratch_buffer, &pstate)) { + verbose(VERB_ALGO, "error parsing line [%s:%d] %s", + xfr->task_transfer->master->file, + pstate.lineno, + sldns_buffer_begin(scratch_buffer)); + return 0; + } + } + return 1; +} + +/** write to zonefile after zone has been updated */ +static void +xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env) +{ + struct auth_zone* z; + char tmpfile[1024]; + lock_basic_unlock(&xfr->lock); + + /* get lock again, so it is a readlock and concurrently queries + * can be answered */ + lock_rw_rdlock(&env->auth_zones->lock); + z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, + xfr->dclass); + if(!z) { + lock_rw_unlock(&env->auth_zones->lock); + /* the zone is gone, ignore xfr results */ + lock_basic_lock(&xfr->lock); + return; + } + lock_rw_rdlock(&z->lock); + lock_basic_lock(&xfr->lock); + lock_rw_unlock(&env->auth_zones->lock); + + if(z->zonefile == NULL) { + lock_rw_unlock(&z->lock); + /* no write needed, no zonefile set */ + return; + } + + /* write to tempfile first */ + if((size_t)strlen(z->zonefile) + 16 > sizeof(tmpfile)) { + verbose(VERB_ALGO, "tmpfilename too long, cannot update " + " zonefile %s", z->zonefile); + lock_rw_unlock(&z->lock); + return; + } + snprintf(tmpfile, sizeof(tmpfile), "%s.tmp%u", z->zonefile, + (unsigned)getpid()); + if(!auth_zone_write_file(z, tmpfile)) { + unlink(tmpfile); + lock_rw_unlock(&z->lock); + return; + } + if(rename(tmpfile, z->zonefile) < 0) { + log_err("could not rename(%s, %s): %s", tmpfile, z->zonefile, + strerror(errno)); + unlink(tmpfile); + lock_rw_unlock(&z->lock); + return; + } + lock_rw_unlock(&z->lock); +} + +/** process chunk list and update zone in memory, + * return false if it did not work */ +static int +xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env, + int* ixfr_fail) +{ + struct auth_zone* z; + + /* obtain locks and structures */ + /* release xfr lock, then, while holding az->lock grab both + * z->lock and xfr->lock */ + lock_basic_unlock(&xfr->lock); + lock_rw_rdlock(&env->auth_zones->lock); + z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen, + xfr->dclass); + if(!z) { + lock_rw_unlock(&env->auth_zones->lock); + /* the zone is gone, ignore xfr results */ + lock_basic_lock(&xfr->lock); + return 0; + } + lock_rw_wrlock(&z->lock); + lock_basic_lock(&xfr->lock); + lock_rw_unlock(&env->auth_zones->lock); + + /* apply data */ + if(xfr->task_transfer->master->http) { + if(!apply_http(xfr, z, env->scratch_buffer)) { + lock_rw_unlock(&z->lock); + verbose(VERB_ALGO, "http from %s: could not store data", + xfr->task_transfer->master->host); + return 0; + } + } else if(xfr->task_transfer->on_ixfr && + !xfr->task_transfer->on_ixfr_is_axfr) { + if(!apply_ixfr(xfr, z, env->scratch_buffer)) { + lock_rw_unlock(&z->lock); + verbose(VERB_ALGO, "xfr from %s: could not store IXFR" + " data", xfr->task_transfer->master->host); + *ixfr_fail = 1; + return 0; + } + } else { + if(!apply_axfr(xfr, z, env->scratch_buffer)) { + lock_rw_unlock(&z->lock); + verbose(VERB_ALGO, "xfr from %s: could not store AXFR" + " data", xfr->task_transfer->master->host); + return 0; + } + } + xfr->zone_expired = 0; + z->zone_expired = 0; + if(!xfr_find_soa(z, xfr)) { + lock_rw_unlock(&z->lock); + verbose(VERB_ALGO, "xfr from %s: no SOA in zone after update" + " (or malformed RR)", xfr->task_transfer->master->host); + return 0; + } + if(xfr->have_zone) + xfr->lease_time = *env->now; + + /* unlock */ + lock_rw_unlock(&z->lock); + + if(verbosity >= VERB_QUERY && xfr->have_zone) { + char zname[256]; + dname_str(xfr->name, zname); + verbose(VERB_QUERY, "auth zone %s updated to serial %u", zname, + (unsigned)xfr->serial); + } + /* see if we need to write to a zonefile */ + xfr_write_after_update(xfr, env); + return 1; +} + +/** disown task_transfer. caller must hold xfr.lock */ +static void +xfr_transfer_disown(struct auth_xfer* xfr) +{ + /* remove the commpoint */ + comm_point_delete(xfr->task_transfer->cp); + xfr->task_transfer->cp = NULL; + /* we don't own this item anymore */ + xfr->task_transfer->worker = NULL; + xfr->task_transfer->env = NULL; +} + +/** lookup a host name for its addresses, if needed */ +static int +xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env) +{ + struct sockaddr_storage addr; + socklen_t addrlen = 0; + struct auth_master* master = xfr->task_transfer->lookup_target; + struct query_info qinfo; + uint16_t qflags = BIT_RD; + uint8_t dname[LDNS_MAX_DOMAINLEN+1]; + struct edns_data edns; + sldns_buffer* buf = env->scratch_buffer; + if(!master) return 0; + if(extstrtoaddr(master->host, &addr, &addrlen)) { + /* not needed, host is in IP addr format */ + return 0; + } + + /* use mesh_new_callback to probe for non-addr hosts, + * and then wait for them to be looked up (in cache, or query) */ + qinfo.qname_len = sizeof(dname); + if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len) + != 0) { + log_err("cannot parse host name of master %s", master->host); + return 0; + } + qinfo.qname = dname; + qinfo.qclass = xfr->dclass; + qinfo.qtype = LDNS_RR_TYPE_A; + if(xfr->task_transfer->lookup_aaaa) + qinfo.qtype = LDNS_RR_TYPE_AAAA; + qinfo.local_alias = NULL; + if(verbosity >= VERB_ALGO) { + char buf[512]; + char buf2[LDNS_MAX_DOMAINLEN+1]; + dname_str(xfr->name, buf2); + snprintf(buf, sizeof(buf), "auth zone %s: master lookup" + " for task_transfer", buf2); + log_query_info(VERB_ALGO, buf, &qinfo); + } + edns.edns_present = 1; + edns.ext_rcode = 0; + edns.edns_version = 0; + edns.bits = EDNS_DO; + edns.opt_list = NULL; + if(sldns_buffer_capacity(buf) < 65535) + edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); + else edns.udp_size = 65535; + + /* unlock xfr during mesh_new_callback() because the callback can be + * called straight away */ + lock_basic_unlock(&xfr->lock); + if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, + &auth_xfer_transfer_lookup_callback, xfr)) { + lock_basic_lock(&xfr->lock); + log_err("out of memory lookup up master %s", master->host); + return 0; + } + lock_basic_lock(&xfr->lock); + return 1; +} + +/** initiate TCP to the target and fetch zone. + * returns true if that was successfully started, and timeout setup. */ +static int +xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env) +{ + struct sockaddr_storage addr; + socklen_t addrlen = 0; + struct auth_master* master = xfr->task_transfer->master; + if(!master) return 0; + + /* get master addr */ + if(xfr->task_transfer->scan_addr) { + addrlen = xfr->task_transfer->scan_addr->addrlen; + memmove(&addr, &xfr->task_transfer->scan_addr->addr, addrlen); + } else { + if(!extstrtoaddr(master->host, &addr, &addrlen)) { + /* the ones that are not in addr format are supposed + * to be looked up. The lookup has failed however, + * so skip them */ + char zname[255+1]; + dname_str(xfr->name, zname); + log_err("%s: failed lookup, cannot transfer from master %s", + zname, master->host); + return 0; + } + } + + /* remove previous TCP connection (if any) */ + if(xfr->task_transfer->cp) { + comm_point_delete(xfr->task_transfer->cp); + xfr->task_transfer->cp = NULL; + } + + if(master->http) { + /* perform http fetch */ + /* store http port number into sockaddr, + * unless someone used unbound's host@port notation */ + if(strchr(master->host, '@') == NULL) + sockaddr_store_port(&addr, addrlen, master->port); + xfr->task_transfer->cp = outnet_comm_point_for_http( + env->outnet, auth_xfer_transfer_http_callback, xfr, + &addr, addrlen, AUTH_TRANSFER_TIMEOUT, master->ssl, + master->host, master->file); + if(!xfr->task_transfer->cp) { + char zname[255+1]; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "cannot create http cp " + "connection for %s to %s", zname, + master->host); + return 0; + } + return 1; + } + + /* perform AXFR/IXFR */ + /* set the packet to be written */ + /* create new ID */ + xfr->task_transfer->id = (uint16_t)(ub_random(env->rnd)&0xffff); + xfr_create_ixfr_packet(xfr, env->scratch_buffer, + xfr->task_transfer->id, master); + + /* connect on fd */ + xfr->task_transfer->cp = outnet_comm_point_for_tcp(env->outnet, + auth_xfer_transfer_tcp_callback, xfr, &addr, addrlen, + env->scratch_buffer, AUTH_TRANSFER_TIMEOUT); + if(!xfr->task_transfer->cp) { + char zname[255+1]; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "cannot create tcp cp connection for " + "xfr %s to %s", zname, master->host); + return 0; + } + return 1; +} + +/** perform next lookup, next transfer TCP, or end and resume wait time task */ +static void +xfr_transfer_nexttarget_or_end(struct auth_xfer* xfr, struct module_env* env) +{ + log_assert(xfr->task_transfer->worker == env->worker); + + /* are we performing lookups? */ + while(xfr->task_transfer->lookup_target) { + if(xfr_transfer_lookup_host(xfr, env)) { + /* wait for lookup to finish, + * note that the hostname may be in unbound's cache + * and we may then get an instant cache response, + * and that calls the callback just like a full + * lookup and lookup failures also call callback */ + lock_basic_unlock(&xfr->lock); + return; + } + xfr_transfer_move_to_next_lookup(xfr, env); + } + + /* initiate TCP and fetch the zone from the master */ + /* and set timeout on it */ + while(!xfr_transfer_end_of_list(xfr)) { + xfr->task_transfer->master = xfr_transfer_current_master(xfr); + if(xfr_transfer_init_fetch(xfr, env)) { + /* successfully started, wait for callback */ + lock_basic_unlock(&xfr->lock); + return; + } + /* failed to fetch, next master */ + xfr_transfer_nextmaster(xfr); + } + + /* we failed to fetch the zone, move to wait task + * use the shorter retry timeout */ + xfr_transfer_disown(xfr); + + /* pick up the nextprobe task and wait */ + xfr_set_timeout(xfr, env, 1); + lock_basic_unlock(&xfr->lock); +} + +/** add addrs from A or AAAA rrset to the master */ +static void +xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset, + uint16_t rrtype) +{ + size_t i; + struct packed_rrset_data* data; + if(!m || !rrset) return; + data = (struct packed_rrset_data*)rrset->entry.data; + for(i=0; i<data->count; i++) { + struct auth_addr* a; + size_t len = data->rr_len[i] - 2; + uint8_t* rdata = data->rr_data[i]+2; + if(rrtype == LDNS_RR_TYPE_A && len != INET_SIZE) + continue; /* wrong length for A */ + if(rrtype == LDNS_RR_TYPE_AAAA && len != INET6_SIZE) + continue; /* wrong length for AAAA */ + + /* add and alloc it */ + a = (struct auth_addr*)calloc(1, sizeof(*a)); + if(!a) { + log_err("out of memory"); + return; + } + if(rrtype == LDNS_RR_TYPE_A) { + struct sockaddr_in* sa; + a->addrlen = (socklen_t)sizeof(*sa); + sa = (struct sockaddr_in*)&a->addr; + sa->sin_family = AF_INET; + sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT); + memmove(&sa->sin_addr, rdata, INET_SIZE); + } else { + struct sockaddr_in6* sa; + a->addrlen = (socklen_t)sizeof(*sa); + sa = (struct sockaddr_in6*)&a->addr; + sa->sin6_family = AF_INET6; + sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT); + memmove(&sa->sin6_addr, rdata, INET6_SIZE); + } + if(verbosity >= VERB_ALGO) { + char s[64]; + addr_to_str(&a->addr, a->addrlen, s, sizeof(s)); + verbose(VERB_ALGO, "auth host %s lookup %s", + m->host, s); + } + /* append to list */ + a->next = m->list; + m->list = a; + } +} + +/** callback for task_transfer lookup of host name, of A or AAAA */ +void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf, + enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus)) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + log_assert(xfr->task_transfer); + lock_basic_lock(&xfr->lock); + env = xfr->task_transfer->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return; /* stop on quit */ + } + + /* process result */ + if(rcode == LDNS_RCODE_NOERROR) { + uint16_t wanted_qtype = LDNS_RR_TYPE_A; + struct regional* temp = env->scratch; + struct query_info rq; + struct reply_info* rep; + if(xfr->task_transfer->lookup_aaaa) + wanted_qtype = LDNS_RR_TYPE_AAAA; + memset(&rq, 0, sizeof(rq)); + rep = parse_reply_in_temp_region(buf, temp, &rq); + if(rep && rq.qtype == wanted_qtype && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { + /* parsed successfully */ + struct ub_packed_rrset_key* answer = + reply_find_answer_rrset(&rq, rep); + if(answer) { + xfr_master_add_addrs(xfr->task_transfer-> + lookup_target, answer, wanted_qtype); + } + } + } + if(xfr->task_transfer->lookup_target->list && + xfr->task_transfer->lookup_target == xfr_transfer_current_master(xfr)) + xfr->task_transfer->scan_addr = xfr->task_transfer->lookup_target->list; + + /* move to lookup AAAA after A lookup, move to next hostname lookup, + * or move to fetch the zone, or, if nothing to do, end task_transfer */ + xfr_transfer_move_to_next_lookup(xfr, env); + xfr_transfer_nexttarget_or_end(xfr, env); +} + +/** check if xfer (AXFR or IXFR) packet is OK. + * return false if we lost connection (SERVFAIL, or unreadable). + * return false if we need to move from IXFR to AXFR, with gonextonfail + * set to false, so the same master is tried again, but with AXFR. + * return true if fine to link into data. + * return true with transferdone=true when the transfer has ended. + */ +static int +check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr, + int* gonextonfail, int* transferdone) +{ + uint8_t* wire = sldns_buffer_begin(pkt); + int i; + if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) { + verbose(VERB_ALGO, "xfr to %s failed, packet too small", + xfr->task_transfer->master->host); + return 0; + } + if(!LDNS_QR_WIRE(wire)) { + verbose(VERB_ALGO, "xfr to %s failed, packet has no QR flag", + xfr->task_transfer->master->host); + return 0; + } + if(LDNS_TC_WIRE(wire)) { + verbose(VERB_ALGO, "xfr to %s failed, packet has TC flag", + xfr->task_transfer->master->host); + return 0; + } + /* check ID */ + if(LDNS_ID_WIRE(wire) != xfr->task_transfer->id) { + verbose(VERB_ALGO, "xfr to %s failed, packet wrong ID", + xfr->task_transfer->master->host); + return 0; + } + if(LDNS_RCODE_WIRE(wire) != LDNS_RCODE_NOERROR) { + char rcode[32]; + sldns_wire2str_rcode_buf((int)LDNS_RCODE_WIRE(wire), rcode, + sizeof(rcode)); + /* if we are doing IXFR, check for fallback */ + if(xfr->task_transfer->on_ixfr) { + if(LDNS_RCODE_WIRE(wire) == LDNS_RCODE_NOTIMPL || + LDNS_RCODE_WIRE(wire) == LDNS_RCODE_SERVFAIL || + LDNS_RCODE_WIRE(wire) == LDNS_RCODE_REFUSED || + LDNS_RCODE_WIRE(wire) == LDNS_RCODE_FORMERR) { + verbose(VERB_ALGO, "xfr to %s, fallback " + "from IXFR to AXFR (with rcode %s)", + xfr->task_transfer->master->host, + rcode); + xfr->task_transfer->ixfr_fail = 1; + *gonextonfail = 0; + return 0; + } + } + verbose(VERB_ALGO, "xfr to %s failed, packet with rcode %s", + xfr->task_transfer->master->host, rcode); + return 0; + } + if(LDNS_OPCODE_WIRE(wire) != LDNS_PACKET_QUERY) { + verbose(VERB_ALGO, "xfr to %s failed, packet with bad opcode", + xfr->task_transfer->master->host); + return 0; + } + if(LDNS_QDCOUNT(wire) > 1) { + verbose(VERB_ALGO, "xfr to %s failed, packet has qdcount %d", + xfr->task_transfer->master->host, + (int)LDNS_QDCOUNT(wire)); + return 0; + } + + /* check qname */ + sldns_buffer_set_position(pkt, LDNS_HEADER_SIZE); + for(i=0; i<(int)LDNS_QDCOUNT(wire); i++) { + size_t pos = sldns_buffer_position(pkt); + uint16_t qtype, qclass; + if(pkt_dname_len(pkt) == 0) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "malformed dname", + xfr->task_transfer->master->host); + return 0; + } + if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos), + xfr->name) != 0) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "wrong qname", + xfr->task_transfer->master->host); + return 0; + } + if(sldns_buffer_remaining(pkt) < 4) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated query RR", + xfr->task_transfer->master->host); + return 0; + } + qtype = sldns_buffer_read_u16(pkt); + qclass = sldns_buffer_read_u16(pkt); + if(qclass != xfr->dclass) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "wrong qclass", + xfr->task_transfer->master->host); + return 0; + } + if(xfr->task_transfer->on_ixfr) { + if(qtype != LDNS_RR_TYPE_IXFR) { + verbose(VERB_ALGO, "xfr to %s failed, packet " + "with wrong qtype, expected IXFR", + xfr->task_transfer->master->host); + return 0; + } + } else { + if(qtype != LDNS_RR_TYPE_AXFR) { + verbose(VERB_ALGO, "xfr to %s failed, packet " + "with wrong qtype, expected AXFR", + xfr->task_transfer->master->host); + return 0; + } + } + } + + /* check parse of RRs in packet, store first SOA serial + * to be able to detect last SOA (with that serial) to see if done */ + /* also check for IXFR 'zone up to date' reply */ + for(i=0; i<(int)LDNS_ANCOUNT(wire); i++) { + size_t pos = sldns_buffer_position(pkt); + uint16_t tp, rdlen; + if(pkt_dname_len(pkt) == 0) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "malformed dname in answer section", + xfr->task_transfer->master->host); + return 0; + } + if(sldns_buffer_remaining(pkt) < 10) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated RR", + xfr->task_transfer->master->host); + return 0; + } + tp = sldns_buffer_read_u16(pkt); + (void)sldns_buffer_read_u16(pkt); /* class */ + (void)sldns_buffer_read_u32(pkt); /* ttl */ + rdlen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdlen) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated RR rdata", + xfr->task_transfer->master->host); + return 0; + } + + /* RR parses (haven't checked rdata itself), now look at + * SOA records to see serial number */ + if(xfr->task_transfer->rr_scan_num == 0 && + tp != LDNS_RR_TYPE_SOA) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "malformed zone transfer, no start SOA", + xfr->task_transfer->master->host); + return 0; + } + if(xfr->task_transfer->rr_scan_num == 1 && + tp != LDNS_RR_TYPE_SOA) { + /* second RR is not a SOA record, this is not an IXFR + * the master is replying with an AXFR */ + xfr->task_transfer->on_ixfr_is_axfr = 1; + } + if(tp == LDNS_RR_TYPE_SOA) { + uint32_t serial; + if(rdlen < 22) { + verbose(VERB_ALGO, "xfr to %s failed, packet " + "with SOA with malformed rdata", + xfr->task_transfer->master->host); + return 0; + } + if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos), + xfr->name) != 0) { + verbose(VERB_ALGO, "xfr to %s failed, packet " + "with SOA with wrong dname", + xfr->task_transfer->master->host); + return 0; + } + + /* read serial number of SOA */ + serial = sldns_buffer_read_u32_at(pkt, + sldns_buffer_position(pkt)+rdlen-20); + + /* check for IXFR 'zone has SOA x' reply */ + if(xfr->task_transfer->on_ixfr && + xfr->task_transfer->rr_scan_num == 0 && + LDNS_ANCOUNT(wire)==1) { + verbose(VERB_ALGO, "xfr to %s ended, " + "IXFR reply that zone has serial %u", + xfr->task_transfer->master->host, + (unsigned)serial); + return 0; + } + + /* if first SOA, store serial number */ + if(xfr->task_transfer->got_xfr_serial == 0) { + xfr->task_transfer->got_xfr_serial = 1; + xfr->task_transfer->incoming_xfr_serial = + serial; + verbose(VERB_ALGO, "xfr %s: contains " + "SOA serial %u", + xfr->task_transfer->master->host, + (unsigned)serial); + /* see if end of AXFR */ + } else if(!xfr->task_transfer->on_ixfr || + xfr->task_transfer->on_ixfr_is_axfr) { + /* second SOA with serial is the end + * for AXFR */ + *transferdone = 1; + verbose(VERB_ALGO, "xfr %s: last AXFR packet", + xfr->task_transfer->master->host); + /* for IXFR, count SOA records with that serial */ + } else if(xfr->task_transfer->incoming_xfr_serial == + serial && xfr->task_transfer->got_xfr_serial + == 1) { + xfr->task_transfer->got_xfr_serial++; + /* if not first soa, if serial==firstserial, the + * third time we are at the end, for IXFR */ + } else if(xfr->task_transfer->incoming_xfr_serial == + serial && xfr->task_transfer->got_xfr_serial + == 2) { + verbose(VERB_ALGO, "xfr %s: last IXFR packet", + xfr->task_transfer->master->host); + *transferdone = 1; + /* continue parse check, if that succeeds, + * transfer is done */ + } + } + xfr->task_transfer->rr_scan_num++; + + /* skip over RR rdata to go to the next RR */ + sldns_buffer_skip(pkt, (ssize_t)rdlen); + } + + /* check authority section */ + /* we skip over the RRs checking packet format */ + for(i=0; i<(int)LDNS_NSCOUNT(wire); i++) { + uint16_t rdlen; + if(pkt_dname_len(pkt) == 0) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "malformed dname in authority section", + xfr->task_transfer->master->host); + return 0; + } + if(sldns_buffer_remaining(pkt) < 10) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated RR", + xfr->task_transfer->master->host); + return 0; + } + (void)sldns_buffer_read_u16(pkt); /* type */ + (void)sldns_buffer_read_u16(pkt); /* class */ + (void)sldns_buffer_read_u32(pkt); /* ttl */ + rdlen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdlen) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated RR rdata", + xfr->task_transfer->master->host); + return 0; + } + /* skip over RR rdata to go to the next RR */ + sldns_buffer_skip(pkt, (ssize_t)rdlen); + } + + /* check additional section */ + for(i=0; i<(int)LDNS_ARCOUNT(wire); i++) { + uint16_t rdlen; + if(pkt_dname_len(pkt) == 0) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "malformed dname in additional section", + xfr->task_transfer->master->host); + return 0; + } + if(sldns_buffer_remaining(pkt) < 10) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated RR", + xfr->task_transfer->master->host); + return 0; + } + (void)sldns_buffer_read_u16(pkt); /* type */ + (void)sldns_buffer_read_u16(pkt); /* class */ + (void)sldns_buffer_read_u32(pkt); /* ttl */ + rdlen = sldns_buffer_read_u16(pkt); + if(sldns_buffer_remaining(pkt) < rdlen) { + verbose(VERB_ALGO, "xfr to %s failed, packet with " + "truncated RR rdata", + xfr->task_transfer->master->host); + return 0; + } + /* skip over RR rdata to go to the next RR */ + sldns_buffer_skip(pkt, (ssize_t)rdlen); + } + + return 1; +} + +/** Link the data from this packet into the worklist of transferred data */ +static int +xfer_link_data(sldns_buffer* pkt, struct auth_xfer* xfr) +{ + /* alloc it */ + struct auth_chunk* e; + e = (struct auth_chunk*)calloc(1, sizeof(*e)); + if(!e) return 0; + e->next = NULL; + e->len = sldns_buffer_limit(pkt); + e->data = memdup(sldns_buffer_begin(pkt), e->len); + if(!e->data) { + free(e); + return 0; + } + + /* alloc succeeded, link into list */ + if(!xfr->task_transfer->chunks_first) + xfr->task_transfer->chunks_first = e; + if(xfr->task_transfer->chunks_last) + xfr->task_transfer->chunks_last->next = e; + xfr->task_transfer->chunks_last = e; + return 1; +} + +/** task transfer. the list of data is complete. process it and if failed + * move to next master, if succeeded, end the task transfer */ +static void +process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env) +{ + int ixfr_fail = 0; + if(xfr_process_chunk_list(xfr, env, &ixfr_fail)) { + /* it worked! */ + auth_chunks_delete(xfr->task_transfer); + + /* we fetched the zone, move to wait task */ + xfr_transfer_disown(xfr); + + /* pick up the nextprobe task and wait (normail wait time) */ + xfr_set_timeout(xfr, env, 0); + lock_basic_unlock(&xfr->lock); + return; + } + /* processing failed */ + /* when done, delete data from list */ + auth_chunks_delete(xfr->task_transfer); + if(ixfr_fail) { + xfr->task_transfer->ixfr_fail = 1; + } else { + xfr_transfer_nextmaster(xfr); + } + xfr_transfer_nexttarget_or_end(xfr, env); +} + +/** callback for task_transfer tcp connections */ +int +auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, + struct comm_reply* ATTR_UNUSED(repinfo)) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + int gonextonfail = 1; + int transferdone = 0; + log_assert(xfr->task_transfer); + lock_basic_lock(&xfr->lock); + env = xfr->task_transfer->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return 0; /* stop on quit */ + } + + if(err != NETEVENT_NOERROR) { + /* connection failed, closed, or timeout */ + /* stop this transfer, cleanup + * and continue task_transfer*/ + verbose(VERB_ALGO, "xfr stopped, connection lost to %s", + xfr->task_transfer->master->host); + failed: + /* delete transferred data from list */ + auth_chunks_delete(xfr->task_transfer); + comm_point_delete(xfr->task_transfer->cp); + xfr->task_transfer->cp = NULL; + xfr_transfer_nextmaster(xfr); + xfr_transfer_nexttarget_or_end(xfr, env); + return 0; + } + + /* handle returned packet */ + /* if it fails, cleanup and end this transfer */ + /* if it needs to fallback from IXFR to AXFR, do that */ + if(!check_xfer_packet(c->buffer, xfr, &gonextonfail, &transferdone)) { + goto failed; + } + /* if it is good, link it into the list of data */ + /* if the link into list of data fails (malloc fail) cleanup and end */ + if(!xfer_link_data(c->buffer, xfr)) { + verbose(VERB_ALGO, "xfr stopped to %s, malloc failed", + xfr->task_transfer->master->host); + goto failed; + } + /* if the transfer is done now, disconnect and process the list */ + if(transferdone) { + comm_point_delete(xfr->task_transfer->cp); + xfr->task_transfer->cp = NULL; + process_list_end_transfer(xfr, env); + return 0; + } + + /* if we want to read more messages, setup the commpoint to read + * a DNS packet, and the timeout */ + lock_basic_unlock(&xfr->lock); + c->tcp_is_reading = 1; + sldns_buffer_clear(c->buffer); + comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT); + return 0; +} + +/** callback for task_transfer http connections */ +int +auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err, + struct comm_reply* repinfo) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + log_assert(xfr->task_transfer); + lock_basic_lock(&xfr->lock); + env = xfr->task_transfer->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return 0; /* stop on quit */ + } + verbose(VERB_ALGO, "auth zone transfer http callback"); + + if(err != NETEVENT_NOERROR && err != NETEVENT_DONE) { + /* connection failed, closed, or timeout */ + /* stop this transfer, cleanup + * and continue task_transfer*/ + verbose(VERB_ALGO, "http stopped, connection lost to %s", + xfr->task_transfer->master->host); + failed: + /* delete transferred data from list */ + auth_chunks_delete(xfr->task_transfer); + if(repinfo) repinfo->c = NULL; /* signal cp deleted to + the routine calling this callback */ + comm_point_delete(xfr->task_transfer->cp); + xfr->task_transfer->cp = NULL; + xfr_transfer_nextmaster(xfr); + xfr_transfer_nexttarget_or_end(xfr, env); + return 0; + } + + /* if it is good, link it into the list of data */ + /* if the link into list of data fails (malloc fail) cleanup and end */ + if(sldns_buffer_limit(c->buffer) > 0) { + verbose(VERB_ALGO, "auth zone http queued up %d bytes", + (int)sldns_buffer_limit(c->buffer)); + if(!xfer_link_data(c->buffer, xfr)) { + verbose(VERB_ALGO, "http stopped to %s, malloc failed", + xfr->task_transfer->master->host); + goto failed; + } + } + /* if the transfer is done now, disconnect and process the list */ + if(err == NETEVENT_DONE) { + if(repinfo) repinfo->c = NULL; /* signal cp deleted to + the routine calling this callback */ + comm_point_delete(xfr->task_transfer->cp); + xfr->task_transfer->cp = NULL; + process_list_end_transfer(xfr, env); + return 0; + } + + /* if we want to read more messages, setup the commpoint to read + * a DNS packet, and the timeout */ + lock_basic_unlock(&xfr->lock); + c->tcp_is_reading = 1; + sldns_buffer_clear(c->buffer); + comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT); + return 0; +} + + +/** start transfer task by this worker , xfr is locked. */ +static void +xfr_start_transfer(struct auth_xfer* xfr, struct module_env* env, + struct auth_master* master) +{ + log_assert(xfr->task_transfer != NULL); + log_assert(xfr->task_transfer->worker == NULL); + log_assert(xfr->task_transfer->chunks_first == NULL); + log_assert(xfr->task_transfer->chunks_last == NULL); + xfr->task_transfer->worker = env->worker; + xfr->task_transfer->env = env; + + /* init transfer process */ + /* find that master in the transfer's list of masters? */ + xfr_transfer_start_list(xfr, master); + /* start lookup for hostnames in transfer master list */ + xfr_transfer_start_lookups(xfr); + + /* initiate TCP, and set timeout on it */ + xfr_transfer_nexttarget_or_end(xfr, env); +} + +/** disown task_probe. caller must hold xfr.lock */ +static void +xfr_probe_disown(struct auth_xfer* xfr) +{ + /* remove timer (from this worker's event base) */ + comm_timer_delete(xfr->task_probe->timer); + xfr->task_probe->timer = NULL; + /* remove the commpoint */ + comm_point_delete(xfr->task_probe->cp); + xfr->task_probe->cp = NULL; + /* we don't own this item anymore */ + xfr->task_probe->worker = NULL; + xfr->task_probe->env = NULL; +} + +/** send the UDP probe to the master, this is part of task_probe */ +static int +xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env, + int timeout) +{ + struct sockaddr_storage addr; + socklen_t addrlen = 0; + struct timeval t; + /* pick master */ + struct auth_master* master = xfr_probe_current_master(xfr); + if(!master) return 0; + + /* get master addr */ + if(xfr->task_probe->scan_addr) { + addrlen = xfr->task_probe->scan_addr->addrlen; + memmove(&addr, &xfr->task_probe->scan_addr->addr, addrlen); + } else { + if(!extstrtoaddr(master->host, &addr, &addrlen)) { + /* the ones that are not in addr format are supposed + * to be looked up. The lookup has failed however, + * so skip them */ + char zname[255+1]; + dname_str(xfr->name, zname); + log_err("%s: failed lookup, cannot probe to master %s", + zname, master->host); + return 0; + } + } + + /* create packet */ + /* create new ID for new probes, but not on timeout retries, + * this means we'll accept replies to previous retries to same ip */ + if(timeout == AUTH_PROBE_TIMEOUT) + xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff); + xfr_create_soa_probe_packet(xfr, env->scratch_buffer, + xfr->task_probe->id); + if(!xfr->task_probe->cp) { + xfr->task_probe->cp = outnet_comm_point_for_udp(env->outnet, + auth_xfer_probe_udp_callback, xfr, &addr, addrlen); + if(!xfr->task_probe->cp) { + char zname[255+1]; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "cannot create udp cp for " + "probe %s to %s", zname, master->host); + return 0; + } + } + if(!xfr->task_probe->timer) { + xfr->task_probe->timer = comm_timer_create(env->worker_base, + auth_xfer_probe_timer_callback, xfr); + if(!xfr->task_probe->timer) { + log_err("malloc failure"); + return 0; + } + } + + /* send udp packet */ + if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer, + (struct sockaddr*)&addr, addrlen)) { + char zname[255+1]; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "failed to send soa probe for %s to %s", + zname, master->host); + return 0; + } + xfr->task_probe->timeout = timeout; +#ifndef S_SPLINT_S + t.tv_sec = timeout/1000; + t.tv_usec = (timeout%1000)*1000; +#endif + comm_timer_set(xfr->task_probe->timer, &t); + + return 1; +} + +/** callback for task_probe timer */ +void +auth_xfer_probe_timer_callback(void* arg) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + log_assert(xfr->task_probe); + lock_basic_lock(&xfr->lock); + env = xfr->task_probe->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return; /* stop on quit */ + } + + if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) { + /* try again with bigger timeout */ + if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) { + lock_basic_unlock(&xfr->lock); + return; + } + } + /* delete commpoint so a new one is created, with a fresh port nr */ + comm_point_delete(xfr->task_probe->cp); + xfr->task_probe->cp = NULL; + + /* too many timeouts (or fail to send), move to next or end */ + xfr_probe_nextmaster(xfr); + xfr_probe_send_or_end(xfr, env); +} + +/** callback for task_probe udp packets */ +int +auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, + struct comm_reply* repinfo) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + log_assert(xfr->task_probe); + lock_basic_lock(&xfr->lock); + env = xfr->task_probe->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return 0; /* stop on quit */ + } + + /* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT + * and we set rep.c=NULL to stop if from looking inside the commpoint*/ + repinfo->c = NULL; + /* stop the timer */ + comm_timer_disable(xfr->task_probe->timer); + + /* see if we got a packet and what that means */ + if(err == NETEVENT_NOERROR) { + uint32_t serial = 0; + if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr, + &serial)) { + /* successful lookup */ + if(verbosity >= VERB_ALGO) { + char buf[256]; + dname_str(xfr->name, buf); + verbose(VERB_ALGO, "auth zone %s: soa probe " + "serial is %u", buf, (unsigned)serial); + } + /* see if this serial indicates that the zone has + * to be updated */ + if(xfr_serial_means_update(xfr, serial)) { + /* if updated, start the transfer task, if needed */ + verbose(VERB_ALGO, "auth_zone updated, start transfer"); + if(xfr->task_transfer->worker == NULL) { + struct auth_master* master = + xfr_probe_current_master(xfr); + /* if we have download URLs use them + * in preference to this master we + * just probed the SOA from */ + if(xfr->task_transfer->masters && + xfr->task_transfer->masters->http) + master = NULL; + xfr_probe_disown(xfr); + xfr_start_transfer(xfr, env, master); + return 0; + + } + } else { + /* if zone not updated, start the wait timer again */ + verbose(VERB_ALGO, "auth_zone unchanged, new lease, wait"); + if(xfr->have_zone) + xfr->lease_time = *env->now; + if(xfr->task_nextprobe->worker == NULL) + xfr_set_timeout(xfr, env, 0); + } + /* other tasks are running, we don't do this anymore */ + xfr_probe_disown(xfr); + lock_basic_unlock(&xfr->lock); + /* return, we don't sent a reply to this udp packet, + * and we setup the tasks to do next */ + return 0; + } + } + if(verbosity >= VERB_ALGO) { + char buf[256]; + dname_str(xfr->name, buf); + verbose(VERB_ALGO, "auth zone %s: soa probe failed", buf); + } + + /* failed lookup */ + /* delete commpoint so a new one is created, with a fresh port nr */ + comm_point_delete(xfr->task_probe->cp); + xfr->task_probe->cp = NULL; + + /* if the result was not a successfull probe, we need + * to send the next one */ + xfr_probe_nextmaster(xfr); + xfr_probe_send_or_end(xfr, env); + return 0; +} + +/** lookup a host name for its addresses, if needed */ +static int +xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env) +{ + struct sockaddr_storage addr; + socklen_t addrlen = 0; + struct auth_master* master = xfr->task_probe->lookup_target; + struct query_info qinfo; + uint16_t qflags = BIT_RD; + uint8_t dname[LDNS_MAX_DOMAINLEN+1]; + struct edns_data edns; + sldns_buffer* buf = env->scratch_buffer; + if(!master) return 0; + if(extstrtoaddr(master->host, &addr, &addrlen)) { + /* not needed, host is in IP addr format */ + return 0; + } + + /* use mesh_new_callback to probe for non-addr hosts, + * and then wait for them to be looked up (in cache, or query) */ + qinfo.qname_len = sizeof(dname); + if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len) + != 0) { + log_err("cannot parse host name of master %s", master->host); + return 0; + } + qinfo.qname = dname; + qinfo.qclass = xfr->dclass; + qinfo.qtype = LDNS_RR_TYPE_A; + if(xfr->task_probe->lookup_aaaa) + qinfo.qtype = LDNS_RR_TYPE_AAAA; + qinfo.local_alias = NULL; + if(verbosity >= VERB_ALGO) { + char buf[512]; + char buf2[LDNS_MAX_DOMAINLEN+1]; + dname_str(xfr->name, buf2); + snprintf(buf, sizeof(buf), "auth zone %s: master lookup" + " for task_probe", buf2); + log_query_info(VERB_ALGO, buf, &qinfo); + } + edns.edns_present = 1; + edns.ext_rcode = 0; + edns.edns_version = 0; + edns.bits = EDNS_DO; + edns.opt_list = NULL; + if(sldns_buffer_capacity(buf) < 65535) + edns.udp_size = (uint16_t)sldns_buffer_capacity(buf); + else edns.udp_size = 65535; + + /* unlock xfr during mesh_new_callback() because the callback can be + * called straight away */ + lock_basic_unlock(&xfr->lock); + if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, + &auth_xfer_probe_lookup_callback, xfr)) { + lock_basic_lock(&xfr->lock); + log_err("out of memory lookup up master %s", master->host); + return 0; + } + lock_basic_lock(&xfr->lock); + return 1; +} + +/** move to sending the probe packets, next if fails. task_probe */ +static void +xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env) +{ + /* are we doing hostname lookups? */ + while(xfr->task_probe->lookup_target) { + if(xfr_probe_lookup_host(xfr, env)) { + /* wait for lookup to finish, + * note that the hostname may be in unbound's cache + * and we may then get an instant cache response, + * and that calls the callback just like a full + * lookup and lookup failures also call callback */ + lock_basic_unlock(&xfr->lock); + return; + } + xfr_probe_move_to_next_lookup(xfr, env); + } + + /* send probe packets */ + while(!xfr_probe_end_of_list(xfr)) { + if(xfr_probe_send_probe(xfr, env, AUTH_PROBE_TIMEOUT)) { + /* successfully sent probe, wait for callback */ + lock_basic_unlock(&xfr->lock); + return; + } + /* failed to send probe, next master */ + xfr_probe_nextmaster(xfr); + } + + /* we failed to send this as well, move to the wait task, + * use the shorter retry timeout */ + xfr_probe_disown(xfr); + + /* pick up the nextprobe task and wait */ + xfr_set_timeout(xfr, env, 1); + lock_basic_unlock(&xfr->lock); +} + +/** callback for task_probe lookup of host name, of A or AAAA */ +void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf, + enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus)) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + log_assert(xfr->task_probe); + lock_basic_lock(&xfr->lock); + env = xfr->task_probe->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return; /* stop on quit */ + } + + /* process result */ + if(rcode == LDNS_RCODE_NOERROR) { + uint16_t wanted_qtype = LDNS_RR_TYPE_A; + struct regional* temp = env->scratch; + struct query_info rq; + struct reply_info* rep; + if(xfr->task_probe->lookup_aaaa) + wanted_qtype = LDNS_RR_TYPE_AAAA; + memset(&rq, 0, sizeof(rq)); + rep = parse_reply_in_temp_region(buf, temp, &rq); + if(rep && rq.qtype == wanted_qtype && + FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) { + /* parsed successfully */ + struct ub_packed_rrset_key* answer = + reply_find_answer_rrset(&rq, rep); + if(answer) { + xfr_master_add_addrs(xfr->task_probe-> + lookup_target, answer, wanted_qtype); + } + } + } + if(xfr->task_probe->lookup_target->list && + xfr->task_probe->lookup_target == xfr_probe_current_master(xfr)) + xfr->task_probe->scan_addr = xfr->task_probe->lookup_target->list; + + /* move to lookup AAAA after A lookup, move to next hostname lookup, + * or move to send the probes, or, if nothing to do, end task_probe */ + xfr_probe_move_to_next_lookup(xfr, env); + xfr_probe_send_or_end(xfr, env); +} + +/** disown task_nextprobe. caller must hold xfr.lock */ +static void +xfr_nextprobe_disown(struct auth_xfer* xfr) +{ + /* delete the timer, because the next worker to pick this up may + * not have the same event base */ + comm_timer_delete(xfr->task_nextprobe->timer); + xfr->task_nextprobe->timer = NULL; + xfr->task_nextprobe->next_probe = 0; + /* we don't own this item anymore */ + xfr->task_nextprobe->worker = NULL; + xfr->task_nextprobe->env = NULL; +} + +/** xfer nextprobe timeout callback, this is part of task_nextprobe */ +void +auth_xfer_timer(void* arg) +{ + struct auth_xfer* xfr = (struct auth_xfer*)arg; + struct module_env* env; + log_assert(xfr->task_nextprobe); + lock_basic_lock(&xfr->lock); + env = xfr->task_nextprobe->env; + if(env->outnet->want_to_quit) { + lock_basic_unlock(&xfr->lock); + return; /* stop on quit */ + } + + /* see if zone has expired, and if so, also set auth_zone expired */ + if(xfr->have_zone && !xfr->zone_expired && + *env->now >= xfr->lease_time + xfr->expiry) { + lock_basic_unlock(&xfr->lock); + auth_xfer_set_expired(xfr, env, 1); + lock_basic_lock(&xfr->lock); + } + + xfr_nextprobe_disown(xfr); + + /* see if we need to start a probe (or maybe it is already in + * progress (due to notify)) */ + if(xfr->task_probe->worker == NULL) { + if(xfr->task_probe->masters == NULL) { + /* useless to pick up task_probe, no masters to + * probe. Instead attempt to pick up task transfer */ + if(xfr->task_transfer->worker == NULL) { + xfr_start_transfer(xfr, env, NULL); + } else { + /* task transfer already in progress */ + lock_basic_unlock(&xfr->lock); + } + return; + } + + /* pick up the probe task ourselves */ + xfr->task_probe->worker = env->worker; + xfr->task_probe->env = env; + xfr->task_probe->cp = NULL; + + /* start the task */ + /* this was a timeout, so no specific first master to scan */ + xfr_probe_start_list(xfr, NULL); + /* setup to start the lookup of hostnames of masters afresh */ + xfr_probe_start_lookups(xfr); + /* send the probe packet or next send, or end task */ + xfr_probe_send_or_end(xfr, env); + } else { + lock_basic_unlock(&xfr->lock); + } +} + +/** for task_nextprobe. + * determine next timeout for auth_xfer. Also (re)sets timer. + * @param xfr: task structure + * @param env: module environment, with worker and time. + * @param failure: set true if timer should be set for failure retry. + */ +static void +xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env, + int failure) +{ + struct timeval tv; + log_assert(xfr->task_nextprobe != NULL); + log_assert(xfr->task_nextprobe->worker == NULL || + xfr->task_nextprobe->worker == env->worker); + /* normally, nextprobe = startoflease + refresh, + * but if expiry is sooner, use that one. + * after a failure, use the retry timer instead. */ + xfr->task_nextprobe->next_probe = *env->now; + if(xfr->lease_time) + xfr->task_nextprobe->next_probe = xfr->lease_time; + + if(!failure) { + xfr->task_nextprobe->backoff = 0; + } else { + if(xfr->task_nextprobe->backoff == 0) + xfr->task_nextprobe->backoff = 3; + else xfr->task_nextprobe->backoff *= 2; + if(xfr->task_nextprobe->backoff > AUTH_TRANSFER_MAX_BACKOFF) + xfr->task_nextprobe->backoff = + AUTH_TRANSFER_MAX_BACKOFF; + } + + if(xfr->have_zone) { + time_t wait = xfr->refresh; + if(failure) wait = xfr->retry; + if(xfr->expiry < wait) + xfr->task_nextprobe->next_probe += xfr->expiry; + else xfr->task_nextprobe->next_probe += wait; + if(failure) + xfr->task_nextprobe->next_probe += + xfr->task_nextprobe->backoff; + } else { + xfr->task_nextprobe->next_probe += + xfr->task_nextprobe->backoff; + } + + if(!xfr->task_nextprobe->timer) { + xfr->task_nextprobe->timer = comm_timer_create( + env->worker_base, auth_xfer_timer, xfr); + if(!xfr->task_nextprobe->timer) { + /* failed to malloc memory. likely zone transfer + * also fails for that. skip the timeout */ + char zname[255+1]; + dname_str(xfr->name, zname); + log_err("cannot allocate timer, no refresh for %s", + zname); + return; + } + } + xfr->task_nextprobe->worker = env->worker; + xfr->task_nextprobe->env = env; + if(*(xfr->task_nextprobe->env->now) <= xfr->task_nextprobe->next_probe) + tv.tv_sec = xfr->task_nextprobe->next_probe - + *(xfr->task_nextprobe->env->now); + else tv.tv_sec = 0; + if(verbosity >= VERB_ALGO) { + char zname[255+1]; + dname_str(xfr->name, zname); + verbose(VERB_ALGO, "auth zone %s timeout in %d seconds", + zname, (int)tv.tv_sec); + } + tv.tv_usec = 0; + comm_timer_set(xfr->task_nextprobe->timer, &tv); +} + +/** initial pick up of worker timeouts, ties events to worker event loop */ +void +auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env) +{ + struct auth_xfer* x; + lock_rw_wrlock(&az->lock); + RBTREE_FOR(x, struct auth_xfer*, &az->xtree) { + lock_basic_lock(&x->lock); + /* set lease_time, because we now have timestamp in env, + * (not earlier during startup and apply_cfg), and this + * notes the start time when the data was acquired */ + if(x->have_zone) + x->lease_time = *env->now; + if(x->task_nextprobe && x->task_nextprobe->worker == NULL) + xfr_set_timeout(x, env, 0); + lock_basic_unlock(&x->lock); + } + lock_rw_unlock(&az->lock); +} + +void auth_zones_cleanup(struct auth_zones* az) +{ + struct auth_xfer* x; + lock_rw_wrlock(&az->lock); + RBTREE_FOR(x, struct auth_xfer*, &az->xtree) { + lock_basic_lock(&x->lock); + if(x->task_nextprobe && x->task_nextprobe->worker != NULL) { + xfr_nextprobe_disown(x); + } + if(x->task_probe && x->task_probe->worker != NULL) { + xfr_probe_disown(x); + } + if(x->task_transfer && x->task_transfer->worker != NULL) { + auth_chunks_delete(x->task_transfer); + xfr_transfer_disown(x); + } + lock_basic_unlock(&x->lock); + } + lock_rw_unlock(&az->lock); +} + +/** + * malloc the xfer and tasks + * @param z: auth_zone with name of zone. + */ +static struct auth_xfer* +auth_xfer_new(struct auth_zone* z) +{ + struct auth_xfer* xfr; + xfr = (struct auth_xfer*)calloc(1, sizeof(*xfr)); + if(!xfr) return NULL; + xfr->name = memdup(z->name, z->namelen); + if(!xfr->name) { + free(xfr); + return NULL; + } + xfr->node.key = xfr; + xfr->namelen = z->namelen; + xfr->namelabs = z->namelabs; + xfr->dclass = z->dclass; + + xfr->task_nextprobe = (struct auth_nextprobe*)calloc(1, + sizeof(struct auth_nextprobe)); + if(!xfr->task_nextprobe) { + free(xfr->name); + free(xfr); + return NULL; + } + xfr->task_probe = (struct auth_probe*)calloc(1, + sizeof(struct auth_probe)); + if(!xfr->task_probe) { + free(xfr->task_nextprobe); + free(xfr->name); + free(xfr); + return NULL; + } + xfr->task_transfer = (struct auth_transfer*)calloc(1, + sizeof(struct auth_transfer)); + if(!xfr->task_transfer) { + free(xfr->task_probe); + free(xfr->task_nextprobe); + free(xfr->name); + free(xfr); + return NULL; + } + + lock_basic_init(&xfr->lock); + lock_protect(&xfr->lock, &xfr->name, sizeof(xfr->name)); + lock_protect(&xfr->lock, &xfr->namelen, sizeof(xfr->namelen)); + lock_protect(&xfr->lock, xfr->name, xfr->namelen); + lock_protect(&xfr->lock, &xfr->namelabs, sizeof(xfr->namelabs)); + lock_protect(&xfr->lock, &xfr->dclass, sizeof(xfr->dclass)); + lock_protect(&xfr->lock, &xfr->notify_received, sizeof(xfr->notify_received)); + lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial)); + lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired)); + lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone)); + lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial)); + lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry)); + lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh)); + lock_protect(&xfr->lock, &xfr->expiry, sizeof(xfr->expiry)); + lock_protect(&xfr->lock, &xfr->lease_time, sizeof(xfr->lease_time)); + lock_protect(&xfr->lock, &xfr->task_nextprobe->worker, + sizeof(xfr->task_nextprobe->worker)); + lock_protect(&xfr->lock, &xfr->task_probe->worker, + sizeof(xfr->task_probe->worker)); + lock_protect(&xfr->lock, &xfr->task_transfer->worker, + sizeof(xfr->task_transfer->worker)); + lock_basic_lock(&xfr->lock); + return xfr; +} + +/** Create auth_xfer structure. + * This populates the have_zone, soa values, and so on times. + * and sets the timeout, if a zone transfer is needed a short timeout is set. + * For that the auth_zone itself must exist (and read in zonefile) + * returns false on alloc failure. */ +struct auth_xfer* +auth_xfer_create(struct auth_zones* az, struct auth_zone* z) +{ + struct auth_xfer* xfr; + + /* malloc it */ + xfr = auth_xfer_new(z); + if(!xfr) { + log_err("malloc failure"); + return NULL; + } + /* insert in tree */ + (void)rbtree_insert(&az->xtree, &xfr->node); + return xfr; +} + +/** create new auth_master structure */ +static struct auth_master* +auth_master_new(struct auth_master*** list) +{ + struct auth_master *m; + m = (struct auth_master*)calloc(1, sizeof(*m)); + if(!m) { + log_err("malloc failure"); + return NULL; + } + /* set first pointer to m, or next pointer of previous element to m */ + (**list) = m; + /* store m's next pointer as future point to store at */ + (*list) = &(m->next); + return m; +} + +/** dup_prefix : create string from initial part of other string, malloced */ +static char* +dup_prefix(char* str, size_t num) +{ + char* result; + size_t len = strlen(str); + if(len < num) num = len; /* not more than strlen */ + result = (char*)malloc(num+1); + if(!result) { + log_err("malloc failure"); + return result; + } + memmove(result, str, num); + result[num] = 0; + return result; +} + +/** dup string and print error on error */ +static char* +dup_all(char* str) +{ + char* result = strdup(str); + if(!str) { + log_err("malloc failure"); + return NULL; + } + return result; +} + +/** find first of two characters */ +static char* +str_find_first_of_chars(char* s, char a, char b) +{ + char* ra = strchr(s, a); + char* rb = strchr(s, b); + if(!ra) return rb; + if(!rb) return ra; + if(ra < rb) return ra; + return rb; +} + +/** parse URL into host and file parts, false on malloc or parse error */ +static int +parse_url(char* url, char** host, char** file, int* port, int* ssl) +{ + char* p = url; + /* parse http://www.example.com/file.htm + * or http://127.0.0.1 (index.html) + * or https://[::1@1234]/a/b/c/d */ + *ssl = 1; + *port = AUTH_HTTPS_PORT; + + /* parse http:// or https:// */ + if(strncmp(p, "http://", 7) == 0) { + p += 7; + *ssl = 0; + *port = AUTH_HTTP_PORT; + } else if(strncmp(p, "https://", 8) == 0) { + p += 8; + } else if(strstr(p, "://") && strchr(p, '/') > strstr(p, "://") && + strchr(p, ':') >= strstr(p, "://")) { + char* uri = dup_prefix(p, (size_t)(strstr(p, "://")-p)); + log_err("protocol %s:// not supported (for url %s)", + uri?uri:"", p); + free(uri); + return 0; + } + + /* parse hostname part */ + if(p[0] == '[') { + char* end = strchr(p, ']'); + p++; /* skip over [ */ + if(end) { + *host = dup_prefix(p, (size_t)(end-p)); + if(!*host) return 0; + p = end+1; /* skip over ] */ + } else { + *host = dup_all(p); + if(!*host) return 0; + p = end; + } + } else { + char* end = str_find_first_of_chars(p, ':', '/'); + if(end) { + *host = dup_prefix(p, (size_t)(end-p)); + if(!*host) return 0; + } else { + *host = dup_all(p); + if(!*host) return 0; + } + p = end; /* at next : or / or NULL */ + } + + /* parse port number */ + if(p && p[0] == ':') { + char* end = NULL; + *port = strtol(p+1, &end, 10); + p = end; + } + + /* parse filename part */ + while(p && *p == '/') + p++; + if(!p || p[0] == 0) + *file = strdup("index.html"); + else *file = strdup(p); + if(!*file) { + log_err("malloc failure"); + return 0; + } + return 1; +} + +int +xfer_set_masters(struct auth_master** list, struct config_auth* c, + int with_http) +{ + struct auth_master* m; + struct config_strlist* p; + /* list points to the first, or next pointer for the new element */ + while(*list) { + list = &( (*list)->next ); + } + if(with_http) + for(p = c->urls; p; p = p->next) { + m = auth_master_new(&list); + m->http = 1; + if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl)) + return 0; + } + for(p = c->masters; p; p = p->next) { + m = auth_master_new(&list); + m->ixfr = 1; /* this flag is not configurable */ + m->host = strdup(p->str); + if(!m->host) { + log_err("malloc failure"); + return 0; + } + } + return 1; +} + +#define SERIAL_BITS 32 +int +compare_serial(uint32_t a, uint32_t b) +{ + const uint32_t cutoff = ((uint32_t) 1 << (SERIAL_BITS - 1)); + + if (a == b) { + return 0; + } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) { + return -1; + } else { + return 1; + } +} diff --git a/services/authzone.h b/services/authzone.h index 5b4623b65200..d54ef4b96e49 100644 --- a/services/authzone.h +++ b/services/authzone.h @@ -45,20 +45,38 @@ #define SERVICES_AUTHZONE_H #include "util/rbtree.h" #include "util/locks.h" +#include "services/mesh.h" struct ub_packed_rrset_key; struct regional; struct config_file; +struct config_auth; struct query_info; struct dns_msg; +struct edns_data; +struct module_env; +struct worker; +struct comm_point; +struct comm_timer; +struct comm_reply; +struct auth_rrset; +struct auth_nextprobe; +struct auth_probe; +struct auth_transfer; +struct auth_master; +struct auth_chunk; /** * Authoritative zones, shared. */ struct auth_zones { - /** lock on the authzone tree */ + /** lock on the authzone trees */ lock_rw_type lock; /** rbtree of struct auth_zone */ rbtree_type ztree; + /** rbtree of struct auth_xfer */ + rbtree_type xtree; + /** do we have downstream enabled */ + int have_downstream; }; /** @@ -89,10 +107,21 @@ struct auth_zone { * rbtree of struct auth_data */ rbtree_type data; - /* zonefile name (or NULL for no zonefile) */ + /** zonefile name (or NULL for no zonefile) */ char* zonefile; - /* fallback to the internet on failure or ttl-expiry of auth zone */ + /** fallback to the internet on failure or ttl-expiry of auth zone */ int fallback_enabled; + /** the zone has expired (enabled by the xfer worker), fallback + * happens if that option is enabled. */ + int zone_expired; + /** zone is a slave zone (it has masters) */ + int zone_is_slave; + /** for downstream: this zone answers queries towards the downstream + * clients */ + int for_downstream; + /** for upstream: this zone answers queries that unbound intends to + * send upstream. */ + int for_upstream; }; /** @@ -128,14 +157,297 @@ struct auth_rrset { }; /** + * Authoritative zone transfer structure. + * Create and destroy needs the auth_zones* biglock. + * The structure consists of different tasks. Each can be unowned (-1) or + * owner by a worker (worker-num). A worker can pick up a task and then do + * it. This means the events (timeouts, sockets) are for that worker. + * + * (move this to tasks). + * They don't have locks themselves, the worker (that owns it) uses it, + * also as part of callbacks, hence it has separate zonename pointers for + * lookup in the main zonetree. If the zone has no transfers, this + * structure is not created. + */ +struct auth_xfer { + /** rbtree node, key is name and class */ + rbnode_type node; + + /** lock on this structure, and on the workernum elements of the + * tasks. First hold the tree-lock in auth_zones, find the auth_xfer, + * lock this lock. Then a worker can reassign itself to fill up + * one of the tasks. + * Once it has the task assigned to it, the worker can access the + * other elements of the task structure without a lock, because that + * is necessary for the eventloop and callbacks from that. */ + lock_basic_type lock; + + /** zone name, in uncompressed wireformat */ + uint8_t* name; + /** length of zone name */ + size_t namelen; + /** number of labels in zone name */ + int namelabs; + /** the class of this zone, in host byteorder. + * uses 'dclass' to not conflict with c++ keyword class. */ + uint16_t dclass; + + /** task to wait for next-probe-timeout, + * once timeouted, see if a SOA probe is needed, or already + * in progress */ + struct auth_nextprobe* task_nextprobe; + + /** task for SOA probe. Check if the zone can be updated */ + struct auth_probe* task_probe; + + /** Task for transfer. Transferring and updating the zone. This + * includes trying (potentially) several upstream masters. Downloading + * and storing the zone */ + struct auth_transfer* task_transfer; + + /** a notify was received, but a zone transfer or probe was already + * acted on. + * However, the zone transfer could signal a newer serial number. + * The serial number of that notify is saved below. The transfer and + * probe tasks should check this once done to see if they need to + * restart the transfer task for the newer notify serial. + * Hold the lock to access this member (and the serial). + */ + int notify_received; + /** serial number of the notify */ + uint32_t notify_serial; + + /* protected by the lock on the structure, information about + * the loaded authority zone. */ + /** is the zone currently considered expired? after expiry also older + * serial numbers are allowed (not just newer) */ + int zone_expired; + /** do we have a zone (if 0, no zone data at all) */ + int have_zone; + + /** current serial (from SOA), if we have no zone, 0 */ + uint32_t serial; + /** retry time (from SOA), time to wait with next_probe + * if no master responds */ + time_t retry; + /** refresh time (from SOA), time to wait with next_probe + * if everything is fine */ + time_t refresh; + /** expiry time (from SOA), time until zone data is not considered + * valid any more, if no master responds within this time, either + * with the current zone or a new zone. */ + time_t expiry; + + /** zone lease start time (start+expiry is expiration time). + * this is renewed every SOA probe and transfer. On zone load + * from zonefile it is also set (with probe set soon to check) */ + time_t lease_time; +}; + +/** + * The next probe task. + * This task consists of waiting for the probetimeout. It is a task because + * it needs an event in the eventtable. Once the timeout has passed, that + * worker can (potentially) become the auth_probe worker, or if another worker + * is already doing that, do nothing. Tasks becomes unowned. + * The probe worker, if it detects nothing has to be done picks up this task, + * if unowned. + */ +struct auth_nextprobe { + /* Worker pointer. NULL means unowned. */ + struct worker* worker; + /* module env for this task */ + struct module_env* env; + + /** increasing backoff for failures */ + time_t backoff; + /** Timeout for next probe (for SOA) */ + time_t next_probe; + /** timeout callback for next_probe or expiry(if that is sooner). + * it is on the worker's event_base */ + struct comm_timer* timer; +}; + +/** + * The probe task. + * Send a SOA UDP query to see if the zone needs to be updated (or similar, + * potential, HTTP probe query) and check serial number. + * If yes, start the auth_transfer task. If no, make sure auth_nextprobe + * timeout wait task is running. + * Needs to be a task, because the UDP query needs an event entry. + * This task could also be started by eg. a NOTIFY being received, even though + * another worker is performing the nextprobe task (and that worker keeps + * waiting uninterrupted). + */ +struct auth_probe { + /* Worker pointer. NULL means unowned. */ + struct worker* worker; + /* module env for this task */ + struct module_env* env; + + /** list of upstream masters for this zone, from config */ + struct auth_master* masters; + + /** for the hostname lookups, which master is current */ + struct auth_master* lookup_target; + /** are we looking up A or AAAA, first A, then AAAA (if ip6 enabled) */ + int lookup_aaaa; + + /** once notified, or the timeout has been reached. a scan starts. */ + /** the scan specific target (notify source), or NULL if none */ + struct auth_master* scan_specific; + /** scan tries all the upstream masters. the scan current target. + * or NULL if not working on sequential scan */ + struct auth_master* scan_target; + /** if not NULL, the specific addr for the current master */ + struct auth_addr* scan_addr; + + /** dns id of packet in flight */ + uint16_t id; + /** the SOA probe udp event. + * on the workers event base. */ + struct comm_point* cp; + /** timeout for packets. + * on the workers event base. */ + struct comm_timer* timer; + /** timeout in msec */ + int timeout; +}; + +/** + * The transfer task. + * Once done, make sure the nextprobe waiting task is running, whether done + * with failure or success. If failure, use shorter timeout for wait time. + */ +struct auth_transfer { + /* Worker pointer. NULL means unowned. */ + struct worker* worker; + /* module env for this task */ + struct module_env* env; + + /** xfer data that has been transferred, the data is applied + * once the transfer has completed correctly */ + struct auth_chunk* chunks_first; + /** last element in chunks list (to append new data at the end) */ + struct auth_chunk* chunks_last; + + /** list of upstream masters for this zone, from config */ + struct auth_master* masters; + + /** for the hostname lookups, which master is current */ + struct auth_master* lookup_target; + /** are we looking up A or AAAA, first A, then AAAA (if ip6 enabled) */ + int lookup_aaaa; + + /** once notified, or the timeout has been reached. a scan starts. */ + /** the scan specific target (notify source), or NULL if none */ + struct auth_master* scan_specific; + /** scan tries all the upstream masters. the scan current target. + * or NULL if not working on sequential scan */ + struct auth_master* scan_target; + /** what address we are scanning for the master, or NULL if the + * master is in IP format itself */ + struct auth_addr* scan_addr; + /** the zone transfer in progress (or NULL if in scan). It is + * from this master */ + struct auth_master* master; + + /** failed ixfr transfer, retry with axfr (to the current master), + * the IXFR was 'REFUSED', 'SERVFAIL', 'NOTIMPL' or the contents of + * the IXFR did not apply cleanly (out of sync, delete of nonexistent + * data or add of duplicate data). Flag is cleared once the retry + * with axfr is done. */ + int ixfr_fail; + /** we are doing IXFR right now */ + int on_ixfr; + /** did we detect the current AXFR/IXFR serial number yet, 0 not yet, + * 1 we saw the first, 2 we saw the second, 3 must be last SOA in xfr*/ + int got_xfr_serial; + /** number of RRs scanned for AXFR/IXFR detection */ + size_t rr_scan_num; + /** we are doing an IXFR but we detected an AXFR contents */ + int on_ixfr_is_axfr; + /** the serial number for the current AXFR/IXFR incoming reply, + * for IXFR, the outermost SOA records serial */ + uint32_t incoming_xfr_serial; + + /** dns id of AXFR query */ + uint16_t id; + /** the transfer (TCP) to the master. + * on the workers event base. */ + struct comm_point* cp; +}; + +/** list of addresses */ +struct auth_addr { + /** next in list */ + struct auth_addr* next; + /** IP address */ + struct sockaddr_storage addr; + /** addr length */ + socklen_t addrlen; +}; + +/** auth zone master upstream, and the config settings for it */ +struct auth_master { + /** next master in list */ + struct auth_master* next; + /** master IP address (and port), or hostname, string */ + char* host; + /** for http, filename */ + char* file; + /** use HTTP for this master */ + int http; + /** use IXFR for this master */ + int ixfr; + /** use ssl for channel */ + int ssl; + /** the port number (for urls) */ + int port; + /** if the host is a hostname, the list of resolved addrs, if any*/ + struct auth_addr* list; +}; + +/** auth zone master zone transfer data chunk */ +struct auth_chunk { + /** next chunk in list */ + struct auth_chunk* next; + /** the data from this chunk, this is what was received. + * for an IXFR that means results from comm_net tcp actions, + * packets. also for an AXFR. For HTTP a zonefile chunk. */ + uint8_t* data; + /** length of allocated data */ + size_t len; +}; + +/** * Create auth zones structure */ struct auth_zones* auth_zones_create(void); /** * Apply configuration to auth zones. Reads zonefiles. + * @param az: auth zones structure + * @param cfg: config to apply. + * @param setup: if true, also sets up values in the auth zones structure + * @return false on failure. + */ +int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, + int setup); + +/** initial pick up of worker timeouts, ties events to worker event loop + * @param az: auth zones structure + * @param env: worker env, of first worker that receives the events (if any) + * in its eventloop. + */ +void auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env); + +/** + * Cleanup auth zones. This removes all events from event bases. + * Stops the xfr tasks. But leaves zone data. + * @param az: auth zones structure. */ -int auth_zones_apply_config(struct auth_zones* az, struct config_file* cfg); +void auth_zones_cleanup(struct auth_zones* az); /** * Delete auth zones structure @@ -170,21 +482,41 @@ int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, struct regional* region, struct dns_msg** msg, int* fallback, uint8_t* dp_nm, size_t dp_nmlen); +/** + * Answer query from auth zone. Create authoritative answer. + * @param az: auth zones structure. + * @param env: the module environment. + * @param qinfo: query info (parsed). + * @param edns: edns info (parsed). + * @param buf: buffer with query ID and flags, also for reply. + * @param temp: temporary storage region. + * @return false if not answered + */ +int auth_zones_answer(struct auth_zones* az, struct module_env* env, + struct query_info* qinfo, struct edns_data* edns, struct sldns_buffer* buf, + struct regional* temp); + /** * Find the auth zone that is above the given qname. * Return NULL when there is no auth_zone above the give name, otherwise * returns the closest auth_zone above the qname that pertains to it. * @param az: auth zones structure. - * @param qinfo: query info to lookup. + * @param name: query to look up for. + * @param name_len: length of name. + * @param dclass: class of zone to find. * @return NULL or auth_zone that pertains to the query. */ struct auth_zone* auth_zones_find_zone(struct auth_zones* az, - struct query_info* qinfo); + uint8_t* name, size_t name_len, uint16_t dclass); /** find an auth zone by name (exact match by name or NULL returned) */ struct auth_zone* auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen, uint16_t dclass); +/** find an xfer zone by name (exact match by name or NULL returned) */ +struct auth_xfer* auth_xfer_find(struct auth_zones* az, uint8_t* nm, + size_t nmlen, uint16_t dclass); + /** create an auth zone. returns wrlocked zone. caller must have wrlock * on az. returns NULL on malloc failure */ struct auth_zone* auth_zone_create(struct auth_zones* az, uint8_t* nm, @@ -197,6 +529,18 @@ int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile); * fallbackstr is "yes" or "no". false on parse failure. */ int auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr); +/** see if the auth zone for the name can fallback + * @param az: auth zones + * @param nm: name of delegation point. + * @param nmlen: length of nm. + * @param dclass: class of zone to look for. + * @return true if fallback_enabled is true. false if not. + * if the zone does not exist, fallback is true (more lenient) + * also true if zone does not do upstream requests. + */ +int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen, + uint16_t dclass); + /** read auth zone from zonefile. caller must lock zone. false on failure */ int auth_zone_read_zonefile(struct auth_zone* z); @@ -206,4 +550,54 @@ int auth_zone_cmp(const void* z1, const void* z2); /** compare auth_data for sorted rbtree */ int auth_data_cmp(const void* z1, const void* z2); +/** compare auth_xfer for sorted rbtree */ +int auth_xfer_cmp(const void* z1, const void* z2); + +/** Create auth_xfer structure. + * Caller must have wrlock on az. Returns locked xfer zone. + * @param az: zones structure. + * @param z: zone with name and class + * @return xfer zone or NULL + */ +struct auth_xfer* auth_xfer_create(struct auth_zones* az, struct auth_zone* z); + +/** + * Set masters in auth xfer structure from config. + * @param list: pointer to start of list. The malloced list is returned here. + * @param c: the config items to copy over. + * @param with_http: if true, http urls are also included, before the masters. + * @return false on failure. + */ +int xfer_set_masters(struct auth_master** list, struct config_auth* c, + int with_http); + +/** xfer nextprobe timeout callback, this is part of task_nextprobe */ +void auth_xfer_timer(void* arg); + +/** callback for commpoint udp replies to task_probe */ +int auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, + struct comm_reply* repinfo); +/** callback for task_transfer tcp connections */ +int auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, + struct comm_reply* repinfo); +/** callback for task_transfer http connections */ +int auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err, + struct comm_reply* repinfo); +/** xfer probe timeout callback, part of task_probe */ +void auth_xfer_probe_timer_callback(void* arg); +/** mesh callback for task_probe on lookup of host names */ +void auth_xfer_probe_lookup_callback(void* arg, int rcode, + struct sldns_buffer* buf, enum sec_status sec, char* why_bogus); +/** mesh callback for task_transfer on lookup of host names */ +void auth_xfer_transfer_lookup_callback(void* arg, int rcode, + struct sldns_buffer* buf, enum sec_status sec, char* why_bogus); + +/* + * Compares two 32-bit serial numbers as defined in RFC1982. Returns + * <0 if a < b, 0 if a == b, and >0 if a > b. The result is undefined + * if a != b but neither is greater or smaller (see RFC1982 section + * 3.2.). + */ +int compare_serial(uint32_t a, uint32_t b); + #endif /* SERVICES_AUTHZONE_H */ diff --git a/services/cache/dns.c b/services/cache/dns.c index f9dc5922f682..411793c6c270 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -395,8 +395,7 @@ dns_msg_authadd(struct dns_msg* msg, struct regional* region, return 1; } -/** add rrset to answer section */ -static int +int dns_msg_ansadd(struct dns_msg* msg, struct regional* region, struct ub_packed_rrset_key* rrset, time_t now) { @@ -568,7 +567,7 @@ rrset_msg(struct ub_packed_rrset_key* rrset, struct regional* region, /** synthesize DNAME+CNAME response from cached DNAME item */ static struct dns_msg* synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, - time_t now, struct query_info* q) + time_t now, struct query_info* q, enum sec_status* sec_status) { struct dns_msg* msg; struct ub_packed_rrset_key* ck; @@ -580,8 +579,9 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, return NULL; /* only allow validated (with DNSSEC) DNAMEs used from cache * for insecure DNAMEs, query again. */ - if(d->security != sec_status_secure) - return NULL; + *sec_status = d->security; + /* return sec status, so the status of the CNAME can be checked + * by the calling routine. */ msg = gen_dns_msg(region, q, 2); /* DNAME + CNAME RRset */ if(!msg) return NULL; @@ -711,7 +711,8 @@ fill_any(struct module_env* env, struct dns_msg* dns_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, struct regional* region, struct regional* scratch) + uint16_t flags, struct regional* region, struct regional* scratch, + int no_partial) { struct lruhash_entry* e; struct query_info k; @@ -743,27 +744,54 @@ dns_cache_lookup(struct module_env* env, /* see if a DNAME exists. Checked for first, to enforce that DNAMEs * are more important, the CNAME is resynthesized and thus * consistent with the DNAME */ - if( (rrset=find_closest_of_type(env, qname, qnamelen, qclass, now, + if(!no_partial && + (rrset=find_closest_of_type(env, qname, qnamelen, qclass, now, LDNS_RR_TYPE_DNAME, 1))) { /* synthesize a DNAME+CNAME message based on this */ - struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k); + enum sec_status sec_status = sec_status_unchecked; + struct dns_msg* msg = synth_dname_msg(rrset, region, now, &k, + &sec_status); if(msg) { + struct ub_packed_rrset_key* cname_rrset; + lock_rw_unlock(&rrset->entry.lock); + /* now, after unlocking the DNAME rrset lock, + * check the sec_status, and see if we need to look + * up the CNAME record associated before it can + * be used */ + /* normally, only secure DNAMEs allowed from cache*/ + if(sec_status == sec_status_secure) + return msg; + /* but if we have a CNAME cached with this name, then we + * have previously already allowed this name to pass. + * the next cache lookup is going to fetch that CNAME itself, + * but it is better to have the (unsigned)DNAME + CNAME in + * that case */ + cname_rrset = rrset_cache_lookup( + env->rrset_cache, qname, qnamelen, + LDNS_RR_TYPE_CNAME, qclass, 0, now, 0); + if(cname_rrset) { + /* CNAME already synthesized by + * synth_dname_msg routine, so we can + * straight up return the msg */ + lock_rw_unlock(&cname_rrset->entry.lock); + return msg; + } + } else { lock_rw_unlock(&rrset->entry.lock); - return msg; } - lock_rw_unlock(&rrset->entry.lock); } /* see if we have CNAME for this domain, * but not for DS records (which are part of the parent) */ - if( qtype != LDNS_RR_TYPE_DS && + if(!no_partial && qtype != LDNS_RR_TYPE_DS && (rrset=rrset_cache_lookup(env->rrset_cache, qname, qnamelen, LDNS_RR_TYPE_CNAME, qclass, 0, now, 0))) { uint8_t* wc = NULL; + size_t wl; /* if the rrset is not a wildcard expansion, with wcname */ /* because, if we return that CNAME rrset on its own, it is * missing the NSEC or NSEC3 proof */ - if(!(val_rrset_wildcard(rrset, &wc) && wc != NULL)) { + if(!(val_rrset_wildcard(rrset, &wc, &wl) && wc != NULL)) { struct dns_msg* msg = rrset_msg(rrset, region, now, &k); if(msg) { lock_rw_unlock(&rrset->entry.lock); @@ -842,7 +870,7 @@ dns_cache_lookup(struct module_env* env, return NULL; } -int +int dns_cache_store(struct module_env* env, struct query_info* msgqinf, struct reply_info* msgrep, int is_referral, time_t leeway, int pside, struct regional* region, uint32_t flags) @@ -852,7 +880,7 @@ dns_cache_store(struct module_env* env, struct query_info* msgqinf, rep = reply_info_copy(msgrep, env->alloc, NULL); if(!rep) return 0; - /* ttl must be relative ;i.e. 0..86400 not time(0)+86400. + /* ttl must be relative ;i.e. 0..86400 not time(0)+86400. * the env->now is added to message and RRsets in this routine. */ /* the leeway is used to invalidate other rrsets earlier */ diff --git a/services/cache/dns.h b/services/cache/dns.h index 9e10f437f1b4..78f81e799522 100644 --- a/services/cache/dns.h +++ b/services/cache/dns.h @@ -159,13 +159,16 @@ struct dns_msg* tomsg(struct module_env* env, struct query_info* q, * @param flags: flags with BIT_CD for AAAA queries in dns64 translation. * @param region: where to allocate result. * @param scratch: where to allocate temporary data. + * @param no_partial: if true, only complete messages and not a partial + * one (with only the start of the CNAME chain and not the rest). * @return new response message (alloced in region, rrsets do not have IDs). * or NULL on error or if not found in cache. * TTLs are made relative to the current time. */ struct dns_msg* dns_cache_lookup(struct module_env* env, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, - uint16_t flags, struct regional* region, struct regional* scratch); + uint16_t flags, struct regional* region, struct regional* scratch, + int no_partial); /** * find and add A and AAAA records for missing nameservers in delegpt @@ -205,6 +208,18 @@ int dns_msg_authadd(struct dns_msg* msg, struct regional* region, struct ub_packed_rrset_key* rrset, time_t now); /** + * Add rrset to authority section in unpacked dns_msg message. Must have enough + * space left, does not grow the array. + * @param msg: msg to put it in. + * @param region: region to alloc in + * @param rrset: to add in authority section + * @param now: now. + * @return true if worked, false on fail + */ +int dns_msg_ansadd(struct dns_msg* msg, struct regional* region, + struct ub_packed_rrset_key* rrset, time_t now); + +/** * Adjust the prefetch_ttl for a cached message. This adds a value to the * prefetch ttl - postponing the time when it will be prefetched for future * incoming queries. diff --git a/services/cache/rrset.c b/services/cache/rrset.c index 7e5732b760f2..0b41fcd7dc3f 100644 --- a/services/cache/rrset.c +++ b/services/cache/rrset.c @@ -47,6 +47,7 @@ #include "util/data/msgreply.h" #include "util/regional.h" #include "util/alloc.h" +#include "util/net_help.h" void rrset_markdel(void* key) @@ -237,6 +238,37 @@ rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, return 0; } +void rrset_cache_update_wildcard(struct rrset_cache* rrset_cache, + struct ub_packed_rrset_key* rrset, uint8_t* ce, size_t ce_len, + struct alloc_cache* alloc, time_t timenow) +{ + struct rrset_ref ref; + uint8_t wc_dname[LDNS_MAX_DOMAINLEN+3]; + rrset = packed_rrset_copy_alloc(rrset, alloc, timenow); + if(!rrset) { + log_err("malloc failure in rrset_cache_update_wildcard"); + return; + } + /* ce has at least one label less then qname, we can therefore safely + * add the wildcard label. */ + wc_dname[0] = 1; + wc_dname[1] = (uint8_t)'*'; + memmove(wc_dname+2, ce, ce_len); + + rrset->rk.dname_len = ce_len + 2; + rrset->rk.dname = (uint8_t*)memdup(wc_dname, rrset->rk.dname_len); + if(!rrset->rk.dname) { + log_err("memdup failure in rrset_cache_update_wildcard"); + return; + } + + rrset->entry.hash = rrset_key_hash(&rrset->rk); + ref.key = rrset; + ref.id = rrset->id; + /* ignore ret: if it was in the cache, ref updated */ + (void)rrset_cache_update(rrset_cache, &ref, alloc, timenow); +} + struct ub_packed_rrset_key* rrset_cache_lookup(struct rrset_cache* r, uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass, uint32_t flags, time_t timenow, diff --git a/services/cache/rrset.h b/services/cache/rrset.h index d5439ef085b7..35a0d732b048 100644 --- a/services/cache/rrset.h +++ b/services/cache/rrset.h @@ -134,6 +134,24 @@ int rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, struct alloc_cache* alloc, time_t timenow); /** + * Update or add an rrset in the rrset cache using a wildcard dname. + * Generates wildcard dname by prepending the wildcard label to the closest + * encloser. Will lookup if the rrset is in the cache and perform an update if + * necessary. + * + * @param rrset_cache: the rrset cache. + * @param rrset: which rrset to cache as wildcard. This rrset is left + * untouched. + * @param ce: the closest encloser, will be uses to generate the wildcard dname. + * @param ce_len: the closest encloser lenght. + * @param alloc: how to allocate (and deallocate) the special rrset key. + * @param timenow: current time (to see if ttl in cache is expired). + */ +void rrset_cache_update_wildcard(struct rrset_cache* rrset_cache, + struct ub_packed_rrset_key* rrset, uint8_t* ce, size_t ce_len, + struct alloc_cache* alloc, time_t timenow); + +/** * Lookup rrset. You obtain read/write lock. You must unlock before lookup * anything of else. * @param r: the rrset cache. diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 3b53676d0e06..d099ca9449b7 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -167,7 +167,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, int freebind, int use_systemd) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_USE_MIN_MTU) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined (SO_BINDANY) int on=1; #endif #ifdef IPV6_MTU @@ -182,7 +182,7 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, #ifndef IPV6_V6ONLY (void)v6only; #endif -#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) +#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) && !defined(SO_BINDANY) (void)transparent; #endif #if !defined(IP_FREEBIND) @@ -281,7 +281,14 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr, log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", (family==AF_INET6?"V6":""), strerror(errno)); } -#endif /* IP_TRANSPARENT || IP_BINDANY */ +#elif defined(SO_BINDANY) + if (transparent && + setsockopt(s, SOL_SOCKET, SO_BINDANY, (void*)&on, + (socklen_t)sizeof(on)) < 0) { + log_warn("setsockopt(.. SO_BINDANY ..) failed: %s", + strerror(errno)); + } +#endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ } #ifdef IP_FREEBIND if(freebind && @@ -592,7 +599,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, int* reuseport, int transparent, int mss, int freebind, int use_systemd) { int s; -#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) +#if defined(SO_REUSEADDR) || defined(SO_REUSEPORT) || defined(IPV6_V6ONLY) || defined(IP_TRANSPARENT) || defined(IP_BINDANY) || defined(IP_FREEBIND) || defined(SO_BINDANY) int on = 1; #endif #ifdef HAVE_SYSTEMD @@ -601,7 +608,7 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, #ifdef USE_TCP_FASTOPEN int qlen; #endif -#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) +#if !defined(IP_TRANSPARENT) && !defined(IP_BINDANY) && !defined(SO_BINDANY) (void)transparent; #endif #if !defined(IP_FREEBIND) @@ -736,7 +743,14 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto, log_warn("setsockopt(.. IP%s_BINDANY ..) failed: %s", (addr->ai_family==AF_INET6?"V6":""), strerror(errno)); } -#endif /* IP_TRANSPARENT || IP_BINDANY */ +#elif defined(SO_BINDANY) + if (transparent && + setsockopt(s, SOL_SOCKET, SO_BINDANY, (void*)&on, (socklen_t) + sizeof(on)) < 0) { + log_warn("setsockopt(.. SO_BINDANY ..) failed: %s", + strerror(errno)); + } +#endif /* IP_TRANSPARENT || IP_BINDANY || SO_BINDANY */ if( #ifdef HAVE_SYSTEMD !got_fd_from_systemd && diff --git a/services/localzone.c b/services/localzone.c index 6bde432e8d09..0f608170c850 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -52,7 +52,6 @@ #include "util/data/msgreply.h" #include "util/data/msgparse.h" #include "util/as112.h" -#include "util/config_file.h" /* maximum RRs in an RRset, to cap possible 'endless' list RRs. * with 16 bytes for an A record, a 64K packet has about 4000 max */ @@ -1133,57 +1132,11 @@ void local_zones_print(struct local_zones* zones) lock_rw_rdlock(&zones->lock); log_info("number of auth zones %u", (unsigned)zones->ztree.count); RBTREE_FOR(z, struct local_zone*, &zones->ztree) { + char buf[64]; lock_rw_rdlock(&z->lock); - switch(z->type) { - case local_zone_deny: - log_nametypeclass(0, "deny zone", - z->name, 0, z->dclass); - break; - case local_zone_refuse: - log_nametypeclass(0, "refuse zone", - z->name, 0, z->dclass); - break; - case local_zone_redirect: - log_nametypeclass(0, "redirect zone", - z->name, 0, z->dclass); - break; - case local_zone_transparent: - log_nametypeclass(0, "transparent zone", - z->name, 0, z->dclass); - break; - case local_zone_typetransparent: - log_nametypeclass(0, "typetransparent zone", - z->name, 0, z->dclass); - break; - case local_zone_static: - log_nametypeclass(0, "static zone", - z->name, 0, z->dclass); - break; - case local_zone_inform: - log_nametypeclass(0, "inform zone", - z->name, 0, z->dclass); - break; - case local_zone_inform_deny: - log_nametypeclass(0, "inform_deny zone", - z->name, 0, z->dclass); - break; - case local_zone_always_transparent: - log_nametypeclass(0, "always_transparent zone", - z->name, 0, z->dclass); - break; - case local_zone_always_refuse: - log_nametypeclass(0, "always_refuse zone", - z->name, 0, z->dclass); - break; - case local_zone_always_nxdomain: - log_nametypeclass(0, "always_nxdomain zone", - z->name, 0, z->dclass); - break; - default: - log_nametypeclass(0, "badtyped zone", - z->name, 0, z->dclass); - break; - } + snprintf(buf, sizeof(buf), "%s zone", + local_zone_type2str(z->type)); + log_nametypeclass(0, buf, z->name, 0, z->dclass); local_zone_out(z); lock_rw_unlock(&z->lock); } @@ -1590,12 +1543,17 @@ local_zones_answer(struct local_zones* zones, struct module_env* env, (z = local_zones_lookup(view->local_zones, qinfo->qname, qinfo->qname_len, labs, qinfo->qclass, qinfo->qtype))) { - verbose(VERB_ALGO, - "using localzone from view: %s", - view->name); + if(z->type != local_zone_noview) + verbose(VERB_ALGO, + "using localzone from view: %s", + view->name); lock_rw_rdlock(&z->lock); lzt = z->type; } + if(lzt == local_zone_noview) { + lock_rw_unlock(&z->lock); + z = NULL; + } if(view->local_zones && !z && !view->isfirst){ lock_rw_unlock(&view->lock); return 0; @@ -1653,6 +1611,7 @@ const char* local_zone_type2str(enum localzone_type t) case local_zone_always_transparent: return "always_transparent"; case local_zone_always_refuse: return "always_refuse"; case local_zone_always_nxdomain: return "always_nxdomain"; + case local_zone_noview: return "noview"; } return "badtyped"; } @@ -1681,6 +1640,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t) *t = local_zone_always_refuse; else if(strcmp(type, "always_nxdomain") == 0) *t = local_zone_always_nxdomain; + else if(strcmp(type, "noview") == 0) + *t = local_zone_noview; else if(strcmp(type, "nodefault") == 0) *t = local_zone_nodefault; else return 0; diff --git a/services/localzone.h b/services/localzone.h index 0a8759268bb2..dd7aa584c461 100644 --- a/services/localzone.h +++ b/services/localzone.h @@ -88,7 +88,9 @@ enum localzone_type { /** answer with error, even when there is local data */ local_zone_always_refuse, /** answer with nxdomain, even when there is local data */ - local_zone_always_nxdomain + local_zone_always_nxdomain, + /** answer not from the view, but global or no-answer */ + local_zone_noview }; /** diff --git a/services/outside_network.c b/services/outside_network.c index ec9e11a0e7af..92212be02f0d 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -198,21 +198,17 @@ pick_outgoing_tcp(struct waiting_tcp* w, int s) return 1; } -/** use next free buffer to service a tcp query */ -static int -outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) +/** get TCP file descriptor for address, returns -1 on failure, + * tcp_mss is 0 or maxseg size to set for TCP packets. */ +int +outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss) { - struct pending_tcp* pend = w->outnet->tcp_free; int s; #ifdef SO_REUSEADDR int on = 1; #endif - log_assert(pend); - log_assert(pkt); - log_assert(w->addrlen > 0); - /* open socket */ #ifdef INET6 - if(addr_is_ip6(&w->addr, w->addrlen)) + if(addr_is_ip6(addr, addrlen)) s = socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP); else #endif @@ -220,12 +216,12 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) if(s == -1) { #ifndef USE_WINSOCK log_err_addr("outgoing tcp: socket", strerror(errno), - &w->addr, w->addrlen); + addr, addrlen); #else log_err_addr("outgoing tcp: socket", - wsa_strerror(WSAGetLastError()), &w->addr, w->addrlen); + wsa_strerror(WSAGetLastError()), addr, addrlen); #endif - return 0; + return -1; } #ifdef SO_REUSEADDR @@ -235,11 +231,11 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) " setsockopt(.. SO_REUSEADDR ..) failed"); } #endif - if (w->outnet->tcp_mss > 0) { + + if(tcp_mss > 0) { #if defined(IPPROTO_TCP) && defined(TCP_MAXSEG) if(setsockopt(s, IPPROTO_TCP, TCP_MAXSEG, - (void*)&w->outnet->tcp_mss, - (socklen_t)sizeof(w->outnet->tcp_mss)) < 0) { + (void*)&tcp_mss, (socklen_t)sizeof(tcp_mss)) < 0) { verbose(VERB_ALGO, "outgoing tcp:" " setsockopt(.. TCP_MAXSEG ..) failed"); } @@ -249,6 +245,50 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) #endif /* defined(IPPROTO_TCP) && defined(TCP_MAXSEG) */ } + return s; +} + +/** connect tcp connection to addr, 0 on failure */ +int +outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen) +{ + if(connect(s, (struct sockaddr*)addr, addrlen) == -1) { +#ifndef USE_WINSOCK +#ifdef EINPROGRESS + if(errno != EINPROGRESS) { +#endif + if(tcp_connect_errno_needs_log( + (struct sockaddr*)addr, addrlen)) + log_err_addr("outgoing tcp: connect", + strerror(errno), addr, addrlen); + close(s); + return 0; +#ifdef EINPROGRESS + } +#endif +#else /* USE_WINSOCK */ + if(WSAGetLastError() != WSAEINPROGRESS && + WSAGetLastError() != WSAEWOULDBLOCK) { + closesocket(s); + return 0; + } +#endif + } + return 1; +} + +/** use next free buffer to service a tcp query */ +static int +outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) +{ + struct pending_tcp* pend = w->outnet->tcp_free; + int s; + log_assert(pend); + log_assert(pkt); + log_assert(w->addrlen > 0); + /* open socket */ + s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss); + if(!pick_outgoing_tcp(w, s)) return 0; @@ -2101,6 +2141,215 @@ void outnet_serviced_query_stop(struct serviced_query* sq, void* cb_arg) } } +/** create fd to send to this destination */ +static int +fd_for_dest(struct outside_network* outnet, struct sockaddr_storage* to_addr, + socklen_t to_addrlen) +{ + struct sockaddr_storage* addr; + socklen_t addrlen; + int i; + int try; + + /* select interface */ + if(addr_is_ip6(to_addr, to_addrlen)) { + if(outnet->num_ip6 == 0) { + char to[64]; + addr_to_str(to_addr, to_addrlen, to, sizeof(to)); + verbose(VERB_QUERY, "need ipv6 to send, but no ipv6 outgoing interfaces, for %s", to); + return -1; + } + i = ub_random_max(outnet->rnd, outnet->num_ip6); + addr = &outnet->ip6_ifs[i].addr; + addrlen = outnet->ip6_ifs[i].addrlen; + } else { + if(outnet->num_ip4 == 0) { + char to[64]; + addr_to_str(to_addr, to_addrlen, to, sizeof(to)); + verbose(VERB_QUERY, "need ipv4 to send, but no ipv4 outgoing interfaces, for %s", to); + return -1; + } + i = ub_random_max(outnet->rnd, outnet->num_ip4); + addr = &outnet->ip4_ifs[i].addr; + addrlen = outnet->ip4_ifs[i].addrlen; + } + + /* create fd */ + for(try = 0; try<1000; try++) { + int freebind = 0; + int noproto = 0; + int inuse = 0; + int port = ub_random(outnet->rnd)&0xffff; + int fd = -1; + if(addr_is_ip6(to_addr, to_addrlen)) { + struct sockaddr_in6 sa = *(struct sockaddr_in6*)addr; + sa.sin6_port = (in_port_t)htons((uint16_t)port); + fd = create_udp_sock(AF_INET6, SOCK_DGRAM, + (struct sockaddr*)&sa, addrlen, 1, &inuse, &noproto, + 0, 0, 0, NULL, 0, freebind, 0); + } else { + struct sockaddr_in* sa = (struct sockaddr_in*)addr; + sa->sin_port = (in_port_t)htons((uint16_t)port); + fd = create_udp_sock(AF_INET, SOCK_DGRAM, + (struct sockaddr*)addr, addrlen, 1, &inuse, &noproto, + 0, 0, 0, NULL, 0, freebind, 0); + } + if(fd != -1) { + return fd; + } + if(!inuse) { + return -1; + } + } + /* too many tries */ + log_err("cannot send probe, ports are in use"); + return -1; +} + +struct comm_point* +outnet_comm_point_for_udp(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen) +{ + struct comm_point* cp; + int fd = fd_for_dest(outnet, to_addr, to_addrlen); + if(fd == -1) { + return NULL; + } + cp = comm_point_create_udp(outnet->base, fd, outnet->udp_buff, + cb, cb_arg); + if(!cp) { + log_err("malloc failure"); + close(fd); + return NULL; + } + return cp; +} + +struct comm_point* +outnet_comm_point_for_tcp(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen, + sldns_buffer* query, int timeout) +{ + struct comm_point* cp; + int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss); + if(fd == -1) { + return 0; + } + fd_set_nonblock(fd); + if(!outnet_tcp_connect(fd, to_addr, to_addrlen)) { + /* outnet_tcp_connect has closed fd on error for us */ + return 0; + } + cp = comm_point_create_tcp_out(outnet->base, 65552, cb, cb_arg); + if(!cp) { + log_err("malloc failure"); + close(fd); + return 0; + } + cp->repinfo.addrlen = to_addrlen; + memcpy(&cp->repinfo.addr, to_addr, to_addrlen); + /* set timeout on TCP connection */ + comm_point_start_listening(cp, fd, timeout); + /* copy scratch buffer to cp->buffer */ + sldns_buffer_copy(cp->buffer, query); + return cp; +} + +/** setup http request headers in buffer for sending query to destination */ +static int +setup_http_request(sldns_buffer* buf, char* host, char* path) +{ + sldns_buffer_clear(buf); + sldns_buffer_printf(buf, "GET /%s HTTP/1.1\r\n", path); + sldns_buffer_printf(buf, "Host: %s\r\n", host); + sldns_buffer_printf(buf, "User-Agent: unbound/%s\r\n", + PACKAGE_VERSION); + /* We do not really do multiple queries per connection, + * but this header setting is also not needed. + * sldns_buffer_printf(buf, "Connection: close\r\n") */ + sldns_buffer_printf(buf, "\r\n"); + if(sldns_buffer_position(buf)+10 > sldns_buffer_capacity(buf)) + return 0; /* somehow buffer too short, but it is about 60K + and the request is only a couple bytes long. */ + sldns_buffer_flip(buf); + return 1; +} + +struct comm_point* +outnet_comm_point_for_http(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout, + int ssl, char* host, char* path) +{ + /* cp calls cb with err=NETEVENT_DONE when transfer is done */ + struct comm_point* cp; + int fd = outnet_get_tcp_fd(to_addr, to_addrlen, outnet->tcp_mss); + if(fd == -1) { + return 0; + } + fd_set_nonblock(fd); + if(!outnet_tcp_connect(fd, to_addr, to_addrlen)) { + /* outnet_tcp_connect has closed fd on error for us */ + return 0; + } + cp = comm_point_create_http_out(outnet->base, 65552, cb, cb_arg, + outnet->udp_buff); + if(!cp) { + log_err("malloc failure"); + close(fd); + return 0; + } + cp->repinfo.addrlen = to_addrlen; + memcpy(&cp->repinfo.addr, to_addr, to_addrlen); + + /* setup for SSL (if needed) */ + if(ssl) { + cp->ssl = outgoing_ssl_fd(outnet->sslctx, fd); + if(!cp->ssl) { + log_err("cannot setup https"); + comm_point_delete(cp); + return NULL; + } +#ifdef USE_WINSOCK + comm_point_tcp_win_bio_cb(cp, cp->ssl); +#endif + cp->ssl_shake_state = comm_ssl_shake_write; + /* https verification */ +#ifdef HAVE_SSL_SET1_HOST + if((SSL_CTX_get_verify_mode(outnet->sslctx)&SSL_VERIFY_PEER)) { + /* because we set SSL_VERIFY_PEER, in netevent in + * ssl_handshake, it'll check if the certificate + * verification has succeeded */ + /* SSL_VERIFY_PEER is set on the sslctx */ + /* and the certificates to verify with are loaded into + * it with SSL_load_verify_locations or + * SSL_CTX_set_default_verify_paths */ + /* setting the hostname makes openssl verify the + * host name in the x509 certificate in the + * SSL connection*/ + if(!SSL_set1_host(cp->ssl, host)) { + log_err("SSL_set1_host failed"); + comm_point_delete(cp); + return NULL; + } + } +#endif /* HAVE_SSL_SET1_HOST */ + } + + /* set timeout on TCP connection */ + comm_point_start_listening(cp, fd, timeout); + + /* setup http request in cp->buffer */ + if(!setup_http_request(cp->buffer, host, path)) { + log_err("error setting up http request"); + comm_point_delete(cp); + return NULL; + } + return cp; +} + /** get memory used by waiting tcp entry (in use or not) */ static size_t waiting_tcp_get_mem(struct waiting_tcp* w) diff --git a/services/outside_network.h b/services/outside_network.h index befd512f0dad..09b2e6cedff6 100644 --- a/services/outside_network.h +++ b/services/outside_network.h @@ -533,6 +533,70 @@ size_t outnet_get_mem(struct outside_network* outnet); */ size_t serviced_get_mem(struct serviced_query* sq); +/** get TCP file descriptor for address, returns -1 on failure, + * tcp_mss is 0 or maxseg size to set for TCP packets. */ +int outnet_get_tcp_fd(struct sockaddr_storage* addr, socklen_t addrlen, int tcp_mss); + +/** + * Create udp commpoint suitable for sending packets to the destination. + * @param outnet: outside_network with the comm_base it is attached to, + * with the outgoing interfaces chosen from, and rnd gen for random. + * @param cb: callback function for the commpoint. + * @param cb_arg: callback argument for cb. + * @param to_addr: intended destination. + * @param to_addrlen: length of to_addr. + * @return commpoint that you can comm_point_send_udp_msg with, or NULL. + */ +struct comm_point* outnet_comm_point_for_udp(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen); + +/** + * Create tcp commpoint suitable for communication to the destination. + * It also performs connect() to the to_addr. + * @param outnet: outside_network with the comm_base it is attached to, + * and the tcp_mss. + * @param cb: callback function for the commpoint. + * @param cb_arg: callback argument for cb. + * @param to_addr: intended destination. + * @param to_addrlen: length of to_addr. + * @param query: initial packet to send writing, in buffer. It is copied + * to the commpoint buffer that is created. + * @param timeout: timeout for the TCP connection. + * timeout in milliseconds, or -1 for no (change to the) timeout. + * So seconds*1000. + * @return tcp_out commpoint, or NULL. + */ +struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen, + struct sldns_buffer* query, int timeout); + +/** + * Create http commpoint suitable for communication to the destination. + * Creates the http request buffer. It also performs connect() to the to_addr. + * @param outnet: outside_network with the comm_base it is attached to, + * and the tcp_mss. + * @param cb: callback function for the commpoint. + * @param cb_arg: callback argument for cb. + * @param to_addr: intended destination. + * @param to_addrlen: length of to_addr. + * @param timeout: timeout for the TCP connection. + * timeout in milliseconds, or -1 for no (change to the) timeout. + * So seconds*1000. + * @param ssl: set to true for https. + * @param host: hostname to use for the destination. part of http request. + * @param path: pathname to lookup, eg. name of the file on the destination. + * @return http_out commpoint, or NULL. + */ +struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout, + int ssl, char* host, char* path); + +/** connect tcp connection to addr, 0 on failure */ +int outnet_tcp_connect(int s, struct sockaddr_storage* addr, socklen_t addrlen); + /** callback for incoming udp answers from the network */ int outnet_udp_cb(struct comm_point* c, void* arg, int error, struct comm_reply *reply_info); diff --git a/sldns/str2wire.c b/sldns/str2wire.c index 6759944e4a7f..fdb355754028 100644 --- a/sldns/str2wire.c +++ b/sldns/str2wire.c @@ -836,7 +836,7 @@ const char* sldns_get_errorstr_parse(int e) } /* Strip whitespace from the start and the end of <line>. */ -static char * +char * sldns_strip_ws(char *line) { char *s = line, *e; @@ -906,7 +906,7 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len, *dname_len = 0; return LDNS_WIREPARSE_ERR_INCLUDE; } else { - return sldns_str2wire_rr_buf(line, rr, len, dname_len, + int r = sldns_str2wire_rr_buf(line, rr, len, dname_len, parse_state?parse_state->default_ttl:0, (parse_state&&parse_state->origin_len)? parse_state->origin:NULL, @@ -914,6 +914,13 @@ int sldns_fp2wire_rr_buf(FILE* in, uint8_t* rr, size_t* len, size_t* dname_len, (parse_state&&parse_state->prev_rr_len)? parse_state->prev_rr:NULL, parse_state?parse_state->prev_rr_len:0); + if(r == LDNS_WIREPARSE_ERR_OK && (*dname_len) != 0 && + parse_state && + (*dname_len) <= sizeof(parse_state->prev_rr)) { + memmove(parse_state->prev_rr, rr, *dname_len); + parse_state->prev_rr_len = (*dname_len); + } + return r; } return LDNS_WIREPARSE_ERR_OK; } diff --git a/sldns/str2wire.h b/sldns/str2wire.h index a0d6f55b03e8..70070e4f5752 100644 --- a/sldns/str2wire.h +++ b/sldns/str2wire.h @@ -554,6 +554,12 @@ int sldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len); */ int sldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len); +/** + * Strip whitespace from the start and the end of line. + * @param line: modified with 0 to shorten it. + * @return new start with spaces skipped. + */ +char * sldns_strip_ws(char *line); #ifdef __cplusplus } #endif diff --git a/sldns/wire2str.c b/sldns/wire2str.c index 861b7648adec..832239f9b76a 100644 --- a/sldns/wire2str.c +++ b/sldns/wire2str.c @@ -255,6 +255,12 @@ int sldns_wire2str_rr_buf(uint8_t* d, size_t dlen, char* s, size_t slen) return sldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0); } +int sldns_wire2str_rrquestion_buf(uint8_t* d, size_t dlen, char* s, size_t slen) +{ + /* use arguments as temporary variables */ + return sldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0); +} + int sldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, size_t str_len, uint16_t rrtype) { diff --git a/sldns/wire2str.h b/sldns/wire2str.h index aac13c548acd..a64f5807269c 100644 --- a/sldns/wire2str.h +++ b/sldns/wire2str.h @@ -359,6 +359,22 @@ int sldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str, size_t str_len); /** + * Convert question RR to string presentation format, on one line. User buffer. + * @param rr: wireformat RR data + * @param rr_len: length of the rr wire data. + * @param str: the string buffer to write to. + * If you pass NULL as the str, the return value of the function is + * the str_len you need for the entire packet. It does not include + * the 0 byte at the end. + * @param str_len: the size of the string buffer. If more is needed, it'll + * silently truncate the output to fit in the buffer. + * @return the number of characters for this element, excluding zerobyte. + * Is larger or equal than str_len if output was truncated. + */ +int sldns_wire2str_rrquestion_buf(uint8_t* rr, size_t rr_len, char* str, + size_t str_len); + +/** * 3597 printout of an RR in unknown rr format. * There are more format and comment options available for printout * with the function: TBD(TODO) diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index 7e9cb4740ae3..e205c3e9c49c 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -54,6 +54,7 @@ #include "validator/validator.h" #include "services/localzone.h" #include "services/view.h" +#include "services/authzone.h" #include "respip/respip.h" #include "sldns/sbuffer.h" #ifdef HAVE_GETOPT_H @@ -108,6 +109,16 @@ print_option(struct config_file* cfg, const char* opt, int final) free(p); return; } + if(strcmp(opt, "auto-trust-anchor-file") == 0 && final) { + struct config_strlist* s = cfg->auto_trust_anchor_file_list; + for(; s; s=s->next) { + char *p = fname_after_chroot(s->str, cfg, 1); + if(!p) fatal_exit("out of memory"); + printf("%s\n", p); + free(p); + } + return; + } if(!config_get_option(cfg, opt, config_print_func, stdout)) fatal_exit("cannot print option '%s'", opt); } @@ -573,6 +584,17 @@ check_hints(struct config_file* cfg) hints_delete(hints); } +/** check auth zones */ +static void +check_auth(struct config_file* cfg) +{ + struct auth_zones* az = auth_zones_create(); + if(!az || !auth_zones_apply_cfg(az, cfg, 0)) { + fatal_exit("Could not setup authority zones"); + } + auth_zones_delete(az); +} + /** check config file */ static void checkconf(const char* cfgfile, const char* opt, int final) @@ -607,6 +629,7 @@ checkconf(const char* cfgfile, const char* opt, int final) #endif check_fwd(cfg); check_hints(cfg); + check_auth(cfg); printf("unbound-checkconf: no errors in %s\n", cfgfile); config_delete(cfg); } diff --git a/testcode/fake_event.c b/testcode/fake_event.c index cd23b8feb49a..300a42c154ab 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -67,6 +67,29 @@ struct worker; struct daemon_remote; +/** unique code to check that fake_commpoint is that structure */ +#define FAKE_COMMPOINT_TYPECODE 97347923 +/** fake commpoint, stores information */ +struct fake_commpoint { + /** typecode */ + int typecode; + /** if this is a udp outgoing type of commpoint */ + int type_udp_out; + /** if this is a tcp outgoing type of commpoint */ + int type_tcp_out; + /** if this is a http outgoing type of commpoint. */ + int type_http_out; + + /** the callback, stored for usage */ + comm_point_callback_type* cb; + /** the callback userarg, stored for usage */ + void* cb_arg; + /** runtime ptr */ + struct replay_runtime* runtime; + /** the pending entry for this commpoint (if any) */ + struct fake_pending* pending; +}; + /** Global variable: the scenario. Saved here for when event_init is done. */ static struct replay_scenario* saved_scenario = NULL; @@ -137,6 +160,7 @@ repevt_string(enum replay_event_type t) case repevt_back_reply: return "REPLY"; case repevt_back_query: return "CHECK_OUT_QUERY"; case repevt_autotrust_check: return "CHECK_AUTOTRUST"; + case repevt_tempfile_check: return "CHECK_TEMPFILE"; case repevt_error: return "ERROR"; case repevt_assign: return "ASSIGN"; case repevt_traffic: return "TRAFFIC"; @@ -247,7 +271,11 @@ pending_matches_range(struct replay_runtime* runtime, struct fake_pending* p = runtime->pending_list; /* slow, O(N*N), but it works as advertised with weird matching */ while(p) { - log_info("check of pending"); + if(p->tcp_pkt_counter != 0) { + /* continue tcp transfer */ + *pend = p; + return 1; + } if(pending_find_match(runtime, entry, p)) { *pend = p; return 1; @@ -278,24 +306,46 @@ pending_list_delete(struct replay_runtime* runtime, struct fake_pending* pend) } } +/** number of replies in entry */ +static int +count_reply_packets(struct entry* entry) +{ + int count = 0; + struct reply_packet* reppkt = entry->reply_list; + while(reppkt) { + count++; + reppkt = reppkt->next; + } + return count; +} + /** * Fill buffer with reply from the entry. */ static void fill_buffer_with_reply(sldns_buffer* buffer, struct entry* entry, uint8_t* q, - size_t qlen) + size_t qlen, int tcp_pkt_counter) { + struct reply_packet* reppkt; uint8_t* c; size_t clen; log_assert(entry && entry->reply_list); sldns_buffer_clear(buffer); - if(entry->reply_list->reply_from_hex) { - c = sldns_buffer_begin(entry->reply_list->reply_from_hex); - clen = sldns_buffer_limit(entry->reply_list->reply_from_hex); + reppkt = entry->reply_list; + if(tcp_pkt_counter > 0) { + int i = tcp_pkt_counter; + while(reppkt && i--) + reppkt = reppkt->next; + if(!reppkt) fatal_exit("extra packet read from TCP stream but none is available"); + log_pkt("extra_packet ", reppkt->reply_pkt, reppkt->reply_len); + } + if(reppkt->reply_from_hex) { + c = sldns_buffer_begin(reppkt->reply_from_hex); + clen = sldns_buffer_limit(reppkt->reply_from_hex); if(!c) fatal_exit("out of memory"); } else { - c = entry->reply_list->reply_pkt; - clen = entry->reply_list->reply_len; + c = reppkt->reply_pkt; + clen = reppkt->reply_len; } if(c) { if(q) adjust_packet(entry, &c, &clen, q, qlen); @@ -326,12 +376,20 @@ answer_callback_from_entry(struct replay_runtime* runtime, c.type = comm_udp; if(pend->transport == transport_tcp) c.type = comm_tcp; - fill_buffer_with_reply(c.buffer, entry, pend->pkt, pend->pkt_len); + fill_buffer_with_reply(c.buffer, entry, pend->pkt, pend->pkt_len, + pend->tcp_pkt_counter); repinfo.c = &c; repinfo.addrlen = pend->addrlen; memcpy(&repinfo.addr, &pend->addr, pend->addrlen); - if(!pend->serviced) - pending_list_delete(runtime, pend); + if(!pend->serviced) { + if(entry->reply_list->next && + pend->tcp_pkt_counter < count_reply_packets(entry)) { + /* go to next packet next time */ + pend->tcp_pkt_counter++; + } else { + pending_list_delete(runtime, pend); + } + } if((*cb)(&c, cb_arg, NETEVENT_NOERROR, &repinfo)) { fatal_exit("testbound: unexpected: callback returned 1"); } @@ -397,7 +455,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) if(todo->match->match_transport == transport_tcp) repinfo.c->type = comm_tcp; else repinfo.c->type = comm_udp; - fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL, 0); + fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL, 0, 0); log_info("testbound: incoming QUERY"); log_pkt("query pkt", todo->match->reply_list->reply_pkt, todo->match->reply_list->reply_len); @@ -434,13 +492,20 @@ fake_pending_callback(struct replay_runtime* runtime, c.type = comm_tcp; if(todo->evt_type == repevt_back_reply && todo->match) { fill_buffer_with_reply(c.buffer, todo->match, p->pkt, - p->pkt_len); + p->pkt_len, p->tcp_pkt_counter); } repinfo.c = &c; repinfo.addrlen = p->addrlen; memcpy(&repinfo.addr, &p->addr, p->addrlen); - if(!p->serviced) - pending_list_delete(runtime, p); + if(!p->serviced) { + if(todo->match->reply_list->next && !error && + p->tcp_pkt_counter < count_reply_packets(todo->match)) { + /* go to next packet next time */ + p->tcp_pkt_counter++; + } else { + pending_list_delete(runtime, p); + } + } if((*cb)(&c, cb_arg, error, &repinfo)) { fatal_exit("unexpected: pending callback returned 1"); } @@ -550,6 +615,59 @@ autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom) log_info("autotrust %s is OK", mom->autotrust_id); } +/** check tempfile file contents */ +static void +tempfile_check(struct replay_runtime* runtime, struct replay_moment* mom) +{ + char name[1024], line[1024]; + FILE *in; + int lineno = 0, oke=1; + char* expanded; + struct config_strlist* p; + line[sizeof(line)-1] = 0; + log_assert(mom->autotrust_id); + fake_temp_file("_temp_", mom->autotrust_id, name, sizeof(name)); + in = fopen(name, "r"); + if(!in) fatal_exit("could not open %s: %s", name, strerror(errno)); + for(p=mom->file_content; p; p=p->next) { + lineno++; + if(!fgets(line, (int)sizeof(line)-1, in)) { + log_err("tempfile check failed, could not read line"); + log_err("file %s, line %d", name, lineno); + log_err("should be: %s", p->str); + fatal_exit("tempfile_check failed"); + } + if(line[0]) line[strlen(line)-1] = 0; /* remove newline */ + expanded = macro_process(runtime->vars, runtime, p->str); + if(!expanded) + fatal_exit("could not expand macro line %d", lineno); + if(verbosity >= 7 && strcmp(p->str, expanded) != 0) + log_info("expanded '%s' to '%s'", p->str, expanded); + if(strcmp(expanded, line) != 0) { + log_err("mismatch in file %s, line %d", name, lineno); + log_err("file has : %s", line); + log_err("should be: %s", expanded); + free(expanded); + oke = 0; + continue; + } + free(expanded); + fprintf(stderr, "%s:%2d ok : %s\n", name, lineno, line); + } + if(fgets(line, (int)sizeof(line)-1, in)) { + log_err("tempfile check failed, extra lines in %s after %d", + name, lineno); + do { + fprintf(stderr, "file has: %s", line); + } while(fgets(line, (int)sizeof(line)-1, in)); + oke = 0; + } + fclose(in); + if(!oke) + fatal_exit("tempfile_check STEP %d failed", mom->time_step); + log_info("tempfile %s is OK", mom->autotrust_id); +} + /** Store RTT in infra cache */ static void do_infra_rtt(struct replay_runtime* runtime) @@ -659,6 +777,10 @@ do_moment_and_advance(struct replay_runtime* runtime) autotrust_check(runtime, runtime->now); advance_moment(runtime); break; + case repevt_tempfile_check: + tempfile_check(runtime, runtime->now); + advance_moment(runtime); + break; case repevt_assign: moment_assign(runtime, runtime->now); advance_moment(runtime); @@ -1168,7 +1290,11 @@ struct comm_point* comm_point_create_local(struct comm_base* ATTR_UNUSED(base), comm_point_callback_type* ATTR_UNUSED(callback), void* ATTR_UNUSED(callback_arg)) { - return calloc(1, 1); + struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, + sizeof(*fc)); + if(!fc) return NULL; + fc->typecode = FAKE_COMMPOINT_TYPECODE; + return (struct comm_point*)fc; } struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), @@ -1177,7 +1303,11 @@ struct comm_point* comm_point_create_raw(struct comm_base* ATTR_UNUSED(base), void* ATTR_UNUSED(callback_arg)) { /* no pipe comm possible */ - return calloc(1, 1); + struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, + sizeof(*fc)); + if(!fc) return NULL; + fc->typecode = FAKE_COMMPOINT_TYPECODE; + return (struct comm_point*)fc; } void comm_point_start_listening(struct comm_point* ATTR_UNUSED(c), @@ -1194,6 +1324,13 @@ void comm_point_stop_listening(struct comm_point* ATTR_UNUSED(c)) /* only cmd com _local gets deleted */ void comm_point_delete(struct comm_point* c) { + struct fake_commpoint* fc = (struct fake_commpoint*)c; + if(c == NULL) return; + log_assert(fc->typecode == FAKE_COMMPOINT_TYPECODE); + if(fc->type_tcp_out) { + /* remove tcp pending, so no more callbacks to it */ + pending_list_delete(fc->runtime, fc->pending); + } free(c); } @@ -1285,6 +1422,12 @@ void comm_signal_callback(int ATTR_UNUSED(fd), log_assert(0); } +void comm_point_http_handle_callback(int ATTR_UNUSED(fd), + short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) +{ + log_assert(0); +} + void comm_point_local_handle_callback(int ATTR_UNUSED(fd), short ATTR_UNUSED(event), void* ATTR_UNUSED(arg)) { @@ -1420,4 +1563,229 @@ void daemon_remote_stop_accept(struct daemon_remote* ATTR_UNUSED(rc)) { } +int create_udp_sock(int ATTR_UNUSED(family), int ATTR_UNUSED(socktype), + struct sockaddr* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), + int ATTR_UNUSED(v6only), int* ATTR_UNUSED(inuse), + int* ATTR_UNUSED(noproto), int ATTR_UNUSED(rcv), int ATTR_UNUSED(snd), + int ATTR_UNUSED(listen), int* ATTR_UNUSED(reuseport), + int ATTR_UNUSED(transparent), int ATTR_UNUSED(freebind), + int ATTR_UNUSED(use_systemd)) +{ + /* if you actually print to this, it'll be stdout during test */ + return 1; +} + +struct comm_point* comm_point_create_udp(struct comm_base *ATTR_UNUSED(base), + int ATTR_UNUSED(fd), sldns_buffer* ATTR_UNUSED(buffer), + comm_point_callback_type* ATTR_UNUSED(callback), + void* ATTR_UNUSED(callback_arg)) +{ + log_assert(0); + return NULL; +} + +struct comm_point* comm_point_create_tcp_out(struct comm_base* + ATTR_UNUSED(base), size_t ATTR_UNUSED(bufsize), + comm_point_callback_type* ATTR_UNUSED(callback), + void* ATTR_UNUSED(callback_arg)) +{ + log_assert(0); + return NULL; +} + +struct comm_point* outnet_comm_point_for_udp(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* ATTR_UNUSED(to_addr), + socklen_t ATTR_UNUSED(to_addrlen)) +{ + struct replay_runtime* runtime = (struct replay_runtime*) + outnet->base; + struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, + sizeof(*fc)); + if(!fc) return NULL; + fc->typecode = FAKE_COMMPOINT_TYPECODE; + fc->type_udp_out = 1; + fc->cb = cb; + fc->cb_arg = cb_arg; + fc->runtime = runtime; + /* used by authzone transfers */ + return (struct comm_point*)fc; +} + +struct comm_point* outnet_comm_point_for_tcp(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen, + struct sldns_buffer* query, int timeout) +{ + struct replay_runtime* runtime = (struct replay_runtime*) + outnet->base; + struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, + sizeof(*fc)); + struct fake_pending* pend = (struct fake_pending*)calloc(1, + sizeof(struct fake_pending)); + if(!fc || !pend) { + free(fc); + free(pend); + return NULL; + } + fc->typecode = FAKE_COMMPOINT_TYPECODE; + fc->type_tcp_out = 1; + fc->cb = cb; + fc->cb_arg = cb_arg; + fc->runtime = runtime; + fc->pending = pend; + + /* used by authzone transfers */ + /* create pending item */ + pend->buffer = sldns_buffer_new(sldns_buffer_limit(query)+10); + if(!pend->buffer) { + free(fc); + free(pend); + return NULL; + } + sldns_buffer_copy(pend->buffer, query); + memcpy(&pend->addr, to_addr, to_addrlen); + pend->addrlen = to_addrlen; + pend->zone = NULL; + pend->zonelen = 0; + if(LDNS_QDCOUNT(sldns_buffer_begin(query)) > 0) { + char buf[512]; + char addrbuf[128]; + (void)sldns_wire2str_rrquestion_buf(sldns_buffer_at(query, LDNS_HEADER_SIZE), sldns_buffer_limit(query)-LDNS_HEADER_SIZE, buf, sizeof(buf)); + addr_to_str((struct sockaddr_storage*)to_addr, to_addrlen, + addrbuf, sizeof(addrbuf)); + if(verbosity >= VERB_ALGO) { + if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/ + log_info("tcp to %s: %s", addrbuf, buf); + } + log_assert(sldns_buffer_limit(query)-LDNS_HEADER_SIZE >= 2); + pend->qtype = (int)sldns_buffer_read_u16_at(query, + LDNS_HEADER_SIZE+ + dname_valid(sldns_buffer_at(query, LDNS_HEADER_SIZE), + sldns_buffer_limit(query)-LDNS_HEADER_SIZE)); + } + pend->callback = cb; + pend->cb_arg = cb_arg; + pend->timeout = timeout; + pend->transport = transport_tcp; + pend->pkt = NULL; + pend->runtime = runtime; + pend->serviced = 0; + pend->pkt_len = sldns_buffer_limit(pend->buffer); + pend->pkt = memdup(sldns_buffer_begin(pend->buffer), pend->pkt_len); + if(!pend->pkt) fatal_exit("out of memory"); + + log_info("testbound: created fake pending for tcp_out"); + + /* add to list */ + pend->next = runtime->pending_list; + runtime->pending_list = pend; + + return (struct comm_point*)fc; +} + +struct comm_point* outnet_comm_point_for_http(struct outside_network* outnet, + comm_point_callback_type* cb, void* cb_arg, + struct sockaddr_storage* to_addr, socklen_t to_addrlen, int timeout, + int ssl, char* host, char* path) +{ + struct replay_runtime* runtime = (struct replay_runtime*) + outnet->base; + struct fake_commpoint* fc = (struct fake_commpoint*)calloc(1, + sizeof(*fc)); + if(!fc) { + return NULL; + } + fc->typecode = FAKE_COMMPOINT_TYPECODE; + fc->type_http_out = 1; + fc->cb = cb; + fc->cb_arg = cb_arg; + fc->runtime = runtime; + + (void)to_addr; + (void)to_addrlen; + (void)timeout; + + (void)ssl; + (void)host; + (void)path; + + /* handle http comm point and return contents from test script */ + return (struct comm_point*)fc; +} + +int comm_point_send_udp_msg(struct comm_point *c, sldns_buffer* packet, + struct sockaddr* addr, socklen_t addrlen) +{ + struct fake_commpoint* fc = (struct fake_commpoint*)c; + struct replay_runtime* runtime = fc->runtime; + struct fake_pending* pend = (struct fake_pending*)calloc(1, + sizeof(struct fake_pending)); + if(!pend) { + log_err("malloc failure"); + return 0; + } + fc->pending = pend; + /* used by authzone transfers */ + /* create pending item */ + pend->buffer = sldns_buffer_new(sldns_buffer_limit(packet) + 10); + if(!pend->buffer) { + free(pend); + return 0; + } + sldns_buffer_copy(pend->buffer, packet); + memcpy(&pend->addr, addr, addrlen); + pend->addrlen = addrlen; + pend->zone = NULL; + pend->zonelen = 0; + if(LDNS_QDCOUNT(sldns_buffer_begin(packet)) > 0) { + char buf[512]; + char addrbuf[128]; + (void)sldns_wire2str_rrquestion_buf(sldns_buffer_at(packet, LDNS_HEADER_SIZE), sldns_buffer_limit(packet)-LDNS_HEADER_SIZE, buf, sizeof(buf)); + addr_to_str((struct sockaddr_storage*)addr, addrlen, + addrbuf, sizeof(addrbuf)); + if(verbosity >= VERB_ALGO) { + if(buf[0] != 0) buf[strlen(buf)-1] = 0; /* del newline*/ + log_info("udp to %s: %s", addrbuf, buf); + } + log_assert(sldns_buffer_limit(packet)-LDNS_HEADER_SIZE >= 2); + pend->qtype = (int)sldns_buffer_read_u16_at(packet, + LDNS_HEADER_SIZE+ + dname_valid(sldns_buffer_at(packet, LDNS_HEADER_SIZE), + sldns_buffer_limit(packet)-LDNS_HEADER_SIZE)); + } + pend->callback = fc->cb; + pend->cb_arg = fc->cb_arg; + pend->timeout = UDP_AUTH_QUERY_TIMEOUT; + pend->transport = transport_udp; + pend->pkt = NULL; + pend->runtime = runtime; + pend->serviced = 0; + pend->pkt_len = sldns_buffer_limit(pend->buffer); + pend->pkt = memdup(sldns_buffer_begin(pend->buffer), pend->pkt_len); + if(!pend->pkt) fatal_exit("out of memory"); + + log_info("testbound: created fake pending for send_udp_msg"); + + /* add to list */ + pend->next = runtime->pending_list; + runtime->pending_list = pend; + + return 1; +} + +int outnet_get_tcp_fd(struct sockaddr_storage* ATTR_UNUSED(addr), + socklen_t ATTR_UNUSED(addrlen), int ATTR_UNUSED(tcp_mss)) +{ + log_assert(0); + return -1; +} + +int outnet_tcp_connect(int ATTR_UNUSED(s), struct sockaddr_storage* ATTR_UNUSED(addr), + socklen_t ATTR_UNUSED(addrlen)) +{ + log_assert(0); + return 0; +} + /*********** End of Dummy routines ***********/ diff --git a/testcode/replay.c b/testcode/replay.c index 085c314759fd..08d87470bd00 100644 --- a/testcode/replay.c +++ b/testcode/replay.c @@ -323,6 +323,15 @@ replay_moment_read(char* remain, FILE* in, const char* name, mom->autotrust_id = strdup(remain); if(!mom->autotrust_id) fatal_exit("out of memory"); read_file_content(in, &pstate->lineno, mom); + } else if(parse_keyword(&remain, "CHECK_TEMPFILE")) { + mom->evt_type = repevt_tempfile_check; + while(isspace((unsigned char)*remain)) + remain++; + if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n') + remain[strlen(remain)-1] = 0; + mom->autotrust_id = strdup(remain); + if(!mom->autotrust_id) fatal_exit("out of memory"); + read_file_content(in, &pstate->lineno, mom); } else if(parse_keyword(&remain, "ERROR")) { mom->evt_type = repevt_error; } else if(parse_keyword(&remain, "TRAFFIC")) { diff --git a/testcode/replay.h b/testcode/replay.h index b33950304d12..81f0a2c275b2 100644 --- a/testcode/replay.h +++ b/testcode/replay.h @@ -49,6 +49,14 @@ * AUTOTRUST_FILE id * ; contents of that file * AUTOTRUST_END + * ; temp file names are echoed as "tmp/xxx.fname" + * TEMPFILE_NAME fname + * ; temp file contents, inline, deleted at end of run + * TEMPFILE_CONTENTS fname + * ; contents of that file + * ; this creates $INCLUDE /tmp/xxx.fname + * $INCLUDE_TEMPFILE fname + * TEMPFILE_END * CONFIG_END * ; comment line. * SCENARIO_BEGIN name_of_scenario @@ -75,6 +83,7 @@ * the step waits for traffic to stop. * o CHECK_AUTOTRUST [id] - followed by FILE_BEGIN [to match] FILE_END. * The file contents is macro expanded before match. + * o CHECK_TEMPFILE [fname] - followed by FILE_BEGIN [to match] FILE_END * o INFRA_RTT [ip] [dp] [rtt] - update infra cache entry with rtt. * o ERROR * ; following entry starts on the next line, ENTRY_BEGIN. @@ -195,6 +204,8 @@ struct replay_moment { repevt_back_query, /** check autotrust key file */ repevt_autotrust_check, + /** check a temp file */ + repevt_tempfile_check, /** an error happens to outbound query */ repevt_error, /** assignment to a variable */ @@ -340,6 +351,8 @@ struct fake_pending { enum transport_type transport; /** if this is a serviced query */ int serviced; + /** if we are handling a multi pkt tcp stream, non 0 and the pkt nr*/ + int tcp_pkt_counter; /** the runtime structure this is part of */ struct replay_runtime* runtime; }; diff --git a/testcode/testbound.c b/testcode/testbound.c index 20c99608fdd7..56b89c7f0d7e 100644 --- a/testcode/testbound.c +++ b/testcode/testbound.c @@ -135,6 +135,65 @@ echo_cmdline(int argc, char* argv[]) fprintf(stderr, "\n"); } +/** spool temp file name */ +static void +spool_temp_file_name(int* lineno, FILE* cfg, char* id) +{ + char line[MAX_LINE_LEN]; + /* find filename for new file */ + while(isspace((unsigned char)*id)) + id++; + if(*id == '\0') + fatal_exit("TEMPFILE_NAME must have id, line %d", *lineno); + id[strlen(id)-1]=0; /* remove newline */ + fake_temp_file("_temp_", id, line, sizeof(line)); + fprintf(cfg, "\"%s\"\n", line); +} + +/** spool temp file */ +static void +spool_temp_file(FILE* in, int* lineno, char* id) +{ + char line[MAX_LINE_LEN]; + char* parse; + FILE* spool; + /* find filename for new file */ + while(isspace((unsigned char)*id)) + id++; + if(*id == '\0') + fatal_exit("TEMPFILE_CONTENTS must have id, line %d", *lineno); + id[strlen(id)-1]=0; /* remove newline */ + fake_temp_file("_temp_", id, line, sizeof(line)); + /* open file and spool to it */ + spool = fopen(line, "w"); + if(!spool) fatal_exit("could not open %s: %s", line, strerror(errno)); + fprintf(stderr, "testbound is spooling temp file: %s\n", line); + if(!cfg_strlist_insert(&cfgfiles, strdup(line))) + fatal_exit("out of memory"); + line[sizeof(line)-1] = 0; + while(fgets(line, MAX_LINE_LEN-1, in)) { + parse = line; + (*lineno)++; + while(isspace((unsigned char)*parse)) + parse++; + if(strncmp(parse, "$INCLUDE_TEMPFILE", 17) == 0) { + char l2[MAX_LINE_LEN]; + char* tid = parse+17; + while(isspace((unsigned char)*tid)) + tid++; + tid[strlen(tid)-1]=0; /* remove newline */ + fake_temp_file("_temp_", tid, l2, sizeof(l2)); + snprintf(line, sizeof(line), "$INCLUDE %s\n", l2); + } + if(strncmp(parse, "TEMPFILE_END", 12) == 0) { + fclose(spool); + return; + } + fputs(line, spool); + } + fatal_exit("no TEMPFILE_END in input file"); +} + /** spool autotrust file */ static void spool_auto_file(FILE* in, int* lineno, FILE* cfg, char* id) @@ -213,6 +272,14 @@ setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[]) spool_auto_file(in, lineno, cfg, parse+14); continue; } + if(strncmp(parse, "TEMPFILE_NAME", 13) == 0) { + spool_temp_file_name(lineno, cfg, parse+13); + continue; + } + if(strncmp(parse, "TEMPFILE_CONTENTS", 17) == 0) { + spool_temp_file(in, lineno, parse+17); + continue; + } if(strncmp(parse, "CONFIG_END", 10) == 0) { fclose(cfg); return; @@ -287,6 +354,10 @@ main(int argc, char* argv[]) case 's': free(pass_argv[1]); testbound_selftest(); + checklock_stop(); + if(log_get_lock()) { + lock_quick_destroy((lock_quick_type*)log_get_lock()); + } exit(0); case '1': #ifdef USE_SHA1 @@ -389,7 +460,10 @@ main(int argc, char* argv[]) for(c=1; c<pass_argc; c++) free(pass_argv[c]); if(res == 0) { - log_info("Testbound Exit Success"); + log_info("Testbound Exit Success\n"); + if(log_get_lock()) { + lock_quick_destroy((lock_quick_type*)log_get_lock()); + } #ifdef HAVE_PTHREAD /* dlopen frees its thread state (dlopen of gost engine) */ pthread_exit(NULL); diff --git a/testcode/testpkts.c b/testcode/testpkts.c index e1a7768abed0..ec0f7fe2449a 100644 --- a/testcode/testpkts.c +++ b/testcode/testpkts.c @@ -572,7 +572,15 @@ read_entry(FILE* in, const char* name, struct sldns_file_parse_state* pstate, } else if(str_keyword(&parse, "ADJUST")) { adjustline(parse, current, cur_reply); } else if(str_keyword(&parse, "EXTRA_PACKET")) { + /* copy current packet into buffer */ + cur_reply->reply_pkt = memdup(pktbuf, pktlen); + cur_reply->reply_len = pktlen; + if(!cur_reply->reply_pkt) + error("out of memory"); cur_reply = entry_add_reply(current); + /* clear for next packet */ + pktlen = LDNS_HEADER_SIZE; + memset(pktbuf, 0, pktlen); /* ID = 0, FLAGS="", and rr counts 0 */ } else if(str_keyword(&parse, "SECTION")) { if(str_keyword(&parse, "QUESTION")) add_section = LDNS_SECTION_QUESTION; @@ -1558,10 +1566,10 @@ adjust_packet(struct entry* match, uint8_t** answer_pkt, size_t *answer_len, return; } /* copy the ID */ - if(match->copy_id && reslen >= 2) - res[1] = orig[1]; - if(match->copy_id && reslen >= 1) - res[0] = orig[0]; + if(match->copy_id && reslen >= 2 && query_len >= 2) + res[1] = query_pkt[1]; + if(match->copy_id && reslen >= 1 && query_len >= 1) + res[0] = query_pkt[0]; if(match->copy_ednsdata_assume_clientsubnet) { /** Assume there is only one EDNS option, which is ECS. diff --git a/testcode/unitauth.c b/testcode/unitauth.c index f6c022aa03d7..4b538ef62687 100644 --- a/testcode/unitauth.c +++ b/testcode/unitauth.c @@ -95,42 +95,42 @@ static const char* zone_example_com = /* and some tests for RRSIGs (rrsig is www.nlnetlabs.nl copy) */ /* normal: domain and 1 rrsig */ "z1.example.com. 3600 IN A 10.0.0.10\n" -"z1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" +"z1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" /* normal: domain and 2 rrsigs */ "z2.example.com. 3600 IN A 10.0.0.10\n" -"z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" -"z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" +"z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" /* normal: domain and 3 rrsigs */ "z3.example.com. 3600 IN A 10.0.0.10\n" "z3.example.com. 3600 IN A 10.0.0.11\n" -"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" -"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" -"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12356 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12356}\n" +"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12356 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" /* just an RRSIG rrset with nothing else */ -"z4.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" +"z4.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" /* just an RRSIG rrset with nothing else, 2 rrsigs */ -"z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" -"z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" +"z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z5.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" #if 0 /* comparison of file does not work on this part because duplicates */ /* are removed and the rrsets are reordered */ /* first rrsig, then A record */ -"z6.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" +"z6.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" "z6.example.com. 3600 IN A 10.0.0.10\n" /* first two rrsigs, then A record */ -"z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" -"z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" +"z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z7.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" "z7.example.com. 3600 IN A 10.0.0.10\n" /* first two rrsigs, then two A records */ -"z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" -"z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 12345}\n" +"z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z8.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" "z8.example.com. 3600 IN A 10.0.0.10\n" "z8.example.com. 3600 IN A 10.0.0.11\n" /* duplicate RR, duplicate RRsig */ "z9.example.com. 3600 IN A 10.0.0.10\n" "z9.example.com. 3600 IN A 10.0.0.11\n" "z9.example.com. 3600 IN A 10.0.0.10\n" -"z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" -"z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= ;{id = 42393}\n" +"z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" +"z9.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk=\n" #endif /* if0 for duplicates and reordering */ ; @@ -521,6 +521,7 @@ addzone(struct auth_zones* az, const char* name, char* fname) lock_rw_unlock(&az->lock); if(!z) fatal_exit("cannot find zone"); auth_zone_set_zonefile(z, fname); + z->for_upstream = 1; if(!auth_zone_read_zonefile(z)) { fatal_exit("parse failure for auth zone %s", name); @@ -685,8 +686,12 @@ msgtostr(struct dns_msg* msg) char* str; sldns_buffer* buf = sldns_buffer_new(65535); if(!buf) fatal_exit("out of memory"); - pr_flags(buf, msg->rep->flags); - pr_rrs(buf, msg->rep); + if(!msg) { + sldns_buffer_printf(buf, "null packet\n"); + } else { + pr_flags(buf, msg->rep->flags); + pr_rrs(buf, msg->rep); + } str = strdup((char*)sldns_buffer_begin(buf)); if(!str) fatal_exit("out of memory"); @@ -831,6 +836,24 @@ check_queries(const char* name, const char* zone, struct q_ans* queries) auth_zones_delete(az); } +/** Test authzone compare_serial */ +static void +authzone_compare_serial(void) +{ + if(vbmp) printf("Testing compare_serial\n"); + unit_assert(compare_serial(0, 1) < 0); + unit_assert(compare_serial(1, 0) > 0); + unit_assert(compare_serial(0, 0) == 0); + unit_assert(compare_serial(1, 1) == 0); + unit_assert(compare_serial(0xf0000000, 0xf0000000) == 0); + unit_assert(compare_serial(0, 0xf0000000) > 0); + unit_assert(compare_serial(0xf0000000, 0) < 0); + unit_assert(compare_serial(0xf0000000, 0xf0000001) < 0); + unit_assert(compare_serial(0xf0000002, 0xf0000001) > 0); + unit_assert(compare_serial(0x70000000, 0x80000000) < 0); + unit_assert(compare_serial(0x90000000, 0x70000000) > 0); +} + /** Test authzone read from file */ static void authzone_read_test(void) @@ -853,6 +876,7 @@ authzone_test(void) { unit_show_feature("authzone"); atexit(tmpfilecleanup); + authzone_compare_serial(); authzone_read_test(); authzone_query_test(); } diff --git a/testcode/unitmain.c b/testcode/unitmain.c index d662991bab5d..57883d183b9f 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -433,7 +433,6 @@ rtt_test(void) } #include "services/cache/infra.h" -#include "util/config_file.h" /* lookup and get key and data structs easily */ static struct infra_data* infra_lookup_host(struct infra_cache* infra, diff --git a/testcode/unitverify.c b/testcode/unitverify.c index eec11df60778..06691f822e40 100644 --- a/testcode/unitverify.c +++ b/testcode/unitverify.c @@ -524,6 +524,7 @@ verify_test(void) #endif #if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) verifytest_file("testdata/test_sigs.rsasha512_draft", "20070829144150"); + verifytest_file("testdata/test_signatures.9", "20171215000000"); #endif #ifdef USE_SHA1 verifytest_file("testdata/test_sigs.hinfo", "20090107100022"); diff --git a/testdata/03-testbound.tdir/03-testbound.test b/testdata/03-testbound.tdir/03-testbound.test index e23151c41657..aefdc18554f4 100644 --- a/testdata/03-testbound.tdir/03-testbound.test +++ b/testdata/03-testbound.tdir/03-testbound.test @@ -11,7 +11,12 @@ get_make exitval=0 # quiet="" to make verbose -do_valgrind=no +if test -f $PRE/unbound_do_valgrind_in_test; then + do_valgrind=yes +else + do_valgrind=no +fi +VALGRIND_FLAGS="--leak-check=full --show-leak-kinds=all" # valgrind mode for debug #if grep "staticexe=-static" $PRE/Makefile >/dev/null 2>&1; then # if test -x "`which valgrind`"; then @@ -21,19 +26,28 @@ do_valgrind=no # self-test (unit test of testbound) if test $do_valgrind = "yes"; then - if (valgrind $PRE/testbound -s >tmpout 2>&1;); then + if (valgrind $VALGRIND_FLAGS $PRE/testbound -s >tmpout 2>&1;); then echo "selftest OK " else echo "selftest FAILED" exit 1 fi - if grep "All heap blocks were freed -- no leaks are possible." tmpout >/dev/null 2>&1; then + if grep "All heap blocks were freed -- no leaks are possible" tmpout >/dev/null 2>&1; then : # clean else + cat tmpout echo "Memory leaked in selftest" grep "in use at exit" tmpout exit 1 fi + if grep "ERROR SUMMARY: 0 errors from 0 contexts" tmpout >/dev/null 2>&1; then + : # clean + else + cat tmpout + echo "Errors in selftest" + grep "ERROR SUMMARY" tmpout + exit 1 + fi else if ($PRE/testbound -s >/dev/null 2>&1;); then echo "selftest OK " @@ -88,19 +102,28 @@ for input in $PRE/testdata/*.rpl $PRE/testdata/*.crpl; do fi if test $do_valgrind = "yes"; then - if (valgrind $PRE/testbound -p $input >tmpout 2>&1;); then + if (valgrind $VALGRIND_FLAGS $PRE/testbound -p $input >tmpout 2>&1;); then echo " OK $cleaninput: $header" else echo "FAILED $cleaninput: $header" exitval=1 fi - if grep "All heap blocks were freed -- no leaks are possible." tmpout >/dev/null 2>&1; then + if grep "All heap blocks were freed -- no leaks are possible" tmpout >/dev/null 2>&1; then : # clean else + grep "^==" tmpout echo "Memory leaked in $cleaninput" grep "in use at exit" tmpout exitval=1 fi + if grep "ERROR SUMMARY: 0 errors from 0 contexts" tmpout >/dev/null 2>&1; then + : # clean + else + grep "^==" tmpout + echo "Errors in $cleaninput" + grep "ERROR SUMMARY" tmpout + exitval=1 + fi else # do valgrind=no if ($PRE/testbound -p $input >/dev/null 2>&1;); then diff --git a/testdata/auth_axfr.tdir/auth_axfr.conf b/testdata/auth_axfr.tdir/auth_axfr.conf new file mode 100644 index 000000000000..b7f03bb480c7 --- /dev/null +++ b/testdata/auth_axfr.tdir/auth_axfr.conf @@ -0,0 +1,18 @@ +server: + verbosity: 7 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: yes +auth-zone: + name: "example.com" + for-upstream: yes + for-downstream: yes + master: "127.0.0.1@@TOPORT@" + diff --git a/testdata/auth_axfr.tdir/auth_axfr.dsc b/testdata/auth_axfr.tdir/auth_axfr.dsc new file mode 100644 index 000000000000..a3386713798d --- /dev/null +++ b/testdata/auth_axfr.tdir/auth_axfr.dsc @@ -0,0 +1,16 @@ +BaseName: auth_axfr +Version: 1.0 +Description: Perform AXFR for authority zone +CreationDate: Tue 13 Jun 09:35:40 CEST 2017 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: auth_axfr.pre +Post: auth_axfr.post +Test: auth_axfr.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/auth_axfr.tdir/auth_axfr.post b/testdata/auth_axfr.tdir/auth_axfr.post new file mode 100644 index 000000000000..5b2f7c62050b --- /dev/null +++ b/testdata/auth_axfr.tdir/auth_axfr.post @@ -0,0 +1,10 @@ +# #-- auth_axfr.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +. ../common.sh +kill_pid $FWD_PID +kill_pid $UNBOUND_PID diff --git a/testdata/auth_axfr.tdir/auth_axfr.pre b/testdata/auth_axfr.tdir/auth_axfr.pre new file mode 100644 index 000000000000..01e9cea1a84a --- /dev/null +++ b/testdata/auth_axfr.tdir/auth_axfr.pre @@ -0,0 +1,31 @@ +# #-- auth_axfr.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +FWD_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test + +# start forwarder +get_ldns_testns +$LDNS_TESTNS -p $FWD_PORT auth_axfr.testns >fwd.log 2>&1 & +FWD_PID=$! +echo "FWD_PID=$FWD_PID" >> .tpkg.var.test + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < auth_axfr.conf > ub.conf +# start unbound in the background +PRE="../.." +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_ldns_testns_up fwd.log +wait_unbound_up unbound.log + diff --git a/testdata/auth_axfr.tdir/auth_axfr.test b/testdata/auth_axfr.tdir/auth_axfr.test new file mode 100644 index 000000000000..f9171eea0728 --- /dev/null +++ b/testdata/auth_axfr.tdir/auth_axfr.test @@ -0,0 +1,51 @@ +# #-- auth_axfr.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig www.example.com." +dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +if grep SERVFAIL outfile; then + echo "> try again" + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep "1.2.3.4" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/testdata/auth_axfr.tdir/auth_axfr.testns b/testdata/auth_axfr.tdir/auth_axfr.testns new file mode 100644 index 000000000000..f1678a1ccc30 --- /dev/null +++ b/testdata/auth_axfr.tdir/auth_axfr.testns @@ -0,0 +1,27 @@ +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.net. +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END diff --git a/testdata/auth_https.tdir/127.0.0.1/example.com.zone b/testdata/auth_https.tdir/127.0.0.1/example.com.zone new file mode 100644 index 000000000000..695eb1c32bd4 --- /dev/null +++ b/testdata/auth_https.tdir/127.0.0.1/example.com.zone @@ -0,0 +1,3 @@ +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.net. +www.example.com. IN A 1.2.3.4 diff --git a/testdata/auth_https.tdir/auth_https.conf b/testdata/auth_https.tdir/auth_https.conf new file mode 100644 index 000000000000..add166f6d582 --- /dev/null +++ b/testdata/auth_https.tdir/auth_https.conf @@ -0,0 +1,18 @@ +server: + verbosity: 7 + # num-threads: 1 + interface: 127.0.0.1 + port: @PORT@ + use-syslog: no + directory: "" + pidfile: "unbound.pid" + chroot: "" + username: "" + do-not-query-localhost: no + use-caps-for-id: yes +auth-zone: + name: "example.com" + for-upstream: yes + for-downstream: yes + url: "https://127.0.0.1:@TOPORT@/example.com.zone" + diff --git a/testdata/auth_https.tdir/auth_https.dsc b/testdata/auth_https.tdir/auth_https.dsc new file mode 100644 index 000000000000..bf4341198ec7 --- /dev/null +++ b/testdata/auth_https.tdir/auth_https.dsc @@ -0,0 +1,16 @@ +BaseName: auth_https +Version: 1.0 +Description: Perform https for authority zone +CreationDate: Tue 13 Jun 09:35:40 CEST 2017 +Maintainer: dr. W.C.A. Wijngaards +Category: +Component: +CmdDepends: +Depends: +Help: +Pre: auth_https.pre +Post: auth_https.post +Test: auth_https.test +AuxFiles: +Passed: +Failure: diff --git a/testdata/auth_https.tdir/auth_https.post b/testdata/auth_https.tdir/auth_https.post new file mode 100644 index 000000000000..3c1b7ef99e12 --- /dev/null +++ b/testdata/auth_https.tdir/auth_https.post @@ -0,0 +1,11 @@ +# #-- auth_https.post --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# source the test var file when it's there +[ -f .tpkg.var.test ] && source .tpkg.var.test +# +# do your teardown here +PRE="../.." +. ../common.sh +kill_pid $UNBOUND_PID +kill_pid $PETAL_PID diff --git a/testdata/auth_https.tdir/auth_https.pre b/testdata/auth_https.tdir/auth_https.pre new file mode 100644 index 000000000000..e50fd5faa32d --- /dev/null +++ b/testdata/auth_https.tdir/auth_https.pre @@ -0,0 +1,34 @@ +# #-- auth_https.pre--# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh +get_random_port 2 +UNBOUND_PORT=$RND_PORT +PETAL_PORT=$(($RND_PORT + 1)) +echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test +echo "PETAL_PORT=$PETAL_PORT" >> .tpkg.var.test + +get_make +(cd $PRE; $MAKE petal) + +# start https daemon +$PRE/petal -v -a "127.0.0.1" -p $PETAL_PORT >petal.log 2>&1 & +PETAL_PID=$! +echo "PETAL_PID=$PETAL_PID" >> .tpkg.var.test +cat .tpkg.var.test +wait_petal_up petal.log + +# make config file +sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$PETAL_PORT'/' < auth_https.conf > ub.conf +# start unbound in the background +$PRE/unbound -d -c ub.conf >unbound.log 2>&1 & +UNBOUND_PID=$! +echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test + +cat .tpkg.var.test +wait_unbound_up unbound.log + diff --git a/testdata/auth_https.tdir/auth_https.test b/testdata/auth_https.tdir/auth_https.test new file mode 100644 index 000000000000..cff93544b14a --- /dev/null +++ b/testdata/auth_https.tdir/auth_https.test @@ -0,0 +1,51 @@ +# #-- auth_https.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +# do the test +echo "> dig www.example.com." +dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +if grep SERVFAIL outfile; then + echo "> try again" + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 1 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +if grep SERVFAIL outfile; then + echo "> try again" + sleep 10 + dig @localhost -p $UNBOUND_PORT www.example.com. | tee outfile +fi +echo "> cat logfiles" +cat petal.log +cat unbound.log +echo "> check answer" +if grep "1.2.3.4" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +exit 0 diff --git a/testdata/auth_https.tdir/petal.key b/testdata/auth_https.tdir/petal.key new file mode 100644 index 000000000000..6614e498fcd2 --- /dev/null +++ b/testdata/auth_https.tdir/petal.key @@ -0,0 +1,21 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIDfQIBAAKBwQC1xQ/Kca6zszZbcCtdOTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJ +RuN+Rm304SonpwghfP2/ULZNnuDgpG03/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1 +QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ867K029ypjOQtAJ85qdO3mERy7TGtdUcu +O6hLeVet419YeQ2F8cfNxn63d7bOzNGLPW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeU +J/i4YDWexFYSL+ECAwEAAQKBwCLXXQl+9O+5AEhSnd1Go1Jh0pSA7eBJOuXQcebG +Rb7ykp+6C4G2NtDziwwPRNdI6wQQQ0sym18RfyVQHydGr78/nbiIbB3HCn5e92Mh +mefzW6ow9Kvm2txLzGKA1lvoyRbNm81jnG/eygi3u7Nqd5PNv+4dHj2RkTlmxOeh +qnDMVP5md8uZPv6lYNnrnIzvLCR5vnPNdVwn89AqzI85IcDZdy0R9ZX4NBbsDgAU +6ig6uXuRXvSGiyJ/OUXSrnogaQJhAOjvkHUhVZQkPOxO90TNH4j0GdKKtbSWxIdz +lKfuJeBAEqs0TL+C6vbS81Xw3W1alyDdUBk3rJMOBqW6Ryq5HNL+j5H+Jfsh7fvc +Yle+5wHGci0P9zCFZCrY8It7n9XFIwJhAMfEi6oJa2G8waPJ1bQhxka82Tf9pnKM +XCn/1BBOFjVIx5F842cpA+zp5a62GENTGYPQTTRBB/2/ZwnW5aIkrlg54AtmbqBZ +Oh+2kJdJQD/tfoVmc5soUE2ScTHadK5RKwJhAN4w9kjkXS+MSZjX0kIMsBIBVkhh +C+aREjJqa9ir7/Ey7RvmLXdYuCxtGLRXp7/R8+rjcK49Tx6O+IRJZe042mfhbq3C +EhS1Tr86f4xXix9EXlDhs9bSxrOgcAN9Dv/opQJhAK7eBcPaav0rVfYh/8emqQHS +3fJ9Pu6WnzbEksWTFS2ff9KDGCx9YspIFJ5TF/oXDAaumGZdZrlgirm6O1kr8tGY +F97i04PZl1+bWAaWQH+1TUNI43m2WFUPE7coG2tb8QJgcddDg9VlXliZqgcETZfJ +kJmYETxrcSn3ao6v116N8yxhEgUgjkmsCTiFgx36iDVnXwK6PIt+sIu8MC7eYNa3 +berrv/M21K0LRn20IWRxvUobG070weHCAgkko7fTWgr2 +-----END RSA PRIVATE KEY----- diff --git a/testdata/auth_https.tdir/petal.pem b/testdata/auth_https.tdir/petal.pem new file mode 100644 index 000000000000..19c8b895ba86 --- /dev/null +++ b/testdata/auth_https.tdir/petal.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICFzCCAUACCQDO660L5y5LGDANBgkqhkiG9w0BAQUFADAQMQ4wDAYDVQQDEwVw +ZXRhbDAeFw0xMDA5MzAxMzQzMDFaFw0zMDA2MTcxMzQzMDFaMBAxDjAMBgNVBAMT +BXBldGFsMIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQC1xQ/Kca6zszZbcCtd +OTIH2Uy2gOy/DfabMUU7TmNPm0dVE0NJRuN+Rm304SonpwghfP2/ULZNnuDgpG03 +/32yI7k/VzG6iA4hiF7tT/KAAWC/+2l1QCsawCV2bSrFK0VhcZr7ALqXd8vkDaQ8 +67K029ypjOQtAJ85qdO3mERy7TGtdUcuO6hLeVet419YeQ2F8cfNxn63d7bOzNGL +PW5xwaCd3UcgD+Ib0k4xfFvbinvPQUeUJ/i4YDWexFYSL+ECAwEAATANBgkqhkiG +9w0BAQUFAAOBwQBBkX9KDP2RXbg+xPmdJ4P6CwvA5x1LZwC++ydVx4NlvT0pWicD +ZUnXjcWAJlkeOuUBAqFG7WHTrXpUUAjmdqFVq2yFjteUYBdrFz0RDB2jM9feeKYO +mTgxdZyT9a6humxCxt5VfgT02axLjm/2AqCyFPMbf4PASoJDln01AEuZLZ8Xl2gV +bYHMnHTGoD1Hu6FNEzRgkMC6XT8X3YjHvzQhpc/qL5wEfEsinQGdX4twsuWbf8xd +q7miNnkO8vd0maw= +-----END CERTIFICATE----- diff --git a/testdata/auth_xfr.rpl b/testdata/auth_xfr.rpl new file mode 100644 index 000000000000..2dd2b7ae267c --- /dev/null +++ b/testdata/auth_xfr.rpl @@ -0,0 +1,232 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with AXFR + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.net. +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_xfr_host.rpl b/testdata/auth_xfr_host.rpl new file mode 100644 index 000000000000..4b3b1879ea33 --- /dev/null +++ b/testdata/auth_xfr_host.rpl @@ -0,0 +1,247 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: ns.example.net. + #master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone that needs host name lookup + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION ANSWER +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN A +SECTION ANSWER +ns.example.com. IN A 1.2.3.44 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.com. IN AAAA +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +www.example.com. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. IN NS ns.example.com. +www.example.com. IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 10 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.com. +www.example.com. 3600 IN A 1.2.3.4 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_xfr_ixfr.rpl b/testdata/auth_xfr_ixfr.rpl new file mode 100644 index 000000000000..91cc8b30365d --- /dev/null +++ b/testdata/auth_xfr_ixfr.rpl @@ -0,0 +1,276 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.6 +mail.example.com. 3600 IN A 1.2.3.7 +zup.example.com. 3600 IN A 1.2.3.4 +yyy.example.com. 3600 IN A 1.2.3.4 +yyy.example.com. 3600 IN AAAA ::5 +r1.example.com. 3600 IN A 1.2.3.4 +r1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN A 1.2.3.4 +r2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN RRSIG AAAA 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r3.example.com. 3600 IN A 1.2.3.4 +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +add.example.com. 3600 IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with IXFR + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +www.example.com. IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.6 +zup.example.com. 3600 IN A 1.2.3.4 +yyy.example.com. 3600 IN AAAA ::5 +r1.example.com. 3600 IN A 1.2.3.4 +r2.example.com. 3600 IN A 1.2.3.4 +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 12345 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.8 +mail.example.com. IN AAAA ::5 +add2.example.com. 3600 IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 3600 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.5 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +add.example.com. 3600 IN A 1.2.3.4 +add2.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.7 +mail.example.com. 3600 IN A 1.2.3.8 +mail.example.com. 3600 IN AAAA ::5 +r1.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN RRSIG AAAA 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r2.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +r3.example.com. 3600 IN A 1.2.3.4 +r3.example.com. 3600 IN RRSIG A 8 3 10200 20170612005010 20170515005010 42393 nlnetlabs.nl. NhEDrHkuIgHkjWhDRVsGOIJWZpSs+QdduilWFe5d+/ZhOheLJbaTYD5w6+ZZ3yPh1tNud+jlg+GyiOSVapLEO31swDCIarL1UfRjRSpxxDCHGag5Zu+S4hF+KURxO3cJk8jLBELMQyRuMRHoKrw/wsiLGVu1YpAyAPPMcjFBNbk= +www.example.com. 3600 IN A 1.2.3.5 +yyy.example.com. 3600 IN A 1.2.3.4 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_xfr_ixfrisaxfr.rpl b/testdata/auth_xfr_ixfrisaxfr.rpl new file mode 100644 index 000000000000..ac6d4db766ad --- /dev/null +++ b/testdata/auth_xfr_ixfrisaxfr.rpl @@ -0,0 +1,235 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.6 +mail.example.com. 3600 IN A 1.2.3.7 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with IXFR reply really is an AXFR + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. IN NS ns.example.net. +www.example.com. IN A 1.2.3.6 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 3600 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.6 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_xfr_ixfrmismatch.rpl b/testdata/auth_xfr_ixfrmismatch.rpl new file mode 100644 index 000000000000..f12e766d0ece --- /dev/null +++ b/testdata/auth_xfr_ixfrmismatch.rpl @@ -0,0 +1,266 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.6 +mail.example.com. 3600 IN A 1.2.3.7 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with IXFR that has mismatched data + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +www.example.com. IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.6 +; this is the delete of the nonexistant entry +nonexist.example.com. 3600 IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.8 +mail.example.com. IN AAAA ::5 +add2.example.com. 3600 IN A 1.2.3.4 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. IN NS ns.example.net. +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 3600 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.6 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_xfr_ixfrnotimpl.rpl b/testdata/auth_xfr_ixfrnotimpl.rpl new file mode 100644 index 000000000000..94f03eb93e22 --- /dev/null +++ b/testdata/auth_xfr_ixfrnotimpl.rpl @@ -0,0 +1,249 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.4 +mail.example.com. 3600 IN A 1.2.3.5 +mail.example.com. 3600 IN A 1.2.3.6 +mail.example.com. 3600 IN A 1.2.3.7 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with IXFR NOTIMPL fallback + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOTIMPL +SECTION QUESTION +example.com. IN IXFR +SECTION ANSWER +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. IN NS ns.example.net. +EXTRA_PACKET +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN AXFR +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +example.com. IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 3600 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.6 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 2 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.6 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_xfr_probesoa.rpl b/testdata/auth_xfr_probesoa.rpl new file mode 100644 index 000000000000..865ac87de096 --- /dev/null +++ b/testdata/auth_xfr_probesoa.rpl @@ -0,0 +1,219 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + master: 1.2.3.44 + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with probe of SOA + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN SOA +SECTION ANSWER +; serial, refresh, retry, expire, minimum +example.com. IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +ENTRY_END + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +STEP 30 TIME_PASSES ELAPSE 3600 +STEP 40 TRAFFIC + +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +; the zonefile was updated with new contents +STEP 70 CHECK_TEMPFILE example.com +FILE_BEGIN +example.com. 3600 IN SOA ns.example.com. hostmaster.example.com. 1 3600 900 86400 3600 +example.com. 3600 IN NS ns.example.net. +www.example.com. 3600 IN A 1.2.3.4 +FILE_END + +SCENARIO_END diff --git a/testdata/auth_zonefile.rpl b/testdata/auth_zonefile.rpl new file mode 100644 index 000000000000..23c4efc60261 --- /dev/null +++ b/testdata/auth_zonefile.rpl @@ -0,0 +1,189 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +$ORIGIN com. +example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +$ORIGIN example.com. +www 3600 IN A 1.2.3.4 +mail 3600 IN A 1.2.3.5 + 3600 IN AAAA ::5 +ns1 3600 IN A 1.2.3.4 +ns2 3600 IN AAAA ::2 +$INCLUDE_TEMPFILE example.inc +TEMPFILE_END +TEMPFILE_CONTENTS example.inc +other 7200 IN A 1.2.3.6 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with zonefile + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonefile_dnssec.rpl b/testdata/auth_zonefile_dnssec.rpl new file mode 100644 index 000000000000..eb264ee8bbb2 --- /dev/null +++ b/testdata/auth_zonefile_dnssec.rpl @@ -0,0 +1,194 @@ +; config options +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +$ORIGIN example.com. +example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with zonefile and dnssec +; the zone file has signatures, used upstream, unbound validates the reply. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD DO RA AD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonefile_dnssec_fail.rpl b/testdata/auth_zonefile_dnssec_fail.rpl new file mode 100644 index 000000000000..49da19993a63 --- /dev/null +++ b/testdata/auth_zonefile_dnssec_fail.rpl @@ -0,0 +1,202 @@ +; config options +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + fallback-enabled: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +$ORIGIN example.com. +example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} + +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + +; this RR is edited to create the failure +;www.example.com. IN A 10.20.30.40 +www.example.com. IN A 127.0.0.1 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} + +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with zonefile and dnssec failure +; the zone file has signatures, used upstream, unbound validates the reply. +; but that fails and now it tries again, with failover to internet hosted +; (correct) contents. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854} +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD DO RA AD NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonefile_down.rpl b/testdata/auth_zonefile_down.rpl new file mode 100644 index 000000000000..09e7fd061407 --- /dev/null +++ b/testdata/auth_zonefile_down.rpl @@ -0,0 +1,185 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: yes + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: no + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +$ORIGIN com. +example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +$ORIGIN example.com. +www 3600 IN A 1.2.3.4 +mail 3600 IN A 1.2.3.5 + 3600 IN AAAA ::5 +ns1 3600 IN A 1.2.3.4 +ns2 3600 IN AAAA ::2 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with zonefile for downstream responses + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 1.2.3.4 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonefile_noup.rpl b/testdata/auth_zonefile_noup.rpl new file mode 100644 index 000000000000..da0dd76672ec --- /dev/null +++ b/testdata/auth_zonefile_noup.rpl @@ -0,0 +1,184 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "example.com." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: no + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME example.com + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS example.com +$ORIGIN com. +example 3600 IN SOA dns.example.de. hostmaster.dns.example.de. ( + 1379078166 28800 7200 604800 7200 ) + 3600 IN NS ns1.example.com. + 3600 IN NS ns2.example.com. +$ORIGIN example.com. +www 3600 IN A 1.2.3.4 +ns1 3600 IN A 1.2.3.4 +ns2 3600 IN AAAA ::2 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with zonefile with no upstream enabled +; and therefore fallback is going to be used. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +SCENARIO_END diff --git a/testdata/auth_zonefile_root.rpl b/testdata/auth_zonefile_root.rpl new file mode 100644 index 000000000000..9755f91e156a --- /dev/null +++ b/testdata/auth_zonefile_root.rpl @@ -0,0 +1,181 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +auth-zone: + name: "." + ## zonefile (or none). + ## zonefile: "example.com.zone" + ## master by IP address or hostname + ## can list multiple masters, each on one line. + ## master: + ## url for http fetch + ## url: + ## queries from downstream clients get authoritative answers. + ## for-downstream: yes + for-downstream: no + ## queries are used to fetch authoritative answers from this zone, + ## instead of unbound itself sending queries there. + ## for-upstream: yes + for-upstream: yes + ## on failures with for-upstream, fallback to sending queries to + ## the authority servers + ## fallback-enabled: no + fallback-enabled: yes + + ## this line generates zonefile: \n"/tmp/xxx.example.com"\n + zonefile: +TEMPFILE_NAME root.zone + ## this is the inline file /tmp/xxx.example.com + ## the tempfiles are deleted when the testrun is over. +TEMPFILE_CONTENTS root.zone +. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018013100 1800 900 604800 86400 +. 518400 IN NS k.root-servers.net. +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +com. IN NS a.gtld-servers.net. +a.gtld-servers.net. IN A 192.5.6.30 +TEMPFILE_END + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test authority zone with zonefile for root referrals + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +; disable this referral for the test, we want to use the builtin copy of the zone +; a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.44 +ENTRY_END +RANGE_END + +; ns.example.net. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.44 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.net. IN NS +SECTION ANSWER +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +ns.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN A +SECTION ANSWER +ns.example.net. IN A 1.2.3.44 +SECTION AUTHORITY +example.net. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +ns.example.net. IN AAAA +SECTION AUTHORITY +example.net. IN NS ns.example.net. +SECTION ADDITIONAL +www.example.net. IN A 1.2.3.44 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.net. +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 20 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_ds_referral.rpl b/testdata/iter_ds_referral.rpl new file mode 100644 index 000000000000..e320942d6e9b --- /dev/null +++ b/testdata/iter_ds_referral.rpl @@ -0,0 +1,213 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterator with DS query and referral reply + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; note, no specific DS answer here, it replies with the referral for +; the type DS query + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to A query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; something for wrong type DS query here +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_ds_reply.rpl b/testdata/iter_ds_reply.rpl new file mode 100644 index 000000000000..ea2b69de211f --- /dev/null +++ b/testdata/iter_ds_reply.rpl @@ -0,0 +1,225 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b" + val-override-date: "20070916134226" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterator with DS query and answer reply + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b} +example.com. 3600 IN RRSIG DNSKEY DSA 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFBQRtlR4BEv9ohi+PGFjp+AHsJuHAhRCvz0shggvnvI88DFnBDCczHUcVA== ;{id = 2854} +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} +ENTRY_END + +; DS gets an answer from the authoritative server +; (like NSD 4.1.0 answers it) +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; response for delegation to sub.example.com. +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ENTRY_END + +RANGE_END + +; ns.sub.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.6 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN NS +SECTION ANSWER +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to DNSKEY priming query +; sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +sub.example.com. IN DNSKEY +SECTION ANSWER +sub.example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b} +sub.example.com. 3600 IN RRSIG DNSKEY 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. uNGp99iznjD7oOX02XnQbDnbg75UwBHRvZSKYUorTKvPUnCWMHKdRsQ+mf+Fx3GZ+Fz9BVjoCmQqpnfgXLEYqw== ;{id = 30899} +SECTION AUTHORITY +sub.example.com. IN NS ns.sub.example.com. +sub.example.com. 3600 IN RRSIG NS 5 3 3600 20070926134150 20070829134150 30899 sub.example.com. wcpHeBILHfo8C9uxMhcW03gcURZeUffiKdSTb50ZjzTHgMNhRyMfpcvSpXEd9548A9UTmWKeLZChfr5Z/glONw== ;{id = 30899} +SECTION ADDITIONAL +ns.sub.example.com. IN A 1.2.3.6 +ns.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. UF7shD/gt1FOp2UHgLTNbPzVykklSXFMEtJ1xD+Hholwf/PIzd7zoaIttIYibNa4fUXCqMg22H9P7MRhfmFe6g== ;{id = 30899} +ENTRY_END + +; response to A query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.sub.example.com. IN A +SECTION ANSWER +www.sub.example.com. IN A 11.11.11.11 +www.sub.example.com. 3600 IN RRSIG A 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. 0DqqRfRtm7VSEQ4mmBbzrKRqQAay3JAE8DPDGmjtokrrjN9F1G/HxozDV7bjdIh2EChlQea8FPwf/GepJMUVxg== ;{id = 30899} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +; something for wrong type DS query here +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR REFUSED +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +sub.example.com. IN DS +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +sub.example.com. IN DS +SECTION ANSWER +sub.example.com. 3600 IN DS 30899 RSASHA1 1 f7ed618f24d5e5202927e1d27bc2e84a141cb4b3 +sub.example.com. 3600 IN RRSIG DS 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCW3ix0GD4BSvNLWIbROCJt5DAW9AhRt/kg9kBKJ20UBUdumrBUHqnskdA== ;{id = 2854} +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_ns_badip.rpl b/testdata/iter_ns_badip.rpl index 49abdd6887f0..021e552b74c5 100644 --- a/testdata/iter_ns_badip.rpl +++ b/testdata/iter_ns_badip.rpl @@ -7,7 +7,7 @@ stub-zone: stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. CONFIG_END -SCENARIO_BEGIN Test iterator with delagation with bad IP address +SCENARIO_BEGIN Test iterator with delegation with bad IP address ; K.ROOT-SERVERS.NET. RANGE_BEGIN 0 100 diff --git a/testdata/test_signatures.9 b/testdata/test_signatures.9 new file mode 100644 index 000000000000..7f4b350e71aa --- /dev/null +++ b/testdata/test_signatures.9 @@ -0,0 +1,21 @@ +; Signature test file + +; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. +; later entries are verified with it. + +ENTRY_BEGIN +SECTION QUESTION +nsec.0skar.cz. IN DNSKEY +SECTION ANSWER +nsec.0skar.cz. 297 IN DNSKEY 257 3 10 AwEAAcfJERXDHOSg4JsxSO8WmFdi/PPbtgB6N6xDyyaDqRzr9QCL4LXH yLYjGmriFn7xhVDQTyQQp/nox5RK8YeAFHoiglQuwQVs2TyZTAZskTRj K4NL3+TuMxtCMObzHkAxa0rYvAV5RBh5tdLHUHJLe33xrFNcVidkHMAP F+kjY/9UNi1at2LTohE8VQD0mcv3Gvm79heIjq8Xt3SuqPpk7eQm1r8m 7cIsuojbCum964/H93LeyafExa1eEMhZIIiSG+ik2jDhdeybmMyeoKsO jIL/9N/Yd6u60VkWvUMennyv9rKQTOY84yg2T9yAVjusepggcxMpCVX5 HdWxakruR80= +ENTRY_END + +; entry to test ; note timestamp in 2080. +ENTRY_BEGIN +SECTION QUESTION +nsec.0skar.cz. IN DNSKEY +SECTION ANSWER +nsec.0skar.cz. 297 IN DNSKEY 257 3 10 AwEAAcfJERXDHOSg4JsxSO8WmFdi/PPbtgB6N6xDyyaDqRzr9QCL4LXH yLYjGmriFn7xhVDQTyQQp/nox5RK8YeAFHoiglQuwQVs2TyZTAZskTRj K4NL3+TuMxtCMObzHkAxa0rYvAV5RBh5tdLHUHJLe33xrFNcVidkHMAP F+kjY/9UNi1at2LTohE8VQD0mcv3Gvm79heIjq8Xt3SuqPpk7eQm1r8m 7cIsuojbCum964/H93LeyafExa1eEMhZIIiSG+ik2jDhdeybmMyeoKsO jIL/9N/Yd6u60VkWvUMennyv9rKQTOY84yg2T9yAVjusepggcxMpCVX5 HdWxakruR80= +nsec.0skar.cz. 297 IN RRSIG DNSKEY 10 3 300 20800101000000 20140130121330 28887 nsec.0skar.cz. Ef6Jmf/d9BR0VcRakUD8dEjrMmbAF6qqYRBllLOvibFvpgdEJ7egCO9t d8jliD2VRXhqej2lqECNOvARJ+YyYekpniueiYZsBjleU2kJAyFAS2q3 7aBIii1WdM3h+noayDnjiuhEO3GLxxHWc3kyd2yDesPddiFl09fx+rcz 9BwXaS9A/vdWv+92R1j4nijVI5jxZgkQ4lnD0ZtAVRdBRO7qDRpkRHDM pnaSq51B/9XCZEv2CW8UQ5dGd9D20a3uA2lAKHLgj2/Rcuar4o2Y4ERa ms9pyDCQDhGaveZQdx01EXX0ehe5qIKOKk7iFP95TbWPMRyk1bfKTUoT Rq5rhQ== +ENTRY_END + diff --git a/testdata/val_negcache_nodata.rpl b/testdata/val_negcache_nodata.rpl new file mode 100644 index 000000000000..374ac4038b0a --- /dev/null +++ b/testdata/val_negcache_nodata.rpl @@ -0,0 +1,166 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + target-fetch-policy: "0 0 0 0 0" + trust-anchor-signaling: no + aggressive-nsec: yes + +stub-zone: + name: "testzone.nlnetlabs.nl" + stub-addr: 185.49.140.60 +CONFIG_END + +SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC) + +; testzone.nlnetlabs.nl nameserver +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +testzone.nlnetlabs.nl. 3600 IN DNSKEY 256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7 +testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L +testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw= +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN RRSIG NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI= +SECTION ADDITIONAL +ENTRY_END + +; NODATA response for alligator.testzone.nlnetlabs.nl A type +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN A +SECTION ANSWER +SECTION AUTHORITY +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; NXDOMAIN response for emu.testzone.nlnetlabs.nl +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +emu.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +*.elephant.testzone.nlnetlabs.nl. 3600 IN NSEC duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC +*.elephant.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc= +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; No answer for ant.testzone.nlnetlabs.nl + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO AD NOERROR +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN A +SECTION ANSWER +SECTION AUTHORITY +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; AAAA query for alligator.testzone.nlnetlabs.nl, which isn't on the testzone nameserver +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN AAAA +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +alligator.testzone.nlnetlabs.nl. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +STEP 40 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +emu.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 50 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +emu.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +*.elephant.testzone.nlnetlabs.nl. 3600 IN NSEC duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC +*.elephant.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc= +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +STEP 60 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ent.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +; query for ENT, must result in NOERROR answer +STEP 70 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +ent.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +*.elephant.testzone.nlnetlabs.nl. 3600 IN NSEC duck.ent.testzone.nlnetlabs.nl. TXT RRSIG NSEC +*.elephant.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GC4dtR5zYvfuIgMpr6gF8jV69wsi2GwGlftTl532H2sZP7nWa5cJmJ59+q4evBZ+P3fLxaZeGBpsp3fn1e7yadLW5PGiA25qrjG0TGVQgOPdIV+lo45sxn7Yn8apiXcJf/vtXZMR7FcHYK/BieTo2hafa2zaftfQVRA7hpJ/HDc= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_negcache_nxdomain.rpl b/testdata/val_negcache_nxdomain.rpl new file mode 100644 index 000000000000..06f115bfefef --- /dev/null +++ b/testdata/val_negcache_nxdomain.rpl @@ -0,0 +1,109 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "testzone.nlnetlabs.nl. IN DS 2926 8 2 6f8512d1e82eecbd684fc4a76f39f8c5b411af385494873bdead663ddb78a88b" + val-override-date: "20180213111425" + target-fetch-policy: "0 0 0 0 0" + trust-anchor-signaling: no + aggressive-nsec: yes + +stub-zone: + name: "testzone.nlnetlabs.nl" + stub-addr: 185.49.140.60 +CONFIG_END + +SCENARIO_BEGIN Test validator with negative cache NXDOMAIN response (aggressive NSEC) + +; testzone.nlnetlabs.nl nameserver +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +testzone.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +testzone.nlnetlabs.nl. 3600 IN DNSKEY 256 3 8 AwEAAbrNEg01ByEpUUiip+GNAkNVjUfeX7sl9kPUssR3JQvhCJWVs7aBY0Ae1cNtQWgzCmidGorlXvEY2nNBiMM4l7IXqopJsgyj+Cb3nQPVLi/7yVwUb+AIwSJw1gRFElMYonsMOL9qUrJi8BBCnCR0EqkL+X4slmtkXSJbzQAwvHI7 +testzone.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbn0eGV0wqMBQNSVTY//BoiOD7bexC7FcVv0fH9bwjKOA8I+ob377E14vZN2xRLC2b1GG5iBckjeI+N2dB9eC2KRnScU3Gbmtw75BBYfm/y4Hu72zEjEZ0ZGv6gjSZRv/1o87ODAwQaxN8/dQD+5U/5xu12XM39bCJZx2GWTbf5L +testzone.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20180313101254 20180213101254 2926 testzone.nlnetlabs.nl. gSLZb/dSKutRlAKSo8ZCC1R+SkvABMYBRQsms77WPfYCDbt5GbXeuGqwGdadjEN8gGSU+qrYNxBZRhlYY6d2vtl+DGh67qwteHSwOCw0VvU64eVh38maJA1U673U4JtlBALzBOA/UHmXPlCgPPoW3BG0U3T2Qir/mqOmegmpBcw= +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NS ns.nlnetlabs.nl. +testzone.nlnetlabs.nl. 3600 IN RRSIG NS 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. Ox0iKc+z3i1qR1wMr8TBPYzuYO5UTaLrBsDagJAd25fvCkGN+h3HPmWlCIW0cBHsS+IaHXr1JhWutjSCc4UBcY+sT7Y7Fw3V1qdZW2KzbSgWUyPkTXoYcIIVLacSUTXEyltW6jj61WEI/RaUGUCJortvwH5iv1Hzee343isxObI= +SECTION ADDITIONAL +ENTRY_END + +; response for antelope.testzone.nlnetlabs.nl. +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; No answer for ant.testzone.nlnetlabs.nl + +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO AD NXDOMAIN +SECTION QUESTION +antelope.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +SECTION ADDITIONAL +ENTRY_END + +; query for ant.testzone.nlnetlabs.nl, which isn't on the testzone nameserver +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +ENTRY_END + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NXDOMAIN +SECTION QUESTION +ant.testzone.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +testzone.nlnetlabs.nl. 3600 IN NSEC alligator.testzone.nlnetlabs.nl. NS SOA RRSIG NSEC DNSKEY +testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. gTKn6U1nal9oA79IRxLa/7zexl6A0yJZzeEGBbZ5rh5feyAr2X4LTR9bPCgcHeMVggf4FP+kD1L/sxzj/YLwB1ZKGKlwnzsHtPFTlmvDClaqQ76DRZq5Vejr2ZfnclBUb2vtxaXywTRW8oueaaq9flcShEQ/cQ+KRU8sc344qd0= +alligator.testzone.nlnetlabs.nl. 3600 IN NSEC cheetah.testzone.nlnetlabs.nl. TXT RRSIG NSEC +alligator.testzone.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 4 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. QAgQ0AsMoYG02+VPfoOctSPlTHdQOkQt5fFkSkzIbVhUzNOqa+dB/Qkc81AwFeJosA+PvYjt6utcVkIWmK2Djy9eXC49gILtVF79vUe4G7ZrybO5NXjqNa5ANoUGM+yew4wkjeNOMVAsvs+1kvFY7S8RAa/0AIYlZHQ8vNBPNaI= +testzone.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +testzone.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20180313102201 20180213102201 44940 testzone.nlnetlabs.nl. GhmXNFQktZIgaBpGKwj9Q2mfq5+jcbRPK+PPgtRVicUPZga/d/iGEL8PV/8DzGwkaZbM14pamSUMgdJibW4zNhLz/ukjPilbjoj6giH1jtbdZLAQ6iK9pZ/4jKUEq4txviTczZNnDeolgPEEl4xo4NclQmi7zj1XBlQRbjvG0/0= +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_nodata_failwc.rpl b/testdata/val_nodata_failwc.rpl new file mode 100644 index 000000000000..4e4a7c30881c --- /dev/null +++ b/testdata/val_nodata_failwc.rpl @@ -0,0 +1,71 @@ +; config options +; The island of trust is at nsecwc.nlnetlabs.nl +server: + trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" + val-override-date: "20181202115531" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no +stub-zone: + name: "nsecwc.nlnetlabs.nl" + stub-addr: "185.49.140.60" + +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. + + ; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +nsecwc.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX +nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +SECTION ANSWER +SECTION AUTHORITY +nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= +; NSEC has a label lenght of 3, indication that the original owner name is: +; *.nsecwc.nlnetlabs.nl. The NSEC therefore does no prove the NODATA answer. +_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC +_25._tcp.mail.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +_25._tcp.mail.nsecwc.nlnetlabs.nl. IN TLSA +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/testdata/val_nx_failwc.rpl b/testdata/val_nx_failwc.rpl new file mode 100644 index 000000000000..dc580854cbb4 --- /dev/null +++ b/testdata/val_nx_failwc.rpl @@ -0,0 +1,69 @@ +; config options +; The island of trust is at nsecwc.nlnetlabs.nl +server: + trust-anchor: "nsecwc.nlnetlabs.nl. 10024 IN DS 565 8 2 0C15C04C022700C8713028F6F64CF2343DE627B8F83CDA1C421C65DB 52908A2E" + val-override-date: "20181202115531" + target-fetch-policy: "0 0 0 0 0" + fake-sha1: yes + trust-anchor-signaling: no +stub-zone: + name: "nsecwc.nlnetlabs.nl" + stub-addr: "185.49.140.60" + +CONFIG_END + +SCENARIO_BEGIN Test validator with nxdomain response with wildcard expanded NSEC record, original NSEC owner does not provide proof for QNAME. CVE-2017-15105 test. + + ; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 185.49.140.60 + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +nsecwc.nlnetlabs.nl. IN DNSKEY +SECTION ANSWER +nsecwc.nlnetlabs.nl. 3600 IN DNSKEY 257 3 8 AwEAAbTluF4BfJ/FT7Ak5a3VvYG1AqhT8FXxOsVwGTyueyE/hW+fMFMd QlLMf2Lf/gmsnFgn/p7GDmJBLlPTATmLeP3isvAZbK3MDEP2O5UjTVmt LZriTv8xfxYW6emCM54EQjWii64BFWrOeLm9zQqzyaLl53CbIIXqiacV KPteh8GX +nsecwc.nlnetlabs.nl. 3600 IN RRSIG DNSKEY 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. q3bG4e8EtvXKDcNWcyYHeQxLF9l9aJKdmeSubyN6Qc3UVHugd6t3YSxD hlD+g43y7FcdnNHdAPh/jpgC4wtOb5J+5XAuESDHwesmIXOCTJjrb+A8 r+xQK+vsY8FhNZ2r81JZ/KQ/+TcCS5tbYeNZQgENduWAxgGiw3fdrMOV xiU= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +!.nsecwc.nlnetlabs.nl. 3600 IN NSEC delegation.nsecwc.nlnetlabs.nl. TXT RRSIG NSEC +!.nsecwc.nlnetlabs.nl. 3600 IN RRSIG NSEC 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. ddy1MRbshFuFJswlouNGHsZUF/tYu8BOCztY2JuHeTMyWL7rhRKp73q/ 1RAXMwywKsynT5ioY0bMtEQszeIEn29IYaPDHieLAobjF6BMu1kO7U2/ oEBrSHM/fx28BcaM5G4nfCIm3BlhQhWvk1NDHLn3Q26x4hF/dnmFOUet aXw= +nsecwc.nlnetlabs.nl. 3600 IN SOA ns.nlnetlabs.nl. ralph.nlnetlabs.nl. 1 14400 3600 604800 3600 +nsecwc.nlnetlabs.nl. 3600 IN RRSIG SOA 8 3 3600 20200101000000 20171108114635 565 nsecwc.nlnetlabs.nl. bYibpCDg1LgrnYJgVahgu94LBqLIcNs4iC0SW8LV7pTI1hhuFKbLkO2O ekPdkJAWmu/KTytf8D+cdcK6X/9VS8QCVIF5S0hraHtNezu0f1B5ztg3 7Rqy+uJSucNKoykueAsz2z43GMgO0rGH3bqM7+3ii8p2E2rhzqEtG/D3 qyY= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA DO SERVFAIL +SECTION QUESTION +a.nsecwc.nlnetlabs.nl. IN TXT +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index ae3b6682ebf5..0784f055912d 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -108,6 +108,7 @@ config_create(void) cfg->ssl_service_pem = NULL; cfg->ssl_port = 853; cfg->ssl_upstream = 0; + cfg->tls_cert_bundle = NULL; cfg->use_syslog = 1; cfg->log_identity = NULL; /* changed later with argv[0] */ cfg->log_time_ascii = 0; @@ -177,6 +178,7 @@ config_create(void) cfg->out_ifs = NULL; cfg->stubs = NULL; cfg->forwards = NULL; + cfg->auths = NULL; #ifdef CLIENT_SUBNET cfg->client_subnet = NULL; cfg->client_subnet_zone = NULL; @@ -219,6 +221,7 @@ config_create(void) cfg->val_log_level = 0; cfg->val_log_squelch = 0; cfg->val_permissive_mode = 0; + cfg->aggressive_nsec = 0; cfg->ignore_cd = 0; cfg->serve_expired = 0; cfg->add_holddown = 30*24*3600; @@ -282,6 +285,7 @@ config_create(void) cfg->dnscrypt_port = 0; cfg->dnscrypt_provider = NULL; cfg->dnscrypt_provider_cert = NULL; + cfg->dnscrypt_provider_cert_rotated = NULL; cfg->dnscrypt_secret_key = NULL; cfg->dnscrypt_shared_secret_cache_size = 4*1024*1024; cfg->dnscrypt_shared_secret_cache_slabs = 4; @@ -374,6 +378,10 @@ struct config_file* config_create_forlib(void) /** put string into strlist */ #define S_STRLIST(str, var) if(strcmp(opt, str)==0) \ { return cfg_strlist_insert(&cfg->var, strdup(val)); } +/** put string into strlist if not present yet*/ +#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \ + { if(cfg_strlist_find(cfg->var, val)) { return 0;} \ + return cfg_strlist_insert(&cfg->var, strdup(val)); } int config_set_option(struct config_file* cfg, const char* opt, const char* val) @@ -437,6 +445,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_STR("ssl-service-key:", ssl_service_key) else S_STR("ssl-service-pem:", ssl_service_pem) else S_NUMBER_NONZERO("ssl-port:", ssl_port) + else S_STR("tls-cert-bundle:", tls_cert_bundle) else S_YNO("interface-automatic:", if_automatic) else S_YNO("use-systemd:", use_systemd) else S_YNO("do-daemonize:", do_daemonize) @@ -513,6 +522,7 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("log-queries:", log_queries) else S_YNO("log-replies:", log_replies) else S_YNO("val-permissive-mode:", val_permissive_mode) + else S_YNO("aggressive-nsec:", aggressive_nsec) else S_YNO("ignore-cd-flag:", ignore_cd) else S_YNO("serve-expired:", serve_expired) else S_STR("val-nsec3-keysize-iterations:", val_nsec3_key_iterations) @@ -570,8 +580,9 @@ int config_set_option(struct config_file* cfg, const char* opt, else S_YNO("dnscrypt-enable:", dnscrypt) else S_NUMBER_NONZERO("dnscrypt-port:", dnscrypt_port) else S_STR("dnscrypt-provider:", dnscrypt_provider) - else S_STRLIST("dnscrypt-provider-cert:", dnscrypt_provider_cert) - else S_STRLIST("dnscrypt-secret-key:", dnscrypt_secret_key) + else S_STRLIST_UNIQ("dnscrypt-provider-cert:", dnscrypt_provider_cert) + else S_STRLIST("dnscrypt-provider-cert-rotated:", dnscrypt_provider_cert_rotated) + else S_STRLIST_UNIQ("dnscrypt-secret-key:", dnscrypt_secret_key) else S_MEMSIZE("dnscrypt-shared-secret-cache-size:", dnscrypt_shared_secret_cache_size) else S_POW2("dnscrypt-shared-secret-cache-slabs:", @@ -628,7 +639,7 @@ int config_set_option(struct config_file* cfg, const char* opt, * interface, outgoing-interface, access-control, * stub-zone, name, stub-addr, stub-host, stub-prime * forward-first, stub-first, forward-ssl-upstream, - * stub-ssl-upstream, forward-zone, + * stub-ssl-upstream, forward-zone, auth-zone * name, forward-addr, forward-host, * ratelimit-for-domain, ratelimit-below-domain, * local-zone-tag, access-control-view, @@ -844,6 +855,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_STR(opt, "ssl-service-key", ssl_service_key) else O_STR(opt, "ssl-service-pem", ssl_service_pem) else O_DEC(opt, "ssl-port", ssl_port) + else O_STR(opt, "tls-cert-bundle", tls_cert_bundle) else O_YNO(opt, "use-systemd", use_systemd) else O_YNO(opt, "do-daemonize", do_daemonize) else O_STR(opt, "chroot", chrootdir) @@ -876,6 +888,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_YNO(opt, "val-clean-additional", val_clean_additional) else O_DEC(opt, "val-log-level", val_log_level) else O_YNO(opt, "val-permissive-mode", val_permissive_mode) + else O_YNO(opt, "aggressive-nsec:", aggressive_nsec) else O_YNO(opt, "ignore-cd-flag", ignore_cd) else O_YNO(opt, "serve-expired", serve_expired) else O_STR(opt, "val-nsec3-keysize-iterations",val_nsec3_key_iterations) @@ -941,6 +954,7 @@ config_get_option(struct config_file* cfg, const char* opt, else O_DEC(opt, "dnscrypt-port", dnscrypt_port) else O_STR(opt, "dnscrypt-provider", dnscrypt_provider) else O_LST(opt, "dnscrypt-provider-cert", dnscrypt_provider_cert) + else O_LST(opt, "dnscrypt-provider-cert-rotated", dnscrypt_provider_cert_rotated) else O_LST(opt, "dnscrypt-secret-key", dnscrypt_secret_key) else O_MEM(opt, "dnscrypt-shared-secret-cache-size", dnscrypt_shared_secret_cache_size) @@ -1158,6 +1172,28 @@ config_deltrplstrlist(struct config_str3list* p) } void +config_delauth(struct config_auth* p) +{ + if(!p) return; + free(p->name); + config_delstrlist(p->masters); + config_delstrlist(p->urls); + free(p->zonefile); + free(p); +} + +void +config_delauths(struct config_auth* p) +{ + struct config_auth* np; + while(p) { + np = p->next; + config_delauth(p); + p = np; + } +} + +void config_delstub(struct config_stub* p) { if(!p) return; @@ -1237,11 +1273,13 @@ config_delete(struct config_file* cfg) free(cfg->target_fetch_policy); free(cfg->ssl_service_key); free(cfg->ssl_service_pem); + free(cfg->tls_cert_bundle); free(cfg->log_identity); config_del_strarray(cfg->ifs, cfg->num_ifs); config_del_strarray(cfg->out_ifs, cfg->num_out_ifs); config_delstubs(cfg->stubs); config_delstubs(cfg->forwards); + config_delauths(cfg->auths); config_delviews(cfg->views); config_delstrlist(cfg->donotqueryaddrs); config_delstrlist(cfg->root_hints); @@ -1458,6 +1496,22 @@ cfg_region_strlist_insert(struct regional* region, return 1; } +struct config_strlist* +cfg_strlist_find(struct config_strlist* head, const char *item) +{ + struct config_strlist *s = head; + if(!head){ + return NULL; + } + while(s) { + if(strcmp(s->str, item) == 0) { + return s; + } + s = s->next; + } + return NULL; +} + int cfg_strlist_insert(struct config_strlist** head, char* item) { diff --git a/util/config_file.h b/util/config_file.h index 5d9b2d0be15e..2e1c53ee0733 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -42,6 +42,7 @@ #ifndef UTIL_CONFIG_FILE_H #define UTIL_CONFIG_FILE_H struct config_stub; +struct config_auth; struct config_view; struct config_strlist; struct config_str2list; @@ -99,6 +100,8 @@ struct config_file { int ssl_port; /** if outgoing tcp connections use SSL */ int ssl_upstream; + /** cert bundle for outgoing connections */ + char* tls_cert_bundle; /** outgoing port range number of ports (per thread) */ int outgoing_num_ports; @@ -170,6 +173,8 @@ struct config_file { struct config_stub* stubs; /** the forward zone definitions, linked list */ struct config_stub* forwards; + /** the auth zone definitions, linked list */ + struct config_auth* auths; /** the views definitions, linked list */ struct config_view* views; /** list of donotquery addresses, linked list */ @@ -297,6 +302,8 @@ struct config_file { int val_log_squelch; /** should validator allow bogus messages to go through */ int val_permissive_mode; + /** use cached NSEC records to synthesise (negative) answers */ + int aggressive_nsec; /** ignore the CD flag in incoming queries and refuse them bogus data */ int ignore_cd; /** serve expired entries and prefetch them */ @@ -466,6 +473,10 @@ struct config_file { struct config_strlist* dnscrypt_secret_key; /** dnscrypt provider certs 1.cert */ struct config_strlist* dnscrypt_provider_cert; + /** dnscrypt provider certs 1.cert which have been rotated and should not be + * advertised through DNS's providername TXT record but are required to be + * able to handle existing traffic using the old cert. */ + struct config_strlist* dnscrypt_provider_cert_rotated; /** memory size in bytes for dnscrypt shared secrets cache */ size_t dnscrypt_shared_secret_cache_size; /** number of slabs for dnscrypt shared secrets cache */ @@ -527,6 +538,29 @@ struct config_stub { }; /** + * Auth config options + */ +struct config_auth { + /** next in list */ + struct config_auth* next; + /** domain name (in text) of the auth apex domain */ + char* name; + /** list of masters */ + struct config_strlist* masters; + /** list of urls */ + struct config_strlist* urls; + /** zonefile (or NULL) */ + char* zonefile; + /** provide downstream answers */ + int for_downstream; + /** provide upstream answers */ + int for_upstream; + /** fallback to recursion to authorities if zone expired and other + * reasons perhaps (like, query bogus) */ + int fallback_enabled; +}; + +/** * View config options */ struct config_view { @@ -721,6 +755,15 @@ char* config_collate_cat(struct config_strlist* list); int cfg_strlist_append(struct config_strlist_head* list, char* item); /** + * Find string in strlist. + * @param head: pointer to strlist head variable. + * @param item: the item to search for. + * @return: the element in the list when found, NULL otherwise. + */ +struct config_strlist* cfg_strlist_find(struct config_strlist* head, + const char* item); + +/** * Insert string into strlist. * @param head: pointer to strlist head variable. * @param item: new item. malloced by caller. If NULL the insertion fails. @@ -808,6 +851,18 @@ void config_delstub(struct config_stub* p); void config_delstubs(struct config_stub* list); /** + * Delete an auth item + * @param p: auth item + */ +void config_delauth(struct config_auth* p); + +/** + * Delete items in config auth list. + * @param list: list. + */ +void config_delauths(struct config_auth* list); + +/** * Delete a view item * @param p: view item */ diff --git a/util/configlexer.c b/util/configlexer.c index 93a9cc7d1379..5d8d17cf3e01 100644 --- a/util/configlexer.c +++ b/util/configlexer.c @@ -363,8 +363,8 @@ static void yynoreturn yy_fatal_error (yyconst char* msg ); *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; -#define YY_NUM_RULES 237 -#define YY_END_OF_BUFFER 238 +#define YY_NUM_RULES 254 +#define YY_END_OF_BUFFER 255 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -372,265 +372,284 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[2341] = +static yyconst flex_int16_t yy_accept[2508] = { 0, - 1, 1, 219, 219, 223, 223, 227, 227, 231, 231, - 1, 1, 238, 235, 1, 217, 217, 236, 2, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 236, 219, 220, 220, 221, 236, 223, 224, 224, 225, - 236, 230, 227, 228, 228, 229, 236, 231, 232, 232, - 233, 236, 234, 218, 2, 222, 234, 236, 235, 0, - 1, 2, 2, 2, 2, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 219, 0, 223, 0, 230, 0, 227, - 231, 0, 234, 0, 2, 2, 234, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 234, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 234, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 77, - 235, 235, 235, 235, 235, 235, 8, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 88, - 234, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 234, - 235, 235, 235, 235, 235, 235, 235, 37, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 170, 235, 14, 15, 235, 18, 17, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 156, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 3, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 234, 235, 235, 235, - 214, 235, 235, 213, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 226, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 40, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 41, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 145, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 20, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 103, 235, 226, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 197, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 120, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 102, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 75, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 25, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 38, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 39, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 121, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 28, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 185, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 32, 235, - 33, 235, 235, 235, 78, 235, 79, 235, 235, 76, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 7, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 163, 235, 235, 235, 235, 105, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 29, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 137, 235, 136, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 16, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 42, 235, 235, - 235, 235, 235, 235, 235, 144, 235, 235, 235, 235, - - 81, 80, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 131, 235, 235, 235, 235, 235, 235, 235, 235, - 89, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 60, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 64, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 36, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 134, - - 135, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 6, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 195, 235, 235, 215, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 26, 235, 235, 235, 235, 235, 235, 235, - 235, 127, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 149, 235, 128, 235, 235, 161, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 27, 235, 235, 235, 235, 84, - - 235, 85, 235, 83, 235, 235, 235, 235, 235, 235, - 235, 235, 100, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 184, 235, 235, 235, 235, 235, - 235, 235, 235, 129, 235, 235, 235, 235, 235, 132, - 235, 235, 160, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 74, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 34, 235, 235, 22, 235, - 235, 235, 235, 19, 235, 110, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 49, 51, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 199, 235, 235, 235, 171, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 86, 235, 235, 235, 235, 235, 235, - 235, 99, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 209, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 104, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 155, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 119, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 115, 235, 122, 235, 235, - 235, 235, 235, 92, 235, 235, 70, 235, 235, 235, - 235, 147, 235, 235, 235, 235, 235, 162, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 176, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 118, 235, 235, 235, 235, 235, - 52, 53, 235, 235, 235, 235, 235, 35, 235, 235, - 235, 235, 235, 59, 123, 235, 138, 235, 164, 133, - 235, 235, 235, 45, 235, 125, 235, 235, 235, 235, - - 235, 9, 235, 235, 235, 73, 235, 235, 235, 235, - 189, 235, 146, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 106, 198, 235, 235, 235, 235, 175, 235, - 235, 235, 235, 235, 235, 235, 235, 157, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 212, 235, 124, 235, 235, 235, 44, 46, 235, - - 235, 235, 235, 235, 235, 235, 72, 235, 235, 235, - 235, 187, 235, 194, 235, 235, 235, 235, 235, 151, - 23, 24, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 69, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 153, 150, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 43, 235, 235, 235, 235, 235, 235, - 235, 235, 101, 13, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 207, 235, 210, 235, 235, 235, 235, - 235, 235, 12, 235, 235, 21, 235, 235, 235, 193, - - 235, 196, 47, 235, 159, 235, 152, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 114, 113, 235, 235, 235, 235, 235, 235, 235, - 154, 148, 235, 235, 235, 200, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 54, 235, 235, - 235, 188, 235, 235, 235, 235, 235, 158, 235, 235, - 235, 235, 235, 235, 235, 235, 48, 235, 235, 235, - 82, 235, 107, 235, 109, 235, 139, 235, 235, 235, - 112, 235, 235, 165, 235, 235, 235, 235, 235, 94, - - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 172, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 140, 235, 235, 186, 235, - 211, 235, 235, 235, 30, 235, 235, 235, 235, 4, - 235, 235, 93, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 168, 235, 235, 235, 235, 235, - 235, 235, 201, 235, 235, 235, 235, 235, 235, 174, - 235, 235, 143, 235, 235, 235, 235, 235, 235, 235, - 235, 57, 235, 31, 192, 235, 169, 235, 235, 11, - 235, 235, 235, 235, 235, 235, 141, 61, 235, 235, - - 235, 235, 235, 117, 235, 235, 235, 235, 235, 96, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 173, - 90, 235, 87, 235, 235, 235, 63, 67, 62, 235, - 55, 235, 235, 235, 10, 235, 235, 235, 190, 235, - 235, 235, 235, 116, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 68, 66, 235, 56, 208, 235, 235, 235, 130, - 235, 235, 142, 235, 235, 235, 235, 235, 235, 108, - 50, 235, 235, 235, 235, 202, 235, 235, 235, 235, - 235, 235, 235, 91, 65, 97, 98, 58, 235, 191, - - 111, 235, 235, 235, 235, 167, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 71, 235, 166, 235, 183, - 205, 235, 235, 235, 235, 235, 235, 235, 235, 5, - 235, 235, 235, 206, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 95, 235, 235, 235, 235, 235, 235, - 235, 235, 126, 235, 235, 235, 235, 235, 235, 235, - 235, 235, 235, 235, 235, 235, 235, 235, 235, 235, - - 235, 235, 235, 235, 235, 235, 235, 235, 216, 235, - 235, 179, 235, 235, 235, 235, 235, 203, 235, 235, - 235, 235, 235, 235, 204, 235, 235, 235, 177, 235, - 180, 181, 235, 235, 235, 235, 235, 178, 182, 0 + 1, 1, 236, 236, 240, 240, 244, 244, 248, 248, + 1, 1, 255, 252, 1, 234, 234, 253, 2, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 253, 236, 237, 237, 238, 253, 240, 241, 241, + 242, 253, 247, 244, 245, 245, 246, 253, 248, 249, + 249, 250, 253, 251, 235, 2, 239, 251, 253, 252, + 0, 1, 2, 2, 2, 2, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 236, 0, + 240, 0, 247, 0, 244, 248, 0, 251, 0, 2, + 2, 251, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 251, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 99, 252, 252, 252, 252, 252, 252, 252, + 251, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 83, 252, 252, 252, 252, 252, + + 252, 8, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 103, + 252, 251, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 251, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 43, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 186, 252, 14, 15, + 252, 18, 17, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 98, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 172, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 3, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 251, 252, 252, 252, 252, 252, 231, + 252, 252, 230, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 243, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 46, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 47, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 161, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 20, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 118, 252, 252, 243, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 213, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 136, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 117, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 81, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 28, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 29, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 44, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 97, 252, 252, 252, + 96, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 45, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 137, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 34, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 201, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 38, 252, 39, 252, + 252, 252, 252, 84, 252, 85, 252, 252, 252, 82, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 7, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 179, 252, 252, + 252, 252, 120, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 35, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 153, 252, 152, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 16, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 48, 252, 252, 252, 252, + 252, 252, 252, 160, 252, 252, 252, 252, 252, 87, + + 86, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 147, 252, 252, 252, 252, 252, + 252, 252, 252, 104, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 66, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 70, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 42, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 150, 151, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 6, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 211, 252, + 252, 232, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 32, 252, 252, 252, 252, + 252, 252, 252, 252, 143, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 165, 252, 144, 252, + 252, 177, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 33, 252, + 252, 252, 252, 252, 252, 101, 91, 252, 92, 252, + 252, 90, 252, 252, 252, 252, 252, 252, 252, 252, + 115, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 200, 252, 252, 252, 252, 252, 252, 252, + 252, 145, 252, 252, 252, 252, 252, 148, 252, 252, + 176, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 80, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 40, 252, 252, 252, 22, 252, 252, + + 252, 252, 252, 19, 252, 252, 252, 23, 252, 125, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 55, 57, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 215, 252, 252, 252, 187, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 93, 252, 252, 252, 252, 252, 252, 252, 252, 114, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 226, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 119, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 171, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 135, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 130, 252, + 138, 252, 252, 252, 252, 252, 107, 252, 252, 252, + 76, 252, 252, 252, 252, 163, 252, 252, 252, 252, + 252, 178, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 192, 252, 252, 252, 252, 252, + 252, 100, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 134, 252, 252, 252, 252, 252, 58, 59, 252, + 252, 252, 252, 252, 41, 252, 252, 252, 252, 252, + 65, 139, 252, 154, 252, 180, 149, 252, 252, 252, + 51, 252, 141, 252, 252, 252, 252, 252, 9, 252, + 252, 252, 79, 252, 252, 252, 252, 205, 252, 162, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 133, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 121, 214, 252, 252, 252, + + 252, 191, 252, 252, 252, 252, 252, 252, 252, 252, + 173, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 229, 252, 140, 252, + 252, 252, 50, 52, 252, 252, 252, 252, 252, 252, + 252, 78, 252, 252, 252, 252, 203, 252, 210, 252, + 252, 252, 252, 252, 167, 30, 24, 26, 252, 252, + 252, 252, 252, 31, 25, 27, 252, 252, 252, 252, + 252, 252, 75, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 169, 166, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 49, 252, 102, 252, 252, 252, 252, + 252, 252, 252, 252, 116, 13, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 224, 252, 227, 252, 252, + 252, 252, 252, 252, 12, 252, 252, 21, 252, 252, + 252, 209, 252, 212, 53, 252, 175, 252, 168, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 129, 128, 252, 252, 252, 252, + 252, 252, 252, 170, 164, 252, 252, 252, 216, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 60, 252, 252, 252, 204, 252, 252, 252, 252, + 252, 174, 252, 252, 252, 252, 252, 252, 252, 252, + 54, 252, 252, 252, 88, 89, 252, 122, 252, 124, + 252, 155, 252, 252, 252, 127, 252, 252, 181, 252, + 252, 252, 252, 252, 109, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 188, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 156, 252, 252, 202, 252, 228, 252, 252, 252, + 36, 252, 252, 252, 252, 4, 252, 252, 108, 252, + + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 184, 252, 252, 252, 252, 252, 252, 252, 217, 252, + 252, 252, 252, 252, 252, 190, 252, 252, 159, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 63, 252, + 37, 208, 252, 185, 252, 252, 11, 252, 252, 252, + 252, 252, 252, 157, 67, 252, 252, 252, 252, 252, + 132, 252, 252, 252, 252, 252, 111, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 189, 105, 252, 94, + 95, 252, 252, 252, 69, 73, 68, 252, 61, 252, + 252, 252, 10, 252, 252, 252, 206, 252, 252, 252, + + 252, 131, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 74, + 72, 252, 62, 225, 252, 252, 252, 146, 252, 252, + 158, 252, 252, 252, 252, 252, 252, 123, 56, 252, + 252, 252, 252, 252, 218, 252, 252, 252, 252, 252, + 252, 252, 106, 71, 112, 113, 64, 252, 207, 126, + 252, 252, 252, 252, 183, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 77, 252, 182, 252, + + 199, 222, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 5, 252, 252, 252, 223, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 110, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 142, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 219, 252, 252, + 252, 252, 252, 252, 252, 252, 252, 252, 252, 252, + 252, 252, 252, 252, 252, 233, 252, 252, 195, 252, + 252, 252, 252, 252, 220, 252, 252, 252, 252, 252, + 252, 221, 252, 252, 252, 193, 252, 196, 197, 252, + + 252, 252, 252, 252, 194, 198, 0 } ; static yyconst YY_CHAR yy_ec[256] = @@ -676,1285 +695,1371 @@ static yyconst YY_CHAR yy_meta[67] = 1, 1, 1, 1, 1, 1 } ; -static yyconst flex_uint16_t yy_base[2355] = +static yyconst flex_uint16_t yy_base[2522] = { 0, 0, 0, 64, 67, 70, 72, 78, 84, 89, 92, - 131, 137, 333, 290, 96, 6728, 6728, 6728, 109, 111, + 131, 137, 429, 374, 96, 7166, 7166, 7166, 109, 111, 85, 142, 180, 129, 134, 138, 183, 50, 166, 75, - 214, 204, 124, 256, 141, 248, 304, 200, 258, 286, - 246, 283, 6728, 6728, 6728, 96, 240, 6728, 6728, 6728, - 102, 231, 265, 6728, 6728, 6728, 311, 221, 6728, 6728, - 6728, 115, 212, 6728, 336, 6728, 161, 343, 207, 349, - 115, 0, 353, 0, 0, 107, 216, 159, 252, 345, - 241, 242, 243, 346, 337, 284, 335, 364, 280, 340, - 357, 347, 351, 362, 371, 372, 391, 395, 381, 401, - - 402, 388, 393, 413, 416, 418, 428, 429, 427, 430, - 445, 433, 454, 441, 464, 446, 458, 437, 468, 491, - 457, 269, 484, 479, 481, 403, 462, 485, 511, 497, - 503, 498, 512, 186, 324, 177, 217, 173, 556, 207, - 151, 379, 117, 560, 564, 0, 530, 514, 302, 544, - 551, 555, 546, 552, 561, 548, 560, 575, 572, 573, - 508, 606, 650, 579, 589, 592, 593, 587, 607, 612, - 601, 603, 634, 595, 616, 624, 662, 642, 638, 651, - 628, 656, 693, 665, 666, 679, 677, 691, 684, 692, - 694, 690, 702, 685, 704, 711, 707, 709, 719, 698, - - 723, 721, 738, 726, 748, 732, 750, 737, 762, 747, - 759, 751, 768, 753, 774, 764, 783, 778, 792, 788, - 770, 786, 781, 794, 797, 799, 801, 814, 803, 808, - 819, 824, 828, 787, 813, 830, 841, 246, 826, 846, - 849, 840, 833, 851, 857, 843, 863, 858, 867, 865, - 875, 887, 869, 868, 870, 885, 899, 901, 888, 905, - 890, 902, 892, 917, 911, 916, 918, 912, 937, 913, - 931, 929, 941, 960, 537, 956, 950, 951, 965, 976, - 585, 983, 971, 980, 986, 984, 982, 989, 981, 994, - 1000, 1011, 1012, 1015, 1025, 1010, 1027, 1031, 1038, 1029, - - 1047, 1039, 1042, 1035, 1057, 1061, 1058, 1106, 1074, 1067, - 1083, 1075, 1073, 1090, 1077, 1099, 1111, 1104, 1110, 1114, - 1124, 1123, 1129, 1054, 1126, 1131, 1145, 1084, 1135, 1147, - 1162, 1166, 1148, 1153, 1161, 1164, 1174, 1175, 1180, 1165, - 1171, 1200, 1188, 1203, 1210, 1204, 1087, 1196, 1212, 1215, - 1211, 1201, 1224, 1237, 1227, 1240, 1228, 1238, 1230, 1239, - 1257, 1249, 1251, 1256, 1265, 1270, 1267, 1252, 1274, 6728, - 1280, 1261, 1278, 1284, 1283, 1279, 6728, 1294, 1295, 1290, - 1321, 1310, 1318, 1311, 1316, 1331, 1307, 1326, 1337, 1322, - 1330, 1338, 1340, 1343, 1344, 1363, 1350, 1353, 1399, 1349, - - 1356, 1365, 1384, 1385, 1394, 1383, 1408, 1379, 1412, 1402, - 1410, 1423, 1414, 1421, 1441, 1442, 1428, 1439, 1450, 6728, - 1449, 1396, 1445, 1440, 1455, 1448, 1460, 1463, 1464, 1468, - 1467, 1497, 1481, 1496, 1485, 1498, 1501, 1486, 1491, 1514, - 1506, 1510, 1511, 1520, 1516, 1517, 1526, 1515, 1530, 1521, - 1531, 1518, 1555, 1547, 1534, 1549, 1544, 1560, 1563, 1542, - 1572, 1559, 1569, 1567, 1583, 1587, 1579, 1574, 1578, 1591, - 1595, 1604, 1612, 1616, 1597, 1596, 1623, 1620, 1610, 1622, - 1637, 1627, 1635, 1639, 1636, 1640, 1632, 1650, 1647, 1656, - 1667, 1666, 1680, 1659, 1663, 1683, 1662, 1673, 1684, 1689, - - 1679, 1690, 1701, 1703, 1688, 1710, 1700, 1718, 1705, 1706, - 1707, 1715, 1717, 1716, 1734, 1736, 1737, 1740, 1741, 1738, - 1739, 1759, 1765, 1751, 1761, 1766, 1763, 1775, 1764, 1773, - 1784, 1788, 1796, 1798, 1787, 1802, 1799, 1804, 1810, 1807, - 1814, 1816, 1806, 1813, 1841, 1824, 1829, 6728, 1830, 1746, - 1828, 1854, 1840, 1835, 1864, 1855, 1843, 1846, 1866, 1909, - 6728, 1845, 6728, 6728, 1857, 6728, 6728, 1869, 1877, 1885, - 1896, 1898, 1900, 1958, 1902, 1882, 1888, 1867, 1905, 1911, - 1910, 1919, 1924, 1941, 1947, 1937, 1948, 1954, 1945, 1944, - 1969, 1968, 1972, 1974, 1992, 1979, 1984, 1987, 1990, 2003, - - 1922, 2007, 1983, 2018, 2013, 2017, 2014, 2019, 2006, 2021, - 2029, 2028, 2031, 2033, 2030, 2057, 2040, 6728, 2052, 2053, - 2063, 2065, 2050, 2067, 2056, 2054, 2069, 2048, 2098, 6728, - 2083, 2076, 2081, 2099, 2086, 2091, 2092, 2095, 2097, 2112, - 2103, 2108, 2123, 2125, 2126, 2138, 2120, 2129, 2131, 2128, - 2141, 2151, 2153, 2143, 2154, 2155, 2142, 2172, 2156, 2176, - 2159, 2178, 2180, 2165, 2194, 2184, 2195, 2181, 2193, 2190, - 6728, 2186, 2200, 6728, 2199, 2204, 2250, 2215, 2229, 2220, - 2205, 2236, 2223, 2243, 2231, 2249, 2237, 2264, 2254, 2274, - 2278, 2270, 2273, 2276, 2281, 2297, 2285, 156, 2324, 2292, - - 2302, 2295, 2301, 2314, 2321, 2310, 2306, 2308, 2319, 2339, - 2340, 6728, 2328, 2346, 2337, 2345, 2365, 2357, 2342, 2354, - 2359, 2364, 2379, 2366, 2377, 2373, 2367, 2383, 2381, 2389, - 2390, 2384, 6728, 2395, 2393, 2400, 2388, 2408, 2414, 2416, - 2420, 2430, 2437, 2425, 6728, 2417, 2442, 2449, 2448, 2440, - 2435, 2444, 2439, 2441, 2460, 2452, 2465, 2467, 2458, 2478, - 2479, 2477, 6728, 2485, 2480, 2487, 2495, 2494, 2490, 2499, - 2497, 2500, 2505, 2518, 2514, 2523, 2529, 6728, 2520, 2510, - 2522, 2521, 2524, 2548, 2549, 2542, 2554, 2553, 2543, 2550, - 2555, 121, 2556, 2563, 2552, 2560, 6728, 2569, 68, 2578, - - 2580, 2573, 2583, 2602, 2598, 2604, 2608, 2597, 2600, 2612, - 2594, 2599, 2616, 2619, 2628, 2632, 2635, 2624, 2631, 2633, - 2651, 6728, 2662, 2652, 2641, 2658, 2668, 2655, 2677, 2661, - 2682, 2676, 2683, 6728, 2687, 2692, 2697, 2690, 2688, 2703, - 2704, 2700, 2716, 2699, 2719, 2715, 2725, 2724, 2729, 2727, - 6728, 2730, 2739, 2733, 2738, 2745, 2743, 2774, 2754, 2761, - 2765, 2782, 2806, 2766, 2777, 2764, 2789, 2791, 2785, 2803, - 2817, 2823, 2800, 2827, 2821, 2818, 2810, 2804, 2812, 2835, - 2830, 2859, 2842, 164, 2847, 6728, 2856, 2849, 2853, 2857, - 2894, 2851, 2863, 2869, 2874, 2883, 2876, 2891, 2898, 2893, - - 2887, 2908, 2916, 2902, 2919, 6728, 2920, 2921, 2903, 2927, - 2925, 2928, 2931, 2930, 2933, 2939, 2937, 2948, 2957, 2960, - 2940, 2943, 2967, 2964, 2963, 6728, 2979, 2982, 2975, 2984, - 2972, 2966, 2986, 2995, 2990, 2994, 2978, 3009, 3005, 2996, - 3003, 3004, 3002, 3026, 3013, 3023, 3017, 3029, 3038, 3028, - 3044, 6728, 3039, 3064, 3054, 3059, 3043, 3053, 3074, 3088, - 3070, 3073, 3078, 3075, 3071, 3084, 3081, 3086, 3105, 3094, - 3097, 6728, 3114, 3108, 3106, 3115, 3122, 3113, 3123, 3124, - 3141, 3140, 3151, 3130, 3149, 3159, 3154, 3155, 3145, 3157, - 3164, 3176, 3178, 3189, 6728, 3177, 3188, 3171, 3181, 3183, - - 3185, 3187, 3201, 3191, 3205, 3204, 3206, 3203, 3239, 3242, - 3221, 3216, 3225, 3226, 3228, 3224, 3227, 3251, 3261, 3240, - 3255, 3256, 3260, 3249, 3237, 3265, 3269, 3278, 3277, 3291, - 3288, 3290, 3282, 3301, 3285, 3317, 6728, 3304, 3284, 3299, - 3308, 3325, 3326, 3312, 3315, 3314, 3343, 3345, 6728, 3331, - 6728, 3342, 3353, 3348, 6728, 3355, 6728, 3362, 3350, 6728, - 3361, 3367, 3356, 3340, 3372, 3370, 3374, 3363, 3385, 3382, - 3376, 3401, 3388, 3393, 3403, 3389, 3409, 6728, 3417, 3400, - 3405, 3420, 3428, 3422, 3423, 3429, 3434, 3431, 3450, 3435, - 3427, 3437, 3458, 6728, 3445, 3463, 3449, 3465, 6728, 3456, - - 3472, 3474, 3467, 3464, 3478, 3484, 3488, 3485, 3476, 3507, - 3479, 3499, 3508, 3514, 3502, 3515, 3526, 3521, 3512, 3509, - 3523, 3537, 3533, 3552, 3535, 3546, 3556, 3554, 3545, 3541, - 3547, 3555, 3557, 3564, 3553, 3580, 3572, 3575, 3573, 3583, - 6728, 3589, 3581, 3600, 3596, 3591, 3598, 3593, 3603, 3602, - 3619, 3608, 3628, 3620, 6728, 3630, 6728, 3616, 3626, 3649, - 3648, 3633, 3653, 3638, 3647, 3643, 3657, 3664, 3582, 3659, - 3667, 3675, 3672, 3668, 3676, 3685, 6728, 3679, 3680, 3700, - 3689, 3699, 3706, 3719, 3709, 3695, 3742, 6728, 3728, 3712, - 3729, 3746, 3738, 3749, 3744, 6728, 3731, 3754, 3739, 3759, - - 6728, 6728, 3745, 3755, 3740, 3756, 3765, 3772, 3780, 3771, - 3770, 6728, 3793, 3776, 3790, 3795, 3797, 3799, 3801, 3782, - 6728, 3791, 3808, 3811, 3809, 3807, 3818, 3820, 3821, 3845, - 3832, 3824, 3843, 3850, 3851, 3853, 6728, 3855, 3847, 3858, - 3852, 3859, 3862, 3870, 3871, 3857, 3876, 3868, 3887, 3889, - 3884, 3900, 3897, 3888, 3895, 3904, 3912, 3909, 3915, 3898, - 3913, 3921, 3929, 3917, 3943, 3945, 3952, 3947, 6728, 3956, - 3935, 3957, 3933, 3951, 3955, 3962, 3964, 3974, 3972, 3975, - 3969, 3977, 6728, 3971, 3980, 3998, 3999, 3990, 4008, 4002, - 3989, 3985, 4018, 4004, 4022, 4014, 4017, 4027, 4040, 6728, - - 6728, 4033, 4025, 4043, 4032, 4041, 4044, 4036, 4050, 4038, - 4056, 6728, 4071, 4061, 4059, 4074, 4063, 4087, 4084, 4080, - 4083, 4073, 4075, 4097, 4101, 4078, 4089, 4112, 4102, 4114, - 6728, 4103, 4110, 6728, 4108, 4128, 4120, 4124, 4138, 4146, - 4143, 4129, 4144, 4147, 4151, 4148, 4168, 4169, 4171, 4153, - 4160, 4174, 6728, 4164, 4177, 4170, 4161, 4188, 4178, 4195, - 4180, 6728, 4190, 4201, 4210, 4211, 4194, 4217, 4212, 4219, - 4220, 4207, 6728, 4225, 6728, 4228, 4221, 6728, 4223, 4237, - 4227, 4236, 4247, 4260, 4261, 4240, 4248, 4262, 4251, 4253, - 4273, 4274, 4275, 4267, 6728, 4285, 4264, 4294, 4296, 6728, - - 4284, 6728, 4291, 6728, 4295, 4300, 4290, 4298, 4318, 4324, - 4316, 4312, 6728, 4321, 4309, 4330, 4335, 4333, 4337, 4338, - 4340, 4342, 4346, 4353, 6728, 4343, 4362, 4366, 4357, 4358, - 4379, 4386, 4367, 6728, 4392, 4381, 4380, 4395, 4389, 6728, - 4394, 4402, 6728, 4401, 4411, 4406, 4407, 4418, 4421, 4430, - 4419, 4416, 4422, 4439, 4427, 4433, 6728, 4431, 4438, 4451, - 4454, 4446, 4449, 4475, 4467, 4478, 4462, 4482, 4484, 4481, - 4489, 4465, 4487, 4488, 4492, 6728, 4495, 4498, 6728, 4508, - 4506, 4505, 4512, 6728, 4530, 6728, 4531, 4511, 4514, 4515, - 4535, 4543, 4538, 4545, 4527, 4548, 4554, 4553, 4582, 4560, - - 4558, 6728, 6728, 4569, 4587, 4574, 4584, 4589, 4579, 4576, - 4565, 4592, 4598, 4595, 4604, 6728, 4603, 4606, 4608, 6728, - 4611, 4615, 4605, 4622, 4618, 4625, 4630, 4641, 4640, 4633, - 4649, 4632, 4642, 6728, 4647, 4655, 4638, 4653, 4656, 4667, - 4663, 6728, 4671, 4687, 4688, 4682, 4683, 4689, 4699, 4692, - 4696, 4693, 4690, 4706, 4716, 4712, 4726, 6728, 4727, 4717, - 4718, 4709, 4740, 4741, 4723, 4746, 4729, 4749, 4751, 4743, - 4744, 6728, 4755, 4761, 4753, 4762, 4748, 4771, 4776, 4780, - 4783, 4767, 4770, 4773, 4791, 6728, 4775, 4778, 4794, 4807, - 4814, 4797, 4815, 4800, 4810, 4799, 4828, 4821, 4831, 6728, - - 4823, 4827, 4824, 4826, 4819, 4856, 4858, 4850, 4855, 4859, - 4860, 4862, 4866, 4875, 4870, 6728, 4852, 6728, 4885, 4877, - 4886, 4899, 4889, 6728, 4888, 4897, 6728, 4898, 4901, 4904, - 4902, 6728, 4915, 4927, 4920, 4922, 4923, 6728, 4939, 4945, - 4938, 4925, 4956, 4953, 4941, 4957, 4950, 4946, 4944, 4968, - 6728, 4970, 4961, 4976, 4973, 4959, 4972, 4967, 4989, 4982, - 4999, 5003, 5001, 4994, 6728, 4995, 5005, 5018, 5006, 5013, - 6728, 6728, 5009, 5016, 5021, 5020, 5026, 6728, 5031, 5030, - 5037, 5052, 5047, 6728, 6728, 5055, 6728, 5041, 6728, 6728, - 5058, 5060, 5061, 6728, 5066, 6728, 5072, 5068, 5054, 5053, - - 5073, 6728, 5079, 5077, 5084, 6728, 5082, 5076, 5083, 5092, - 6728, 5094, 6728, 5111, 5108, 5109, 5113, 5103, 5106, 5118, - 5122, 5124, 5126, 5119, 5125, 5128, 5136, 5142, 5130, 5147, - 5140, 5156, 5145, 5162, 5157, 5150, 5151, 5155, 5167, 5182, - 5172, 5170, 5183, 5158, 5181, 5187, 5188, 5200, 5206, 5212, - 5213, 5215, 6728, 6728, 5218, 5203, 5209, 5207, 6728, 5217, - 5223, 5227, 5231, 5243, 5235, 5238, 5258, 6728, 5257, 5254, - 5242, 5264, 5246, 5248, 5262, 5276, 5275, 5272, 5274, 5240, - 5277, 5281, 5278, 5301, 5289, 5290, 5307, 5298, 5311, 5313, - 5314, 6728, 5299, 6728, 5320, 5323, 5325, 6728, 6728, 5326, - - 5327, 5331, 5333, 5337, 5332, 5345, 6728, 5336, 5357, 5335, - 5352, 6728, 5366, 6728, 5367, 5350, 5368, 5375, 5374, 6728, - 6728, 6728, 5382, 5359, 5372, 5378, 5384, 5376, 5386, 5392, - 5379, 5396, 6728, 5405, 5410, 5416, 5407, 5397, 5426, 5423, - 5424, 5433, 5431, 5434, 5425, 5439, 5438, 5441, 6728, 6728, - 5432, 5443, 5469, 5449, 5450, 5479, 5471, 5473, 5474, 5465, - 5476, 5481, 5477, 6728, 5482, 5488, 5472, 5501, 5509, 5510, - 5494, 5515, 6728, 6728, 5504, 5505, 5507, 5527, 5511, 5520, - 5528, 5533, 5521, 6728, 5534, 6728, 5538, 5535, 5564, 5544, - 5555, 5567, 6728, 5559, 5556, 6728, 5570, 5561, 5562, 6728, - - 5578, 6728, 6728, 5573, 6728, 5560, 6728, 5583, 5591, 5581, - 5590, 5584, 5597, 5609, 5599, 5612, 5595, 5601, 5621, 5623, - 5625, 6728, 6728, 5632, 5608, 5627, 5626, 5618, 5630, 5637, - 6728, 6728, 5639, 5638, 5648, 6728, 5622, 5652, 5645, 5664, - 5649, 5657, 5654, 5680, 5666, 5675, 5673, 5686, 5696, 5698, - 5689, 5701, 5688, 5691, 5694, 5700, 5702, 6728, 5709, 5728, - 5716, 6728, 5711, 5730, 5739, 5735, 5732, 6728, 5724, 5745, - 5744, 5743, 5738, 5778, 5747, 5754, 6728, 5750, 5767, 5770, - 6728, 5758, 6728, 5772, 6728, 5765, 6728, 5788, 5790, 5780, - 6728, 5795, 5797, 6728, 5796, 5799, 5792, 5787, 5816, 6728, - - 5761, 5824, 5825, 5804, 5814, 5813, 5831, 5819, 5843, 5817, - 5845, 6728, 5828, 5835, 5849, 5840, 5856, 5857, 5838, 5852, - 5865, 5863, 5859, 5875, 5869, 6728, 5878, 5882, 6728, 5870, - 6728, 5889, 5883, 5896, 6728, 5894, 5884, 5880, 5887, 6728, - 5907, 5905, 6728, 5895, 5913, 5920, 5915, 5909, 5918, 5926, - 5921, 5925, 5936, 5942, 6728, 5945, 5934, 5932, 5949, 5947, - 5960, 5940, 6728, 5966, 5968, 5956, 5965, 5961, 5962, 6728, - 5980, 5963, 6728, 5986, 5989, 5977, 5992, 5996, 5999, 6001, - 5998, 6728, 6008, 6728, 6728, 5993, 6728, 5988, 6013, 6728, - 6011, 6015, 6007, 6022, 6017, 6028, 6728, 6728, 6018, 6041, - - 6035, 6046, 6042, 6728, 6030, 6044, 6048, 6039, 6055, 6728, - 6057, 6060, 6056, 6066, 6045, 6069, 6077, 6078, 6084, 6728, - 6728, 6080, 6728, 6081, 6097, 6098, 6728, 6728, 6728, 6101, - 6728, 6109, 2275, 6106, 6728, 6114, 6105, 6103, 6728, 6115, - 6111, 6116, 6104, 6728, 6121, 6125, 6148, 6135, 6140, 6136, - 6150, 6144, 6154, 6162, 6133, 6157, 6138, 6163, 6164, 6160, - 6170, 6728, 6728, 6173, 6728, 6728, 6174, 6188, 6192, 6728, - 6184, 6194, 6728, 6198, 6187, 6191, 6204, 6195, 6207, 6728, - 6728, 6190, 6206, 6186, 6215, 6728, 6220, 6229, 6213, 6221, - 6219, 6231, 6225, 6728, 6728, 6728, 6728, 6728, 6242, 6728, - - 6728, 6228, 6240, 6237, 6246, 6728, 6236, 6250, 6265, 6264, - 6273, 6262, 6263, 6267, 6279, 6256, 6283, 6276, 6290, 6280, - 6302, 6299, 6312, 6305, 6314, 6297, 6315, 6322, 6323, 6294, - 6320, 6325, 6330, 6333, 6329, 6728, 6336, 6728, 6340, 6728, - 6728, 6334, 6345, 6346, 6341, 6342, 6350, 6357, 6347, 6728, - 6356, 6367, 6355, 6728, 6374, 6368, 6375, 6377, 6380, 6384, - 6391, 6382, 6386, 6398, 6415, 6411, 6414, 6416, 6417, 6401, - 6429, 6425, 6431, 6728, 6418, 6426, 6432, 6435, 6434, 6436, - 6452, 6439, 6728, 6459, 6445, 6456, 6457, 6460, 6469, 6480, - 6461, 6463, 6490, 6486, 6492, 6498, 6501, 6487, 6496, 6504, - - 6503, 6507, 6510, 6517, 6520, 6519, 6534, 6521, 6728, 6522, - 6526, 6728, 6536, 6547, 6531, 6537, 6542, 6728, 6555, 6554, - 6557, 6558, 6560, 6564, 6728, 6562, 6575, 6581, 6728, 6585, - 6728, 6728, 6587, 6574, 6577, 6578, 6580, 6728, 6728, 6728, - 6636, 6643, 6650, 6657, 6664, 83, 6671, 6678, 6685, 6692, - 6699, 6706, 6713, 6720 + 214, 204, 179, 256, 141, 248, 304, 288, 303, 250, + 136, 246, 318, 7166, 7166, 7166, 96, 315, 7166, 7166, + 7166, 102, 314, 339, 7166, 7166, 7166, 278, 299, 7166, + 7166, 7166, 115, 298, 7166, 305, 7166, 161, 346, 293, + 363, 115, 0, 367, 0, 0, 107, 216, 145, 181, + 227, 344, 284, 177, 339, 356, 346, 169, 268, 375, + 355, 352, 366, 358, 363, 380, 392, 386, 403, 391, + + 393, 416, 425, 407, 415, 413, 438, 433, 440, 444, + 434, 448, 458, 451, 471, 443, 257, 459, 464, 467, + 468, 494, 475, 278, 489, 498, 493, 502, 486, 496, + 506, 525, 524, 526, 528, 516, 532, 533, 252, 253, + 237, 319, 235, 577, 259, 121, 312, 117, 587, 591, + 0, 559, 545, 348, 566, 579, 387, 565, 569, 515, + 585, 575, 589, 596, 599, 600, 608, 610, 654, 606, + 619, 615, 624, 627, 637, 640, 645, 635, 628, 667, + 651, 656, 681, 692, 684, 653, 687, 657, 690, 709, + 701, 697, 696, 706, 702, 717, 704, 731, 728, 725, + + 734, 723, 739, 719, 748, 744, 742, 736, 737, 759, + 755, 758, 769, 766, 764, 771, 782, 772, 793, 774, + 799, 802, 785, 807, 798, 812, 707, 823, 816, 819, + 801, 800, 818, 817, 825, 837, 828, 840, 844, 848, + 852, 839, 845, 843, 860, 850, 857, 870, 876, 888, + 241, 865, 890, 892, 879, 881, 899, 894, 903, 867, + 897, 904, 905, 923, 913, 928, 909, 915, 919, 922, + 932, 946, 948, 934, 949, 938, 957, 950, 960, 954, + 962, 964, 970, 983, 977, 991, 985, 989, 987, 1005, + 998, 1014, 1004, 1022, 1011, 1027, 1039, 1035, 1041, 1028, + + 1045, 1034, 1032, 1038, 1061, 1051, 1055, 1062, 1069, 1070, + 1080, 1072, 1090, 1067, 1063, 1087, 1102, 1118, 1104, 1095, + 1113, 1077, 7166, 1122, 1130, 1170, 1120, 1147, 1100, 1099, + 1132, 1148, 1150, 1160, 1143, 1161, 1149, 1198, 1168, 1183, + 1187, 1190, 1196, 1200, 1151, 1199, 1208, 1210, 1209, 1206, + 1222, 1216, 1241, 1225, 1228, 1234, 1239, 1252, 1255, 1256, + 1261, 1242, 1247, 1246, 1271, 1283, 1284, 1289, 1291, 1287, + 1272, 1249, 1298, 1297, 1302, 1286, 1299, 1322, 1310, 1323, + 1316, 1313, 1334, 1318, 1341, 1342, 1340, 1329, 1343, 1344, + 1353, 1359, 1356, 1357, 7166, 1371, 1366, 1368, 1379, 1369, + + 1378, 7166, 1374, 1380, 1383, 1314, 1393, 1403, 1395, 1404, + 1416, 1398, 1410, 1428, 1420, 1421, 1411, 1423, 1437, 1427, + 1436, 1447, 1440, 1430, 1483, 1438, 1450, 1454, 1461, 1465, + 1481, 1471, 1495, 1478, 1498, 1492, 1505, 1490, 1519, 1508, + 1522, 1516, 1518, 1526, 1533, 1532, 1525, 1536, 1549, 7166, + 1545, 1552, 1477, 1550, 1547, 1542, 1567, 1569, 1574, 1568, + 1572, 1540, 1591, 1576, 1595, 1586, 1589, 1590, 1597, 1601, + 1607, 1593, 1611, 1608, 1610, 1627, 1613, 1630, 1633, 1644, + 1620, 1637, 1624, 1638, 1649, 1622, 1636, 1654, 1661, 1662, + 1656, 1670, 1657, 1664, 1673, 1653, 1684, 1668, 1689, 1680, + + 1694, 1701, 1695, 1688, 1713, 1711, 1707, 1723, 1719, 1726, + 1702, 1728, 1730, 1712, 1733, 1716, 1736, 1757, 1738, 1753, + 1758, 1759, 1752, 1760, 1771, 1762, 1777, 1775, 1768, 1782, + 1779, 1780, 1786, 1784, 1781, 1796, 1801, 1798, 1807, 1821, + 1817, 1797, 1813, 1808, 1829, 1820, 1825, 1828, 1832, 1830, + 1849, 1852, 1845, 1844, 1847, 1855, 1848, 1837, 1864, 1865, + 1868, 1878, 1879, 1880, 1900, 1877, 1890, 1887, 1907, 1902, + 1903, 1906, 1908, 1911, 1913, 1926, 1927, 1923, 1930, 1935, + 1934, 1942, 1940, 1950, 1953, 1959, 1957, 1946, 1949, 1965, + 1980, 1972, 1976, 7166, 1969, 1841, 1971, 1990, 1983, 1982, + + 1979, 1993, 1984, 1998, 1999, 2046, 7166, 2015, 7166, 7166, + 1987, 7166, 7166, 2025, 2026, 2009, 2036, 2042, 2022, 2021, + 2027, 2029, 2095, 2039, 2056, 2049, 2054, 2081, 2045, 2082, + 2090, 2073, 2092, 2098, 2109, 2100, 2108, 2116, 2119, 2117, + 2122, 2126, 2123, 2132, 2136, 2140, 2129, 2149, 2152, 2162, + 7166, 2159, 2171, 2173, 2167, 2169, 2172, 2174, 2165, 2185, + 2186, 2158, 2187, 2194, 2197, 2200, 2189, 7166, 2202, 2206, + 2216, 2213, 2209, 2221, 2210, 2207, 2230, 2204, 2248, 7166, + 2242, 2241, 2233, 2253, 2235, 2243, 2245, 2252, 2257, 2255, + 2269, 2249, 2268, 2279, 2281, 2270, 2284, 2296, 2299, 2283, + + 2285, 2297, 2291, 2301, 2295, 2312, 2307, 2324, 2329, 2316, + 2325, 2326, 2320, 2348, 2343, 2339, 2328, 2344, 2355, 2347, + 2359, 2360, 2356, 2363, 2350, 2375, 2358, 2376, 2370, 7166, + 2369, 2377, 7166, 2390, 2374, 2435, 2397, 2396, 2384, 2387, + 2405, 2406, 2423, 2416, 2434, 2427, 2443, 2437, 2448, 2454, + 2431, 2439, 2455, 2470, 2482, 2415, 207, 2489, 2466, 2473, + 2518, 2483, 2493, 2474, 2490, 2503, 2500, 2486, 2509, 2487, + 2515, 2508, 2535, 7166, 2516, 2525, 2521, 2536, 2546, 2542, + 2541, 2545, 2548, 2543, 2561, 2568, 2563, 2553, 2569, 2564, + 2572, 2570, 2574, 2598, 7166, 2580, 2581, 2584, 2588, 2607, + + 2608, 2609, 2611, 2616, 2623, 2615, 7166, 2606, 2631, 2644, + 2629, 2610, 2626, 2637, 2659, 2640, 2654, 2641, 2656, 2658, + 2649, 2664, 2672, 2666, 7166, 2668, 2681, 2676, 2671, 2680, + 2685, 2684, 2703, 2692, 2695, 2693, 2704, 2705, 2720, 2711, + 2718, 7166, 2707, 2731, 2727, 2719, 2721, 2732, 2738, 2724, + 2741, 2761, 2762, 2745, 2758, 2764, 2748, 2756, 2759, 1133, + 2755, 2765, 2776, 2752, 7166, 2780, 2778, 68, 2779, 2769, + 2797, 2781, 2789, 2815, 2817, 2808, 2812, 2816, 2804, 2805, + 2820, 2822, 2811, 2826, 2835, 2832, 2827, 2841, 2838, 2852, + 2843, 2870, 7166, 2860, 2864, 2865, 2853, 2868, 2882, 2892, + + 2876, 2847, 2899, 2887, 7166, 2905, 2902, 2890, 2913, 2908, + 2911, 2909, 2896, 2929, 2928, 2923, 2932, 2927, 2931, 2935, + 2942, 2934, 2940, 2945, 2954, 7166, 2969, 2964, 2958, 2957, + 2981, 2962, 2988, 2975, 2968, 2984, 2998, 3022, 2993, 3001, + 3005, 3011, 3002, 3033, 3038, 3039, 3046, 3028, 3050, 3051, + 3009, 3034, 3019, 3024, 3058, 3049, 3082, 3066, 184, 3070, + 7166, 3080, 3072, 3074, 3079, 3110, 3089, 3086, 3085, 3109, + 3106, 3116, 3112, 3115, 3114, 3113, 3123, 3134, 3130, 3135, + 3144, 7166, 3149, 3151, 3139, 3154, 3140, 3163, 3159, 3147, + 3148, 3170, 3157, 3175, 3186, 7166, 3179, 3184, 3185, 3187, + + 3194, 3197, 3183, 3202, 3196, 3204, 7166, 3205, 3210, 3213, + 3227, 3224, 3215, 3225, 3238, 3219, 7166, 3221, 3220, 3232, + 7166, 3254, 3242, 3230, 3246, 3253, 3237, 3270, 3252, 3249, + 3257, 3273, 3286, 3264, 3283, 7166, 3276, 3309, 3281, 3284, + 3279, 3297, 3303, 3320, 3305, 3302, 3331, 3319, 3322, 3308, + 3311, 3324, 3335, 3326, 3336, 7166, 3343, 3341, 3360, 3362, + 3347, 3353, 3363, 3354, 3364, 3367, 3370, 3376, 3374, 3389, + 3393, 3386, 3399, 3406, 3400, 3405, 3397, 3409, 3422, 3424, + 3420, 3427, 7166, 3410, 3425, 3430, 3426, 3432, 3435, 3433, + 3442, 3438, 3453, 3459, 3449, 3455, 3483, 3484, 3448, 3462, + + 3473, 3475, 3477, 3470, 3479, 3487, 3504, 3486, 3488, 3490, + 3497, 3508, 3491, 3511, 3502, 3524, 3521, 3528, 3532, 3536, + 3529, 3535, 3534, 3539, 7166, 3530, 3549, 3546, 3570, 3574, + 3576, 3559, 3563, 3562, 3557, 3583, 7166, 3569, 7166, 3567, + 3586, 3592, 3600, 7166, 3598, 7166, 3599, 3595, 3596, 7166, + 3601, 3615, 3603, 3627, 3620, 3602, 3608, 3635, 3623, 3629, + 3625, 3641, 3642, 3638, 3644, 3648, 3655, 3649, 3659, 3652, + 7166, 3674, 3663, 3669, 3673, 3676, 3684, 3668, 3671, 3685, + 3697, 3672, 3704, 3708, 3712, 3700, 3714, 7166, 3703, 3722, + 3707, 3719, 7166, 3718, 3727, 3731, 3709, 3730, 3736, 3734, + + 3755, 3750, 3740, 3767, 3771, 3763, 3765, 3775, 3754, 3769, + 3776, 3783, 3787, 3781, 3778, 3798, 3790, 3799, 3825, 3826, + 3817, 3828, 3801, 3827, 3738, 3829, 3812, 3811, 3813, 3821, + 3823, 3851, 3852, 3846, 3847, 3848, 3855, 3845, 7166, 3870, + 3856, 3872, 3879, 3871, 3873, 3857, 3883, 3882, 3890, 3895, + 3903, 3900, 7166, 3904, 7166, 3896, 3911, 3920, 3922, 3907, + 3928, 3929, 3927, 3931, 3932, 3948, 3940, 3937, 3942, 3952, + 3943, 3959, 3958, 3954, 7166, 3951, 3964, 3979, 3967, 3978, + 3985, 3996, 3986, 3981, 4020, 7166, 4001, 4000, 4002, 4009, + 4014, 4021, 4024, 7166, 4012, 4017, 4026, 4022, 4034, 7166, + + 7166, 4023, 4033, 4046, 4050, 4041, 4038, 4053, 4049, 4056, + 4058, 4045, 4062, 4068, 7166, 4074, 4064, 4083, 4091, 4092, + 4094, 4079, 4077, 7166, 4093, 4103, 4090, 4098, 4115, 4104, + 4117, 4113, 4114, 4133, 4125, 4120, 4139, 4146, 4147, 4148, + 7166, 4149, 4142, 4153, 4143, 4156, 4159, 4164, 4141, 4161, + 4169, 4166, 4183, 4182, 4180, 4196, 4190, 4177, 4188, 4200, + 4207, 4204, 4186, 4209, 4206, 4215, 4218, 4220, 4217, 4238, + 4219, 4227, 4241, 4245, 4255, 4250, 7166, 4256, 4239, 4260, + 4233, 4259, 4261, 4268, 4264, 4280, 4243, 4251, 4278, 4254, + 7166, 4302, 4286, 4277, 4297, 4288, 4314, 4301, 4291, 4295, + + 4312, 4305, 4322, 4313, 4320, 4324, 4317, 7166, 7166, 4327, + 4332, 4334, 4330, 4339, 4347, 4338, 4354, 4341, 4359, 7166, + 4357, 4376, 4350, 4371, 4381, 4384, 4385, 4382, 4379, 4372, + 4374, 4383, 4397, 4386, 4390, 4406, 4403, 4417, 7166, 4409, + 4408, 7166, 4413, 4422, 4419, 4420, 4438, 4435, 4447, 4441, + 4430, 4440, 4449, 4450, 4465, 4461, 4467, 4464, 4472, 4484, + 4478, 4487, 4460, 4477, 4488, 7166, 4481, 4491, 4494, 4476, + 4505, 4490, 4514, 4498, 7166, 4518, 4516, 4525, 4524, 4527, + 4509, 4535, 4528, 4533, 4536, 4522, 7166, 4539, 7166, 4537, + 4545, 7166, 4547, 4556, 4543, 4573, 4567, 4572, 4574, 4578, + + 4560, 4581, 4564, 4566, 4584, 4587, 4586, 4575, 7166, 4609, + 4600, 4611, 4613, 4612, 4615, 7166, 7166, 4596, 7166, 4614, + 4616, 7166, 4619, 4617, 4602, 4608, 4649, 4651, 4633, 4646, + 7166, 4655, 4636, 4663, 4657, 4644, 4658, 4660, 4667, 4642, + 4659, 4669, 7166, 4678, 4691, 4700, 4686, 4687, 4705, 4706, + 4689, 7166, 4712, 4718, 4692, 4716, 4715, 7166, 4714, 4724, + 7166, 4732, 4728, 4730, 4735, 4750, 4749, 4753, 4742, 4741, + 4768, 4759, 4757, 4763, 7166, 4747, 4751, 4772, 4774, 4767, + 4769, 4805, 4798, 4802, 4794, 4807, 4809, 4811, 4812, 4792, + 4815, 4817, 4816, 7166, 4833, 4819, 4822, 7166, 4835, 4832, + + 4838, 4839, 4842, 7166, 4849, 4859, 4862, 7166, 4868, 7166, + 4865, 4850, 4855, 4853, 4854, 4893, 4890, 4896, 4883, 4900, + 4898, 4894, 4911, 4905, 4901, 4892, 7166, 7166, 4913, 4932, + 4915, 4916, 4917, 4910, 4923, 4951, 4943, 4952, 4949, 4960, + 7166, 4953, 4936, 4961, 7166, 4937, 4964, 4944, 4971, 4968, + 4972, 4950, 4982, 4993, 4987, 4996, 4977, 4988, 5000, 5006, + 7166, 4989, 4991, 4998, 4995, 5012, 5015, 4999, 5020, 7166, + 5025, 5043, 5042, 5037, 5030, 5038, 5048, 5053, 5054, 5046, + 5047, 5055, 5077, 5066, 5074, 7166, 5080, 5064, 5070, 5082, + 5092, 5095, 5081, 5096, 5087, 5098, 5099, 5088, 5091, 7166, + + 5115, 5103, 5109, 5124, 5113, 5127, 5132, 5137, 5134, 5122, + 5129, 5147, 5143, 7166, 5125, 5123, 5142, 5159, 5148, 5158, + 5167, 5156, 5171, 5155, 5186, 5170, 5189, 7166, 5180, 5183, + 5190, 5174, 5196, 5200, 5197, 5206, 5207, 5205, 5223, 5210, + 5217, 5216, 5222, 5232, 5233, 5226, 5250, 5247, 7166, 5234, + 7166, 5237, 5255, 5268, 5270, 5264, 7166, 5265, 5260, 5263, + 7166, 5273, 5277, 5261, 5282, 7166, 5298, 5291, 5287, 5303, + 5289, 7166, 5305, 5314, 5319, 5313, 5327, 5310, 5312, 5328, + 5321, 5322, 5316, 5330, 7166, 5334, 5342, 5347, 5354, 5344, + 5346, 7166, 5348, 5356, 5352, 5363, 5358, 5365, 5357, 5374, + + 5369, 7166, 5372, 5377, 5394, 5390, 5400, 7166, 7166, 5392, + 5407, 5409, 5384, 5415, 7166, 5414, 5405, 5401, 5420, 5417, + 7166, 7166, 5422, 7166, 5428, 7166, 7166, 5425, 5433, 5423, + 7166, 5424, 7166, 5436, 5447, 5440, 5432, 5453, 7166, 5442, + 5450, 5464, 7166, 5457, 5473, 5452, 5463, 7166, 5471, 7166, + 5475, 5472, 5477, 5484, 5480, 5481, 5487, 5496, 5501, 5506, + 5510, 5500, 5497, 5516, 5519, 5513, 5518, 5526, 5529, 5522, + 5523, 5524, 5511, 5527, 5521, 5535, 5546, 5538, 5540, 5553, + 5545, 5556, 5573, 5562, 7166, 5557, 5554, 5563, 5582, 5565, + 5572, 5583, 5578, 5594, 5606, 7166, 7166, 5610, 5590, 5603, + + 5597, 7166, 5598, 5601, 5600, 5609, 5617, 5612, 5613, 5641, + 7166, 5620, 5639, 5623, 5633, 5634, 5647, 5640, 5644, 5645, + 5649, 5658, 5657, 5664, 5675, 5668, 5672, 5661, 5678, 5673, + 5674, 5691, 5695, 5698, 5701, 5706, 7166, 5689, 7166, 5700, + 5692, 5707, 7166, 7166, 5711, 5714, 5715, 5722, 5725, 5729, + 5728, 7166, 5730, 5736, 5746, 5734, 7166, 5748, 7166, 5750, + 5735, 5751, 5755, 5765, 7166, 7166, 7166, 7166, 5767, 5744, + 5756, 5763, 5770, 7166, 7166, 7166, 5775, 5771, 5781, 5783, + 5782, 5792, 7166, 5784, 5809, 5810, 5789, 5805, 5817, 5813, + 5816, 5827, 5818, 5824, 5819, 5828, 5829, 5830, 7166, 7166, + + 5822, 5836, 5858, 5854, 5860, 5843, 5863, 5864, 5862, 5853, + 5866, 5870, 5861, 7166, 5876, 7166, 5872, 5878, 5889, 5895, + 5900, 5902, 5912, 5905, 7166, 7166, 5896, 5897, 5899, 5919, + 5901, 5916, 5906, 5930, 5931, 7166, 5922, 7166, 5933, 5947, + 5936, 5954, 5948, 5957, 7166, 5946, 5952, 7166, 5963, 5945, + 5961, 7166, 5968, 7166, 7166, 5966, 7166, 5971, 7166, 5977, + 5984, 5987, 5999, 5998, 6000, 6004, 6002, 5992, 6006, 5990, + 5995, 6015, 6013, 6012, 7166, 7166, 6020, 6014, 6017, 6026, + 6021, 6034, 6030, 7166, 7166, 6040, 6041, 6048, 7166, 6027, + 6053, 6042, 6050, 6044, 6043, 6067, 6058, 6047, 6076, 6069, + + 6090, 6094, 6096, 6098, 6085, 6087, 6080, 6078, 6093, 6086, + 6089, 7166, 6110, 6127, 6114, 7166, 6134, 6128, 6138, 6137, + 6131, 7166, 6121, 6143, 6141, 6144, 6136, 6149, 6133, 6147, + 7166, 6150, 6166, 6167, 7166, 7166, 6157, 7166, 6169, 7166, + 6164, 7166, 6183, 6186, 6180, 7166, 6190, 6196, 7166, 6192, + 6194, 6178, 6199, 6206, 7166, 6204, 6215, 6223, 6229, 6214, + 6213, 6230, 6219, 6209, 6224, 6239, 7166, 6225, 6233, 6243, + 6240, 6241, 6259, 6256, 6242, 6255, 6264, 6268, 6251, 6279, + 6269, 7166, 6284, 6287, 7166, 6276, 7166, 6289, 6278, 6293, + 7166, 6302, 6290, 6285, 6299, 7166, 6306, 6295, 7166, 6301, + + 6313, 6319, 6321, 6311, 6320, 6315, 6324, 6332, 6338, 6342, + 7166, 6337, 6333, 6357, 6355, 6358, 6367, 6345, 7166, 6351, + 6368, 6360, 6372, 6374, 6375, 7166, 6377, 6362, 7166, 6386, + 6393, 6398, 6382, 6400, 6397, 6407, 6410, 6406, 7166, 6412, + 7166, 7166, 6395, 7166, 6394, 6425, 7166, 6415, 6417, 6408, + 6420, 6436, 6435, 7166, 7166, 6432, 6422, 6437, 6448, 6449, + 7166, 6430, 6441, 6455, 6439, 6459, 7166, 6462, 6452, 6463, + 6464, 6467, 6453, 6482, 6474, 6488, 7166, 7166, 6486, 7166, + 7166, 6502, 6503, 6501, 7166, 7166, 7166, 6504, 7166, 6507, + 6518, 6510, 7166, 6508, 6520, 6509, 7166, 6519, 6517, 6521, + + 6527, 7166, 6522, 6530, 6552, 6543, 6555, 6541, 6554, 6549, + 6577, 6565, 6537, 6548, 6557, 6566, 6568, 6572, 6574, 7166, + 7166, 6587, 7166, 7166, 6594, 6596, 6597, 7166, 6593, 6603, + 7166, 6606, 6592, 6598, 6608, 6600, 6611, 7166, 7166, 6595, + 6614, 6605, 6625, 6621, 7166, 6640, 6633, 6632, 6642, 6630, + 6627, 6634, 7166, 7166, 7166, 7166, 7166, 6648, 7166, 7166, + 6641, 6652, 6635, 6657, 7166, 6658, 6669, 6660, 6661, 6674, + 6685, 6682, 6675, 6679, 6677, 6678, 6684, 6690, 6700, 6715, + 6709, 6719, 6722, 6725, 6728, 6712, 6713, 6726, 6727, 6730, + 6736, 6749, 6739, 6724, 6743, 6748, 7166, 6753, 7166, 6751, + + 7166, 7166, 6744, 6746, 6771, 6758, 6786, 6787, 6770, 6759, + 6773, 7166, 6763, 6775, 6797, 7166, 6785, 6788, 6790, 6794, + 6795, 6799, 6798, 6822, 6811, 6804, 6833, 6832, 6844, 6839, + 6836, 6838, 6842, 6834, 6849, 6846, 6848, 7166, 6854, 6860, + 6850, 6863, 6864, 6867, 6869, 6859, 6891, 7166, 6889, 6886, + 6896, 6878, 6881, 6880, 6902, 6899, 6908, 7166, 6885, 6913, + 6915, 6916, 6931, 6928, 6929, 6918, 6939, 6941, 6945, 6949, + 6943, 6944, 6935, 6948, 6938, 7166, 6952, 6963, 7166, 6962, + 6964, 6966, 6968, 6991, 7166, 6983, 6978, 6979, 6999, 6986, + 6981, 7166, 7001, 7002, 6996, 7166, 7006, 7166, 7166, 7012, + + 7013, 7015, 7004, 7016, 7166, 7166, 7166, 7074, 7081, 7088, + 7095, 7102, 83, 7109, 7116, 7123, 7130, 7137, 7144, 7151, + 7158 } ; -static yyconst flex_int16_t yy_def[2355] = +static yyconst flex_int16_t yy_def[2522] = { 0, - 2340, 1, 2341, 2341, 2342, 2342, 2343, 2343, 2344, 2344, - 2345, 2345, 2340, 2346, 2340, 2340, 2340, 2340, 2347, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2348, 2340, 2340, 2340, 2348, 2349, 2340, 2340, 2340, - 2349, 2350, 2340, 2340, 2340, 2340, 2350, 2351, 2340, 2340, - 2340, 2351, 2352, 2340, 2353, 2340, 2352, 2352, 2346, 2346, - 2340, 2354, 2347, 2354, 2347, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2348, 2348, 2349, 2349, 2350, 2350, 2340, - 2351, 2351, 2352, 2352, 2353, 2353, 2352, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2352, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2352, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2352, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2352, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2346, 2340, 2340, 2346, 2340, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2352, 2346, 2346, 2346, - 2340, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2352, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, - 2340, 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2346, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2340, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - - 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - - 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2340, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2340, - - 2346, 2340, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2340, 2346, - 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, - 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2340, 2340, 2346, 2340, 2346, 2340, 2340, - 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2346, 2346, 2346, - - 2346, 2340, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2340, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2340, 2346, 2346, 2346, 2346, 2340, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2340, 2346, 2346, 2346, 2340, 2340, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2346, 2340, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, - 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2340, 2346, 2346, 2346, 2340, - - 2346, 2340, 2340, 2346, 2340, 2346, 2340, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2340, 2340, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, - 2340, 2346, 2340, 2346, 2340, 2346, 2340, 2346, 2346, 2346, - 2340, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2340, 2346, - 2340, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2346, 2340, 2340, 2346, 2340, 2346, 2346, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2340, 2346, 2346, - - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2340, 2346, 2340, 2346, 2346, 2346, 2340, 2340, 2340, 2346, - 2340, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2340, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2340, 2340, 2346, 2340, 2340, 2346, 2346, 2346, 2340, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2340, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2340, 2340, 2340, 2340, 2346, 2340, - - 2340, 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2340, 2346, 2340, - 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, - - 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2346, 2340, 2346, - 2346, 2340, 2346, 2346, 2346, 2346, 2346, 2340, 2346, 2346, - 2346, 2346, 2346, 2346, 2340, 2346, 2346, 2346, 2340, 2346, - 2340, 2340, 2346, 2346, 2346, 2346, 2346, 2340, 2340, 0, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340 + 2507, 1, 2508, 2508, 2509, 2509, 2510, 2510, 2511, 2511, + 2512, 2512, 2507, 2513, 2507, 2507, 2507, 2507, 2514, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2515, 2507, 2507, 2507, 2515, 2516, 2507, 2507, + 2507, 2516, 2517, 2507, 2507, 2507, 2507, 2517, 2518, 2507, + 2507, 2507, 2518, 2519, 2507, 2520, 2507, 2519, 2519, 2513, + 2513, 2507, 2521, 2514, 2521, 2514, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2515, 2515, + 2516, 2516, 2517, 2517, 2507, 2518, 2518, 2519, 2519, 2520, + 2520, 2519, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2519, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2519, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, + 2513, 2519, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2519, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2507, + 2513, 2507, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2519, 2513, 2513, 2513, 2513, 2513, 2507, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2519, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2513, + 2513, 2513, 2513, 2507, 2513, 2507, 2513, 2513, 2513, 2507, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2507, + + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, 2507, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2513, + + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2507, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2507, 2507, 2513, 2507, 2513, 2507, 2507, 2513, 2513, 2513, + 2507, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2507, 2513, 2507, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, 2513, 2513, + + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2513, + 2513, 2513, 2507, 2507, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2507, 2507, 2507, 2507, 2513, 2513, + 2513, 2513, 2513, 2507, 2507, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2507, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2507, 2513, 2513, + 2513, 2507, 2513, 2507, 2507, 2513, 2507, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2507, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2507, 2513, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2507, 2507, 2513, 2507, 2513, 2507, + 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2507, 2513, 2507, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2507, 2513, + + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, + 2507, 2507, 2513, 2507, 2513, 2513, 2507, 2513, 2513, 2513, + 2513, 2513, 2513, 2507, 2507, 2513, 2513, 2513, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, 2507, + 2507, 2513, 2513, 2513, 2507, 2507, 2507, 2513, 2507, 2513, + 2513, 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2513, 2513, + + 2513, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, + 2507, 2513, 2507, 2507, 2513, 2513, 2513, 2507, 2513, 2513, + 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2507, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2507, 2507, 2507, 2507, 2507, 2513, 2507, 2507, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2507, 2513, + + 2507, 2507, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, 2513, + 2513, 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2507, 2513, + 2513, 2513, 2513, 2513, 2507, 2513, 2513, 2513, 2513, 2513, + 2513, 2507, 2513, 2513, 2513, 2507, 2513, 2507, 2507, 2513, + + 2513, 2513, 2513, 2513, 2507, 2507, 0, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507 } ; -static yyconst flex_uint16_t yy_nxt[6795] = +static yyconst flex_uint16_t yy_nxt[7233] = { 0, 14, 15, 16, 17, 18, 19, 18, 14, 14, 14, 14, 14, 18, 20, 21, 22, 23, 24, 25, 14, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, - 36, 37, 38, 39, 40, 14, 14, 14, 14, 41, + 36, 37, 38, 39, 40, 14, 14, 14, 41, 42, 20, 21, 22, 23, 24, 25, 14, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, - 39, 40, 14, 14, 14, 14, 43, 44, 45, 43, - 44, 45, 48, 49, 48, 49, 50, 99, 50, 53, - 54, 55, 56, 69, 18, 53, 54, 55, 56, 70, - 18, 59, 60, 61, 59, 60, 61, 71, 79, 134, - - 134, 72, 101, 46, 99, 136, 46, 144, 136, 51, - 74, 51, 74, 74, 70, 74, 71, 57, 141, 141, - 72, 74, 148, 57, 70, 79, 76, 77, 62, 101, - 930, 62, 15, 16, 17, 64, 65, 66, 15, 16, - 17, 64, 65, 66, 78, 89, 70, 91, 75, 148, - 70, 93, 67, 76, 77, 80, 144, 109, 67, 94, - 70, 92, 81, 70, 835, 90, 82, 115, 70, 83, - 68, 78, 89, 70, 91, 1030, 68, 70, 93, 67, - 70, 70, 80, 100, 109, 67, 94, 147, 92, 81, - 142, 150, 90, 82, 115, 70, 83, 84, 70, 95, - - 144, 85, 96, 70, 86, 70, 87, 88, 140, 97, - 100, 98, 139, 125, 147, 126, 137, 106, 150, 70, - 136, 107, 70, 136, 84, 135, 95, 102, 85, 96, - 127, 86, 149, 87, 88, 103, 97, 108, 98, 70, - 125, 104, 126, 70, 106, 105, 70, 69, 107, 69, - 69, 144, 69, 70, 102, 70, 328, 127, 69, 149, - 142, 116, 103, 155, 108, 117, 140, 151, 104, 156, - 139, 154, 105, 110, 128, 118, 208, 111, 119, 137, - 70, 70, 70, 112, 129, 70, 113, 70, 116, 130, - 155, 70, 117, 114, 151, 70, 156, 70, 154, 131, - - 110, 128, 118, 132, 111, 119, 165, 133, 70, 224, - 112, 129, 138, 113, 138, 138, 130, 138, 161, 70, - 114, 120, 135, 70, 121, 70, 131, 134, 134, 70, - 132, 122, 2340, 165, 133, 123, 124, 74, 2340, 74, - 74, 70, 74, 70, 143, 161, 143, 143, 120, 143, - 69, 121, 69, 69, 74, 69, 74, 74, 122, 74, - 152, 69, 123, 124, 157, 74, 162, 159, 160, 2340, - 158, 163, 166, 153, 70, 146, 70, 168, 170, 70, - 167, 169, 141, 141, 70, 70, 70, 152, 171, 164, - 70, 157, 75, 162, 159, 160, 70, 158, 172, 166, - - 153, 70, 177, 70, 168, 170, 173, 167, 169, 174, - 70, 70, 179, 2340, 2340, 171, 164, 182, 180, 185, - 70, 183, 175, 176, 184, 172, 178, 70, 2340, 186, - 70, 213, 70, 173, 70, 187, 174, 2340, 181, 179, - 70, 70, 70, 188, 182, 180, 185, 189, 183, 175, - 176, 184, 70, 178, 190, 70, 186, 70, 213, 191, - 192, 193, 187, 194, 202, 181, 70, 70, 70, 70, - 188, 195, 70, 197, 189, 196, 70, 198, 199, 2340, - 70, 190, 207, 200, 70, 70, 191, 192, 193, 201, - 194, 202, 210, 70, 2340, 214, 70, 70, 195, 203, - - 197, 70, 196, 70, 198, 199, 204, 70, 209, 207, - 200, 212, 211, 215, 218, 237, 201, 205, 70, 210, - 70, 206, 214, 70, 70, 216, 203, 219, 220, 221, - 70, 223, 2340, 204, 2340, 209, 70, 70, 212, 211, - 215, 218, 70, 2340, 205, 222, 217, 70, 206, 370, - 70, 70, 216, 70, 219, 220, 221, 138, 223, 138, - 138, 143, 138, 143, 143, 74, 143, 74, 74, 144, - 74, 225, 222, 217, 226, 227, 70, 228, 230, 229, - 231, 232, 233, 70, 2340, 70, 236, 70, 234, 235, - 70, 70, 246, 2340, 70, 2340, 2340, 377, 225, 70, - - 70, 226, 227, 146, 228, 230, 229, 231, 232, 248, - 249, 70, 70, 236, 70, 234, 235, 238, 70, 246, - 247, 239, 250, 251, 70, 257, 70, 253, 70, 252, - 254, 70, 70, 258, 70, 267, 248, 249, 240, 2340, - 70, 259, 70, 2340, 2340, 70, 70, 247, 239, 250, - 251, 70, 257, 2340, 253, 70, 252, 254, 255, 264, - 258, 256, 2340, 70, 2340, 240, 241, 70, 259, 268, - 265, 242, 271, 70, 2340, 260, 243, 70, 2340, 266, - 261, 70, 244, 245, 274, 255, 264, 272, 256, 70, - 70, 276, 262, 241, 263, 70, 268, 265, 242, 277, - - 269, 70, 260, 243, 70, 70, 266, 261, 275, 244, - 245, 270, 273, 278, 272, 279, 70, 281, 70, 262, - 280, 263, 282, 70, 70, 287, 2340, 284, 2340, 70, - 70, 70, 70, 70, 285, 275, 286, 70, 270, 273, - 278, 70, 279, 70, 281, 283, 70, 280, 70, 282, - 70, 288, 287, 289, 284, 290, 291, 294, 70, 2340, - 70, 285, 70, 286, 292, 70, 293, 295, 296, 297, - 300, 70, 283, 299, 2340, 301, 70, 70, 288, 298, - 289, 303, 290, 291, 302, 306, 70, 70, 304, 70, - 70, 292, 70, 293, 295, 296, 305, 300, 70, 308, - - 299, 70, 309, 70, 315, 311, 298, 70, 307, 70, - 312, 302, 313, 70, 314, 304, 316, 70, 317, 310, - 70, 318, 70, 305, 324, 144, 70, 70, 325, 309, - 319, 70, 311, 70, 320, 307, 70, 312, 70, 313, - 70, 314, 70, 316, 326, 317, 310, 70, 323, 321, - 322, 324, 70, 70, 327, 325, 329, 319, 70, 330, - 333, 320, 331, 70, 336, 70, 334, 70, 332, 70, - 337, 326, 70, 335, 339, 323, 321, 322, 340, 70, - 70, 327, 70, 329, 338, 70, 330, 333, 70, 331, - 70, 336, 341, 334, 342, 332, 70, 70, 344, 2340, - - 335, 343, 70, 345, 70, 340, 70, 70, 70, 70, - 346, 338, 347, 2340, 70, 352, 348, 2340, 349, 341, - 351, 350, 353, 356, 70, 344, 70, 70, 343, 70, - 345, 70, 354, 357, 363, 355, 358, 346, 70, 347, - 70, 70, 352, 348, 70, 349, 364, 351, 350, 353, - 70, 70, 70, 2340, 366, 70, 70, 70, 359, 354, - 357, 363, 355, 358, 365, 367, 360, 361, 70, 362, - 70, 371, 2340, 364, 368, 369, 70, 2340, 374, 372, - 70, 366, 373, 2340, 379, 359, 375, 2340, 385, 70, - 70, 365, 367, 360, 361, 70, 362, 376, 371, 70, - - 378, 368, 369, 381, 70, 374, 372, 380, 382, 373, - 70, 379, 2340, 375, 383, 70, 384, 387, 388, 70, - 70, 70, 70, 70, 376, 70, 386, 378, 70, 389, - 381, 2340, 390, 70, 380, 382, 394, 2340, 391, 70, - 392, 383, 393, 384, 387, 399, 400, 2340, 2340, 70, - 70, 70, 398, 386, 70, 395, 389, 2340, 396, 390, - 397, 434, 405, 394, 70, 391, 70, 392, 70, 393, - 70, 403, 401, 400, 70, 404, 407, 70, 70, 398, - 402, 70, 395, 406, 409, 396, 70, 397, 418, 405, - 419, 438, 408, 70, 461, 420, 70, 70, 403, 401, - - 70, 417, 404, 407, 422, 2340, 70, 402, 421, 424, - 406, 409, 70, 70, 144, 418, 70, 423, 426, 408, - 410, 411, 70, 70, 2340, 425, 70, 427, 417, 70, - 412, 422, 413, 414, 415, 421, 424, 416, 70, 428, - 432, 2340, 429, 70, 423, 70, 430, 410, 411, 70, - 70, 431, 425, 70, 427, 436, 433, 412, 435, 413, - 414, 415, 70, 70, 416, 70, 428, 432, 70, 429, - 70, 437, 439, 430, 70, 440, 442, 443, 431, 441, - 444, 445, 436, 433, 70, 435, 70, 70, 448, 446, - 447, 449, 70, 2340, 2340, 452, 450, 453, 437, 439, - - 70, 70, 440, 70, 70, 70, 441, 444, 445, 457, - 70, 451, 2340, 70, 70, 448, 446, 447, 449, 70, - 458, 454, 452, 450, 453, 460, 459, 70, 465, 462, - 463, 464, 455, 466, 456, 70, 457, 467, 451, 70, - 70, 471, 70, 70, 469, 472, 473, 458, 454, 70, - 70, 70, 460, 459, 70, 465, 462, 463, 464, 455, - 466, 456, 468, 70, 467, 470, 70, 70, 471, 70, - 476, 469, 474, 473, 475, 477, 70, 70, 70, 70, - 478, 479, 2340, 480, 481, 482, 2340, 483, 70, 468, - 70, 70, 470, 484, 485, 70, 70, 476, 486, 474, - - 70, 475, 477, 489, 70, 487, 70, 478, 479, 70, - 480, 481, 482, 70, 483, 488, 493, 70, 70, 70, - 484, 485, 70, 70, 490, 486, 491, 492, 494, 70, - 489, 495, 487, 70, 70, 496, 498, 497, 499, 500, - 2340, 501, 488, 493, 502, 2340, 70, 505, 504, 70, - 70, 490, 2340, 491, 492, 70, 2340, 70, 495, 508, - 70, 70, 496, 498, 497, 70, 500, 503, 501, 70, - 70, 509, 506, 507, 505, 504, 70, 70, 511, 70, - 510, 519, 70, 70, 512, 2340, 508, 520, 70, 70, - 2340, 522, 70, 521, 503, 70, 2340, 2340, 509, 506, - - 507, 523, 70, 541, 70, 511, 2340, 510, 519, 525, - 2340, 512, 513, 524, 520, 526, 528, 514, 70, 515, - 521, 527, 70, 70, 70, 529, 2340, 516, 523, 530, - 517, 2340, 2340, 70, 531, 70, 525, 518, 70, 513, - 524, 70, 526, 528, 514, 533, 515, 70, 527, 70, - 532, 70, 529, 70, 516, 534, 530, 517, 535, 537, - 70, 531, 70, 536, 518, 540, 538, 70, 539, 542, - 543, 544, 533, 545, 546, 549, 548, 532, 70, 70, - 70, 70, 534, 547, 70, 535, 537, 70, 144, 70, - 536, 550, 540, 538, 70, 539, 542, 543, 544, 70, - - 545, 546, 70, 70, 551, 552, 70, 70, 2340, 2340, - 547, 553, 554, 2340, 557, 555, 556, 558, 550, 559, - 70, 560, 563, 564, 70, 70, 561, 565, 566, 567, - 70, 562, 552, 568, 573, 70, 70, 70, 553, 554, - 70, 557, 555, 556, 558, 70, 559, 570, 569, 70, - 70, 572, 571, 70, 70, 70, 70, 70, 562, 70, - 70, 573, 574, 575, 576, 70, 577, 579, 581, 70, - 70, 2340, 2340, 70, 570, 569, 578, 2340, 572, 571, - 580, 70, 586, 70, 2340, 592, 70, 582, 70, 585, - 575, 576, 583, 577, 70, 581, 584, 587, 70, 70, - - 588, 591, 70, 578, 589, 590, 70, 580, 70, 586, - 594, 70, 593, 70, 582, 2340, 585, 70, 70, 583, - 595, 600, 70, 584, 587, 599, 70, 588, 591, 597, - 70, 589, 590, 598, 70, 70, 70, 594, 603, 593, - 601, 602, 596, 70, 605, 606, 604, 595, 600, 70, - 607, 70, 599, 609, 608, 70, 597, 612, 611, 70, - 598, 70, 70, 614, 613, 603, 70, 601, 602, 596, - 610, 70, 606, 604, 70, 70, 70, 607, 70, 70, - 609, 608, 615, 616, 619, 611, 70, 617, 620, 70, - 621, 613, 618, 622, 623, 70, 626, 610, 70, 624, - - 2340, 70, 70, 627, 2340, 70, 70, 628, 629, 615, - 616, 619, 70, 630, 625, 620, 631, 2340, 70, 70, - 622, 623, 70, 70, 633, 632, 624, 70, 70, 70, - 627, 634, 635, 640, 628, 636, 637, 641, 638, 70, - 70, 625, 70, 631, 70, 70, 70, 639, 646, 70, - 2340, 633, 632, 677, 70, 70, 70, 70, 634, 635, - 640, 642, 636, 637, 641, 638, 643, 645, 644, 647, - 648, 2340, 649, 70, 639, 70, 70, 70, 70, 70, - 70, 650, 651, 653, 652, 70, 2340, 2340, 642, 656, - 70, 654, 657, 643, 645, 644, 647, 648, 70, 649, - - 70, 658, 70, 70, 70, 70, 655, 659, 650, 651, - 653, 652, 70, 660, 70, 661, 656, 662, 654, 657, - 664, 663, 2340, 70, 667, 671, 70, 70, 658, 668, - 665, 666, 669, 655, 659, 70, 674, 70, 70, 670, - 660, 70, 661, 70, 662, 70, 144, 664, 663, 70, - 675, 667, 70, 70, 672, 70, 668, 665, 666, 669, - 678, 676, 673, 70, 680, 681, 670, 70, 70, 70, - 679, 682, 692, 684, 70, 683, 2340, 675, 2340, 70, - 70, 672, 70, 685, 70, 70, 693, 678, 676, 673, - 694, 680, 681, 70, 70, 695, 70, 679, 686, 692, - - 684, 696, 683, 70, 710, 70, 70, 699, 70, 697, - 685, 698, 2340, 693, 2340, 708, 70, 694, 709, 707, - 711, 70, 695, 712, 70, 686, 687, 70, 696, 713, - 688, 710, 714, 689, 733, 70, 697, 70, 698, 70, - 690, 70, 708, 691, 70, 709, 707, 711, 70, 70, - 70, 715, 718, 687, 716, 2340, 713, 688, 70, 714, - 689, 70, 2340, 70, 717, 719, 2340, 690, 720, 721, - 691, 700, 701, 2340, 702, 722, 70, 703, 715, 718, - 70, 716, 704, 70, 70, 723, 70, 70, 705, 706, - 735, 717, 719, 70, 726, 720, 721, 70, 700, 701, - - 724, 702, 722, 725, 703, 727, 728, 70, 70, 704, - 729, 70, 723, 70, 731, 705, 706, 730, 70, 2340, - 732, 726, 70, 70, 734, 736, 70, 724, 737, 70, - 725, 70, 727, 728, 739, 738, 741, 729, 742, 740, - 2340, 731, 70, 745, 730, 70, 70, 732, 743, 2340, - 747, 734, 70, 70, 746, 737, 70, 70, 70, 744, - 70, 739, 738, 741, 748, 742, 740, 70, 70, 70, - 70, 749, 70, 750, 751, 743, 754, 747, 752, 70, - 755, 746, 753, 756, 759, 757, 744, 70, 763, 70, - 758, 70, 70, 70, 2340, 70, 70, 762, 749, 2340, - - 750, 751, 70, 754, 70, 752, 70, 755, 70, 753, - 756, 759, 757, 760, 764, 70, 765, 758, 770, 766, - 70, 761, 70, 767, 762, 70, 768, 769, 771, 2340, - 70, 70, 778, 772, 70, 781, 70, 70, 70, 773, - 760, 764, 70, 765, 774, 770, 766, 70, 761, 775, - 767, 70, 776, 768, 769, 771, 777, 780, 783, 70, - 772, 779, 70, 791, 70, 70, 773, 70, 70, 784, - 70, 774, 788, 782, 785, 789, 775, 70, 786, 776, - 70, 70, 70, 777, 780, 790, 787, 795, 779, 793, - 70, 792, 70, 70, 70, 70, 784, 796, 70, 788, - - 782, 785, 789, 794, 70, 786, 797, 799, 800, 801, - 2340, 70, 790, 787, 798, 70, 793, 70, 792, 70, - 70, 802, 803, 70, 796, 70, 804, 2340, 813, 70, - 794, 805, 70, 70, 144, 800, 801, 806, 70, 70, - 2340, 798, 816, 70, 70, 814, 2340, 815, 802, 803, - 818, 2340, 817, 804, 70, 813, 821, 820, 805, 70, - 819, 822, 70, 823, 806, 807, 2340, 808, 70, 816, - 70, 809, 814, 810, 815, 70, 70, 818, 811, 817, - 824, 825, 70, 812, 820, 2167, 2168, 819, 70, 70, - 823, 826, 807, 70, 808, 828, 829, 834, 809, 832, - - 810, 827, 831, 70, 833, 811, 830, 824, 825, 70, - 812, 2340, 70, 70, 70, 70, 841, 70, 826, 842, - 70, 843, 828, 829, 70, 844, 832, 845, 827, 831, - 847, 70, 848, 830, 70, 853, 70, 836, 846, 849, - 70, 70, 837, 841, 838, 70, 842, 70, 843, 70, - 850, 851, 844, 70, 845, 839, 852, 847, 70, 848, - 70, 854, 840, 70, 836, 846, 849, 70, 855, 837, - 856, 838, 857, 859, 858, 860, 70, 850, 70, 70, - 861, 70, 839, 852, 70, 70, 863, 864, 854, 840, - 866, 872, 862, 70, 2340, 855, 70, 856, 70, 867, - - 859, 858, 860, 70, 70, 70, 70, 861, 865, 868, - 870, 871, 70, 869, 864, 876, 70, 866, 70, 862, - 70, 873, 70, 70, 874, 877, 867, 70, 70, 70, - 875, 878, 70, 879, 70, 865, 868, 870, 871, 70, - 869, 880, 876, 881, 882, 884, 893, 70, 873, 885, - 883, 874, 877, 70, 886, 70, 70, 875, 878, 70, - 879, 2340, 887, 889, 70, 888, 890, 891, 880, 70, - 881, 892, 884, 894, 70, 895, 70, 883, 70, 70, - 70, 70, 897, 70, 898, 896, 899, 70, 70, 887, - 889, 70, 888, 890, 891, 900, 901, 70, 892, 70, - - 894, 902, 895, 903, 70, 905, 70, 906, 904, 897, - 2340, 898, 896, 899, 909, 907, 70, 70, 70, 70, - 908, 914, 900, 901, 70, 918, 70, 910, 902, 70, - 903, 911, 905, 70, 70, 904, 70, 912, 70, 70, - 915, 909, 907, 913, 70, 919, 916, 908, 921, 70, - 917, 920, 918, 70, 910, 922, 923, 70, 911, 70, - 70, 70, 70, 70, 912, 926, 2340, 915, 70, 924, - 913, 925, 919, 916, 927, 921, 928, 917, 920, 929, - 2340, 70, 70, 933, 932, 2340, 931, 70, 70, 70, - 939, 70, 70, 70, 70, 70, 924, 934, 925, 70, - - 935, 927, 70, 928, 936, 938, 929, 937, 70, 940, - 933, 932, 70, 931, 2340, 941, 2340, 70, 942, 70, - 2340, 947, 70, 944, 934, 943, 945, 935, 2340, 946, - 948, 936, 938, 70, 937, 949, 70, 70, 70, 70, - 2340, 70, 941, 70, 952, 942, 950, 70, 947, 955, - 944, 70, 943, 945, 954, 70, 946, 948, 70, 951, - 963, 953, 949, 70, 2340, 956, 2340, 70, 957, 962, - 70, 70, 70, 950, 70, 961, 955, 958, 968, 959, - 70, 954, 960, 965, 964, 966, 951, 963, 953, 2340, - 70, 70, 956, 970, 70, 957, 962, 70, 967, 972, - - 70, 70, 961, 2340, 958, 968, 959, 70, 973, 960, - 965, 964, 966, 969, 971, 70, 70, 975, 974, 976, - 970, 70, 70, 978, 979, 967, 70, 70, 2340, 70, - 977, 70, 981, 983, 2340, 973, 70, 988, 70, 70, - 969, 971, 70, 70, 975, 974, 976, 980, 987, 982, - 978, 979, 984, 990, 70, 70, 985, 977, 70, 981, - 983, 986, 992, 70, 70, 989, 70, 993, 70, 70, - 991, 1008, 70, 2340, 980, 987, 982, 70, 70, 984, - 990, 994, 70, 985, 70, 996, 995, 997, 986, 992, - 998, 1006, 989, 70, 993, 999, 2340, 991, 1007, 2340, - - 70, 2340, 1009, 70, 70, 70, 1011, 2340, 1010, 2340, - 2340, 1020, 996, 70, 997, 2340, 70, 998, 1006, 1021, - 1012, 70, 999, 1000, 70, 1007, 1001, 1002, 70, 1009, - 70, 1003, 1015, 1011, 1013, 1010, 1014, 1004, 1017, 70, - 1019, 1005, 70, 70, 1018, 70, 1023, 1012, 1016, 70, - 1000, 70, 1022, 1001, 1002, 1029, 70, 70, 1003, 1015, - 70, 1013, 70, 1014, 1004, 1017, 70, 1019, 1005, 70, - 1031, 1018, 1032, 1023, 70, 1016, 1033, 1038, 1035, 1022, - 1024, 70, 1029, 1034, 1039, 1025, 70, 1026, 70, 1027, - 70, 1028, 70, 1043, 1041, 70, 70, 1031, 70, 1032, - - 1040, 1036, 70, 1033, 1038, 1035, 1037, 1024, 70, 1042, - 1034, 1039, 1025, 70, 1026, 70, 1027, 1044, 1028, 1045, - 1043, 1041, 70, 1046, 1047, 1048, 70, 1040, 1049, 1050, - 70, 1051, 70, 70, 1054, 1052, 1042, 70, 1053, 1055, - 1057, 70, 70, 2340, 1044, 1060, 1045, 70, 1058, 2340, - 1046, 1047, 1048, 1066, 1062, 70, 1050, 1056, 70, 70, - 70, 1054, 1052, 1059, 70, 1053, 70, 70, 1063, 70, - 70, 1061, 70, 1067, 1064, 1058, 70, 1065, 70, 70, - 1066, 1062, 70, 1069, 1056, 1068, 1071, 70, 1070, 1072, - 1059, 1074, 1073, 1075, 2340, 1063, 70, 1076, 1061, 70, - - 1067, 1064, 70, 70, 1065, 70, 70, 1078, 2340, 1077, - 1069, 70, 1068, 1081, 70, 1070, 1082, 70, 70, 1073, - 1075, 70, 1079, 70, 1076, 70, 1080, 1086, 1085, 70, - 1087, 1083, 1088, 70, 70, 70, 1077, 1084, 2340, 1089, - 1081, 70, 70, 70, 70, 1090, 1093, 1092, 70, 1079, - 1094, 2340, 70, 1080, 1086, 1085, 70, 1087, 1083, 1088, - 1091, 1096, 70, 1095, 1084, 70, 1089, 70, 70, 1102, - 1097, 1098, 1090, 1093, 1092, 1100, 1099, 70, 70, 1101, - 1103, 2340, 70, 70, 1108, 1110, 2340, 1091, 1096, 2340, - 1095, 1111, 70, 70, 1112, 2340, 1102, 1097, 70, 1109, - - 2340, 1104, 1100, 70, 1105, 1106, 1101, 1103, 1107, 70, - 70, 1108, 70, 70, 70, 1113, 1115, 70, 1111, 1114, - 70, 1112, 1116, 70, 1117, 70, 1109, 70, 1104, 1118, - 1119, 1105, 1106, 70, 2340, 1107, 70, 1121, 1120, 1122, - 1124, 2340, 1113, 1115, 70, 70, 1114, 70, 1123, 1116, - 1125, 1117, 70, 70, 70, 1126, 1118, 1119, 1127, 1128, - 1130, 70, 70, 70, 1121, 1120, 1122, 1124, 1129, 70, - 1131, 1137, 1132, 1134, 1136, 1123, 2340, 1125, 1135, 70, - 70, 1133, 1126, 1138, 70, 1127, 1128, 1130, 70, 1141, - 70, 1139, 1143, 70, 70, 1129, 70, 1131, 70, 1132, - - 1134, 1136, 1140, 70, 1142, 1135, 1147, 2340, 1133, 1145, - 70, 1144, 1146, 2340, 1148, 70, 70, 70, 1139, 1143, - 70, 1151, 70, 1149, 70, 1150, 70, 70, 70, 1140, - 70, 1142, 1152, 1147, 1153, 1162, 1145, 2340, 1144, 1146, - 70, 1148, 70, 70, 70, 70, 1154, 1159, 1151, 1156, - 1149, 1155, 1150, 1158, 1157, 70, 1160, 1161, 1164, 1152, - 70, 1153, 1163, 70, 70, 70, 70, 70, 1166, 1165, - 1172, 1167, 2340, 2340, 1159, 1171, 70, 2340, 70, 70, - 1158, 70, 1174, 1160, 1161, 1164, 1168, 1169, 70, 1163, - 70, 1170, 1173, 1175, 70, 70, 1165, 1172, 1167, 70, - - 70, 1176, 1171, 1177, 70, 1178, 1179, 1180, 70, 1174, - 1182, 1188, 1187, 1168, 1169, 2340, 70, 70, 1170, 1173, - 1175, 70, 1181, 70, 70, 1189, 2340, 70, 1176, 70, - 70, 1183, 1178, 1179, 1180, 1184, 1186, 1182, 70, 1187, - 70, 1190, 1191, 70, 1192, 1193, 1194, 70, 1185, 1181, - 1195, 70, 1189, 70, 70, 1200, 70, 1196, 1183, 1198, - 2340, 1197, 1184, 1186, 70, 70, 1199, 1201, 1190, 1191, - 70, 1192, 1193, 1194, 1202, 1185, 1204, 1207, 1203, 70, - 1205, 70, 70, 1206, 70, 1208, 1198, 70, 1197, 70, - 1211, 1210, 70, 1199, 70, 70, 1209, 1212, 1213, 2340, - - 70, 70, 70, 1204, 1207, 1203, 70, 1205, 1214, 70, - 1206, 70, 1208, 70, 1215, 70, 1217, 1211, 1210, 1218, - 1219, 70, 1216, 1209, 70, 1213, 1220, 70, 70, 1221, - 1222, 1223, 70, 1224, 1233, 1214, 2340, 2340, 2340, 70, - 70, 1215, 70, 1217, 70, 1225, 1218, 1219, 70, 1216, - 1228, 1229, 1232, 1220, 1226, 1227, 70, 1222, 1223, 70, - 1224, 70, 70, 1230, 1231, 1235, 70, 70, 70, 1234, - 70, 1236, 1225, 70, 70, 1237, 70, 1228, 1229, 1232, - 1238, 1226, 1227, 1239, 70, 1241, 1253, 1242, 70, 70, - 1230, 1231, 1240, 1243, 1244, 70, 1234, 70, 1236, 1246, - - 2340, 1247, 70, 70, 70, 1245, 70, 1238, 1249, 1248, - 1239, 70, 1241, 70, 1242, 70, 1254, 70, 70, 1240, - 1243, 1244, 1250, 70, 70, 1251, 1246, 70, 1247, 1255, - 1258, 1256, 1245, 1259, 1260, 1249, 1248, 1252, 70, 1257, - 1262, 70, 1261, 1254, 1264, 2340, 70, 70, 70, 1250, - 1265, 70, 1251, 70, 70, 1263, 1255, 1258, 1256, 1266, - 70, 1260, 70, 1268, 1252, 70, 1257, 1262, 1269, 1261, - 1267, 1270, 70, 1272, 70, 1271, 70, 1265, 1277, 1273, - 70, 1274, 1263, 1275, 70, 70, 70, 1278, 1276, 1311, - 1268, 70, 70, 70, 70, 70, 70, 1267, 1270, 1281, - - 1272, 1283, 1271, 70, 1279, 1277, 1273, 1280, 1274, 1286, - 1275, 70, 70, 1284, 70, 1276, 1282, 1285, 1287, 70, - 70, 70, 70, 1291, 1288, 2340, 1281, 1293, 70, 1289, - 70, 1279, 70, 1290, 1280, 70, 1286, 70, 1300, 70, - 1284, 70, 70, 1282, 1285, 1287, 1292, 70, 1296, 1294, - 1291, 1288, 1295, 1299, 1293, 70, 1289, 1297, 70, 70, - 1290, 1301, 1298, 1302, 1303, 70, 1305, 70, 1306, 70, - 1304, 1312, 70, 1292, 1307, 1296, 1294, 70, 1308, 1295, - 1299, 1309, 70, 2340, 1297, 1310, 70, 70, 70, 1298, - 1302, 1303, 70, 1305, 1316, 1306, 70, 1304, 70, 1313, - - 1314, 1307, 1315, 70, 1317, 1308, 70, 70, 1309, 1318, - 1320, 70, 1310, 1321, 70, 70, 1319, 1322, 70, 70, - 1323, 1316, 2340, 1324, 70, 1329, 1313, 1314, 70, 1315, - 1327, 1317, 1325, 1328, 70, 1332, 1318, 1320, 70, 70, - 1321, 1334, 1333, 1319, 1322, 70, 1326, 1323, 70, 1330, - 1324, 70, 1329, 1335, 1331, 1336, 1337, 1327, 70, 1325, - 1328, 1340, 1338, 1339, 1341, 1346, 2340, 70, 70, 1333, - 70, 2340, 2340, 1326, 1342, 1345, 1344, 70, 70, 70, - 1343, 70, 1336, 70, 70, 70, 1347, 1350, 70, 1338, - 1339, 1341, 1346, 70, 70, 70, 1348, 1349, 70, 1351, - - 1352, 1342, 1345, 1344, 70, 1353, 1355, 1343, 1354, 70, - 70, 70, 1356, 1347, 1357, 70, 1358, 1360, 1361, 70, - 1362, 70, 1359, 1348, 1349, 2340, 1351, 1352, 1364, 70, - 70, 1365, 70, 1355, 70, 1354, 70, 1363, 70, 1356, - 70, 1357, 1366, 1358, 1360, 1361, 70, 70, 70, 1359, - 70, 1367, 1369, 1368, 1371, 1364, 1370, 70, 1365, 70, - 70, 1372, 1373, 70, 1363, 1375, 1374, 2340, 1377, 1366, - 1378, 70, 1376, 1380, 2340, 2340, 1379, 1381, 1367, 2340, - 1368, 1371, 70, 1370, 70, 1386, 70, 1384, 1372, 70, - 70, 70, 70, 1374, 70, 1377, 70, 70, 70, 1376, - - 1380, 70, 1382, 1379, 1381, 1383, 1385, 70, 1387, 70, - 70, 1389, 1386, 1388, 1384, 70, 1395, 1390, 1391, 1396, - 1393, 2340, 1394, 70, 2340, 1400, 70, 70, 70, 1382, - 1399, 1392, 1383, 1385, 70, 1387, 70, 70, 1389, 70, - 1388, 1402, 1397, 70, 1390, 1391, 1398, 1393, 70, 1394, - 1403, 70, 70, 1401, 70, 1404, 70, 1399, 1392, 1406, - 70, 1405, 1407, 1408, 1410, 1409, 1412, 1413, 70, 1397, - 1411, 1415, 70, 1398, 70, 1414, 1422, 1403, 1424, 2340, - 1401, 2340, 70, 1425, 70, 2340, 70, 2340, 1405, 1407, - 70, 70, 1409, 1412, 70, 70, 70, 1411, 1416, 1417, - - 1418, 70, 1414, 70, 1420, 1419, 1426, 1421, 70, 1423, - 70, 70, 1427, 70, 70, 1430, 70, 1429, 1433, 70, - 2340, 1432, 1428, 1431, 70, 1416, 1417, 1418, 70, 70, - 1434, 1420, 1419, 1426, 1421, 1436, 1423, 70, 70, 1427, - 1439, 70, 1435, 70, 1429, 1433, 1437, 70, 1432, 1428, - 1431, 1438, 1440, 70, 1441, 1443, 70, 70, 1442, 1444, - 1445, 70, 1436, 1448, 70, 1446, 70, 1439, 1452, 1435, - 1455, 70, 70, 1437, 1447, 70, 1449, 70, 1438, 70, - 70, 1441, 70, 70, 1450, 1442, 1444, 1445, 1451, 70, - 1448, 1453, 1446, 1454, 1456, 70, 1457, 1458, 70, 2340, - - 70, 1447, 70, 1449, 1459, 1460, 1461, 2340, 1464, 2340, - 70, 1450, 70, 70, 70, 1451, 1463, 70, 1453, 70, - 1454, 1462, 70, 70, 1458, 1466, 70, 1465, 70, 1467, - 1468, 1459, 1460, 1461, 1470, 1464, 70, 1471, 1474, 1472, - 70, 70, 70, 1463, 1473, 1475, 1469, 70, 1462, 70, - 1476, 70, 1466, 70, 1465, 1479, 1467, 1468, 1483, 70, - 1484, 1470, 1480, 70, 1471, 1474, 1472, 70, 70, 1477, - 1481, 1473, 1475, 1469, 1478, 1485, 1487, 70, 1488, 1482, - 1486, 1491, 70, 70, 1490, 70, 70, 70, 1492, 1480, - 70, 1489, 70, 1493, 1494, 1496, 1477, 1481, 1495, 70, - - 70, 1478, 1498, 70, 1499, 1500, 1482, 70, 70, 70, - 70, 1490, 1497, 70, 1501, 1492, 70, 70, 1489, 70, - 1493, 1494, 1502, 1503, 1505, 1495, 1504, 70, 1509, 70, - 1506, 1499, 1500, 70, 70, 2340, 1507, 2340, 1508, 1497, - 70, 1501, 1510, 1511, 1515, 1512, 70, 1513, 1516, 70, - 70, 70, 1520, 1504, 2340, 1509, 70, 1506, 70, 70, - 70, 1514, 70, 1507, 70, 1508, 70, 70, 1517, 1510, - 1511, 1515, 1512, 2340, 1513, 70, 70, 1518, 1519, 70, - 1521, 1523, 1527, 1522, 1524, 2340, 70, 70, 1514, 1525, - 70, 1526, 70, 1528, 1531, 1517, 1534, 1538, 1529, 70, - - 70, 70, 2340, 70, 1518, 1519, 70, 1521, 1523, 1530, - 1522, 1524, 70, 70, 70, 1532, 1525, 1533, 1526, 1535, - 1528, 1531, 1536, 70, 70, 1529, 1537, 1539, 1542, 70, - 70, 1540, 1543, 70, 70, 70, 1530, 70, 1541, 70, - 1544, 1545, 1532, 1546, 1533, 2340, 1535, 2340, 70, 1536, - 2340, 70, 2340, 1537, 1539, 70, 1547, 70, 1540, 1543, - 70, 1549, 1550, 70, 1551, 1541, 1548, 1544, 1545, 70, - 1546, 1554, 70, 1553, 70, 1556, 70, 70, 1558, 70, - 1552, 70, 70, 1547, 1555, 70, 1557, 1559, 1549, 1550, - 1560, 1551, 70, 1548, 1561, 1565, 70, 70, 1554, 1563, - - 1553, 70, 1556, 1562, 2340, 70, 70, 1552, 1568, 1564, - 1566, 1555, 1567, 1557, 1559, 1569, 1570, 1560, 70, 70, - 70, 1561, 1565, 1572, 1574, 70, 1563, 1571, 70, 1580, - 1562, 70, 1575, 70, 70, 1568, 1564, 1566, 1576, 1567, - 70, 70, 1569, 1570, 1573, 70, 70, 1577, 1579, 1578, - 70, 1574, 1582, 1583, 1571, 70, 1581, 70, 70, 1575, - 70, 70, 1584, 1586, 1585, 1576, 70, 1587, 2340, 70, - 70, 1573, 70, 1588, 1577, 1579, 1578, 70, 70, 1582, - 1583, 1589, 1590, 1581, 1591, 70, 1593, 2340, 70, 1584, - 70, 1585, 1592, 70, 1587, 1594, 2340, 1595, 1599, 1600, - - 1588, 70, 1596, 1598, 70, 1597, 70, 2340, 1589, 1601, - 2340, 1591, 1603, 1593, 70, 1604, 1602, 70, 2340, 1592, - 70, 70, 1594, 70, 1595, 1599, 70, 70, 70, 1596, - 1598, 70, 1597, 1605, 70, 1607, 1601, 70, 1606, 1603, - 1608, 1613, 1604, 1602, 70, 70, 1612, 70, 1609, 1611, - 70, 70, 1614, 70, 70, 1616, 1615, 1618, 1619, 1617, - 1605, 1610, 1607, 2340, 1620, 1606, 70, 1608, 1613, 70, - 70, 1621, 1636, 1612, 70, 1609, 1611, 70, 1622, 1614, - 1625, 1627, 70, 1615, 70, 1619, 1617, 70, 1610, 1623, - 1626, 1620, 70, 70, 1624, 1631, 1632, 70, 1621, 70, - - 1628, 2340, 1633, 1634, 70, 1622, 1635, 1625, 70, 1637, - 1638, 1640, 1639, 70, 1629, 70, 2340, 1626, 70, 1641, - 2340, 70, 1631, 70, 1643, 1630, 70, 1628, 70, 1633, - 1634, 70, 1645, 1635, 70, 1648, 1637, 70, 1642, 1639, - 1646, 1629, 70, 70, 70, 70, 1641, 70, 1644, 1647, - 70, 1643, 1630, 1651, 70, 1649, 1652, 70, 1650, 1645, - 1653, 70, 1648, 2340, 70, 1642, 1654, 1646, 2340, 70, - 1655, 70, 70, 1656, 1659, 1644, 1647, 70, 1657, 70, - 70, 70, 1649, 1652, 1660, 1650, 70, 1653, 70, 1661, - 1658, 1662, 70, 1654, 70, 70, 1663, 1655, 1664, 1665, - - 1656, 1659, 70, 1666, 1671, 1657, 70, 1667, 1672, 1668, - 70, 1660, 1670, 2340, 1669, 1674, 1661, 1658, 1662, 1675, - 1673, 70, 70, 1663, 1678, 1664, 70, 70, 70, 70, - 1666, 70, 70, 1683, 1667, 70, 1668, 1676, 70, 1670, - 1677, 1669, 1674, 1679, 1680, 70, 1675, 1673, 70, 1681, - 1682, 70, 1684, 1685, 1686, 70, 70, 70, 1687, 1688, - 1683, 1689, 70, 1690, 1676, 70, 70, 1677, 70, 1691, - 1679, 1680, 1693, 1694, 1696, 1692, 1681, 1682, 1697, 70, - 70, 1686, 70, 70, 1695, 70, 1688, 70, 70, 1698, - 70, 1699, 70, 1700, 70, 1702, 1691, 1704, 1703, 1693, - - 70, 70, 1692, 1706, 1705, 1697, 70, 1707, 1701, 70, - 70, 1695, 70, 1708, 70, 70, 1698, 70, 1699, 70, - 1700, 1709, 70, 1710, 1704, 1703, 1711, 1713, 1712, 1715, - 70, 1705, 1714, 70, 1707, 1701, 70, 1716, 70, 70, - 1708, 1717, 1718, 2340, 1721, 1719, 70, 1720, 1709, 70, - 1710, 1723, 1724, 70, 70, 1712, 1715, 2340, 70, 1714, - 70, 1722, 70, 70, 1716, 70, 70, 70, 1717, 1718, - 70, 1721, 1719, 1725, 1720, 1726, 1728, 1727, 1723, 1724, - 1729, 1730, 1733, 1731, 1735, 2340, 1734, 2340, 1722, 70, - 1737, 70, 1732, 1738, 70, 70, 2340, 70, 70, 70, - - 1725, 70, 1726, 1728, 1727, 70, 1736, 1729, 1730, 70, - 1731, 1735, 1739, 1734, 70, 1743, 70, 1737, 1744, 1732, - 1740, 1741, 1745, 1742, 70, 70, 1748, 70, 70, 1746, - 1749, 1747, 1757, 1736, 2340, 1753, 70, 70, 70, 1739, - 70, 70, 1743, 70, 1750, 1744, 1752, 1740, 1741, 1745, - 1742, 1754, 1751, 1748, 70, 1756, 1746, 1749, 1747, 70, - 1755, 70, 70, 1758, 70, 1759, 70, 1760, 2340, 2340, - 1761, 1750, 1763, 1752, 1762, 1764, 1767, 70, 70, 1751, - 70, 1765, 1756, 70, 70, 70, 1766, 1755, 1768, 70, - 1769, 1770, 70, 1772, 1760, 70, 70, 1761, 70, 1763, - - 70, 1762, 1764, 1767, 1771, 1773, 70, 70, 1765, 70, - 1776, 70, 70, 1766, 1774, 70, 1775, 1769, 1770, 1777, - 1772, 70, 1780, 1779, 1778, 1781, 1782, 1783, 70, 1785, - 2340, 1771, 1773, 70, 70, 1784, 1786, 1790, 70, 1788, - 70, 1774, 70, 1775, 70, 70, 1777, 1789, 70, 1780, - 1779, 1778, 70, 1782, 1783, 70, 1785, 70, 1787, 70, - 70, 1791, 1784, 1786, 1792, 70, 1788, 1794, 1793, 70, - 70, 1795, 2340, 1798, 1789, 1796, 70, 1797, 1799, 1800, - 70, 1801, 1802, 1809, 2340, 1787, 70, 1803, 1791, 2340, - 1804, 70, 70, 70, 70, 1793, 1807, 70, 1795, 70, - - 70, 1806, 1796, 1808, 1797, 70, 1812, 70, 1801, 1802, - 1805, 70, 70, 1810, 1803, 70, 70, 1804, 70, 1811, - 1814, 70, 70, 70, 1813, 2340, 1815, 1816, 1806, 1817, - 1808, 70, 1818, 70, 1820, 1819, 1821, 1805, 1822, 2340, - 1810, 1825, 70, 1823, 2340, 70, 1811, 70, 70, 1828, - 70, 1813, 70, 1815, 1816, 1824, 1817, 70, 70, 1818, - 1826, 70, 1819, 70, 70, 70, 1827, 70, 1825, 70, - 1823, 1829, 1830, 1831, 1833, 70, 1828, 1832, 1834, 70, - 1837, 70, 1824, 1836, 70, 1840, 70, 1826, 1835, 70, - 70, 1841, 1843, 1827, 70, 70, 70, 70, 1829, 1830, - - 1831, 70, 1845, 1838, 1832, 1834, 70, 1837, 1839, 70, - 1836, 70, 1840, 1842, 1846, 1835, 1844, 1847, 1841, 1843, - 70, 70, 70, 1848, 1849, 1850, 70, 70, 1851, 1845, - 1838, 1852, 1854, 1853, 2340, 1839, 2340, 2340, 1855, 70, - 1842, 1846, 70, 1844, 1847, 70, 70, 1875, 70, 1856, - 1848, 70, 70, 1857, 70, 1851, 70, 70, 1852, 1854, - 1853, 1858, 70, 1859, 1860, 1855, 70, 1861, 1862, 1864, - 70, 1863, 1866, 1868, 70, 1865, 1856, 70, 1869, 70, - 1857, 70, 70, 1867, 1873, 70, 1874, 70, 1858, 2340, - 1859, 1860, 1870, 70, 1861, 1862, 70, 70, 1863, 1866, - - 1868, 70, 1865, 70, 1871, 1869, 1872, 1876, 1877, 1878, - 1867, 70, 1883, 70, 70, 70, 70, 70, 1879, 1870, - 70, 1880, 1881, 1884, 1882, 2340, 1886, 1885, 70, 70, - 1887, 1871, 2340, 1872, 1876, 1877, 1878, 70, 70, 1883, - 70, 1888, 1892, 1893, 1896, 1879, 70, 1900, 1880, 1881, - 70, 1882, 70, 70, 1885, 1889, 1890, 1887, 1891, 70, - 1894, 1897, 70, 1898, 70, 70, 70, 1895, 1888, 1892, - 70, 70, 70, 1899, 70, 70, 70, 1901, 1902, 1903, - 1905, 1904, 1889, 1890, 70, 1891, 1907, 1894, 1897, 70, - 1898, 70, 1906, 1909, 1895, 1908, 70, 1910, 70, 1911, - - 1899, 1912, 1913, 1914, 1901, 70, 70, 70, 1904, 1922, - 1916, 70, 1915, 70, 70, 70, 1917, 70, 70, 1906, - 1909, 70, 1908, 70, 1910, 70, 1911, 1919, 1912, 1913, - 1914, 70, 1918, 1920, 1921, 70, 70, 1916, 1923, 1915, - 1926, 1925, 1924, 1917, 70, 2340, 70, 1928, 1927, 70, - 1931, 2340, 1929, 1932, 1919, 70, 1930, 1933, 1934, 1918, - 1920, 1921, 70, 70, 70, 70, 1937, 1938, 1925, 1924, - 70, 70, 70, 70, 1928, 1927, 1935, 70, 70, 1929, - 70, 1936, 70, 1930, 1933, 1934, 1939, 1940, 70, 70, - 1941, 2340, 1943, 1937, 1938, 1942, 1944, 1947, 1945, 2340, - - 2340, 1946, 1949, 2340, 70, 1948, 2340, 1953, 70, 2340, - 70, 70, 70, 70, 1940, 70, 70, 1941, 70, 1943, - 70, 70, 1942, 1944, 1947, 1945, 1950, 70, 1946, 1949, - 1951, 1952, 1948, 70, 1953, 1955, 1954, 1956, 1957, 1958, - 70, 1960, 1959, 70, 70, 1962, 70, 2340, 70, 70, - 70, 1966, 1963, 1950, 70, 1961, 1968, 1951, 1952, 70, - 70, 1964, 1955, 1954, 1956, 1957, 70, 70, 1960, 1959, - 1965, 1967, 70, 70, 70, 1969, 2340, 70, 1966, 1963, - 1971, 1972, 1961, 70, 1970, 1977, 1973, 1974, 1964, 1975, - 2340, 1976, 1978, 1981, 70, 70, 1983, 1965, 70, 70, - - 70, 70, 1969, 70, 1980, 1982, 70, 1971, 1972, 70, - 1984, 1970, 70, 1973, 1974, 1979, 1975, 70, 1976, 1978, - 70, 1985, 70, 70, 1987, 1988, 1986, 1989, 1990, 70, - 70, 1980, 1982, 1997, 70, 1991, 70, 1984, 70, 1993, - 70, 1992, 1979, 1995, 1994, 1996, 1999, 70, 70, 2000, - 2340, 70, 1988, 1986, 1989, 1998, 2001, 70, 2002, 2004, - 70, 70, 70, 2003, 70, 70, 70, 2005, 1992, 70, - 1995, 70, 1996, 1999, 2006, 2007, 70, 70, 70, 2009, - 2011, 2008, 1998, 2001, 70, 2002, 2004, 70, 70, 2010, - 2003, 70, 2012, 70, 2005, 2014, 70, 2013, 2340, 2016, - - 2340, 2006, 2007, 70, 2015, 70, 2009, 2011, 2008, 2017, - 2340, 2018, 70, 2340, 70, 2023, 2010, 2019, 2020, 70, - 2021, 2026, 2014, 2029, 2013, 70, 2016, 70, 70, 2022, - 70, 2015, 2024, 70, 2025, 70, 2017, 70, 2018, 70, - 70, 70, 2023, 2027, 2019, 2020, 2028, 2021, 70, 2030, - 70, 2031, 2032, 2033, 2034, 70, 2022, 2035, 2340, 2024, - 2036, 2025, 2043, 70, 2037, 2038, 2340, 70, 2060, 70, - 2027, 70, 2041, 2028, 70, 2042, 2030, 70, 70, 2032, - 2033, 2034, 70, 70, 70, 2039, 70, 2036, 2044, 70, - 2040, 2037, 2038, 70, 2045, 2046, 2047, 70, 2048, 2041, - - 70, 2051, 2042, 2050, 70, 2049, 70, 2340, 2055, 70, - 2053, 70, 2052, 2054, 2340, 2044, 2063, 70, 2058, 70, - 2056, 2045, 2046, 2047, 2057, 2048, 70, 70, 2051, 70, - 2050, 70, 2049, 2059, 70, 70, 70, 2053, 70, 2052, - 2054, 2061, 2062, 70, 2064, 2058, 2065, 2056, 2066, 2067, - 2068, 2057, 70, 70, 2069, 70, 70, 2070, 70, 2071, - 2059, 2073, 2072, 70, 70, 2074, 2077, 70, 2061, 2062, - 70, 2064, 2075, 2065, 70, 2066, 2067, 70, 2076, 70, - 2080, 2069, 70, 2078, 70, 2079, 2071, 2082, 70, 2072, - 2084, 70, 2074, 2077, 2085, 70, 70, 2081, 70, 2075, - - 2083, 2087, 70, 2086, 70, 2076, 2090, 2080, 70, 70, - 2078, 2088, 2079, 2089, 70, 2092, 2091, 70, 2093, 70, - 2094, 70, 70, 70, 2081, 2097, 70, 2083, 70, 2096, - 2086, 2095, 2098, 70, 70, 70, 2099, 2104, 2088, 2109, - 2089, 2100, 2092, 2091, 70, 2093, 70, 2094, 70, 2101, - 2102, 2105, 70, 2103, 70, 2106, 2096, 70, 2095, 70, - 70, 2110, 2111, 2099, 70, 70, 2108, 2112, 2100, 2107, - 2113, 70, 2117, 70, 2120, 70, 2101, 2102, 2105, 70, - 2103, 70, 2106, 2114, 70, 2115, 70, 2116, 70, 2111, - 2118, 2119, 2121, 2108, 2122, 70, 2107, 2113, 2123, 70, - - 70, 70, 70, 2125, 70, 70, 2124, 70, 2127, 2126, - 2114, 2128, 2115, 2129, 2116, 2130, 70, 2118, 2119, 70, - 2131, 2122, 2133, 2135, 2132, 70, 2134, 70, 70, 2139, - 2125, 70, 70, 2124, 2340, 70, 2126, 70, 70, 2137, - 70, 2136, 2130, 2138, 2141, 2140, 70, 70, 2142, 2133, - 70, 2132, 70, 2134, 70, 2143, 70, 70, 2144, 2145, - 2340, 70, 2146, 2149, 2340, 2148, 2137, 70, 2136, 70, - 2138, 2141, 2140, 2150, 70, 2155, 2147, 2151, 70, 2340, - 70, 70, 2143, 70, 70, 70, 2145, 70, 2153, 2146, - 2149, 2152, 2148, 2162, 70, 70, 70, 2156, 2154, 70, - - 2150, 2160, 2155, 2147, 2151, 70, 2157, 2158, 70, 2163, - 2340, 2159, 2161, 2165, 2164, 2153, 70, 70, 2152, 70, - 70, 2166, 2169, 70, 2156, 2154, 2170, 2173, 2160, 2172, - 2174, 2176, 2175, 2157, 2158, 2171, 70, 70, 2159, 2161, - 70, 2164, 70, 70, 70, 70, 2178, 2180, 70, 2169, - 70, 2177, 2181, 70, 70, 70, 2172, 2174, 2176, 2175, - 70, 2179, 2171, 2182, 70, 2184, 2186, 2183, 2185, 2187, - 2188, 2190, 70, 2178, 70, 70, 2340, 70, 2177, 70, - 2191, 2192, 2194, 70, 2189, 2195, 2196, 70, 2179, 70, - 2182, 2193, 2184, 70, 2183, 2185, 70, 2188, 2190, 70, - - 2197, 70, 70, 70, 2198, 2199, 2200, 2191, 2192, 70, - 2201, 2189, 70, 70, 2202, 2203, 2340, 2204, 2193, 2206, - 2207, 2208, 2205, 70, 2209, 70, 70, 70, 2210, 70, - 70, 70, 2199, 70, 70, 2211, 2212, 70, 2214, 2213, - 2340, 2202, 2203, 70, 2204, 70, 70, 2207, 2208, 2205, - 2215, 2209, 70, 2217, 70, 2210, 2220, 2218, 70, 70, - 70, 2216, 2211, 2219, 70, 2214, 2213, 70, 70, 2221, - 70, 2223, 2222, 2224, 2340, 70, 70, 2215, 2226, 70, - 2217, 70, 2225, 2220, 2218, 70, 2227, 2228, 2216, 70, - 2219, 2340, 2236, 2232, 2229, 70, 2221, 2230, 2223, 2222, - - 2224, 70, 70, 70, 70, 2226, 70, 2231, 2234, 2225, - 2233, 2238, 70, 2227, 2228, 70, 2235, 2240, 70, 70, - 2232, 2229, 70, 2237, 2230, 2239, 2241, 2340, 2242, 70, - 2243, 2246, 2248, 70, 2231, 2234, 70, 2233, 70, 2244, - 2245, 70, 2340, 2235, 70, 2250, 2254, 2247, 2257, 2258, - 2237, 70, 2239, 70, 70, 2242, 2249, 2243, 2246, 70, - 2251, 70, 70, 2252, 70, 2255, 2244, 2245, 70, 70, - 2253, 2264, 70, 70, 2247, 70, 2259, 2256, 2261, 70, - 70, 70, 2260, 2249, 70, 70, 70, 2251, 2262, 70, - 2252, 2265, 2255, 2263, 70, 70, 70, 2253, 2264, 2266, - - 2267, 2270, 2268, 2259, 2256, 2261, 70, 70, 2271, 2260, - 2274, 2269, 2272, 70, 70, 2262, 70, 2273, 2265, 70, - 2263, 70, 2275, 70, 2276, 70, 2266, 2267, 2270, 2268, - 70, 2277, 2280, 2278, 2279, 2271, 2281, 70, 2269, 2272, - 70, 2288, 2282, 2283, 2273, 2285, 2340, 2340, 2340, 2284, - 70, 2276, 2291, 70, 70, 70, 70, 70, 2277, 2280, - 2278, 2279, 2294, 2286, 70, 70, 2287, 2289, 70, 2282, - 70, 70, 2285, 70, 70, 70, 2284, 2290, 70, 2291, - 2292, 2340, 2298, 2293, 70, 2297, 2300, 2295, 2296, 2294, - 2286, 70, 2340, 2287, 2289, 70, 70, 2299, 70, 70, - - 70, 2301, 70, 2302, 2290, 2304, 2307, 2292, 70, 2298, - 2293, 2305, 2297, 2300, 2295, 2296, 2309, 2303, 2306, 70, - 2310, 2311, 2312, 2340, 2299, 70, 70, 2308, 2301, 70, - 2302, 70, 2304, 2307, 2318, 70, 2313, 70, 2305, 2314, - 70, 2340, 70, 70, 2303, 2306, 70, 2310, 2311, 70, - 2315, 2316, 2317, 2320, 2308, 2324, 70, 2319, 70, 70, - 70, 70, 2322, 2313, 2321, 70, 2314, 2325, 2323, 2340, - 70, 2328, 2329, 70, 2331, 70, 70, 2315, 2316, 2317, - 2320, 70, 2324, 2330, 2319, 2326, 70, 2332, 2327, 2322, - 2338, 2321, 2339, 70, 70, 2323, 70, 70, 2328, 70, - - 2333, 70, 2334, 70, 2335, 2336, 2340, 2340, 2337, 2340, - 2330, 2340, 2326, 70, 70, 2327, 70, 70, 2340, 70, - 70, 2340, 2340, 2340, 70, 2340, 70, 2333, 2340, 2334, - 2340, 2335, 2336, 2340, 2340, 2337, 42, 42, 42, 42, - 42, 42, 42, 47, 47, 47, 47, 47, 47, 47, - 52, 52, 52, 52, 52, 52, 52, 58, 58, 58, - 58, 58, 58, 58, 63, 63, 63, 63, 63, 63, - 63, 73, 73, 2340, 73, 73, 73, 73, 134, 134, - 2340, 2340, 2340, 134, 134, 136, 136, 2340, 2340, 136, - 2340, 136, 138, 2340, 2340, 2340, 2340, 2340, 138, 141, - - 141, 2340, 2340, 2340, 141, 141, 143, 2340, 2340, 2340, - 2340, 2340, 143, 145, 145, 2340, 145, 145, 145, 145, - 74, 74, 2340, 74, 74, 74, 74, 13, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340 - + 39, 40, 14, 14, 14, 41, 44, 45, 46, 44, + 45, 46, 49, 50, 49, 50, 51, 101, 51, 54, + 55, 56, 57, 70, 18, 54, 55, 56, 57, 71, + 18, 60, 61, 62, 60, 61, 62, 72, 81, 139, + + 139, 73, 103, 47, 101, 141, 47, 149, 141, 52, + 75, 52, 75, 75, 71, 75, 72, 58, 146, 146, + 73, 75, 153, 58, 71, 81, 77, 78, 63, 103, + 79, 63, 15, 16, 17, 65, 66, 67, 15, 16, + 17, 65, 66, 67, 80, 91, 71, 93, 76, 153, + 71, 95, 68, 77, 78, 82, 149, 79, 68, 96, + 147, 94, 83, 138, 155, 92, 84, 117, 71, 85, + 69, 80, 91, 71, 93, 71, 69, 71, 95, 68, + 71, 71, 82, 102, 71, 68, 96, 152, 94, 83, + 138, 155, 92, 84, 117, 1118, 85, 86, 161, 97, + + 149, 87, 98, 167, 88, 71, 89, 90, 71, 99, + 102, 100, 111, 156, 152, 906, 71, 108, 71, 71, + 71, 109, 71, 71, 86, 161, 97, 104, 87, 98, + 167, 88, 154, 89, 90, 105, 99, 110, 100, 111, + 156, 106, 157, 71, 108, 107, 71, 70, 109, 70, + 70, 349, 70, 71, 104, 71, 139, 139, 70, 154, + 145, 118, 105, 135, 110, 119, 71, 136, 106, 157, + 206, 137, 107, 112, 144, 120, 142, 113, 121, 143, + 71, 143, 143, 114, 143, 216, 115, 71, 118, 71, + 135, 140, 119, 116, 136, 71, 71, 206, 137, 168, + + 112, 127, 120, 128, 113, 121, 75, 71, 75, 75, + 114, 75, 129, 115, 160, 146, 146, 71, 130, 131, + 116, 122, 141, 71, 123, 141, 168, 71, 127, 132, + 128, 124, 71, 133, 134, 125, 126, 149, 147, 129, + 145, 160, 71, 71, 151, 130, 131, 148, 122, 148, + 148, 123, 148, 144, 142, 235, 132, 140, 124, 158, + 133, 134, 125, 126, 70, 162, 70, 70, 75, 70, + 75, 75, 159, 75, 163, 70, 165, 166, 71, 75, + 164, 171, 169, 71, 172, 71, 158, 71, 175, 173, + 174, 71, 162, 176, 71, 71, 177, 71, 184, 159, + + 170, 163, 71, 165, 166, 71, 76, 164, 171, 178, + 239, 172, 179, 71, 71, 175, 173, 174, 180, 71, + 176, 181, 185, 177, 186, 71, 71, 170, 2507, 194, + 71, 71, 71, 187, 182, 183, 178, 239, 191, 179, + 189, 193, 71, 192, 190, 180, 71, 2507, 181, 185, + 2507, 186, 71, 188, 71, 71, 194, 195, 196, 197, + 187, 182, 183, 2507, 71, 191, 199, 189, 193, 198, + 192, 190, 71, 71, 201, 205, 2507, 71, 200, 71, + 188, 202, 71, 71, 195, 196, 197, 71, 203, 208, + 71, 207, 204, 199, 210, 209, 198, 71, 71, 211, + + 215, 201, 205, 71, 2507, 200, 71, 71, 202, 212, + 71, 218, 2507, 217, 71, 203, 208, 222, 207, 204, + 213, 210, 209, 220, 214, 71, 211, 215, 71, 223, + 221, 219, 71, 71, 224, 71, 212, 71, 218, 225, + 217, 71, 242, 228, 222, 71, 230, 213, 227, 231, + 220, 214, 229, 2507, 71, 71, 223, 221, 219, 232, + 226, 224, 234, 71, 71, 71, 225, 71, 2507, 242, + 228, 71, 71, 230, 233, 227, 231, 2507, 143, 229, + 143, 143, 2507, 143, 71, 240, 232, 226, 148, 234, + 148, 148, 75, 148, 75, 75, 236, 75, 149, 237, + + 241, 233, 243, 246, 71, 71, 238, 244, 71, 247, + 245, 2507, 240, 249, 71, 250, 248, 2507, 71, 259, + 2507, 251, 2507, 236, 71, 252, 237, 241, 71, 243, + 151, 2507, 261, 238, 244, 71, 247, 245, 71, 71, + 249, 262, 253, 248, 264, 71, 259, 71, 2507, 71, + 260, 263, 252, 2507, 71, 269, 266, 2507, 71, 261, + 2507, 268, 267, 71, 282, 2507, 71, 71, 262, 253, + 254, 2507, 265, 273, 71, 255, 71, 260, 263, 71, + 256, 272, 269, 266, 71, 280, 257, 258, 268, 267, + 71, 270, 71, 71, 271, 71, 71, 254, 274, 265, + + 273, 279, 255, 283, 287, 275, 71, 256, 272, 290, + 276, 292, 280, 257, 258, 281, 284, 288, 270, 323, + 71, 271, 277, 71, 278, 274, 71, 285, 279, 71, + 283, 71, 275, 286, 291, 71, 71, 276, 293, 289, + 71, 71, 281, 71, 288, 71, 71, 294, 71, 277, + 295, 278, 296, 299, 285, 297, 71, 298, 71, 302, + 286, 291, 71, 303, 71, 304, 289, 71, 300, 301, + 71, 310, 306, 71, 294, 71, 71, 295, 71, 296, + 299, 71, 297, 71, 298, 308, 302, 71, 307, 313, + 303, 305, 304, 316, 71, 300, 301, 71, 71, 306, + + 309, 311, 312, 71, 314, 71, 317, 315, 71, 318, + 71, 71, 308, 71, 320, 307, 319, 330, 305, 2507, + 316, 71, 321, 326, 71, 322, 2507, 309, 311, 312, + 324, 314, 71, 327, 315, 335, 329, 71, 71, 71, + 71, 71, 331, 319, 330, 333, 71, 336, 332, 321, + 328, 71, 322, 325, 334, 71, 71, 149, 71, 339, + 327, 337, 71, 329, 71, 338, 340, 71, 2507, 331, + 344, 341, 333, 342, 358, 332, 71, 328, 71, 71, + 325, 334, 71, 71, 71, 346, 343, 71, 337, 71, + 347, 71, 338, 340, 345, 350, 71, 344, 341, 71, + + 342, 348, 2507, 351, 71, 352, 71, 353, 354, 71, + 356, 360, 346, 343, 355, 71, 366, 347, 71, 361, + 71, 345, 350, 359, 357, 2507, 364, 71, 348, 71, + 351, 71, 352, 71, 353, 354, 71, 356, 71, 362, + 2507, 355, 71, 71, 71, 365, 361, 367, 71, 368, + 359, 357, 71, 364, 71, 369, 363, 370, 71, 371, + 2507, 71, 71, 372, 373, 374, 362, 71, 375, 380, + 376, 71, 365, 71, 367, 378, 368, 71, 379, 381, + 377, 2507, 369, 363, 370, 71, 371, 71, 71, 71, + 372, 373, 374, 71, 382, 375, 71, 376, 387, 71, + + 389, 71, 378, 71, 383, 379, 381, 377, 388, 71, + 395, 392, 384, 385, 391, 386, 71, 2507, 390, 393, + 394, 382, 71, 2507, 71, 387, 71, 389, 71, 396, + 71, 383, 400, 397, 2507, 388, 398, 71, 392, 384, + 385, 391, 386, 71, 71, 390, 393, 394, 401, 399, + 71, 402, 403, 71, 404, 405, 396, 2507, 407, 400, + 397, 71, 406, 398, 408, 409, 71, 71, 410, 413, + 425, 71, 412, 71, 71, 401, 399, 71, 71, 403, + 71, 404, 405, 411, 71, 407, 414, 415, 424, 406, + 71, 408, 409, 416, 71, 417, 2507, 418, 419, 412, + + 71, 71, 71, 436, 426, 420, 71, 449, 71, 71, + 411, 71, 450, 414, 415, 424, 71, 451, 421, 71, + 416, 422, 417, 423, 418, 419, 71, 427, 434, 71, + 436, 426, 420, 429, 71, 428, 433, 437, 71, 71, + 435, 71, 1011, 71, 451, 421, 430, 447, 422, 431, + 423, 432, 71, 438, 427, 434, 439, 71, 467, 71, + 429, 71, 428, 433, 437, 452, 2507, 435, 448, 71, + 2507, 149, 71, 430, 447, 458, 431, 454, 432, 453, + 438, 456, 71, 439, 440, 441, 71, 71, 71, 71, + 71, 455, 452, 457, 442, 448, 443, 444, 445, 71, + + 71, 446, 458, 461, 454, 459, 453, 71, 456, 71, + 2507, 440, 441, 465, 460, 462, 471, 464, 455, 463, + 457, 442, 71, 443, 444, 445, 71, 466, 446, 71, + 461, 468, 469, 474, 2507, 71, 470, 71, 71, 71, + 465, 460, 462, 472, 464, 71, 463, 71, 71, 71, + 473, 475, 476, 2507, 466, 71, 478, 477, 468, 469, + 474, 71, 479, 470, 71, 480, 481, 71, 2507, 486, + 472, 482, 483, 71, 485, 487, 488, 473, 71, 497, + 71, 71, 498, 478, 477, 71, 71, 484, 71, 479, + 2507, 71, 480, 481, 71, 71, 486, 489, 482, 483, + + 71, 485, 487, 488, 490, 493, 494, 495, 496, 498, + 71, 71, 503, 500, 484, 491, 499, 492, 502, 501, + 508, 531, 71, 71, 489, 71, 71, 505, 71, 507, + 71, 490, 493, 494, 495, 496, 71, 71, 71, 503, + 500, 71, 491, 499, 492, 502, 501, 504, 506, 71, + 509, 510, 71, 71, 505, 71, 507, 71, 511, 514, + 516, 71, 71, 512, 513, 2507, 517, 515, 71, 2507, + 520, 2507, 2507, 71, 504, 506, 518, 509, 510, 71, + 71, 71, 71, 71, 521, 511, 514, 516, 523, 519, + 512, 513, 71, 517, 515, 71, 71, 520, 71, 522, + + 524, 525, 526, 518, 527, 71, 528, 71, 71, 530, + 71, 521, 529, 71, 532, 523, 519, 71, 71, 71, + 533, 534, 71, 536, 535, 538, 522, 524, 525, 526, + 537, 527, 71, 528, 71, 539, 530, 71, 542, 529, + 2507, 532, 71, 71, 546, 543, 541, 533, 534, 71, + 71, 535, 538, 545, 2507, 71, 544, 537, 540, 71, + 71, 550, 71, 547, 548, 542, 71, 71, 549, 71, + 558, 546, 543, 541, 2507, 71, 71, 71, 561, 71, + 545, 559, 560, 544, 585, 540, 71, 2507, 550, 71, + 547, 548, 562, 71, 2507, 549, 551, 558, 563, 564, + + 71, 552, 565, 553, 71, 561, 567, 2507, 559, 560, + 71, 554, 566, 568, 555, 556, 71, 71, 570, 562, + 71, 557, 71, 551, 569, 563, 564, 571, 552, 71, + 553, 71, 572, 567, 71, 573, 2507, 71, 554, 566, + 568, 555, 556, 575, 71, 570, 574, 71, 557, 576, + 578, 569, 594, 579, 571, 71, 580, 71, 71, 572, + 577, 71, 573, 581, 71, 71, 583, 582, 584, 588, + 575, 71, 71, 574, 586, 71, 576, 578, 587, 71, + 579, 71, 592, 580, 71, 590, 71, 577, 71, 71, + 581, 149, 593, 583, 582, 584, 588, 589, 595, 591, + + 596, 586, 597, 2507, 599, 587, 71, 71, 71, 592, + 598, 71, 590, 71, 601, 71, 602, 600, 606, 593, + 611, 605, 609, 607, 589, 71, 591, 596, 71, 71, + 71, 599, 71, 608, 71, 603, 71, 598, 604, 610, + 71, 601, 612, 602, 600, 613, 71, 71, 605, 71, + 71, 614, 71, 615, 616, 617, 2507, 620, 618, 71, + 608, 71, 603, 71, 619, 604, 71, 621, 623, 71, + 622, 628, 71, 2507, 2507, 71, 71, 71, 624, 630, + 615, 616, 617, 71, 620, 618, 625, 626, 71, 627, + 629, 619, 71, 71, 621, 71, 71, 622, 634, 631, + + 71, 71, 635, 71, 632, 624, 630, 71, 633, 71, + 636, 637, 71, 625, 626, 640, 627, 629, 638, 71, + 641, 639, 643, 71, 651, 634, 631, 71, 71, 635, + 648, 632, 642, 71, 71, 633, 646, 636, 637, 644, + 71, 71, 640, 647, 653, 638, 71, 650, 639, 643, + 71, 71, 71, 649, 652, 71, 656, 648, 71, 642, + 654, 645, 71, 646, 655, 71, 644, 71, 657, 71, + 647, 653, 71, 658, 650, 71, 659, 71, 662, 663, + 649, 652, 660, 656, 664, 666, 661, 654, 645, 667, + 665, 71, 71, 671, 668, 657, 71, 71, 71, 71, + + 658, 71, 673, 659, 669, 670, 663, 71, 676, 660, + 71, 674, 666, 661, 71, 672, 71, 665, 71, 71, + 71, 71, 677, 71, 678, 71, 675, 683, 679, 673, + 681, 669, 670, 680, 682, 71, 71, 71, 674, 684, + 71, 2507, 672, 685, 698, 2507, 71, 71, 736, 677, + 686, 678, 71, 675, 683, 687, 71, 681, 688, 71, + 71, 682, 690, 689, 71, 691, 684, 71, 71, 71, + 685, 71, 693, 692, 694, 697, 71, 686, 695, 696, + 71, 2507, 687, 71, 71, 688, 71, 71, 71, 690, + 689, 71, 691, 706, 71, 699, 700, 2507, 701, 693, + + 692, 694, 697, 71, 71, 695, 696, 71, 702, 703, + 708, 704, 2507, 705, 2507, 2507, 71, 71, 71, 71, + 706, 707, 699, 700, 709, 701, 71, 713, 714, 71, + 710, 712, 715, 2507, 711, 702, 703, 708, 704, 71, + 705, 71, 71, 716, 717, 71, 71, 71, 707, 719, + 71, 709, 71, 718, 713, 714, 720, 710, 712, 715, + 721, 711, 71, 722, 723, 71, 71, 724, 725, 71, + 716, 717, 728, 71, 71, 726, 719, 730, 727, 71, + 718, 71, 729, 720, 733, 71, 741, 721, 71, 149, + 722, 723, 71, 731, 724, 725, 71, 734, 71, 728, + + 735, 732, 726, 737, 71, 727, 738, 739, 71, 729, + 71, 71, 740, 742, 743, 71, 752, 2507, 71, 71, + 731, 71, 71, 71, 734, 755, 71, 735, 732, 71, + 737, 745, 71, 738, 739, 744, 761, 71, 71, 740, + 742, 743, 751, 752, 754, 758, 753, 759, 71, 756, + 2507, 2507, 755, 2507, 71, 757, 769, 774, 745, 760, + 71, 71, 744, 746, 71, 71, 71, 747, 71, 751, + 748, 754, 758, 753, 759, 71, 756, 749, 71, 771, + 750, 71, 757, 769, 71, 71, 760, 2507, 71, 770, + 746, 772, 2507, 71, 747, 71, 773, 748, 2507, 2507, + + 777, 775, 2507, 776, 749, 778, 771, 750, 762, 763, + 2507, 764, 71, 2507, 765, 779, 770, 781, 772, 766, + 71, 71, 782, 773, 780, 767, 768, 777, 775, 71, + 776, 71, 778, 785, 71, 762, 763, 71, 764, 71, + 783, 765, 779, 788, 781, 789, 766, 71, 71, 782, + 784, 780, 767, 768, 786, 71, 71, 787, 71, 792, + 785, 71, 71, 790, 2507, 71, 791, 783, 71, 794, + 788, 71, 789, 793, 795, 71, 796, 784, 797, 71, + 798, 786, 799, 2507, 787, 2507, 792, 800, 71, 806, + 790, 71, 801, 791, 802, 803, 794, 71, 71, 807, + + 793, 71, 804, 796, 71, 805, 71, 810, 71, 799, + 71, 71, 71, 71, 800, 808, 806, 809, 2507, 801, + 811, 802, 803, 812, 71, 71, 71, 813, 71, 804, + 815, 814, 805, 71, 817, 816, 71, 818, 819, 71, + 821, 71, 808, 71, 809, 71, 71, 811, 71, 71, + 812, 820, 71, 825, 813, 71, 824, 815, 814, 2507, + 71, 817, 816, 822, 818, 819, 826, 821, 828, 71, + 827, 823, 71, 2507, 71, 829, 833, 830, 820, 835, + 71, 71, 71, 824, 71, 834, 831, 71, 71, 832, + 822, 71, 71, 826, 71, 828, 71, 827, 823, 836, + + 837, 839, 829, 833, 830, 838, 835, 71, 71, 71, + 840, 842, 834, 831, 841, 843, 832, 844, 71, 849, + 71, 848, 71, 71, 71, 846, 836, 837, 839, 845, + 71, 851, 838, 847, 71, 71, 71, 840, 71, 850, + 71, 841, 843, 856, 844, 852, 71, 853, 848, 854, + 859, 71, 846, 857, 860, 71, 845, 855, 861, 71, + 847, 858, 863, 71, 71, 71, 850, 71, 71, 862, + 856, 865, 852, 867, 853, 868, 854, 869, 71, 864, + 857, 860, 71, 71, 855, 861, 71, 71, 858, 71, + 866, 870, 871, 872, 71, 71, 862, 71, 71, 71, + + 867, 873, 149, 875, 869, 874, 864, 877, 71, 71, + 884, 886, 885, 71, 71, 71, 71, 866, 870, 871, + 872, 888, 876, 71, 887, 2507, 71, 905, 873, 71, + 875, 2507, 874, 889, 877, 71, 71, 884, 886, 885, + 890, 892, 891, 2507, 71, 71, 893, 2507, 888, 876, + 878, 887, 879, 894, 71, 71, 880, 900, 881, 895, + 889, 2507, 71, 882, 896, 897, 71, 890, 883, 891, + 71, 899, 901, 71, 71, 898, 71, 878, 71, 879, + 894, 902, 71, 880, 900, 881, 895, 71, 903, 904, + 882, 896, 897, 71, 71, 883, 907, 908, 899, 901, + + 918, 2507, 898, 909, 2507, 71, 922, 916, 902, 71, + 917, 2507, 71, 71, 919, 903, 920, 921, 924, 2507, + 926, 71, 71, 928, 908, 71, 71, 918, 71, 71, + 909, 910, 71, 922, 916, 923, 911, 917, 912, 71, + 929, 919, 71, 920, 921, 924, 925, 71, 71, 913, + 914, 927, 930, 932, 71, 71, 915, 71, 910, 933, + 71, 931, 923, 911, 71, 912, 935, 929, 938, 936, + 941, 937, 934, 925, 71, 71, 913, 914, 927, 930, + 71, 71, 71, 915, 71, 71, 933, 71, 931, 939, + 943, 945, 71, 935, 940, 946, 936, 941, 937, 934, + + 71, 942, 71, 71, 944, 947, 948, 71, 71, 71, + 2507, 71, 949, 71, 950, 951, 939, 943, 945, 71, + 71, 940, 946, 71, 952, 953, 954, 71, 942, 956, + 957, 944, 955, 948, 959, 2507, 965, 71, 960, 949, + 958, 950, 951, 961, 964, 71, 71, 71, 71, 71, + 71, 952, 953, 954, 71, 71, 956, 962, 966, 955, + 963, 959, 71, 965, 967, 71, 968, 958, 71, 970, + 71, 964, 969, 972, 971, 973, 71, 974, 981, 71, + 71, 975, 2507, 71, 962, 966, 978, 963, 71, 976, + 977, 967, 982, 71, 980, 71, 970, 71, 71, 969, + + 972, 971, 973, 71, 974, 71, 983, 71, 975, 979, + 71, 71, 990, 978, 984, 71, 976, 977, 985, 71, + 71, 980, 986, 71, 71, 988, 987, 991, 992, 989, + 2507, 71, 71, 983, 71, 993, 979, 994, 995, 996, + 997, 984, 71, 71, 71, 985, 71, 999, 2507, 986, + 71, 998, 988, 987, 1001, 992, 989, 71, 71, 71, + 71, 1000, 993, 71, 994, 1002, 71, 997, 1003, 1004, + 71, 71, 1005, 2507, 999, 1006, 1007, 71, 998, 1008, + 71, 1001, 1009, 1010, 71, 1012, 1013, 71, 1000, 1015, + 1017, 71, 1002, 1021, 71, 71, 1019, 71, 71, 1005, + + 71, 71, 1006, 71, 71, 1018, 1008, 1014, 71, 1009, + 1010, 1016, 1012, 1013, 1020, 71, 1015, 71, 71, 71, + 71, 1022, 1023, 1019, 1024, 1025, 1026, 2507, 71, 2507, + 1028, 1029, 1018, 1027, 1014, 2507, 71, 1030, 1016, 1036, + 2507, 1020, 1032, 71, 71, 1033, 2507, 71, 1022, 1031, + 71, 71, 1025, 1026, 71, 71, 71, 1028, 1029, 71, + 1027, 71, 1034, 1035, 1030, 71, 71, 1037, 1038, 1032, + 1039, 71, 1033, 1045, 71, 1040, 1031, 71, 1053, 1048, + 71, 1046, 71, 1049, 1047, 2507, 71, 1041, 2507, 1034, + 1035, 71, 71, 1052, 1037, 1038, 1042, 1039, 1043, 71, + + 1045, 1044, 1040, 71, 71, 1053, 1048, 71, 1046, 71, + 1049, 1047, 1050, 1051, 1041, 71, 1054, 1056, 1055, 1057, + 1052, 71, 1058, 1042, 1060, 1043, 71, 1063, 1044, 71, + 1059, 71, 1061, 2507, 2507, 71, 1062, 2507, 71, 1050, + 1051, 71, 1066, 1054, 71, 1055, 1057, 71, 71, 1058, + 71, 1060, 71, 1064, 1063, 1065, 1067, 1059, 1068, 1061, + 1071, 1072, 71, 1062, 1069, 1070, 71, 71, 71, 1066, + 71, 71, 1073, 71, 71, 1075, 1076, 1074, 1078, 71, + 1064, 71, 1065, 1067, 71, 1068, 1081, 1071, 1072, 1079, + 1077, 1069, 1070, 71, 1085, 1082, 71, 71, 1080, 1073, + + 1083, 71, 1075, 71, 1074, 1078, 1084, 71, 71, 1086, + 2507, 1087, 1096, 1081, 71, 2507, 1079, 1077, 1094, 1098, + 71, 1085, 1095, 71, 1097, 1080, 1108, 71, 2507, 2507, + 2507, 1109, 71, 1084, 2507, 1106, 1086, 71, 1087, 1088, + 71, 71, 1089, 1090, 71, 1094, 1098, 1091, 71, 1095, + 71, 1097, 2507, 1092, 1099, 1100, 1101, 1093, 71, 1102, + 1103, 71, 1106, 71, 1107, 1111, 1088, 71, 1105, 1089, + 1090, 1104, 71, 71, 1091, 1110, 2507, 71, 71, 1117, + 1092, 1099, 1100, 1101, 1093, 71, 1102, 1103, 71, 71, + 71, 1107, 1111, 1119, 2507, 1105, 1120, 71, 1104, 1121, + + 1123, 2507, 1110, 1112, 1122, 71, 1117, 1127, 1113, 71, + 1114, 71, 1115, 71, 1116, 1126, 1128, 1124, 71, 71, + 1119, 71, 1125, 1120, 71, 71, 1121, 1123, 71, 1129, + 1112, 1122, 1130, 1131, 1127, 1113, 1133, 1114, 1132, 1115, + 1136, 1116, 1126, 1128, 1134, 71, 1137, 1139, 71, 71, + 1135, 71, 71, 71, 71, 71, 1129, 1138, 1140, 1130, + 1131, 2507, 71, 1133, 1141, 1132, 1144, 1136, 1142, 71, + 1143, 1134, 1145, 71, 71, 1146, 1147, 1135, 71, 71, + 1148, 1149, 1150, 71, 1138, 1140, 71, 71, 71, 1151, + 71, 1141, 1152, 71, 1154, 1142, 71, 1143, 71, 1145, + + 1153, 1155, 71, 1147, 1157, 1156, 2507, 1148, 1149, 71, + 1159, 1158, 1164, 1160, 71, 1162, 1151, 1165, 71, 1152, + 1161, 1154, 71, 71, 71, 71, 71, 1153, 1155, 1163, + 1166, 1157, 1156, 71, 1167, 71, 71, 1159, 1158, 1175, + 1160, 71, 1162, 71, 71, 1168, 1169, 1161, 1170, 71, + 1171, 1172, 71, 1173, 71, 1174, 1163, 1166, 71, 71, + 71, 1176, 1179, 71, 71, 2507, 71, 1182, 1177, 71, + 1180, 71, 1168, 1169, 1178, 1170, 71, 71, 1172, 1181, + 1173, 71, 1174, 1183, 1184, 71, 1185, 1186, 71, 1179, + 1187, 71, 71, 71, 1182, 1177, 71, 1180, 1188, 1189, + + 1190, 1178, 1194, 71, 1195, 1196, 1181, 1191, 2507, 71, + 1183, 1184, 71, 1185, 1186, 71, 1192, 1187, 71, 1202, + 71, 1193, 71, 71, 1197, 71, 1189, 1190, 1203, 1194, + 1198, 1195, 1196, 1199, 1191, 1205, 71, 1200, 1204, 1207, + 1201, 71, 71, 2507, 71, 1206, 1202, 71, 71, 1208, + 71, 1197, 1210, 2507, 1209, 1203, 1211, 1198, 71, 71, + 1199, 71, 1205, 71, 1200, 71, 1207, 1201, 1212, 1213, + 71, 1214, 1206, 1215, 71, 71, 1208, 1217, 1216, 1210, + 71, 1209, 71, 1211, 1218, 1220, 71, 1219, 2507, 2507, + 1221, 1225, 71, 71, 1222, 1212, 1213, 1223, 1214, 71, + + 1215, 71, 71, 71, 1217, 1216, 71, 1224, 1226, 71, + 1227, 1218, 1220, 71, 1219, 71, 1228, 1221, 1225, 1230, + 1229, 1222, 1239, 1232, 1223, 71, 1234, 1231, 71, 1235, + 1233, 1236, 71, 1237, 1224, 1226, 71, 1227, 71, 71, + 1238, 1240, 2507, 1228, 71, 71, 1230, 1229, 71, 71, + 1232, 1241, 1245, 1234, 1231, 1246, 1242, 1233, 1243, 71, + 1237, 71, 1244, 71, 71, 71, 71, 1238, 1240, 71, + 1247, 71, 71, 1248, 71, 1250, 1249, 71, 1241, 1245, + 1256, 71, 1246, 1242, 1260, 1243, 1251, 71, 71, 1244, + 1252, 1254, 71, 1257, 71, 1253, 1255, 1247, 71, 2507, + + 1248, 71, 1250, 1249, 1258, 1263, 1259, 1256, 1261, 71, + 1262, 1264, 71, 1251, 71, 1272, 71, 1265, 71, 1266, + 1257, 1267, 71, 71, 1270, 71, 71, 71, 1268, 71, + 71, 1258, 1263, 1259, 1269, 1261, 71, 1262, 1271, 1273, + 1275, 71, 1272, 71, 1265, 1274, 1266, 71, 1267, 1276, + 71, 1270, 1277, 1281, 1278, 1268, 1279, 1282, 1286, 1280, + 71, 1269, 1284, 71, 1293, 1271, 1273, 71, 71, 71, + 1283, 71, 1274, 71, 71, 71, 1276, 1285, 71, 1277, + 1281, 1278, 2507, 1279, 1282, 71, 1280, 1287, 71, 1284, + 1288, 1290, 1289, 1291, 1292, 1294, 71, 1283, 71, 1295, + + 1296, 71, 71, 1297, 1285, 1298, 71, 1299, 71, 71, + 1300, 1301, 2507, 71, 1287, 71, 1304, 1288, 1290, 1289, + 1291, 1292, 71, 1302, 1303, 71, 1295, 1296, 1305, 1309, + 1297, 71, 1298, 1308, 71, 71, 1306, 71, 71, 71, + 71, 71, 71, 1304, 1307, 1310, 1313, 71, 1311, 1312, + 1302, 1303, 1314, 1315, 71, 1305, 1309, 1318, 1316, 71, + 1308, 2507, 71, 1306, 71, 1321, 71, 2507, 71, 1323, + 1317, 1307, 1310, 1313, 71, 1311, 1312, 71, 1320, 1314, + 71, 71, 1319, 71, 1318, 1316, 1324, 71, 71, 1328, + 1322, 71, 1321, 1325, 71, 1326, 1323, 1317, 71, 1327, + + 1330, 1329, 71, 1331, 1334, 1320, 1332, 71, 71, 1319, + 71, 71, 71, 71, 1333, 71, 1328, 1322, 1335, 1337, + 1325, 1339, 1326, 71, 71, 1336, 1327, 1330, 1329, 1340, + 1331, 1334, 1338, 1332, 1341, 1347, 71, 1343, 1342, 71, + 1345, 1333, 71, 71, 1346, 1335, 71, 71, 71, 1350, + 1377, 71, 1336, 71, 1344, 2507, 1340, 71, 71, 1338, + 1348, 71, 1347, 1349, 1343, 1342, 71, 1345, 1351, 71, + 71, 1346, 1353, 71, 1352, 71, 1350, 71, 1357, 71, + 1358, 1344, 1354, 1363, 1362, 1355, 1359, 1348, 2507, 71, + 1349, 1361, 1360, 71, 71, 1351, 1364, 1356, 1366, 1353, + + 1365, 1352, 71, 1367, 71, 2507, 71, 1358, 71, 1354, + 71, 1362, 1355, 1359, 71, 71, 2507, 71, 1361, 1360, + 71, 1369, 71, 1364, 1356, 1366, 71, 1365, 1368, 71, + 1367, 1370, 1371, 1372, 1373, 1374, 1375, 71, 71, 2507, + 71, 2507, 1379, 1380, 1376, 1381, 1378, 1382, 1369, 1383, + 71, 71, 71, 1386, 2507, 1368, 71, 2507, 1370, 2507, + 71, 1373, 71, 1375, 71, 71, 71, 71, 71, 1379, + 1380, 1376, 1381, 1378, 1382, 1384, 1383, 1385, 1390, 1387, + 1388, 1389, 1391, 2507, 71, 71, 71, 71, 1392, 1393, + 71, 71, 1394, 1397, 71, 71, 71, 2507, 1395, 1396, + + 2507, 2507, 1384, 1399, 1385, 1390, 1387, 1388, 1389, 71, + 71, 71, 71, 1398, 1401, 1392, 1393, 1400, 71, 1394, + 1397, 71, 71, 1408, 1402, 1395, 1396, 1403, 1404, 71, + 1399, 1405, 1409, 1407, 71, 71, 1406, 1410, 1411, 71, + 1398, 1401, 71, 71, 1400, 1412, 71, 1419, 1414, 1420, + 71, 1402, 2507, 1416, 1403, 1404, 1417, 1413, 1405, 71, + 1407, 71, 1415, 1406, 1410, 1411, 71, 71, 71, 1418, + 71, 71, 1412, 1423, 1421, 1414, 71, 1422, 1426, 71, + 1416, 71, 71, 1417, 1413, 1424, 1425, 71, 1427, 1415, + 71, 71, 1429, 71, 1428, 1430, 1418, 71, 71, 1431, + + 1423, 1421, 1432, 71, 1422, 1426, 71, 1435, 1440, 1433, + 1436, 1437, 1424, 1425, 1442, 1427, 1443, 71, 71, 1429, + 71, 1428, 1430, 1434, 71, 71, 1431, 1438, 1445, 1432, + 1441, 1444, 1439, 1449, 1435, 71, 1433, 1436, 1437, 71, + 71, 71, 1446, 1448, 1447, 1458, 2507, 1450, 71, 1451, + 1434, 71, 1463, 71, 1453, 1452, 71, 1441, 1444, 71, + 71, 71, 71, 71, 1454, 71, 1455, 1457, 2507, 1446, + 1448, 1447, 71, 71, 1450, 1456, 1451, 71, 1459, 1460, + 71, 1453, 1452, 1462, 71, 71, 1466, 1461, 71, 71, + 1464, 1454, 71, 1455, 1457, 71, 1467, 71, 1465, 1468, + + 1472, 71, 1456, 71, 2507, 1459, 1460, 71, 1469, 1470, + 1462, 1471, 1473, 71, 1461, 1475, 71, 1464, 71, 2507, + 1474, 1476, 71, 1467, 1477, 1465, 1468, 1472, 1479, 71, + 71, 71, 71, 71, 1478, 1469, 1470, 71, 1471, 1473, + 1483, 1480, 71, 71, 1481, 2507, 1482, 1474, 1476, 1484, + 1485, 1477, 71, 71, 71, 1479, 71, 1486, 1487, 71, + 1489, 1478, 1488, 1491, 71, 1492, 1490, 1493, 1480, 2507, + 1494, 1481, 71, 1482, 1495, 1497, 1484, 1485, 71, 2507, + 71, 71, 71, 1500, 1486, 71, 71, 71, 71, 1488, + 1491, 1498, 71, 1490, 1493, 71, 1496, 1494, 71, 1499, + + 71, 1495, 1497, 71, 1501, 71, 1502, 1503, 71, 1507, + 1500, 1505, 1509, 1504, 1510, 1508, 71, 1512, 1498, 71, + 1514, 71, 71, 1496, 1506, 71, 1499, 71, 1515, 71, + 1516, 1501, 1517, 1502, 1503, 71, 1507, 1511, 1505, 71, + 1504, 1513, 1508, 71, 1512, 71, 71, 1514, 71, 1518, + 1519, 1506, 1520, 1522, 71, 1515, 71, 71, 71, 71, + 1521, 1523, 1524, 1526, 1511, 1525, 71, 1528, 1513, 1527, + 1529, 1533, 71, 1531, 1530, 1538, 1518, 71, 71, 1520, + 71, 1532, 71, 1539, 71, 1540, 1541, 1521, 1523, 71, + 71, 1545, 1525, 71, 71, 71, 1527, 1529, 71, 71, + + 71, 1530, 1538, 71, 1534, 1535, 1536, 71, 1532, 1542, + 1539, 1537, 1544, 1541, 1543, 1547, 71, 71, 1545, 71, + 1546, 1548, 1549, 1550, 1552, 71, 2507, 71, 1551, 1558, + 71, 1534, 1535, 1536, 71, 1554, 71, 1557, 1537, 1544, + 71, 71, 1547, 1553, 71, 1555, 1561, 1546, 1559, 1549, + 1550, 71, 71, 71, 1556, 1551, 71, 1562, 1563, 71, + 2507, 71, 1554, 71, 1557, 1560, 71, 1566, 1564, 71, + 1553, 71, 1555, 71, 1569, 1559, 1565, 71, 71, 1567, + 71, 1556, 1571, 1570, 1562, 1563, 71, 1568, 1573, 71, + 1572, 1574, 1560, 71, 1566, 1564, 71, 1575, 71, 1576, + + 1577, 1569, 2507, 1565, 1578, 1579, 1567, 1580, 2507, 1571, + 71, 71, 1581, 71, 1568, 71, 1582, 1572, 71, 1584, + 71, 71, 71, 71, 71, 71, 1576, 1577, 1583, 71, + 1585, 1578, 1579, 1586, 1580, 1589, 71, 1592, 1591, 1581, + 1588, 1593, 71, 1582, 1590, 71, 1584, 71, 71, 1587, + 1594, 1595, 71, 1598, 2507, 1583, 71, 1585, 71, 71, + 1586, 71, 1589, 1599, 1592, 1591, 1600, 1588, 1593, 71, + 1596, 1590, 1603, 1604, 71, 1597, 1587, 71, 1595, 71, + 71, 1601, 1602, 1605, 1608, 1611, 71, 1606, 71, 71, + 1599, 1609, 1607, 1600, 1612, 1615, 1610, 1596, 1613, 71, + + 71, 1614, 1597, 71, 71, 1616, 71, 1617, 1601, 1602, + 1605, 71, 1620, 1619, 1606, 71, 71, 71, 1618, 1607, + 71, 1622, 1623, 71, 1621, 1613, 71, 71, 1614, 71, + 71, 1625, 1616, 71, 1617, 1624, 1627, 71, 1626, 1628, + 1619, 1629, 1630, 1634, 71, 1618, 1631, 2507, 71, 1623, + 1632, 1621, 1636, 71, 1633, 71, 1635, 71, 1625, 2507, + 1640, 71, 1624, 71, 71, 1626, 71, 71, 1629, 1637, + 1634, 1638, 71, 1631, 71, 71, 71, 1632, 71, 1636, + 1639, 1633, 71, 1635, 71, 1641, 71, 1640, 1642, 1643, + 1645, 1644, 1646, 1652, 1648, 71, 1637, 1649, 1638, 71, + + 1650, 1653, 1647, 71, 1651, 71, 71, 1639, 1661, 1666, + 2507, 71, 71, 71, 71, 1642, 1643, 71, 1644, 1646, + 71, 1648, 1654, 71, 1649, 71, 71, 1650, 1653, 1647, + 1656, 1651, 1657, 1655, 1658, 71, 1659, 1667, 2507, 71, + 1660, 71, 1662, 1665, 1663, 1670, 1664, 71, 71, 1654, + 71, 71, 71, 71, 71, 71, 71, 1656, 71, 1657, + 1655, 1658, 1668, 1659, 1667, 1669, 1671, 1660, 1673, 1662, + 1665, 1663, 71, 1664, 1672, 71, 1674, 1676, 1675, 2507, + 1680, 71, 1677, 71, 1678, 71, 1681, 1682, 71, 1668, + 71, 1679, 1669, 1671, 71, 1673, 71, 71, 71, 71, + + 1683, 1672, 71, 1674, 1676, 1675, 71, 1680, 71, 1677, + 1684, 1678, 1686, 1681, 1682, 1685, 1687, 71, 1679, 1688, + 1689, 1691, 1694, 1690, 2507, 71, 71, 1683, 71, 1692, + 71, 71, 1693, 1695, 1696, 1697, 2507, 1684, 1698, 71, + 1700, 2507, 1685, 1687, 71, 71, 1688, 1689, 1691, 1694, + 1690, 71, 1702, 71, 71, 71, 1692, 71, 1699, 1693, + 1695, 1696, 1697, 71, 1703, 1698, 1704, 71, 1701, 71, + 1705, 71, 1706, 1707, 71, 1708, 1709, 1713, 1712, 1702, + 71, 71, 1710, 1711, 1714, 1699, 71, 1715, 71, 71, + 71, 1703, 71, 1704, 1716, 1701, 71, 1705, 71, 1706, + + 1707, 1717, 71, 1709, 1713, 1712, 71, 71, 71, 1710, + 1711, 71, 1718, 71, 1715, 1719, 1720, 2507, 1721, 2507, + 1722, 1716, 1723, 2507, 2507, 1727, 1726, 1728, 1717, 2507, + 2507, 71, 1724, 71, 2507, 1725, 1732, 71, 1729, 1733, + 1730, 71, 1719, 1720, 71, 1721, 71, 1722, 71, 1723, + 71, 71, 1727, 1726, 71, 71, 71, 1731, 71, 1724, + 1734, 71, 1725, 1732, 1735, 1729, 1733, 1730, 1736, 1737, + 1738, 71, 71, 1739, 71, 1748, 1740, 71, 71, 1741, + 2507, 71, 1746, 1744, 1731, 1745, 1742, 1734, 71, 71, + 1747, 1735, 71, 71, 71, 1736, 1737, 1738, 71, 1743, + + 1739, 71, 1748, 1740, 71, 1749, 1741, 71, 1751, 1746, + 1744, 1750, 1745, 1742, 1752, 1754, 1753, 1747, 1756, 1755, + 1758, 1759, 71, 1757, 1760, 1761, 1743, 2507, 1766, 71, + 1767, 71, 71, 71, 1768, 71, 1765, 71, 1750, 71, + 71, 1752, 1754, 1753, 71, 1762, 1755, 1758, 1759, 71, + 71, 1760, 71, 1769, 71, 71, 71, 1767, 1770, 1763, + 1771, 1768, 71, 1765, 1772, 2507, 1773, 1774, 1776, 1775, + 1764, 71, 1762, 2507, 1778, 71, 71, 1777, 1784, 1780, + 1769, 1779, 71, 71, 2507, 1782, 1763, 1771, 71, 71, + 71, 71, 71, 1773, 1785, 1776, 1775, 1764, 1781, 71, + + 71, 1778, 1783, 71, 1777, 1784, 1780, 71, 1779, 1786, + 71, 71, 1782, 1788, 1787, 1789, 71, 1791, 1792, 1790, + 1793, 71, 1794, 1799, 2507, 1781, 71, 71, 71, 1783, + 71, 1796, 71, 1795, 71, 71, 1786, 71, 71, 71, + 1788, 1787, 1789, 1797, 1791, 71, 1790, 1793, 1798, 1794, + 1799, 71, 1801, 1800, 71, 1802, 1805, 1803, 1796, 71, + 1795, 1807, 1804, 1806, 71, 1808, 1809, 2507, 1812, 71, + 1797, 2507, 1811, 1810, 2507, 1798, 71, 71, 1815, 1801, + 1800, 71, 71, 1805, 1803, 71, 71, 71, 1807, 1804, + 1806, 1816, 71, 71, 71, 1812, 1818, 1817, 1813, 1811, + + 1810, 1814, 1819, 71, 1821, 71, 1820, 1822, 1824, 71, + 1826, 1827, 1823, 71, 1828, 1831, 71, 1825, 1816, 71, + 71, 71, 1829, 1818, 1817, 1813, 71, 71, 1814, 1819, + 71, 71, 1830, 1820, 71, 71, 1833, 71, 71, 1823, + 1832, 1828, 71, 1834, 1825, 1835, 1839, 1836, 71, 1829, + 1837, 2507, 71, 1840, 71, 1843, 1841, 1844, 1845, 1830, + 1848, 71, 71, 71, 71, 1838, 71, 1832, 71, 1846, + 1834, 71, 1835, 71, 1836, 1847, 71, 1837, 1842, 1850, + 1840, 71, 71, 1841, 1844, 1845, 71, 71, 1851, 1849, + 1852, 1855, 1838, 1853, 71, 71, 1846, 71, 71, 1854, + + 1858, 2507, 1847, 1856, 1857, 1842, 71, 1859, 2507, 71, + 71, 1860, 2507, 71, 1863, 1851, 1849, 1852, 1855, 71, + 1853, 1861, 71, 1864, 1865, 71, 1854, 1858, 71, 71, + 1856, 1857, 1866, 1862, 1859, 71, 71, 1870, 1860, 71, + 1867, 1863, 1869, 1871, 71, 71, 71, 1868, 1861, 71, + 1864, 1865, 1874, 1872, 1873, 71, 71, 1875, 1878, 1866, + 1862, 71, 71, 1876, 1870, 71, 1877, 1867, 1879, 1869, + 1871, 71, 71, 71, 1868, 1880, 71, 1885, 2507, 1874, + 1872, 1873, 2507, 1881, 1887, 1878, 71, 1886, 1890, 71, + 1876, 1882, 2507, 1877, 71, 1879, 1883, 1888, 1884, 71, + + 71, 1896, 71, 71, 71, 1889, 1891, 71, 1893, 71, + 1881, 1887, 71, 1892, 1886, 1890, 71, 1897, 1882, 1894, + 1900, 71, 1902, 1883, 1888, 1884, 71, 1895, 71, 1898, + 71, 2507, 1889, 1891, 1901, 1893, 1899, 71, 1903, 2507, + 1892, 1904, 71, 1908, 71, 1905, 1894, 1907, 1906, 71, + 1909, 71, 71, 71, 1895, 71, 1898, 1910, 71, 1911, + 71, 71, 1914, 1899, 1921, 1903, 71, 71, 1904, 71, + 1908, 1912, 1905, 71, 1907, 1906, 1913, 1909, 1917, 1918, + 1915, 71, 1920, 71, 1910, 71, 71, 71, 1916, 1914, + 1919, 71, 1922, 71, 1925, 71, 71, 71, 1912, 1923, + + 1924, 1926, 71, 1913, 71, 1917, 1918, 1915, 71, 1920, + 1927, 71, 1935, 71, 1928, 1916, 71, 1919, 1929, 1922, + 1930, 1925, 1932, 71, 1931, 1936, 1923, 1924, 1933, 71, + 1934, 71, 1937, 71, 1939, 1943, 1944, 1927, 1938, 71, + 71, 1928, 1941, 1945, 71, 1929, 71, 1930, 71, 1932, + 1942, 1931, 1936, 71, 71, 1933, 71, 1934, 1940, 71, + 1946, 71, 71, 71, 71, 1938, 1948, 71, 1947, 1941, + 1949, 71, 71, 1950, 1951, 71, 1952, 1942, 1953, 71, + 1954, 71, 1955, 1957, 1959, 1940, 71, 1946, 1958, 71, + 1956, 71, 71, 1948, 1960, 1947, 71, 1949, 1961, 2507, + + 1950, 1951, 71, 71, 1964, 1953, 1962, 1963, 1965, 1955, + 71, 71, 71, 1966, 71, 1958, 71, 1956, 1967, 71, + 71, 1960, 1968, 71, 1969, 1961, 71, 1970, 2507, 1971, + 1974, 1964, 1972, 1962, 1963, 71, 71, 1973, 1975, 71, + 71, 1976, 1978, 1980, 1981, 71, 1977, 1983, 1979, 71, + 71, 1969, 71, 1982, 1970, 71, 1971, 71, 71, 1972, + 71, 71, 71, 71, 1973, 71, 71, 1984, 71, 1978, + 1980, 1981, 1986, 1977, 71, 1979, 1985, 71, 1987, 71, + 1982, 1988, 1989, 1991, 71, 71, 1990, 1992, 1993, 1997, + 1999, 1996, 71, 71, 1984, 71, 71, 1995, 1994, 1986, + + 1998, 71, 71, 1985, 71, 1987, 2000, 2507, 1988, 1989, + 1991, 71, 71, 1990, 1992, 1993, 1997, 71, 1996, 2001, + 2003, 71, 71, 2002, 1995, 1994, 2004, 1998, 2005, 71, + 2006, 2007, 2014, 71, 2008, 2016, 71, 71, 2010, 71, + 71, 2009, 71, 2012, 2011, 71, 2001, 2003, 71, 71, + 2002, 71, 71, 2004, 2013, 2005, 71, 2006, 2007, 71, + 2015, 2008, 71, 2017, 2018, 2010, 2019, 2020, 2009, 2025, + 2012, 2011, 71, 71, 2021, 2022, 2026, 2023, 71, 71, + 71, 2013, 2027, 71, 71, 2507, 71, 2015, 71, 2024, + 2017, 2018, 2030, 2019, 2020, 2031, 71, 71, 2028, 2029, + + 71, 2021, 2022, 71, 2023, 2032, 2033, 71, 2034, 2035, + 2036, 71, 71, 71, 71, 2037, 2024, 71, 2038, 2030, + 2039, 2040, 2031, 2507, 2041, 2028, 2029, 2045, 71, 2044, + 71, 71, 2032, 2033, 71, 2034, 2035, 71, 2042, 71, + 71, 2048, 2037, 2043, 2049, 71, 71, 2039, 2040, 2046, + 71, 2041, 2051, 71, 71, 2047, 2044, 2050, 2052, 2053, + 2054, 71, 2055, 2057, 71, 2042, 2056, 71, 71, 71, + 2043, 2049, 2058, 71, 71, 71, 2046, 2059, 2061, 2051, + 2060, 2062, 2047, 71, 2050, 71, 2053, 71, 2063, 71, + 71, 2064, 2065, 2056, 71, 71, 2507, 2066, 2067, 2058, + + 2507, 2507, 71, 2068, 71, 2061, 71, 2060, 2062, 71, + 71, 2071, 2070, 2069, 71, 2063, 2074, 2075, 2064, 2065, + 71, 71, 71, 71, 2066, 2067, 2072, 2073, 71, 2076, + 2068, 71, 2077, 2078, 2079, 2080, 2507, 2081, 2071, 2070, + 2069, 2084, 2085, 2074, 71, 2083, 2082, 2086, 71, 71, + 2092, 2087, 71, 2072, 2073, 71, 71, 71, 71, 2077, + 2078, 71, 2080, 71, 2081, 2088, 71, 71, 71, 71, + 2089, 2090, 2083, 2082, 2086, 71, 2507, 2091, 2087, 2093, + 2096, 2094, 71, 2095, 2507, 2099, 2097, 2098, 2507, 2101, + 2507, 2100, 71, 71, 2507, 2102, 2507, 71, 2090, 71, + + 71, 71, 71, 71, 2091, 71, 2093, 2096, 2094, 71, + 2095, 71, 2099, 2097, 2098, 71, 2101, 71, 2100, 2103, + 2104, 2105, 2102, 2106, 2507, 2107, 2108, 2109, 71, 2110, + 2111, 2112, 2113, 2115, 71, 71, 71, 2114, 71, 71, + 71, 71, 2116, 2121, 71, 71, 2103, 2104, 2105, 2118, + 2106, 71, 2107, 2108, 2109, 71, 2110, 2111, 71, 2113, + 2115, 71, 2117, 2120, 2114, 2119, 2122, 2125, 2123, 71, + 71, 2128, 71, 2507, 2124, 71, 2118, 2126, 2131, 2127, + 2507, 2130, 2507, 2507, 71, 71, 71, 71, 2129, 2117, + 2120, 71, 2119, 71, 2125, 2123, 71, 2134, 2128, 2135, + + 71, 2124, 71, 2132, 2126, 71, 2127, 71, 2130, 2133, + 71, 2136, 2138, 2137, 2140, 2129, 71, 2139, 2142, 2141, + 2143, 2144, 2145, 71, 2134, 2146, 71, 2148, 2147, 71, + 2132, 71, 2149, 2152, 71, 2151, 2133, 71, 71, 71, + 2137, 71, 2155, 71, 2139, 71, 2141, 2143, 2144, 2150, + 2154, 71, 71, 71, 71, 2147, 71, 2156, 2153, 71, + 71, 2157, 2151, 2158, 2159, 71, 71, 2163, 2160, 71, + 2167, 2161, 2162, 71, 2164, 2165, 2150, 2154, 2168, 71, + 71, 71, 71, 71, 2156, 2153, 71, 71, 2157, 71, + 2158, 2159, 71, 2166, 2163, 2160, 2169, 71, 2161, 2162, + + 2170, 2164, 2165, 2171, 2176, 2168, 71, 2172, 71, 2173, + 2507, 2174, 2177, 2175, 2179, 71, 2178, 71, 2180, 71, + 2166, 2181, 2182, 2169, 71, 71, 71, 2170, 71, 71, + 2171, 2176, 71, 71, 2172, 71, 2173, 71, 2174, 2177, + 2175, 2179, 2183, 2178, 2184, 2180, 2185, 2186, 2181, 71, + 2187, 2190, 2189, 71, 2188, 2191, 2195, 2192, 2197, 2507, + 71, 2196, 2199, 2194, 2507, 2193, 71, 71, 2198, 2183, + 71, 2184, 71, 71, 2186, 71, 71, 71, 2190, 2189, + 71, 2188, 71, 71, 2192, 2197, 71, 2200, 71, 71, + 2194, 2201, 2193, 2203, 2202, 2198, 71, 2204, 2507, 2206, + + 2205, 2207, 2507, 71, 2211, 71, 71, 2208, 71, 2209, + 2213, 2216, 2210, 2507, 2200, 2212, 2224, 71, 2201, 71, + 2203, 2202, 71, 2215, 2204, 71, 2206, 2205, 2207, 71, + 2214, 71, 2217, 71, 2208, 71, 2209, 2213, 71, 2210, + 2218, 2219, 2212, 71, 2220, 71, 2221, 2222, 71, 2223, + 2215, 2226, 71, 71, 71, 2229, 2227, 2214, 71, 2217, + 2228, 2225, 71, 71, 71, 2230, 2231, 2218, 71, 71, + 2234, 2220, 71, 2221, 2222, 2232, 2223, 2233, 71, 71, + 71, 71, 71, 2227, 2236, 2237, 2235, 2228, 2225, 2238, + 71, 2239, 2230, 2231, 71, 71, 2241, 2234, 71, 2242, + + 2240, 2244, 2232, 71, 2233, 2507, 2245, 71, 71, 2243, + 2246, 2236, 2237, 2235, 2247, 71, 2238, 71, 71, 2251, + 2249, 2252, 2248, 71, 71, 2254, 71, 2240, 71, 71, + 2250, 2255, 71, 2245, 71, 2253, 2243, 2246, 71, 2259, + 71, 71, 2256, 2257, 2261, 71, 2251, 2249, 2252, 2248, + 71, 2258, 71, 2262, 71, 2263, 2260, 2250, 71, 71, + 71, 2264, 2253, 71, 2266, 2265, 2259, 2267, 2271, 2256, + 2257, 71, 71, 2268, 2269, 2270, 71, 71, 2258, 2274, + 2262, 71, 2263, 2260, 71, 2272, 2507, 2277, 2264, 2278, + 71, 2273, 2265, 2279, 71, 2271, 71, 71, 2280, 71, + + 2268, 71, 2270, 2275, 2276, 2281, 71, 71, 2283, 2285, + 2507, 71, 2272, 71, 71, 2282, 71, 2284, 2273, 2286, + 2279, 71, 2287, 2288, 2289, 71, 2290, 2293, 2291, 2300, + 2275, 2276, 71, 71, 71, 2283, 71, 71, 2292, 71, + 2295, 2296, 2282, 2294, 2284, 71, 71, 71, 2297, 71, + 2288, 71, 2298, 2290, 71, 2291, 71, 2301, 2299, 71, + 2302, 71, 2304, 2307, 71, 2292, 2303, 2295, 2296, 71, + 2294, 71, 2306, 2305, 71, 71, 71, 2308, 71, 2298, + 71, 2314, 2309, 2310, 2301, 2299, 2507, 71, 71, 2304, + 2307, 71, 71, 2303, 71, 2311, 2312, 2313, 71, 2306, + + 2305, 71, 71, 71, 2308, 2318, 71, 2317, 2314, 2309, + 2310, 2315, 2316, 71, 2320, 2321, 2323, 2322, 2319, 2324, + 2328, 71, 2311, 2312, 2313, 71, 2327, 71, 2325, 2326, + 2507, 2331, 2318, 2507, 2317, 2330, 2332, 2333, 2315, 2316, + 71, 71, 71, 71, 2322, 2319, 71, 71, 71, 71, + 2329, 2336, 2335, 2327, 2334, 2338, 71, 71, 71, 71, + 71, 71, 2330, 2332, 2333, 2337, 71, 2339, 2340, 71, + 2342, 2341, 2346, 2343, 2347, 2348, 71, 2329, 2336, 2335, + 71, 2334, 71, 2350, 2344, 2351, 2353, 71, 71, 2345, + 2349, 71, 2337, 71, 71, 2340, 71, 2342, 2341, 2354, + + 2343, 2347, 2348, 2352, 71, 71, 2355, 71, 2356, 2357, + 2350, 71, 2351, 71, 2358, 2359, 71, 2349, 2360, 2361, + 2507, 2363, 2362, 2365, 2507, 2366, 71, 2364, 2507, 2367, + 2352, 71, 71, 71, 71, 71, 71, 71, 2369, 71, + 2372, 2358, 71, 2368, 71, 71, 2361, 71, 2363, 2362, + 71, 2370, 2366, 71, 2364, 2371, 2367, 2376, 2373, 2374, + 71, 2375, 2377, 2378, 71, 2369, 71, 2381, 2380, 71, + 2368, 71, 71, 71, 71, 2386, 2379, 2385, 2370, 71, + 71, 71, 2371, 2382, 2376, 2373, 2374, 71, 2375, 2377, + 2378, 71, 2384, 2383, 2381, 2380, 71, 71, 2388, 71, + + 71, 2387, 2386, 2379, 2385, 2392, 2390, 2389, 71, 2391, + 2382, 2394, 2507, 71, 71, 2393, 71, 71, 71, 2384, + 2383, 71, 2395, 71, 71, 2388, 2396, 2397, 2387, 71, + 2398, 2399, 2392, 2390, 2389, 2400, 2391, 2401, 2394, 71, + 2402, 2405, 2393, 2403, 2406, 2404, 2410, 2407, 71, 2395, + 2411, 71, 71, 2396, 71, 2412, 2416, 2398, 71, 2417, + 2507, 71, 2400, 71, 71, 71, 71, 71, 2405, 71, + 2403, 2406, 2404, 2408, 2407, 71, 2409, 2411, 71, 2413, + 2414, 2415, 71, 71, 2423, 71, 2417, 71, 71, 2419, + 71, 2418, 71, 2420, 2421, 2425, 2422, 71, 71, 2507, + + 2408, 2426, 71, 2409, 2424, 2429, 2413, 2414, 2415, 71, + 71, 2423, 71, 2427, 71, 2434, 2419, 2428, 2418, 2431, + 2432, 2430, 2425, 2422, 71, 71, 71, 71, 2426, 71, + 2433, 2424, 2429, 71, 71, 2437, 71, 71, 71, 2435, + 2427, 2436, 2434, 71, 2428, 2438, 2431, 2432, 2430, 2439, + 71, 2440, 2441, 2442, 2507, 2443, 2446, 2433, 2507, 2444, + 2448, 71, 2437, 2447, 2507, 2445, 2435, 2507, 2436, 2451, + 2449, 71, 71, 71, 2454, 71, 2439, 71, 71, 2441, + 2442, 71, 2443, 71, 2456, 71, 2444, 71, 71, 71, + 2447, 2450, 2445, 71, 2452, 2453, 2451, 2449, 71, 71, + + 2455, 2458, 71, 71, 2457, 2464, 71, 2459, 71, 2462, + 2460, 2456, 2463, 2461, 2507, 2465, 2466, 71, 2450, 71, + 71, 2452, 2453, 2468, 71, 71, 2469, 2455, 71, 2471, + 71, 2457, 2464, 2467, 2459, 71, 2462, 2460, 71, 2463, + 2461, 71, 2465, 2466, 2472, 2473, 2470, 71, 2474, 2475, + 2468, 2476, 71, 2469, 71, 71, 2471, 71, 2477, 2478, + 2467, 2479, 2480, 2481, 2485, 2483, 2482, 71, 71, 2484, + 71, 2472, 2473, 2470, 71, 2474, 2475, 71, 71, 2487, + 71, 2488, 71, 71, 71, 2477, 2478, 71, 71, 2480, + 2481, 71, 2483, 2482, 2486, 2492, 2484, 2489, 2496, 2490, + + 2497, 71, 71, 71, 2491, 71, 2487, 71, 2488, 2493, + 2494, 2507, 2495, 2498, 2499, 2500, 2505, 71, 71, 2507, + 71, 2486, 71, 2501, 2489, 71, 2490, 2497, 2506, 2502, + 71, 2491, 2507, 2507, 2507, 71, 2493, 2494, 71, 2495, + 71, 71, 2500, 71, 2503, 71, 2504, 2507, 2507, 2507, + 2501, 71, 71, 2507, 71, 71, 2502, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2503, 2507, 2504, 43, 43, 43, 43, 43, 43, + 43, 48, 48, 48, 48, 48, 48, 48, 53, 53, + 53, 53, 53, 53, 53, 59, 59, 59, 59, 59, + + 59, 59, 64, 64, 64, 64, 64, 64, 64, 74, + 74, 2507, 74, 74, 74, 74, 139, 139, 2507, 2507, + 2507, 139, 139, 141, 141, 2507, 2507, 141, 2507, 141, + 143, 2507, 2507, 2507, 2507, 2507, 143, 146, 146, 2507, + 2507, 2507, 146, 146, 148, 2507, 2507, 2507, 2507, 2507, + 148, 150, 150, 2507, 150, 150, 150, 150, 75, 75, + 2507, 75, 75, 75, 75, 13, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507 } ; -static yyconst flex_int16_t yy_chk[6795] = +static yyconst flex_int16_t yy_chk[7233] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1964,746 +2069,794 @@ static yyconst flex_int16_t yy_chk[6795] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 3, 3, 4, 4, 4, 5, 5, 6, 6, 5, 28, 6, 7, - 7, 7, 7, 2346, 7, 8, 8, 8, 8, 28, - 8, 9, 9, 9, 10, 10, 10, 15, 21, 46, - - 46, 15, 30, 3, 28, 51, 4, 799, 51, 5, - 19, 6, 19, 19, 30, 19, 71, 7, 62, 62, - 71, 19, 76, 8, 21, 21, 20, 20, 9, 30, - 792, 10, 11, 11, 11, 11, 11, 11, 12, 12, - 12, 12, 12, 12, 20, 24, 76, 25, 19, 76, - 20, 26, 11, 20, 20, 22, 143, 33, 12, 26, - 792, 25, 22, 33, 698, 24, 22, 35, 24, 22, - 11, 20, 24, 25, 25, 884, 12, 26, 26, 11, - 35, 22, 22, 29, 33, 12, 26, 67, 25, 22, - 141, 78, 24, 22, 35, 698, 22, 23, 78, 27, - - 67, 23, 27, 884, 23, 29, 23, 23, 140, 27, - 29, 27, 138, 38, 67, 38, 136, 32, 78, 23, - 137, 32, 27, 137, 23, 134, 27, 31, 23, 27, - 38, 23, 77, 23, 23, 31, 27, 32, 27, 38, - 38, 31, 38, 32, 32, 31, 69, 41, 32, 41, - 41, 63, 41, 31, 31, 77, 238, 38, 41, 77, - 58, 36, 31, 82, 32, 36, 53, 79, 31, 83, - 52, 81, 31, 34, 39, 36, 122, 34, 36, 47, - 81, 82, 83, 34, 39, 238, 34, 36, 36, 39, - 82, 79, 36, 34, 79, 34, 83, 39, 81, 40, - - 34, 39, 36, 40, 34, 36, 89, 40, 122, 149, - 34, 39, 57, 34, 57, 57, 39, 57, 86, 89, - 34, 37, 42, 86, 37, 40, 40, 135, 135, 14, - 40, 37, 13, 89, 40, 37, 37, 65, 0, 65, - 65, 149, 65, 37, 68, 86, 68, 68, 37, 68, - 70, 37, 70, 70, 73, 70, 73, 73, 37, 73, - 80, 70, 37, 37, 84, 73, 87, 85, 85, 0, - 84, 88, 90, 80, 87, 65, 85, 92, 94, 90, - 91, 93, 142, 142, 80, 84, 92, 80, 95, 88, - 93, 84, 73, 87, 85, 85, 91, 84, 96, 90, - - 80, 94, 98, 88, 92, 94, 97, 91, 93, 97, - 95, 96, 99, 0, 0, 95, 88, 101, 100, 103, - 99, 101, 97, 97, 102, 96, 98, 102, 0, 104, - 97, 126, 103, 97, 98, 105, 97, 0, 100, 99, - 100, 101, 126, 106, 101, 100, 103, 107, 101, 97, - 97, 102, 104, 98, 108, 105, 104, 106, 126, 109, - 110, 111, 105, 112, 118, 100, 109, 107, 108, 110, - 106, 113, 112, 114, 107, 113, 118, 115, 116, 0, - 114, 108, 121, 117, 111, 116, 109, 110, 111, 117, - 112, 118, 124, 113, 0, 127, 121, 117, 113, 119, - - 114, 127, 113, 115, 115, 116, 120, 119, 123, 121, - 117, 125, 124, 128, 130, 161, 117, 120, 124, 124, - 125, 120, 127, 123, 128, 129, 119, 131, 132, 133, - 120, 148, 0, 120, 0, 123, 130, 132, 125, 124, - 128, 130, 131, 0, 120, 147, 129, 161, 120, 275, - 129, 133, 129, 148, 131, 132, 133, 139, 148, 139, - 139, 144, 139, 144, 144, 145, 144, 145, 145, 147, - 145, 150, 147, 129, 151, 152, 275, 153, 155, 154, - 156, 157, 158, 150, 0, 153, 160, 156, 158, 159, - 151, 154, 164, 0, 152, 0, 0, 281, 150, 157, - - 155, 151, 152, 145, 153, 155, 154, 156, 157, 166, - 167, 159, 160, 160, 158, 158, 159, 162, 164, 164, - 165, 162, 168, 169, 281, 174, 168, 171, 165, 170, - 172, 166, 167, 175, 174, 181, 166, 167, 162, 0, - 171, 176, 172, 0, 0, 162, 169, 165, 162, 168, - 169, 170, 174, 0, 171, 175, 170, 172, 173, 178, - 175, 173, 0, 176, 0, 162, 163, 181, 176, 182, - 179, 163, 184, 173, 0, 177, 163, 179, 0, 180, - 177, 178, 163, 163, 187, 173, 178, 185, 173, 163, - 180, 189, 177, 163, 177, 182, 182, 179, 163, 190, - - 183, 177, 177, 163, 184, 185, 180, 177, 188, 163, - 163, 183, 186, 191, 185, 192, 187, 194, 186, 177, - 193, 177, 195, 189, 194, 200, 0, 197, 0, 192, - 188, 190, 183, 191, 198, 188, 199, 200, 183, 186, - 191, 193, 192, 195, 194, 196, 197, 193, 198, 195, - 196, 201, 200, 202, 197, 203, 204, 207, 199, 0, - 202, 198, 201, 199, 205, 204, 206, 208, 208, 209, - 212, 206, 196, 211, 0, 213, 208, 203, 201, 210, - 202, 215, 203, 204, 214, 218, 210, 205, 216, 207, - 212, 205, 214, 206, 208, 208, 217, 212, 211, 219, - - 211, 209, 220, 216, 225, 221, 210, 213, 218, 221, - 222, 214, 223, 215, 224, 216, 226, 218, 227, 220, - 223, 228, 217, 217, 234, 222, 234, 220, 235, 220, - 229, 219, 221, 224, 230, 218, 225, 222, 226, 223, - 227, 224, 229, 226, 236, 227, 220, 230, 233, 231, - 232, 234, 235, 228, 237, 235, 239, 229, 231, 240, - 243, 230, 241, 232, 246, 239, 244, 233, 242, 236, - 247, 236, 243, 245, 249, 233, 231, 232, 250, 242, - 237, 237, 246, 239, 248, 240, 240, 243, 241, 241, - 244, 246, 251, 244, 252, 242, 245, 248, 254, 0, - - 245, 253, 247, 255, 250, 250, 249, 254, 253, 255, - 256, 248, 257, 0, 251, 262, 258, 0, 259, 251, - 261, 260, 263, 266, 256, 254, 252, 259, 253, 261, - 255, 263, 264, 267, 270, 265, 268, 256, 257, 257, - 258, 262, 262, 258, 260, 259, 271, 261, 260, 263, - 265, 268, 270, 0, 272, 266, 264, 267, 269, 264, - 267, 270, 265, 268, 271, 273, 269, 269, 272, 269, - 271, 276, 0, 271, 274, 274, 269, 0, 278, 277, - 273, 272, 277, 0, 283, 269, 279, 0, 289, 277, - 278, 271, 273, 269, 269, 276, 269, 280, 276, 274, - - 282, 274, 274, 285, 279, 278, 277, 284, 286, 277, - 283, 283, 0, 279, 287, 280, 288, 291, 292, 284, - 289, 287, 282, 286, 280, 285, 290, 282, 288, 293, - 285, 0, 294, 290, 284, 286, 296, 0, 294, 291, - 295, 287, 295, 288, 291, 299, 300, 0, 0, 296, - 292, 293, 298, 290, 294, 297, 293, 0, 297, 294, - 297, 324, 304, 296, 295, 294, 297, 295, 300, 295, - 298, 302, 301, 300, 304, 303, 306, 299, 302, 298, - 301, 303, 297, 305, 307, 297, 301, 297, 310, 304, - 311, 328, 306, 324, 347, 311, 305, 307, 302, 301, - - 306, 309, 303, 306, 313, 0, 310, 301, 312, 315, - 305, 307, 313, 309, 312, 310, 315, 314, 317, 306, - 308, 308, 311, 328, 0, 316, 347, 317, 309, 314, - 308, 313, 308, 308, 308, 312, 315, 308, 316, 318, - 322, 0, 319, 318, 314, 308, 320, 308, 308, 319, - 317, 321, 316, 320, 317, 326, 323, 308, 325, 308, - 308, 308, 322, 321, 308, 325, 318, 322, 323, 319, - 326, 327, 329, 320, 329, 330, 332, 332, 321, 331, - 333, 334, 326, 323, 327, 325, 330, 333, 337, 335, - 336, 338, 334, 0, 0, 340, 339, 341, 327, 329, - - 335, 331, 330, 336, 340, 332, 331, 333, 334, 343, - 341, 339, 0, 337, 338, 337, 335, 336, 338, 339, - 344, 342, 340, 339, 341, 346, 345, 343, 351, 348, - 349, 350, 342, 352, 342, 348, 343, 353, 339, 342, - 352, 357, 344, 346, 355, 358, 359, 344, 342, 345, - 351, 349, 346, 345, 350, 351, 348, 349, 350, 342, - 352, 342, 354, 353, 353, 356, 355, 357, 357, 359, - 362, 355, 360, 359, 361, 363, 354, 358, 360, 356, - 364, 365, 0, 366, 367, 368, 0, 369, 362, 354, - 363, 368, 356, 371, 372, 364, 361, 362, 373, 360, - - 372, 361, 363, 376, 365, 374, 367, 364, 365, 366, - 366, 367, 368, 369, 369, 375, 380, 373, 376, 371, - 371, 372, 375, 374, 378, 373, 378, 379, 381, 380, - 376, 382, 374, 378, 379, 383, 385, 384, 386, 387, - 0, 388, 375, 380, 389, 0, 387, 391, 390, 382, - 384, 378, 0, 378, 379, 385, 0, 383, 382, 394, - 381, 390, 383, 385, 384, 388, 387, 389, 388, 391, - 386, 395, 392, 393, 391, 390, 389, 392, 397, 393, - 396, 400, 394, 395, 398, 0, 394, 401, 400, 397, - 0, 403, 398, 402, 389, 401, 0, 0, 395, 392, - - 393, 403, 396, 422, 402, 397, 0, 396, 400, 405, - 0, 398, 399, 404, 401, 406, 408, 399, 408, 399, - 402, 407, 406, 403, 404, 409, 0, 399, 403, 410, - 399, 0, 0, 405, 411, 422, 405, 399, 399, 399, - 404, 410, 406, 408, 399, 413, 399, 407, 407, 411, - 412, 409, 409, 413, 399, 414, 410, 399, 415, 417, - 414, 411, 412, 416, 399, 421, 418, 417, 419, 423, - 424, 425, 413, 426, 427, 430, 429, 412, 418, 424, - 415, 416, 414, 428, 423, 415, 417, 426, 421, 419, - 416, 431, 421, 418, 425, 419, 423, 424, 425, 427, - - 426, 427, 428, 429, 432, 433, 431, 430, 0, 0, - 428, 434, 435, 0, 438, 436, 437, 438, 431, 439, - 433, 440, 442, 443, 435, 438, 440, 444, 445, 446, - 439, 441, 433, 447, 452, 434, 432, 436, 434, 435, - 437, 438, 436, 437, 438, 441, 439, 449, 448, 442, - 443, 451, 450, 440, 448, 445, 446, 452, 441, 444, - 450, 452, 453, 454, 455, 447, 456, 458, 460, 449, - 451, 0, 0, 455, 449, 448, 457, 0, 451, 450, - 459, 460, 463, 457, 0, 469, 454, 461, 456, 462, - 454, 455, 461, 456, 453, 460, 461, 464, 462, 458, - - 465, 468, 459, 457, 466, 467, 464, 459, 463, 463, - 471, 461, 470, 468, 461, 0, 462, 469, 467, 461, - 472, 476, 465, 461, 464, 475, 466, 465, 468, 473, - 470, 466, 467, 474, 471, 476, 475, 471, 479, 470, - 477, 478, 472, 472, 481, 482, 480, 472, 476, 479, - 483, 473, 475, 485, 484, 474, 473, 488, 487, 478, - 474, 480, 477, 490, 489, 479, 482, 477, 478, 472, - 486, 487, 482, 480, 483, 485, 481, 483, 484, 486, - 485, 484, 491, 492, 494, 487, 489, 493, 495, 488, - 496, 489, 493, 497, 498, 490, 500, 486, 494, 499, - - 0, 497, 495, 501, 0, 492, 491, 502, 503, 491, - 492, 494, 498, 503, 499, 495, 504, 0, 501, 493, - 497, 498, 496, 499, 506, 505, 499, 505, 500, 502, - 501, 507, 508, 513, 502, 509, 510, 514, 511, 507, - 503, 499, 504, 504, 509, 510, 511, 512, 519, 506, - 0, 506, 505, 550, 512, 514, 513, 508, 507, 508, - 513, 515, 509, 510, 514, 511, 516, 518, 517, 520, - 521, 0, 522, 515, 512, 516, 517, 520, 521, 518, - 519, 523, 524, 526, 525, 550, 0, 0, 515, 529, - 524, 527, 530, 516, 518, 517, 520, 521, 522, 522, - - 525, 531, 527, 529, 523, 526, 528, 532, 523, 524, - 526, 525, 530, 533, 528, 534, 529, 535, 527, 530, - 537, 536, 0, 531, 540, 544, 535, 532, 531, 541, - 538, 539, 542, 528, 532, 533, 546, 534, 537, 543, - 533, 536, 534, 538, 535, 543, 540, 537, 536, 539, - 547, 540, 544, 541, 545, 542, 541, 538, 539, 542, - 551, 549, 545, 546, 553, 554, 543, 551, 547, 549, - 552, 555, 562, 557, 554, 556, 0, 547, 0, 553, - 545, 545, 557, 558, 562, 558, 565, 551, 549, 545, - 568, 553, 554, 552, 556, 569, 565, 552, 559, 562, - - 557, 570, 556, 555, 578, 559, 578, 573, 568, 571, - 558, 572, 0, 565, 0, 576, 569, 568, 577, 575, - 579, 576, 569, 580, 570, 559, 560, 577, 570, 581, - 560, 578, 582, 560, 601, 571, 571, 572, 572, 573, - 560, 575, 576, 560, 579, 577, 575, 579, 560, 581, - 580, 583, 586, 560, 584, 0, 581, 560, 582, 582, - 560, 601, 0, 583, 585, 587, 0, 560, 588, 589, - 560, 574, 574, 0, 574, 590, 586, 574, 583, 586, - 584, 584, 574, 590, 589, 591, 585, 587, 574, 574, - 603, 585, 587, 588, 594, 588, 589, 574, 574, 574, - - 592, 574, 590, 593, 574, 595, 596, 592, 591, 574, - 597, 593, 591, 594, 599, 574, 574, 598, 596, 0, - 600, 594, 603, 597, 602, 604, 598, 592, 605, 599, - 593, 595, 595, 596, 607, 606, 609, 597, 610, 608, - 0, 599, 600, 613, 598, 609, 602, 600, 611, 0, - 615, 602, 605, 607, 614, 605, 606, 604, 608, 612, - 610, 607, 606, 609, 616, 610, 608, 612, 611, 615, - 613, 617, 614, 619, 620, 611, 623, 615, 621, 617, - 624, 614, 622, 625, 628, 626, 612, 628, 632, 623, - 627, 619, 620, 626, 0, 625, 616, 631, 617, 0, - - 619, 620, 621, 623, 622, 621, 624, 624, 627, 622, - 625, 628, 626, 629, 633, 632, 634, 627, 639, 635, - 633, 629, 631, 636, 631, 635, 637, 638, 640, 0, - 636, 637, 647, 641, 638, 650, 639, 629, 634, 642, - 629, 633, 641, 634, 643, 639, 635, 642, 629, 644, - 636, 640, 645, 637, 638, 640, 646, 649, 652, 647, - 641, 648, 643, 659, 644, 645, 642, 650, 648, 653, - 649, 643, 656, 651, 654, 657, 644, 646, 655, 645, - 651, 657, 654, 646, 649, 658, 655, 663, 648, 661, - 652, 660, 653, 655, 656, 659, 653, 664, 661, 656, - - 651, 654, 657, 662, 664, 655, 665, 667, 668, 669, - 0, 658, 658, 655, 666, 660, 661, 662, 660, 663, - 668, 670, 672, 666, 664, 672, 673, 0, 678, 670, - 662, 675, 669, 665, 667, 668, 669, 676, 675, 673, - 0, 666, 681, 676, 681, 679, 0, 680, 670, 672, - 683, 0, 682, 673, 678, 678, 686, 685, 675, 680, - 684, 686, 683, 687, 676, 677, 0, 677, 679, 681, - 685, 677, 679, 677, 680, 682, 687, 683, 677, 682, - 688, 689, 684, 677, 685, 2133, 2133, 684, 686, 677, - 687, 690, 677, 689, 677, 691, 692, 697, 677, 695, - - 677, 690, 694, 688, 696, 677, 693, 688, 689, 692, - 677, 0, 693, 690, 2133, 694, 700, 691, 690, 701, - 695, 702, 691, 692, 697, 703, 695, 704, 690, 694, - 706, 700, 707, 693, 702, 713, 696, 699, 705, 708, - 703, 701, 699, 700, 699, 707, 701, 708, 702, 706, - 709, 710, 703, 704, 704, 699, 711, 706, 709, 707, - 705, 714, 699, 699, 699, 705, 708, 713, 715, 699, - 716, 699, 717, 719, 718, 720, 715, 709, 710, 711, - 721, 719, 699, 711, 716, 714, 723, 724, 714, 699, - 726, 732, 722, 720, 0, 715, 718, 716, 721, 727, - - 719, 718, 720, 722, 717, 724, 727, 721, 725, 728, - 730, 731, 726, 729, 724, 737, 725, 726, 723, 722, - 729, 734, 728, 732, 735, 738, 727, 737, 730, 731, - 736, 739, 735, 740, 734, 725, 728, 730, 731, 736, - 729, 741, 737, 742, 743, 746, 753, 738, 734, 747, - 744, 735, 738, 739, 747, 740, 746, 736, 739, 741, - 740, 0, 748, 749, 744, 748, 750, 751, 741, 742, - 742, 752, 746, 754, 751, 755, 743, 744, 753, 750, - 754, 747, 757, 752, 758, 756, 759, 749, 748, 748, - 749, 756, 748, 750, 751, 760, 761, 759, 752, 755, - - 754, 762, 755, 764, 757, 766, 758, 767, 765, 757, - 0, 758, 756, 759, 770, 768, 762, 760, 761, 765, - 769, 775, 760, 761, 764, 780, 766, 771, 762, 769, - 764, 772, 766, 768, 767, 765, 771, 773, 770, 772, - 776, 770, 768, 774, 773, 781, 777, 769, 783, 780, - 779, 782, 780, 775, 771, 784, 785, 774, 772, 779, - 782, 781, 776, 783, 773, 788, 0, 776, 777, 786, - 774, 787, 781, 777, 789, 783, 790, 779, 782, 791, - 0, 786, 789, 795, 794, 0, 793, 784, 785, 790, - 803, 795, 788, 787, 791, 793, 786, 796, 787, 796, - - 798, 789, 794, 790, 800, 802, 791, 801, 798, 804, - 795, 794, 802, 793, 0, 805, 0, 800, 806, 801, - 0, 811, 803, 808, 796, 807, 809, 798, 0, 810, - 812, 800, 802, 811, 801, 813, 808, 805, 812, 809, - 0, 804, 805, 806, 816, 806, 814, 807, 811, 819, - 808, 810, 807, 809, 818, 813, 810, 812, 814, 815, - 825, 817, 813, 818, 0, 820, 0, 815, 821, 824, - 819, 816, 820, 814, 817, 823, 819, 821, 830, 821, - 825, 818, 821, 827, 826, 828, 815, 825, 817, 0, - 821, 824, 820, 832, 828, 821, 824, 826, 829, 835, - - 830, 823, 823, 0, 821, 830, 821, 827, 836, 821, - 827, 826, 828, 831, 833, 832, 829, 838, 837, 839, - 832, 831, 833, 841, 842, 829, 835, 839, 0, 838, - 840, 836, 844, 846, 0, 836, 837, 852, 844, 842, - 831, 833, 840, 841, 838, 837, 839, 843, 850, 845, - 841, 842, 847, 854, 846, 843, 848, 840, 845, 844, - 846, 849, 856, 848, 847, 853, 850, 857, 849, 852, - 855, 866, 854, 0, 843, 850, 845, 855, 853, 847, - 854, 858, 857, 848, 856, 859, 858, 860, 849, 856, - 861, 864, 853, 859, 857, 862, 0, 855, 865, 0, - - 860, 0, 867, 866, 861, 864, 869, 0, 868, 0, - 0, 878, 859, 858, 860, 0, 865, 861, 864, 879, - 870, 862, 862, 863, 869, 865, 863, 863, 867, 867, - 868, 863, 873, 869, 871, 868, 872, 863, 875, 873, - 877, 863, 870, 878, 876, 863, 881, 870, 874, 877, - 863, 879, 880, 863, 863, 883, 871, 876, 863, 873, - 875, 871, 872, 872, 863, 875, 874, 877, 863, 881, - 885, 876, 887, 881, 880, 874, 888, 892, 890, 880, - 882, 883, 883, 889, 893, 882, 885, 882, 888, 882, - 892, 882, 889, 897, 895, 887, 890, 885, 882, 887, - - 894, 891, 893, 888, 892, 890, 891, 882, 894, 896, - 889, 893, 882, 895, 882, 897, 882, 898, 882, 899, - 897, 895, 896, 900, 901, 902, 901, 894, 903, 904, - 898, 905, 900, 891, 909, 907, 896, 899, 908, 910, - 912, 904, 909, 0, 898, 915, 899, 902, 913, 0, - 900, 901, 902, 921, 917, 903, 904, 911, 905, 907, - 908, 909, 907, 914, 911, 908, 910, 912, 918, 914, - 913, 916, 915, 922, 919, 913, 917, 920, 916, 921, - 921, 917, 922, 924, 911, 923, 927, 918, 925, 928, - 914, 930, 929, 931, 0, 918, 919, 932, 916, 920, - - 922, 919, 925, 924, 920, 932, 923, 934, 0, 933, - 924, 931, 923, 937, 929, 925, 938, 937, 927, 929, - 931, 928, 935, 930, 932, 933, 936, 941, 940, 935, - 942, 939, 943, 936, 934, 940, 933, 939, 0, 944, - 937, 943, 941, 942, 939, 945, 948, 947, 938, 935, - 949, 0, 945, 936, 941, 940, 947, 942, 939, 943, - 946, 951, 946, 950, 939, 944, 944, 950, 948, 957, - 953, 954, 945, 948, 947, 955, 954, 949, 953, 956, - 958, 0, 957, 951, 961, 963, 0, 946, 951, 0, - 950, 964, 958, 955, 965, 0, 957, 953, 956, 962, - - 0, 959, 955, 954, 959, 960, 956, 958, 960, 961, - 965, 961, 962, 959, 964, 966, 968, 963, 964, 967, - 967, 965, 969, 966, 970, 968, 962, 960, 959, 971, - 973, 959, 960, 970, 0, 960, 971, 975, 974, 976, - 978, 0, 966, 968, 969, 975, 967, 974, 977, 969, - 979, 970, 978, 973, 976, 980, 971, 973, 981, 982, - 984, 977, 979, 980, 975, 974, 976, 978, 983, 984, - 985, 991, 986, 988, 990, 977, 0, 979, 989, 982, - 981, 987, 980, 992, 989, 981, 982, 984, 985, 996, - 983, 993, 998, 987, 988, 983, 990, 985, 986, 986, - - 988, 990, 994, 991, 997, 989, 1002, 0, 987, 1000, - 998, 999, 1001, 0, 1003, 992, 996, 993, 993, 998, - 999, 1006, 1000, 1004, 1001, 1005, 1002, 997, 994, 994, - 1004, 997, 1007, 1002, 1008, 1015, 1000, 0, 999, 1001, - 1003, 1003, 1008, 1006, 1005, 1007, 1009, 1012, 1006, 1010, - 1004, 1009, 1005, 1011, 1010, 1012, 1013, 1014, 1017, 1007, - 1011, 1008, 1016, 1016, 1013, 1014, 1017, 1015, 1019, 1018, - 1025, 1020, 0, 0, 1012, 1024, 1025, 0, 1009, 1020, - 1011, 1010, 1027, 1013, 1014, 1017, 1021, 1022, 1024, 1016, - 1018, 1023, 1026, 1028, 1021, 1022, 1018, 1025, 1020, 1023, - - 1019, 1029, 1024, 1030, 1026, 1031, 1032, 1033, 1027, 1027, - 1035, 1040, 1039, 1021, 1022, 0, 1029, 1028, 1023, 1026, - 1028, 1033, 1034, 1039, 1035, 1041, 0, 1031, 1029, 1032, - 1030, 1036, 1031, 1032, 1033, 1036, 1038, 1035, 1040, 1039, - 1034, 1042, 1043, 1038, 1044, 1045, 1046, 1041, 1036, 1034, - 1047, 1044, 1041, 1046, 1045, 1054, 1036, 1048, 1036, 1052, - 0, 1050, 1036, 1038, 1042, 1043, 1053, 1056, 1042, 1043, - 1050, 1044, 1045, 1046, 1058, 1036, 1061, 1064, 1059, 1064, - 1062, 1052, 1047, 1063, 1048, 1065, 1052, 1054, 1050, 1059, - 1068, 1067, 1053, 1053, 1056, 1063, 1066, 1069, 1070, 0, - - 1061, 1058, 1068, 1061, 1064, 1059, 1062, 1062, 1071, 1066, - 1063, 1065, 1065, 1067, 1072, 1071, 1074, 1068, 1067, 1075, - 1076, 1070, 1073, 1066, 1069, 1070, 1077, 1073, 1076, 1079, - 1080, 1081, 1074, 1082, 1091, 1071, 0, 0, 0, 1080, - 1072, 1072, 1075, 1074, 1081, 1083, 1075, 1076, 1077, 1073, - 1086, 1087, 1090, 1077, 1084, 1085, 1079, 1080, 1081, 1082, - 1082, 1084, 1085, 1088, 1089, 1093, 1091, 1083, 1086, 1092, - 1088, 1095, 1083, 1087, 1090, 1096, 1092, 1086, 1087, 1090, - 1097, 1084, 1085, 1098, 1095, 1101, 1111, 1102, 1097, 1089, - 1088, 1089, 1100, 1103, 1104, 1100, 1092, 1093, 1095, 1106, - - 0, 1107, 1096, 1104, 1098, 1105, 1103, 1097, 1109, 1108, - 1098, 1101, 1101, 1102, 1102, 1109, 1112, 1105, 1111, 1100, - 1103, 1104, 1110, 1106, 1108, 1110, 1106, 1107, 1107, 1113, - 1116, 1114, 1105, 1117, 1118, 1109, 1108, 1110, 1112, 1115, - 1120, 1115, 1119, 1112, 1122, 0, 1110, 1113, 1120, 1110, - 1123, 1119, 1110, 1114, 1116, 1121, 1113, 1116, 1114, 1124, - 1118, 1118, 1121, 1126, 1110, 1117, 1115, 1120, 1127, 1119, - 1125, 1128, 1123, 1130, 1125, 1129, 1122, 1123, 1135, 1131, - 1130, 1132, 1121, 1133, 1129, 1126, 1131, 1136, 1134, 1169, - 1126, 1124, 1135, 1128, 1132, 1127, 1133, 1125, 1128, 1139, - - 1130, 1142, 1129, 1134, 1137, 1135, 1131, 1138, 1132, 1145, - 1133, 1137, 1139, 1143, 1138, 1134, 1140, 1144, 1146, 1136, - 1143, 1169, 1140, 1150, 1147, 0, 1139, 1152, 1142, 1148, - 1146, 1137, 1148, 1149, 1138, 1145, 1145, 1147, 1159, 1144, - 1143, 1150, 1149, 1140, 1144, 1146, 1151, 1152, 1154, 1153, - 1150, 1147, 1153, 1158, 1152, 1158, 1148, 1156, 1151, 1154, - 1149, 1160, 1156, 1161, 1162, 1159, 1164, 1153, 1165, 1156, - 1163, 1170, 1162, 1151, 1166, 1154, 1153, 1164, 1167, 1153, - 1158, 1167, 1166, 0, 1156, 1168, 1165, 1161, 1160, 1156, - 1161, 1162, 1163, 1164, 1174, 1165, 1167, 1163, 1170, 1171, - - 1172, 1166, 1173, 1168, 1175, 1167, 1171, 1174, 1167, 1176, - 1179, 1173, 1168, 1180, 1172, 1175, 1178, 1181, 1178, 1179, - 1182, 1174, 0, 1183, 1176, 1186, 1171, 1172, 1181, 1173, - 1185, 1175, 1184, 1185, 1186, 1189, 1176, 1179, 1182, 1180, - 1180, 1191, 1190, 1178, 1181, 1183, 1184, 1182, 1185, 1187, - 1183, 1190, 1186, 1192, 1187, 1193, 1194, 1185, 1184, 1184, - 1185, 1198, 1195, 1197, 1199, 1205, 0, 1189, 1191, 1190, - 1197, 0, 0, 1184, 1200, 1204, 1203, 1193, 1199, 1205, - 1200, 1187, 1193, 1195, 1203, 1192, 1206, 1209, 1194, 1195, - 1197, 1199, 1205, 1198, 1204, 1206, 1207, 1208, 1200, 1210, - - 1211, 1200, 1204, 1203, 1207, 1213, 1215, 1200, 1214, 1211, - 1210, 1208, 1216, 1206, 1217, 1214, 1218, 1220, 1222, 1209, - 1223, 1220, 1219, 1207, 1208, 0, 1210, 1211, 1225, 1215, - 1222, 1226, 1213, 1215, 1216, 1214, 1217, 1224, 1218, 1216, - 1219, 1217, 1227, 1218, 1220, 1222, 1226, 1223, 1225, 1219, - 1224, 1228, 1230, 1229, 1232, 1225, 1231, 1227, 1226, 1228, - 1229, 1233, 1234, 1232, 1224, 1236, 1235, 0, 1239, 1227, - 1240, 1231, 1238, 1242, 0, 0, 1241, 1243, 1228, 0, - 1229, 1232, 1233, 1231, 1230, 1248, 1239, 1246, 1233, 1234, - 1235, 1241, 1236, 1235, 1238, 1239, 1246, 1240, 1242, 1238, - - 1242, 1243, 1244, 1241, 1243, 1245, 1247, 1248, 1249, 1244, - 1245, 1251, 1248, 1250, 1246, 1247, 1256, 1252, 1253, 1257, - 1254, 0, 1255, 1251, 0, 1261, 1249, 1254, 1250, 1244, - 1260, 1253, 1245, 1247, 1255, 1249, 1253, 1260, 1251, 1252, - 1250, 1263, 1258, 1256, 1252, 1253, 1259, 1254, 1258, 1255, - 1264, 1257, 1261, 1262, 1259, 1265, 1264, 1260, 1253, 1267, - 1262, 1266, 1268, 1270, 1272, 1271, 1274, 1275, 1263, 1258, - 1273, 1277, 1273, 1259, 1271, 1276, 1281, 1264, 1284, 0, - 1262, 0, 1265, 1284, 1266, 0, 1268, 0, 1266, 1268, - 1274, 1267, 1271, 1274, 1275, 1270, 1272, 1273, 1278, 1278, - - 1278, 1276, 1276, 1277, 1279, 1278, 1285, 1280, 1281, 1282, - 1284, 1279, 1286, 1278, 1280, 1289, 1282, 1288, 1292, 1285, - 0, 1291, 1287, 1290, 1292, 1278, 1278, 1278, 1291, 1288, - 1293, 1279, 1278, 1285, 1280, 1295, 1282, 1286, 1287, 1286, - 1298, 1290, 1294, 1294, 1288, 1292, 1296, 1289, 1291, 1287, - 1290, 1297, 1299, 1296, 1302, 1304, 1297, 1293, 1303, 1305, - 1306, 1295, 1295, 1309, 1303, 1307, 1298, 1298, 1314, 1294, - 1317, 1305, 1302, 1296, 1308, 1308, 1310, 1310, 1297, 1299, - 1306, 1302, 1304, 1307, 1311, 1303, 1305, 1306, 1313, 1309, - 1309, 1315, 1307, 1316, 1318, 1311, 1319, 1320, 1315, 0, - - 1314, 1308, 1317, 1310, 1321, 1322, 1323, 0, 1326, 0, - 1313, 1311, 1322, 1316, 1323, 1313, 1325, 1326, 1315, 1320, - 1316, 1324, 1321, 1319, 1320, 1328, 1318, 1327, 1327, 1329, - 1330, 1321, 1322, 1323, 1332, 1326, 1324, 1333, 1337, 1335, - 1325, 1329, 1332, 1325, 1336, 1338, 1330, 1335, 1324, 1333, - 1339, 1328, 1328, 1330, 1327, 1341, 1329, 1330, 1345, 1337, - 1346, 1332, 1342, 1338, 1333, 1337, 1335, 1336, 1342, 1340, - 1343, 1336, 1338, 1330, 1340, 1347, 1348, 1339, 1349, 1344, - 1347, 1352, 1341, 1343, 1351, 1340, 1344, 1346, 1354, 1342, - 1345, 1350, 1350, 1355, 1356, 1358, 1340, 1343, 1357, 1351, - - 1357, 1340, 1360, 1354, 1361, 1363, 1344, 1347, 1348, 1356, - 1349, 1351, 1359, 1352, 1364, 1354, 1355, 1359, 1350, 1361, - 1355, 1356, 1365, 1366, 1368, 1357, 1367, 1358, 1372, 1363, - 1369, 1361, 1363, 1367, 1360, 0, 1370, 0, 1371, 1359, - 1364, 1364, 1374, 1376, 1381, 1377, 1372, 1379, 1382, 1365, - 1366, 1369, 1386, 1367, 0, 1372, 1368, 1369, 1370, 1371, - 1377, 1380, 1379, 1370, 1374, 1371, 1381, 1376, 1383, 1374, - 1376, 1381, 1377, 0, 1379, 1382, 1380, 1384, 1385, 1386, - 1387, 1389, 1393, 1388, 1390, 0, 1383, 1387, 1380, 1391, - 1389, 1392, 1390, 1394, 1397, 1383, 1401, 1407, 1396, 1384, - - 1385, 1388, 0, 1397, 1384, 1385, 1394, 1387, 1389, 1396, - 1388, 1390, 1391, 1392, 1393, 1398, 1391, 1399, 1392, 1403, - 1394, 1397, 1405, 1401, 1396, 1396, 1406, 1408, 1411, 1407, - 1403, 1409, 1412, 1398, 1405, 1399, 1396, 1408, 1410, 1406, - 1414, 1415, 1398, 1416, 1399, 0, 1403, 0, 1415, 1405, - 0, 1412, 0, 1406, 1408, 1411, 1417, 1409, 1409, 1412, - 1414, 1419, 1420, 1410, 1421, 1410, 1418, 1414, 1415, 1416, - 1416, 1424, 1418, 1423, 1417, 1426, 1419, 1420, 1428, 1421, - 1422, 1422, 1426, 1417, 1424, 1423, 1427, 1429, 1419, 1420, - 1430, 1421, 1424, 1418, 1431, 1436, 1429, 1430, 1424, 1433, - - 1423, 1427, 1426, 1432, 0, 1428, 1433, 1422, 1439, 1435, - 1437, 1424, 1438, 1427, 1429, 1441, 1442, 1430, 1431, 1437, - 1436, 1431, 1436, 1445, 1447, 1432, 1433, 1444, 1439, 1453, - 1432, 1435, 1448, 1441, 1438, 1439, 1435, 1437, 1449, 1438, - 1444, 1442, 1441, 1442, 1446, 1446, 1447, 1450, 1452, 1451, - 1445, 1447, 1455, 1456, 1444, 1452, 1454, 1448, 1451, 1448, - 1449, 1453, 1458, 1460, 1459, 1449, 1455, 1461, 0, 1450, - 1458, 1446, 1456, 1462, 1450, 1452, 1451, 1459, 1454, 1455, - 1456, 1463, 1464, 1454, 1465, 1462, 1467, 0, 1463, 1458, - 1460, 1459, 1466, 1461, 1461, 1468, 0, 1469, 1472, 1473, - - 1462, 1467, 1470, 1471, 1472, 1470, 1465, 0, 1463, 1474, - 0, 1465, 1477, 1467, 1464, 1478, 1475, 1466, 0, 1466, - 1470, 1468, 1468, 1469, 1469, 1472, 1473, 1474, 1471, 1470, - 1471, 1475, 1470, 1480, 1477, 1482, 1474, 1478, 1481, 1477, - 1483, 1489, 1478, 1475, 1482, 1481, 1488, 1480, 1485, 1487, - 1488, 1483, 1490, 1489, 1490, 1492, 1491, 1494, 1495, 1493, - 1480, 1485, 1482, 0, 1496, 1481, 1495, 1483, 1489, 1485, - 1487, 1497, 1511, 1488, 1491, 1485, 1487, 1493, 1498, 1490, - 1500, 1504, 1492, 1491, 1494, 1495, 1493, 1496, 1485, 1499, - 1501, 1496, 1498, 1497, 1499, 1506, 1507, 1501, 1497, 1500, - - 1505, 0, 1508, 1509, 1511, 1498, 1510, 1500, 1504, 1512, - 1513, 1515, 1514, 1506, 1505, 1510, 0, 1501, 1509, 1517, - 0, 1499, 1506, 1507, 1519, 1505, 1505, 1505, 1508, 1508, - 1509, 1512, 1522, 1510, 1514, 1525, 1512, 1513, 1518, 1514, - 1523, 1505, 1517, 1515, 1523, 1518, 1517, 1519, 1521, 1524, - 1521, 1519, 1505, 1528, 1522, 1526, 1529, 1525, 1527, 1522, - 1530, 1524, 1525, 0, 1526, 1518, 1531, 1523, 0, 1527, - 1532, 1532, 1530, 1533, 1537, 1521, 1524, 1537, 1535, 1529, - 1528, 1533, 1526, 1529, 1538, 1527, 1535, 1530, 1531, 1539, - 1536, 1540, 1538, 1531, 1536, 1539, 1541, 1532, 1543, 1544, - - 1533, 1537, 1541, 1545, 1550, 1535, 1540, 1546, 1551, 1547, - 1543, 1538, 1549, 0, 1548, 1553, 1539, 1536, 1540, 1554, - 1552, 1546, 1547, 1541, 1556, 1543, 1544, 1545, 1548, 1553, - 1545, 1550, 1552, 1562, 1546, 1551, 1547, 1555, 1549, 1549, - 1555, 1548, 1553, 1557, 1559, 1554, 1554, 1552, 1562, 1560, - 1561, 1556, 1563, 1564, 1565, 1555, 1560, 1561, 1566, 1567, - 1562, 1568, 1565, 1569, 1555, 1557, 1559, 1555, 1567, 1570, - 1557, 1559, 1573, 1574, 1576, 1571, 1560, 1561, 1577, 1563, - 1564, 1565, 1570, 1571, 1575, 1566, 1567, 1577, 1568, 1578, - 1569, 1579, 1575, 1580, 1573, 1581, 1570, 1583, 1582, 1573, - - 1574, 1576, 1571, 1585, 1584, 1577, 1582, 1587, 1580, 1583, - 1578, 1575, 1584, 1588, 1587, 1579, 1578, 1588, 1579, 1580, - 1580, 1589, 1581, 1590, 1583, 1582, 1591, 1593, 1592, 1595, - 1585, 1584, 1594, 1589, 1587, 1580, 1592, 1596, 1596, 1594, - 1588, 1597, 1598, 0, 1602, 1599, 1590, 1601, 1589, 1595, - 1590, 1604, 1605, 1591, 1593, 1592, 1595, 0, 1605, 1594, - 1598, 1603, 1601, 1603, 1596, 1604, 1602, 1597, 1597, 1598, - 1599, 1602, 1599, 1606, 1601, 1607, 1609, 1608, 1604, 1605, - 1610, 1611, 1614, 1612, 1617, 0, 1615, 0, 1603, 1608, - 1620, 1617, 1613, 1621, 1609, 1606, 0, 1607, 1610, 1611, - - 1606, 1612, 1607, 1609, 1608, 1613, 1619, 1610, 1611, 1615, - 1612, 1617, 1622, 1615, 1614, 1625, 1620, 1620, 1626, 1613, - 1622, 1623, 1628, 1623, 1619, 1621, 1631, 1625, 1623, 1629, - 1633, 1630, 1642, 1619, 0, 1637, 1626, 1628, 1622, 1622, - 1629, 1631, 1625, 1630, 1634, 1626, 1636, 1622, 1623, 1628, - 1623, 1639, 1635, 1631, 1633, 1641, 1629, 1633, 1630, 1635, - 1640, 1636, 1637, 1643, 1642, 1644, 1634, 1645, 0, 0, - 1646, 1634, 1648, 1636, 1647, 1649, 1653, 1641, 1639, 1635, - 1645, 1650, 1641, 1649, 1640, 1648, 1652, 1640, 1654, 1647, - 1655, 1656, 1644, 1658, 1645, 1643, 1646, 1646, 1656, 1648, - - 1653, 1647, 1649, 1653, 1657, 1659, 1658, 1650, 1650, 1652, - 1662, 1657, 1655, 1652, 1660, 1654, 1661, 1655, 1656, 1663, - 1658, 1660, 1667, 1666, 1664, 1668, 1669, 1670, 1659, 1674, - 0, 1657, 1659, 1664, 1666, 1673, 1675, 1680, 1661, 1677, - 1663, 1660, 1662, 1661, 1667, 1669, 1663, 1679, 1673, 1667, - 1666, 1664, 1670, 1669, 1670, 1674, 1674, 1668, 1676, 1676, - 1675, 1681, 1673, 1675, 1682, 1677, 1677, 1686, 1683, 1680, - 1679, 1688, 0, 1693, 1679, 1691, 1681, 1692, 1695, 1697, - 1688, 1698, 1699, 1708, 0, 1676, 1683, 1700, 1681, 0, - 1701, 1682, 1700, 1699, 1686, 1683, 1705, 1691, 1688, 1692, - - 1693, 1704, 1691, 1707, 1692, 1695, 1712, 1698, 1698, 1699, - 1703, 1697, 1701, 1709, 1700, 1708, 1704, 1701, 1703, 1710, - 1715, 1707, 1709, 1705, 1714, 0, 1716, 1717, 1704, 1718, - 1707, 1710, 1719, 1712, 1721, 1720, 1722, 1703, 1723, 0, - 1709, 1726, 1718, 1724, 0, 1719, 1710, 1715, 1716, 1729, - 1714, 1714, 1717, 1716, 1717, 1725, 1718, 1720, 1724, 1719, - 1727, 1721, 1720, 1722, 1725, 1723, 1728, 1726, 1726, 1729, - 1724, 1730, 1731, 1732, 1734, 1727, 1729, 1733, 1735, 1731, - 1738, 1728, 1725, 1737, 1733, 1741, 1730, 1727, 1736, 1736, - 1737, 1742, 1744, 1728, 1738, 1732, 1735, 1744, 1730, 1731, - - 1732, 1734, 1746, 1739, 1733, 1735, 1739, 1738, 1740, 1742, - 1737, 1741, 1741, 1743, 1747, 1736, 1745, 1748, 1742, 1744, - 1745, 1740, 1743, 1749, 1750, 1751, 1746, 1747, 1752, 1746, - 1739, 1755, 1757, 1756, 0, 1740, 0, 0, 1758, 1748, - 1743, 1747, 1756, 1745, 1748, 1749, 1758, 1780, 1757, 1760, - 1749, 1750, 1751, 1761, 1752, 1752, 1760, 1755, 1755, 1757, - 1756, 1762, 1761, 1763, 1764, 1758, 1762, 1765, 1766, 1769, - 1763, 1767, 1771, 1773, 1765, 1770, 1760, 1766, 1774, 1780, - 1761, 1771, 1764, 1772, 1778, 1773, 1779, 1774, 1762, 0, - 1763, 1764, 1775, 1770, 1765, 1766, 1769, 1767, 1767, 1771, - - 1773, 1775, 1770, 1772, 1776, 1774, 1777, 1781, 1782, 1783, - 1772, 1778, 1788, 1779, 1777, 1776, 1781, 1783, 1784, 1775, - 1782, 1785, 1786, 1789, 1787, 0, 1791, 1790, 1785, 1786, - 1793, 1776, 0, 1777, 1781, 1782, 1783, 1788, 1793, 1788, - 1784, 1795, 1801, 1802, 1805, 1784, 1787, 1810, 1785, 1786, - 1789, 1787, 1790, 1791, 1790, 1796, 1797, 1793, 1800, 1795, - 1803, 1806, 1796, 1808, 1797, 1800, 1801, 1804, 1795, 1801, - 1802, 1805, 1803, 1809, 1810, 1808, 1804, 1811, 1813, 1815, - 1817, 1816, 1796, 1797, 1806, 1800, 1819, 1803, 1806, 1816, - 1808, 1811, 1818, 1824, 1804, 1823, 1809, 1825, 1824, 1826, - - 1809, 1827, 1828, 1829, 1811, 1813, 1815, 1817, 1816, 1838, - 1831, 1825, 1830, 1819, 1818, 1828, 1832, 1826, 1831, 1818, - 1824, 1823, 1823, 1827, 1825, 1829, 1826, 1835, 1827, 1828, - 1829, 1830, 1834, 1836, 1837, 1832, 1838, 1831, 1839, 1830, - 1842, 1841, 1840, 1832, 1834, 0, 1837, 1844, 1843, 1835, - 1847, 0, 1845, 1848, 1835, 1836, 1846, 1851, 1852, 1834, - 1836, 1837, 1840, 1841, 1845, 1839, 1854, 1855, 1841, 1840, - 1843, 1851, 1842, 1844, 1844, 1843, 1853, 1847, 1846, 1845, - 1848, 1853, 1852, 1846, 1851, 1852, 1856, 1857, 1854, 1855, - 1858, 0, 1860, 1854, 1855, 1859, 1861, 1865, 1862, 0, - - 0, 1863, 1867, 0, 1860, 1866, 0, 1871, 1853, 0, - 1857, 1867, 1858, 1859, 1857, 1861, 1863, 1858, 1856, 1860, - 1862, 1865, 1859, 1861, 1865, 1862, 1868, 1866, 1863, 1867, - 1869, 1870, 1866, 1871, 1871, 1875, 1872, 1876, 1877, 1878, - 1868, 1880, 1879, 1875, 1876, 1882, 1877, 0, 1869, 1870, - 1879, 1888, 1883, 1868, 1872, 1881, 1890, 1869, 1870, 1880, - 1883, 1885, 1875, 1872, 1876, 1877, 1878, 1881, 1880, 1879, - 1887, 1889, 1882, 1885, 1888, 1891, 0, 1887, 1888, 1883, - 1894, 1895, 1881, 1890, 1892, 1904, 1897, 1898, 1885, 1899, - 0, 1901, 1906, 1910, 1891, 1895, 1912, 1887, 1894, 1906, - - 1898, 1899, 1891, 1889, 1909, 1911, 1892, 1894, 1895, 1897, - 1913, 1892, 1904, 1897, 1898, 1908, 1899, 1901, 1901, 1906, - 1910, 1914, 1908, 1912, 1916, 1917, 1915, 1918, 1919, 1911, - 1909, 1909, 1911, 1927, 1917, 1920, 1913, 1913, 1915, 1924, - 1918, 1921, 1908, 1925, 1924, 1926, 1929, 1925, 1914, 1930, - 0, 1916, 1917, 1915, 1918, 1928, 1933, 1928, 1934, 1937, - 1919, 1937, 1920, 1935, 1921, 1927, 1926, 1938, 1921, 1929, - 1925, 1924, 1926, 1929, 1939, 1939, 1930, 1934, 1933, 1941, - 1943, 1940, 1928, 1933, 1939, 1934, 1937, 1935, 1941, 1942, - 1935, 1938, 1944, 1943, 1938, 1946, 1942, 1945, 0, 1948, - - 0, 1939, 1939, 1940, 1947, 1945, 1941, 1943, 1940, 1949, - 0, 1950, 1947, 0, 1946, 1955, 1942, 1951, 1952, 1944, - 1953, 1959, 1946, 1963, 1945, 1948, 1948, 1953, 1951, 1954, - 1954, 1947, 1956, 1955, 1957, 1949, 1949, 1950, 1950, 1956, - 1952, 1957, 1955, 1960, 1951, 1952, 1961, 1953, 1959, 1964, - 1963, 1965, 1966, 1967, 1969, 1961, 1954, 1970, 0, 1956, - 1971, 1957, 1978, 1969, 1972, 1973, 0, 1960, 2001, 1964, - 1960, 1967, 1975, 1961, 1966, 1976, 1964, 1973, 1965, 1966, - 1967, 1969, 1972, 1971, 1970, 1974, 1975, 1971, 1979, 1978, - 1974, 1972, 1973, 1976, 1980, 1982, 1984, 1982, 1986, 1975, - - 2001, 1990, 1976, 1989, 1986, 1988, 1979, 0, 1995, 1980, - 1993, 1984, 1992, 1993, 0, 1979, 2004, 1974, 1998, 1990, - 1996, 1980, 1982, 1984, 1997, 1986, 1998, 1988, 1990, 1989, - 1989, 1997, 1988, 1999, 1992, 1995, 1993, 1993, 1996, 1992, - 1993, 2002, 2003, 2004, 2005, 1998, 2006, 1996, 2007, 2008, - 2009, 1997, 2006, 2005, 2010, 1999, 2010, 2011, 2008, 2013, - 1999, 2015, 2014, 2002, 2003, 2016, 2019, 2013, 2002, 2003, - 2007, 2005, 2017, 2006, 2014, 2007, 2008, 2019, 2018, 2016, - 2022, 2010, 2009, 2020, 2011, 2021, 2013, 2024, 2015, 2014, - 2027, 2020, 2016, 2019, 2028, 2017, 2018, 2023, 2023, 2017, - - 2025, 2032, 2022, 2030, 2021, 2018, 2036, 2022, 2025, 2030, - 2020, 2033, 2021, 2034, 2024, 2038, 2037, 2027, 2039, 2038, - 2041, 2028, 2033, 2037, 2023, 2045, 2039, 2025, 2032, 2044, - 2030, 2042, 2046, 2036, 2044, 2034, 2047, 2052, 2033, 2058, - 2034, 2048, 2038, 2037, 2042, 2039, 2041, 2041, 2048, 2049, - 2050, 2053, 2045, 2051, 2047, 2054, 2044, 2049, 2042, 2046, - 2051, 2059, 2060, 2047, 2052, 2050, 2057, 2061, 2048, 2056, - 2062, 2058, 2067, 2057, 2069, 2053, 2049, 2050, 2053, 2062, - 2051, 2054, 2054, 2064, 2056, 2065, 2060, 2066, 2059, 2060, - 2068, 2068, 2071, 2057, 2072, 2066, 2056, 2062, 2074, 2061, - - 2068, 2069, 2072, 2076, 2067, 2064, 2075, 2065, 2078, 2077, - 2064, 2079, 2065, 2080, 2066, 2081, 2076, 2068, 2068, 2071, - 2083, 2072, 2088, 2091, 2086, 2074, 2089, 2088, 2075, 2095, - 2076, 2077, 2086, 2075, 0, 2078, 2077, 2081, 2079, 2093, - 2080, 2092, 2081, 2094, 2099, 2096, 2093, 2083, 2100, 2088, - 2091, 2086, 2089, 2089, 2092, 2101, 2095, 2099, 2102, 2103, - 0, 2094, 2105, 2108, 0, 2107, 2093, 2096, 2092, 2105, - 2094, 2099, 2096, 2109, 2101, 2115, 2106, 2111, 2108, 0, - 2100, 2103, 2101, 2106, 2115, 2102, 2103, 2107, 2113, 2105, - 2108, 2112, 2107, 2124, 2109, 2113, 2111, 2116, 2114, 2112, - - 2109, 2119, 2115, 2106, 2111, 2114, 2117, 2117, 2116, 2125, - 0, 2118, 2122, 2130, 2126, 2113, 2117, 2118, 2112, 2122, - 2124, 2132, 2134, 2119, 2116, 2114, 2136, 2140, 2119, 2138, - 2141, 2143, 2142, 2117, 2117, 2137, 2125, 2126, 2118, 2122, - 2130, 2126, 2138, 2143, 2137, 2134, 2146, 2148, 2132, 2134, - 2141, 2145, 2149, 2136, 2140, 2142, 2138, 2141, 2143, 2142, - 2145, 2147, 2137, 2150, 2146, 2152, 2153, 2151, 2152, 2154, - 2155, 2157, 2155, 2146, 2148, 2150, 0, 2157, 2145, 2149, - 2158, 2159, 2161, 2152, 2156, 2164, 2167, 2147, 2147, 2151, - 2150, 2160, 2152, 2153, 2151, 2152, 2156, 2155, 2157, 2160, - - 2168, 2154, 2158, 2159, 2169, 2171, 2172, 2158, 2159, 2161, - 2174, 2156, 2164, 2167, 2175, 2176, 0, 2177, 2160, 2179, - 2182, 2183, 2178, 2171, 2184, 2184, 2175, 2168, 2185, 2182, - 2176, 2169, 2171, 2172, 2178, 2187, 2188, 2174, 2190, 2189, - 0, 2175, 2176, 2177, 2177, 2183, 2179, 2182, 2183, 2178, - 2191, 2184, 2189, 2193, 2185, 2185, 2203, 2199, 2191, 2187, - 2190, 2192, 2187, 2202, 2193, 2190, 2189, 2202, 2188, 2204, - 2192, 2207, 2205, 2208, 0, 2207, 2204, 2191, 2210, 2203, - 2193, 2199, 2209, 2203, 2199, 2205, 2211, 2212, 2192, 2208, - 2202, 0, 2220, 2216, 2213, 2216, 2204, 2214, 2207, 2205, - - 2208, 2212, 2213, 2210, 2209, 2210, 2214, 2215, 2218, 2209, - 2217, 2222, 2211, 2211, 2212, 2218, 2219, 2224, 2215, 2220, - 2216, 2213, 2217, 2221, 2214, 2223, 2225, 0, 2226, 2219, - 2227, 2230, 2232, 2230, 2215, 2218, 2226, 2217, 2222, 2228, - 2229, 2221, 0, 2219, 2224, 2234, 2242, 2231, 2245, 2246, - 2221, 2223, 2223, 2225, 2227, 2226, 2233, 2227, 2230, 2231, - 2235, 2228, 2229, 2237, 2232, 2243, 2228, 2229, 2235, 2233, - 2239, 2253, 2234, 2242, 2231, 2237, 2247, 2244, 2249, 2239, - 2245, 2246, 2248, 2233, 2243, 2244, 2249, 2235, 2251, 2247, - 2237, 2255, 2243, 2252, 2253, 2251, 2248, 2239, 2253, 2256, - - 2257, 2260, 2258, 2247, 2244, 2249, 2252, 2256, 2261, 2248, - 2264, 2259, 2262, 2255, 2257, 2251, 2258, 2263, 2255, 2259, - 2252, 2262, 2265, 2260, 2266, 2263, 2256, 2257, 2260, 2258, - 2261, 2267, 2270, 2268, 2269, 2261, 2271, 2264, 2259, 2262, - 2270, 2279, 2272, 2273, 2263, 2276, 0, 0, 0, 2275, - 2266, 2266, 2282, 2267, 2265, 2268, 2269, 2275, 2267, 2270, - 2268, 2269, 2285, 2277, 2272, 2276, 2278, 2280, 2271, 2272, - 2273, 2277, 2276, 2279, 2278, 2280, 2275, 2281, 2282, 2282, - 2284, 0, 2289, 2284, 2285, 2288, 2291, 2286, 2287, 2285, - 2277, 2281, 0, 2278, 2280, 2286, 2287, 2290, 2284, 2288, - - 2291, 2292, 2292, 2293, 2281, 2295, 2298, 2284, 2289, 2289, - 2284, 2296, 2288, 2291, 2286, 2287, 2300, 2294, 2297, 2290, - 2301, 2302, 2303, 0, 2290, 2294, 2298, 2299, 2292, 2293, - 2293, 2295, 2295, 2298, 2310, 2299, 2304, 2296, 2296, 2305, - 2297, 0, 2301, 2300, 2294, 2297, 2302, 2301, 2302, 2303, - 2306, 2307, 2308, 2313, 2299, 2317, 2304, 2311, 2306, 2305, - 2308, 2310, 2315, 2304, 2314, 2311, 2305, 2319, 2316, 0, - 2315, 2322, 2323, 2307, 2326, 2313, 2316, 2306, 2307, 2308, - 2313, 2317, 2317, 2324, 2311, 2320, 2314, 2327, 2321, 2315, - 2336, 2314, 2337, 2320, 2319, 2316, 2321, 2322, 2322, 2323, - - 2328, 2326, 2330, 2324, 2333, 2334, 0, 0, 2335, 0, - 2324, 0, 2320, 2334, 2327, 2321, 2335, 2336, 0, 2337, - 2328, 0, 0, 0, 2330, 0, 2333, 2328, 0, 2330, - 0, 2333, 2334, 0, 0, 2335, 2341, 2341, 2341, 2341, - 2341, 2341, 2341, 2342, 2342, 2342, 2342, 2342, 2342, 2342, - 2343, 2343, 2343, 2343, 2343, 2343, 2343, 2344, 2344, 2344, - 2344, 2344, 2344, 2344, 2345, 2345, 2345, 2345, 2345, 2345, - 2345, 2347, 2347, 0, 2347, 2347, 2347, 2347, 2348, 2348, - 0, 0, 0, 2348, 2348, 2349, 2349, 0, 0, 2349, - 0, 2349, 2350, 0, 0, 0, 0, 0, 2350, 2351, - - 2351, 0, 0, 0, 2351, 2351, 2352, 0, 0, 0, - 0, 0, 2352, 2353, 2353, 0, 2353, 2353, 2353, 2353, - 2354, 2354, 0, 2354, 2354, 2354, 2354, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, 2340, - 2340, 2340, 2340, 2340 - + 7, 7, 7, 2513, 7, 8, 8, 8, 8, 28, + 8, 9, 9, 9, 10, 10, 10, 15, 21, 47, + + 47, 15, 30, 3, 28, 52, 4, 868, 52, 5, + 19, 6, 19, 19, 30, 19, 72, 7, 63, 63, + 72, 19, 77, 8, 21, 21, 20, 20, 9, 30, + 20, 10, 11, 11, 11, 11, 11, 11, 12, 12, + 12, 12, 12, 12, 20, 24, 77, 25, 19, 77, + 20, 26, 11, 20, 20, 22, 148, 20, 12, 26, + 146, 25, 22, 41, 79, 24, 22, 35, 24, 22, + 11, 20, 24, 25, 25, 41, 12, 26, 26, 11, + 35, 22, 22, 29, 79, 12, 26, 68, 25, 22, + 41, 79, 24, 22, 35, 959, 22, 23, 84, 27, + + 68, 23, 27, 88, 23, 29, 23, 23, 88, 27, + 29, 27, 33, 80, 68, 757, 84, 32, 33, 23, + 80, 32, 27, 959, 23, 84, 27, 31, 23, 27, + 88, 23, 78, 23, 23, 31, 27, 32, 27, 33, + 80, 31, 81, 32, 32, 31, 757, 42, 32, 42, + 42, 251, 42, 31, 31, 78, 140, 140, 42, 78, + 145, 36, 31, 40, 32, 36, 81, 40, 31, 81, + 117, 40, 31, 34, 143, 36, 141, 34, 36, 58, + 251, 58, 58, 34, 58, 124, 34, 36, 36, 40, + 40, 139, 36, 34, 40, 34, 117, 117, 40, 89, + + 34, 38, 36, 38, 34, 36, 66, 89, 66, 66, + 34, 66, 38, 34, 83, 147, 147, 124, 38, 39, + 34, 37, 142, 83, 37, 142, 89, 38, 38, 39, + 38, 37, 70, 39, 39, 37, 37, 64, 59, 38, + 54, 83, 39, 37, 66, 38, 39, 69, 37, 69, + 69, 37, 69, 53, 48, 154, 39, 43, 37, 82, + 39, 39, 37, 37, 71, 85, 71, 71, 74, 71, + 74, 74, 82, 74, 86, 71, 87, 87, 85, 74, + 86, 91, 90, 82, 92, 87, 82, 154, 94, 93, + 93, 92, 85, 95, 91, 86, 96, 94, 100, 82, + + 90, 86, 95, 87, 87, 93, 74, 86, 91, 97, + 157, 92, 98, 14, 90, 94, 93, 93, 99, 96, + 95, 99, 100, 96, 101, 98, 157, 90, 13, 106, + 100, 97, 101, 102, 99, 99, 97, 157, 104, 98, + 103, 105, 99, 104, 103, 99, 104, 0, 99, 100, + 0, 101, 106, 102, 105, 102, 106, 107, 108, 109, + 102, 99, 99, 0, 103, 104, 111, 103, 105, 110, + 104, 103, 108, 111, 113, 116, 0, 107, 112, 109, + 102, 114, 116, 110, 107, 108, 109, 112, 115, 119, + 114, 118, 115, 111, 120, 119, 110, 113, 118, 121, + + 123, 113, 116, 119, 0, 112, 120, 121, 114, 122, + 115, 126, 0, 125, 123, 115, 119, 129, 118, 115, + 122, 120, 119, 127, 122, 129, 121, 123, 125, 130, + 128, 126, 127, 122, 131, 130, 122, 126, 126, 132, + 125, 128, 160, 134, 129, 131, 136, 122, 133, 137, + 127, 122, 135, 0, 160, 136, 130, 128, 126, 138, + 132, 131, 153, 133, 132, 134, 132, 135, 0, 160, + 134, 137, 138, 136, 152, 133, 137, 0, 144, 135, + 144, 144, 0, 144, 153, 158, 138, 132, 149, 153, + 149, 149, 150, 149, 150, 150, 155, 150, 152, 156, + + 159, 152, 161, 164, 158, 155, 156, 162, 159, 164, + 163, 0, 158, 166, 162, 167, 165, 0, 156, 170, + 0, 168, 0, 155, 161, 168, 156, 159, 163, 161, + 150, 0, 172, 156, 162, 164, 164, 163, 165, 166, + 166, 173, 168, 165, 175, 170, 170, 167, 0, 168, + 171, 174, 168, 0, 172, 179, 176, 0, 171, 172, + 0, 178, 177, 173, 188, 0, 174, 179, 173, 168, + 169, 0, 175, 182, 178, 169, 175, 171, 174, 176, + 169, 181, 179, 176, 177, 186, 169, 169, 178, 177, + 181, 180, 186, 169, 180, 182, 188, 169, 183, 175, + + 182, 185, 169, 189, 192, 184, 180, 169, 181, 195, + 184, 197, 186, 169, 169, 187, 190, 193, 180, 227, + 183, 180, 184, 185, 184, 183, 187, 190, 185, 189, + 189, 184, 184, 191, 196, 193, 192, 184, 198, 194, + 191, 195, 187, 197, 193, 194, 227, 199, 190, 184, + 200, 184, 201, 204, 190, 202, 196, 203, 204, 207, + 191, 196, 202, 208, 200, 209, 194, 199, 205, 206, + 198, 215, 211, 201, 199, 208, 209, 200, 203, 201, + 204, 207, 202, 206, 203, 213, 207, 205, 212, 217, + 208, 210, 209, 220, 211, 205, 206, 212, 210, 211, + + 214, 216, 216, 215, 218, 214, 221, 219, 213, 222, + 216, 218, 213, 220, 224, 212, 223, 232, 210, 0, + 220, 217, 225, 229, 223, 226, 0, 214, 216, 216, + 228, 218, 219, 230, 219, 237, 231, 225, 221, 232, + 231, 222, 233, 223, 232, 235, 224, 238, 234, 225, + 230, 226, 226, 228, 236, 229, 234, 233, 230, 241, + 230, 239, 228, 231, 235, 240, 242, 237, 0, 233, + 246, 243, 235, 244, 260, 234, 236, 230, 242, 238, + 228, 236, 244, 239, 243, 248, 245, 240, 239, 246, + 249, 241, 240, 242, 247, 252, 247, 246, 243, 245, + + 244, 250, 0, 253, 252, 254, 260, 255, 256, 248, + 258, 262, 248, 245, 257, 249, 267, 249, 255, 263, + 256, 247, 252, 261, 259, 0, 265, 250, 250, 253, + 253, 254, 254, 258, 255, 256, 261, 258, 257, 264, + 0, 257, 259, 262, 263, 266, 263, 268, 267, 269, + 261, 259, 265, 265, 268, 270, 264, 271, 269, 272, + 0, 270, 264, 273, 274, 275, 264, 266, 276, 281, + 277, 271, 266, 274, 268, 279, 269, 276, 280, 282, + 278, 0, 270, 264, 271, 272, 272, 273, 275, 278, + 273, 274, 275, 280, 283, 276, 277, 277, 285, 279, + + 287, 281, 279, 282, 284, 280, 282, 278, 286, 283, + 291, 289, 284, 284, 288, 284, 285, 0, 287, 290, + 290, 283, 284, 0, 287, 285, 289, 287, 288, 292, + 286, 284, 295, 293, 0, 286, 293, 291, 289, 284, + 284, 288, 284, 293, 290, 287, 290, 290, 296, 294, + 295, 297, 298, 292, 299, 300, 292, 0, 302, 295, + 293, 294, 301, 293, 303, 304, 296, 300, 305, 308, + 315, 303, 307, 302, 298, 296, 294, 304, 297, 298, + 299, 299, 300, 306, 301, 302, 309, 310, 314, 301, + 306, 303, 304, 310, 307, 311, 0, 311, 312, 307, + + 305, 308, 315, 322, 316, 313, 314, 329, 309, 310, + 306, 312, 329, 309, 310, 314, 322, 330, 313, 311, + 310, 313, 311, 313, 311, 312, 316, 317, 320, 313, + 322, 316, 313, 318, 320, 317, 319, 324, 330, 329, + 321, 317, 860, 319, 330, 313, 318, 327, 313, 318, + 313, 318, 321, 324, 317, 320, 325, 318, 345, 327, + 318, 324, 317, 319, 324, 331, 0, 321, 328, 325, + 0, 331, 860, 318, 327, 337, 318, 333, 318, 332, + 324, 335, 335, 325, 326, 326, 328, 332, 337, 333, + 345, 334, 331, 336, 326, 328, 326, 326, 326, 334, + + 336, 326, 337, 339, 333, 338, 332, 339, 335, 326, + 0, 326, 326, 343, 338, 340, 349, 342, 334, 341, + 336, 326, 340, 326, 326, 326, 341, 344, 326, 342, + 339, 346, 347, 352, 0, 343, 348, 338, 346, 344, + 343, 338, 340, 350, 342, 350, 341, 347, 349, 348, + 351, 353, 353, 0, 344, 352, 355, 354, 346, 347, + 352, 351, 356, 348, 354, 357, 358, 355, 0, 362, + 350, 359, 360, 356, 361, 363, 364, 351, 357, 371, + 353, 362, 372, 355, 354, 364, 363, 360, 372, 356, + 0, 358, 357, 358, 359, 360, 362, 365, 359, 360, + + 361, 361, 363, 364, 366, 367, 368, 369, 370, 372, + 365, 371, 377, 374, 360, 366, 373, 366, 376, 375, + 382, 406, 366, 367, 365, 376, 370, 379, 368, 381, + 369, 366, 367, 368, 369, 370, 374, 373, 377, 377, + 374, 375, 366, 373, 366, 376, 375, 378, 380, 379, + 383, 384, 382, 406, 379, 381, 381, 384, 385, 388, + 390, 378, 380, 386, 387, 0, 391, 389, 388, 0, + 394, 0, 0, 383, 378, 380, 392, 383, 384, 387, + 385, 386, 389, 390, 396, 385, 388, 390, 398, 393, + 386, 387, 391, 391, 389, 393, 394, 394, 392, 397, + + 399, 400, 401, 392, 403, 397, 403, 398, 400, 405, + 396, 396, 404, 403, 407, 398, 393, 401, 399, 404, + 408, 409, 405, 411, 410, 413, 397, 399, 400, 401, + 412, 403, 407, 403, 409, 414, 405, 412, 416, 404, + 0, 407, 408, 410, 420, 417, 415, 408, 409, 413, + 417, 410, 413, 419, 0, 411, 418, 412, 414, 415, + 416, 424, 418, 421, 422, 416, 420, 414, 423, 424, + 426, 420, 417, 415, 0, 421, 419, 426, 429, 423, + 419, 427, 428, 418, 453, 414, 422, 0, 424, 427, + 421, 422, 430, 428, 0, 423, 425, 426, 431, 432, + + 429, 425, 433, 425, 430, 429, 434, 0, 427, 428, + 432, 425, 433, 435, 425, 425, 453, 434, 437, 430, + 431, 425, 425, 425, 436, 431, 432, 438, 425, 438, + 425, 436, 439, 434, 433, 440, 0, 435, 425, 433, + 435, 425, 425, 442, 437, 437, 441, 440, 425, 443, + 445, 436, 462, 446, 438, 442, 447, 443, 439, 439, + 444, 441, 440, 448, 447, 444, 451, 449, 452, 456, + 442, 446, 445, 441, 454, 448, 443, 445, 455, 462, + 446, 456, 460, 447, 451, 458, 455, 444, 449, 454, + 448, 452, 461, 451, 449, 452, 456, 457, 463, 459, + + 464, 454, 465, 0, 467, 455, 457, 460, 458, 460, + 466, 461, 458, 459, 469, 464, 470, 468, 473, 461, + 477, 472, 475, 473, 457, 466, 459, 464, 467, 468, + 463, 467, 472, 474, 465, 471, 469, 466, 471, 476, + 470, 469, 478, 470, 468, 479, 471, 474, 472, 475, + 473, 480, 477, 481, 482, 483, 0, 486, 484, 481, + 474, 486, 471, 483, 485, 471, 476, 487, 489, 478, + 488, 494, 479, 0, 0, 487, 482, 484, 490, 496, + 481, 482, 483, 480, 486, 484, 491, 492, 485, 493, + 495, 485, 496, 488, 487, 491, 493, 488, 498, 497, + + 489, 490, 499, 494, 497, 490, 496, 498, 497, 492, + 500, 501, 495, 491, 492, 504, 493, 495, 502, 500, + 505, 503, 507, 497, 514, 498, 497, 504, 499, 499, + 511, 497, 506, 501, 503, 497, 509, 500, 501, 508, + 502, 511, 504, 510, 516, 502, 507, 513, 503, 507, + 506, 514, 505, 512, 515, 516, 519, 511, 509, 506, + 517, 508, 508, 509, 518, 510, 508, 512, 520, 513, + 510, 516, 515, 521, 513, 517, 522, 519, 525, 526, + 512, 515, 523, 519, 527, 529, 524, 517, 508, 530, + 528, 523, 520, 533, 530, 520, 518, 521, 522, 524, + + 521, 526, 535, 522, 531, 532, 526, 529, 537, 523, + 525, 536, 529, 524, 528, 534, 527, 528, 531, 532, + 535, 530, 538, 534, 539, 533, 536, 543, 540, 535, + 541, 531, 532, 540, 542, 536, 542, 538, 536, 544, + 537, 0, 534, 545, 558, 0, 539, 544, 596, 538, + 546, 539, 543, 536, 543, 547, 541, 541, 548, 546, + 540, 542, 550, 549, 547, 551, 544, 548, 545, 550, + 545, 549, 553, 552, 554, 557, 558, 546, 555, 556, + 596, 0, 547, 554, 553, 548, 555, 557, 551, 550, + 549, 552, 551, 566, 556, 559, 560, 0, 561, 553, + + 552, 554, 557, 559, 560, 555, 556, 561, 562, 563, + 568, 564, 0, 565, 0, 0, 566, 562, 563, 564, + 566, 567, 559, 560, 569, 561, 568, 573, 574, 567, + 570, 572, 575, 0, 571, 562, 563, 568, 564, 565, + 565, 570, 571, 576, 577, 572, 569, 573, 567, 579, + 574, 569, 575, 578, 573, 574, 580, 570, 572, 575, + 581, 571, 578, 582, 583, 576, 577, 584, 585, 579, + 576, 577, 588, 581, 580, 586, 579, 590, 587, 583, + 578, 582, 589, 580, 592, 588, 601, 581, 589, 584, + 582, 583, 585, 591, 584, 585, 587, 593, 586, 588, + + 595, 591, 586, 597, 590, 587, 598, 599, 595, 589, + 597, 592, 600, 602, 603, 593, 611, 0, 601, 591, + 591, 600, 599, 603, 593, 616, 611, 595, 591, 598, + 597, 605, 602, 598, 599, 604, 622, 604, 605, 600, + 602, 603, 608, 611, 615, 619, 614, 620, 616, 617, + 0, 0, 616, 0, 608, 618, 624, 629, 605, 621, + 620, 619, 604, 606, 614, 615, 621, 606, 622, 608, + 606, 615, 619, 614, 620, 617, 617, 606, 624, 626, + 606, 618, 618, 624, 629, 606, 621, 0, 626, 625, + 606, 627, 0, 627, 606, 625, 628, 606, 0, 0, + + 632, 630, 0, 631, 606, 633, 626, 606, 623, 623, + 0, 623, 632, 0, 623, 634, 625, 636, 627, 623, + 628, 630, 637, 628, 635, 623, 623, 632, 630, 631, + 631, 633, 633, 640, 623, 623, 623, 634, 623, 636, + 638, 623, 634, 643, 636, 644, 623, 637, 635, 637, + 639, 635, 623, 623, 641, 638, 640, 642, 639, 647, + 640, 641, 643, 645, 0, 642, 646, 638, 647, 649, + 643, 644, 644, 648, 650, 645, 652, 639, 653, 646, + 654, 641, 655, 0, 642, 0, 647, 656, 648, 662, + 645, 649, 657, 646, 658, 659, 649, 662, 652, 663, + + 648, 650, 660, 652, 659, 661, 655, 666, 656, 655, + 653, 657, 654, 658, 656, 664, 662, 665, 0, 657, + 667, 658, 659, 669, 660, 661, 663, 670, 667, 660, + 672, 671, 661, 664, 674, 673, 665, 675, 676, 666, + 678, 669, 664, 678, 665, 670, 676, 667, 673, 675, + 669, 677, 672, 682, 670, 671, 681, 672, 671, 0, + 674, 674, 673, 679, 675, 676, 683, 678, 685, 677, + 684, 679, 683, 0, 685, 686, 690, 687, 677, 692, + 682, 681, 686, 681, 687, 691, 688, 679, 692, 689, + 679, 688, 684, 683, 690, 685, 689, 684, 679, 693, + + 694, 696, 686, 690, 687, 695, 692, 693, 691, 696, + 697, 699, 691, 688, 698, 700, 689, 701, 694, 706, + 695, 705, 700, 697, 701, 703, 693, 694, 696, 702, + 703, 708, 695, 704, 705, 698, 702, 697, 699, 707, + 704, 698, 700, 712, 701, 709, 707, 710, 705, 711, + 715, 706, 703, 713, 716, 710, 702, 711, 717, 713, + 704, 714, 719, 708, 711, 712, 707, 717, 709, 718, + 712, 721, 709, 723, 710, 724, 711, 725, 716, 720, + 713, 716, 715, 718, 711, 717, 720, 714, 714, 725, + 722, 726, 727, 728, 719, 723, 718, 727, 721, 722, + + 723, 729, 724, 732, 725, 731, 720, 735, 731, 729, + 737, 739, 738, 735, 726, 728, 732, 722, 726, 727, + 728, 741, 734, 739, 740, 0, 740, 756, 729, 734, + 732, 0, 731, 742, 735, 738, 737, 737, 739, 738, + 743, 745, 744, 0, 741, 742, 745, 0, 741, 734, + 736, 740, 736, 746, 756, 744, 736, 751, 736, 747, + 742, 0, 743, 736, 748, 749, 746, 743, 736, 744, + 751, 750, 752, 745, 736, 749, 748, 736, 752, 736, + 746, 753, 747, 736, 751, 736, 747, 749, 754, 755, + 736, 748, 749, 750, 753, 736, 758, 759, 750, 752, + + 764, 0, 749, 760, 0, 759, 768, 762, 753, 754, + 763, 0, 760, 764, 765, 754, 766, 767, 770, 0, + 772, 755, 762, 775, 759, 768, 770, 764, 758, 765, + 760, 761, 763, 768, 762, 769, 761, 763, 761, 767, + 776, 765, 766, 766, 767, 770, 771, 772, 769, 761, + 761, 773, 777, 779, 771, 775, 761, 761, 761, 780, + 777, 778, 769, 761, 776, 761, 782, 776, 785, 783, + 788, 784, 781, 771, 773, 778, 761, 761, 773, 777, + 781, 780, 784, 761, 782, 779, 780, 783, 778, 786, + 790, 792, 788, 782, 787, 793, 783, 788, 784, 781, + + 785, 789, 787, 790, 791, 794, 796, 786, 789, 792, + 0, 791, 797, 793, 798, 799, 786, 790, 792, 796, + 797, 787, 793, 798, 800, 801, 802, 799, 789, 804, + 805, 791, 803, 796, 808, 0, 812, 794, 809, 797, + 806, 798, 799, 809, 811, 808, 800, 801, 802, 812, + 803, 800, 801, 802, 806, 804, 804, 810, 813, 803, + 810, 808, 805, 812, 814, 813, 815, 806, 811, 817, + 809, 811, 816, 819, 818, 820, 814, 821, 829, 816, + 818, 822, 0, 810, 810, 813, 826, 810, 821, 823, + 824, 814, 830, 817, 828, 819, 817, 820, 815, 816, + + 819, 818, 820, 822, 821, 824, 831, 826, 822, 827, + 829, 823, 838, 826, 832, 828, 823, 824, 833, 830, + 827, 828, 834, 832, 831, 836, 835, 839, 840, 837, + 0, 834, 836, 831, 835, 841, 827, 843, 844, 845, + 846, 832, 833, 837, 838, 833, 843, 848, 0, 834, + 840, 847, 836, 835, 850, 840, 837, 841, 846, 839, + 847, 849, 841, 850, 843, 851, 845, 846, 852, 853, + 844, 848, 854, 0, 848, 855, 856, 849, 847, 857, + 851, 850, 858, 859, 854, 861, 862, 857, 849, 864, + 867, 864, 851, 872, 861, 858, 870, 855, 859, 854, + + 852, 853, 855, 856, 862, 869, 857, 863, 870, 858, + 859, 866, 861, 862, 871, 863, 864, 867, 869, 866, + 872, 873, 874, 870, 875, 876, 877, 0, 873, 0, + 879, 880, 869, 878, 863, 0, 871, 881, 866, 887, + 0, 871, 883, 879, 880, 884, 0, 876, 873, 882, + 883, 877, 876, 877, 874, 878, 875, 879, 880, 881, + 878, 882, 885, 886, 881, 884, 887, 888, 889, 883, + 890, 886, 884, 894, 885, 891, 882, 889, 902, 897, + 888, 895, 891, 898, 896, 0, 902, 892, 0, 885, + 886, 890, 897, 901, 888, 889, 892, 890, 892, 894, + + 894, 892, 891, 895, 896, 902, 897, 898, 895, 892, + 898, 896, 899, 900, 892, 901, 903, 906, 904, 907, + 901, 899, 908, 892, 910, 892, 904, 913, 892, 908, + 909, 900, 911, 0, 0, 913, 912, 0, 903, 899, + 900, 907, 916, 903, 906, 904, 907, 910, 912, 908, + 911, 910, 909, 914, 913, 915, 917, 909, 918, 911, + 921, 922, 916, 912, 919, 920, 918, 915, 914, 916, + 919, 917, 923, 922, 920, 925, 927, 924, 929, 923, + 914, 921, 915, 917, 924, 918, 932, 921, 922, 930, + 928, 919, 920, 925, 935, 933, 930, 929, 931, 923, + + 933, 932, 925, 928, 924, 929, 934, 935, 927, 936, + 0, 937, 941, 932, 934, 0, 930, 928, 939, 943, + 931, 935, 940, 936, 942, 931, 953, 933, 0, 0, + 0, 954, 939, 934, 0, 951, 936, 937, 937, 938, + 940, 943, 938, 938, 941, 939, 943, 938, 951, 940, + 942, 942, 0, 938, 944, 945, 946, 938, 953, 947, + 948, 938, 951, 954, 952, 956, 938, 948, 950, 938, + 938, 949, 944, 952, 938, 955, 0, 945, 946, 958, + 938, 944, 945, 946, 938, 947, 947, 948, 956, 949, + 950, 952, 956, 960, 0, 950, 962, 955, 949, 963, + + 965, 0, 955, 957, 964, 958, 958, 968, 957, 960, + 957, 963, 957, 964, 957, 967, 969, 966, 965, 962, + 960, 957, 966, 962, 969, 968, 963, 965, 967, 970, + 957, 964, 971, 972, 968, 957, 974, 957, 973, 957, + 977, 957, 967, 969, 975, 971, 978, 980, 970, 966, + 976, 973, 976, 975, 974, 972, 970, 979, 981, 971, + 972, 0, 977, 974, 983, 973, 986, 977, 984, 979, + 985, 975, 987, 978, 980, 988, 989, 976, 985, 987, + 990, 991, 992, 981, 979, 981, 990, 991, 983, 993, + 984, 983, 994, 986, 997, 984, 993, 985, 989, 987, + + 995, 998, 988, 989, 1000, 999, 0, 990, 991, 992, + 1002, 1001, 1008, 1003, 994, 1005, 993, 1009, 997, 994, + 1004, 997, 1003, 998, 999, 995, 1000, 995, 998, 1006, + 1010, 1000, 999, 1001, 1011, 1005, 1002, 1002, 1001, 1020, + 1003, 1004, 1005, 1006, 1008, 1012, 1013, 1004, 1014, 1009, + 1015, 1016, 1010, 1018, 1013, 1019, 1006, 1010, 1016, 1019, + 1018, 1022, 1024, 1012, 1014, 0, 1011, 1027, 1023, 1024, + 1025, 1020, 1012, 1013, 1023, 1014, 1027, 1015, 1016, 1026, + 1018, 1023, 1019, 1028, 1029, 1025, 1030, 1031, 1030, 1024, + 1032, 1029, 1026, 1022, 1027, 1023, 1031, 1025, 1033, 1034, + + 1035, 1023, 1039, 1034, 1040, 1041, 1026, 1037, 0, 1028, + 1028, 1029, 1032, 1030, 1031, 1037, 1038, 1032, 1041, 1045, + 1039, 1038, 1035, 1040, 1042, 1033, 1034, 1035, 1046, 1039, + 1043, 1040, 1041, 1043, 1037, 1048, 1042, 1044, 1047, 1050, + 1044, 1046, 1043, 0, 1045, 1049, 1045, 1050, 1038, 1051, + 1051, 1042, 1053, 0, 1052, 1046, 1054, 1043, 1048, 1044, + 1043, 1049, 1048, 1052, 1044, 1054, 1050, 1044, 1055, 1057, + 1047, 1058, 1049, 1059, 1053, 1055, 1051, 1061, 1060, 1053, + 1058, 1052, 1057, 1054, 1062, 1064, 1061, 1063, 0, 0, + 1065, 1069, 1062, 1064, 1066, 1055, 1057, 1067, 1058, 1059, + + 1059, 1060, 1063, 1065, 1061, 1060, 1066, 1068, 1070, 1067, + 1071, 1062, 1064, 1069, 1063, 1068, 1072, 1065, 1069, 1074, + 1073, 1066, 1084, 1076, 1067, 1072, 1078, 1075, 1070, 1079, + 1077, 1080, 1071, 1081, 1068, 1070, 1077, 1071, 1073, 1075, + 1082, 1085, 0, 1072, 1076, 1074, 1074, 1073, 1078, 1084, + 1076, 1086, 1090, 1078, 1075, 1091, 1087, 1077, 1088, 1081, + 1081, 1079, 1089, 1080, 1085, 1087, 1082, 1082, 1085, 1086, + 1092, 1088, 1090, 1093, 1089, 1095, 1094, 1092, 1086, 1090, + 1099, 1091, 1091, 1087, 1103, 1088, 1096, 1099, 1095, 1089, + 1097, 1098, 1093, 1100, 1096, 1097, 1098, 1092, 1094, 0, + + 1093, 1100, 1095, 1094, 1101, 1106, 1102, 1099, 1104, 1104, + 1105, 1107, 1101, 1096, 1102, 1115, 1103, 1108, 1105, 1109, + 1100, 1110, 1097, 1098, 1113, 1108, 1106, 1109, 1111, 1110, + 1113, 1101, 1106, 1102, 1112, 1104, 1111, 1105, 1114, 1116, + 1118, 1115, 1115, 1107, 1108, 1117, 1109, 1112, 1110, 1119, + 1114, 1113, 1120, 1124, 1121, 1111, 1122, 1124, 1128, 1123, + 1117, 1112, 1126, 1116, 1135, 1114, 1116, 1118, 1121, 1126, + 1124, 1119, 1117, 1123, 1122, 1120, 1119, 1127, 1124, 1120, + 1124, 1121, 0, 1122, 1124, 1128, 1123, 1129, 1127, 1126, + 1130, 1132, 1131, 1133, 1134, 1136, 1135, 1124, 1132, 1138, + + 1140, 1134, 1133, 1141, 1127, 1142, 1140, 1143, 1138, 1129, + 1145, 1147, 0, 1130, 1129, 1131, 1151, 1130, 1132, 1131, + 1133, 1134, 1136, 1148, 1149, 1141, 1138, 1140, 1152, 1156, + 1141, 1142, 1142, 1155, 1148, 1149, 1153, 1145, 1147, 1143, + 1151, 1156, 1153, 1151, 1154, 1157, 1160, 1157, 1158, 1159, + 1148, 1149, 1161, 1162, 1152, 1152, 1156, 1165, 1163, 1155, + 1155, 0, 1159, 1153, 1161, 1168, 1154, 0, 1160, 1170, + 1164, 1154, 1157, 1160, 1158, 1158, 1159, 1164, 1167, 1161, + 1162, 1163, 1166, 1165, 1165, 1163, 1172, 1166, 1168, 1176, + 1169, 1170, 1168, 1173, 1167, 1174, 1170, 1164, 1169, 1175, + + 1178, 1177, 1173, 1179, 1182, 1167, 1180, 1178, 1174, 1166, + 1179, 1182, 1175, 1172, 1181, 1176, 1176, 1169, 1183, 1185, + 1173, 1187, 1174, 1177, 1180, 1184, 1175, 1178, 1177, 1189, + 1179, 1182, 1186, 1180, 1190, 1197, 1181, 1192, 1191, 1186, + 1195, 1181, 1189, 1183, 1196, 1183, 1191, 1184, 1197, 1200, + 1225, 1185, 1184, 1187, 1194, 0, 1189, 1194, 1192, 1186, + 1198, 1190, 1197, 1199, 1192, 1191, 1195, 1195, 1201, 1198, + 1196, 1196, 1203, 1200, 1202, 1199, 1200, 1225, 1205, 1203, + 1206, 1194, 1204, 1211, 1210, 1204, 1207, 1198, 0, 1202, + 1199, 1209, 1208, 1209, 1201, 1201, 1212, 1204, 1214, 1203, + + 1213, 1202, 1206, 1215, 1207, 0, 1204, 1206, 1210, 1204, + 1205, 1210, 1204, 1207, 1208, 1211, 0, 1215, 1209, 1208, + 1214, 1217, 1212, 1212, 1204, 1214, 1213, 1213, 1216, 1217, + 1215, 1218, 1219, 1220, 1221, 1222, 1223, 1216, 1218, 0, + 1223, 0, 1227, 1228, 1224, 1229, 1226, 1230, 1217, 1231, + 1228, 1227, 1229, 1234, 0, 1216, 1221, 0, 1218, 0, + 1230, 1221, 1231, 1223, 1219, 1220, 1224, 1222, 1226, 1227, + 1228, 1224, 1229, 1226, 1230, 1232, 1231, 1233, 1238, 1235, + 1236, 1237, 1240, 0, 1238, 1234, 1235, 1236, 1241, 1242, + 1232, 1233, 1243, 1246, 1237, 1241, 1246, 0, 1244, 1245, + + 0, 0, 1232, 1248, 1233, 1238, 1235, 1236, 1237, 1240, + 1244, 1242, 1245, 1247, 1250, 1241, 1242, 1249, 1243, 1243, + 1246, 1248, 1247, 1257, 1251, 1244, 1245, 1251, 1252, 1249, + 1248, 1254, 1258, 1256, 1250, 1256, 1254, 1259, 1260, 1252, + 1247, 1250, 1251, 1254, 1249, 1261, 1260, 1267, 1263, 1268, + 1257, 1251, 0, 1265, 1251, 1252, 1265, 1262, 1254, 1258, + 1256, 1259, 1264, 1254, 1259, 1260, 1263, 1261, 1262, 1266, + 1264, 1265, 1261, 1271, 1269, 1263, 1268, 1270, 1274, 1267, + 1265, 1269, 1271, 1265, 1262, 1272, 1273, 1266, 1276, 1264, + 1276, 1270, 1278, 1274, 1277, 1279, 1266, 1273, 1272, 1280, + + 1271, 1269, 1281, 1277, 1270, 1274, 1279, 1283, 1287, 1282, + 1283, 1284, 1272, 1273, 1289, 1276, 1290, 1280, 1278, 1278, + 1284, 1277, 1279, 1282, 1281, 1283, 1280, 1285, 1292, 1281, + 1288, 1291, 1285, 1297, 1283, 1282, 1282, 1283, 1284, 1288, + 1287, 1289, 1293, 1296, 1295, 1307, 0, 1298, 1290, 1299, + 1282, 1295, 1312, 1291, 1302, 1299, 1296, 1288, 1291, 1285, + 1292, 1298, 1302, 1293, 1303, 1297, 1304, 1306, 0, 1293, + 1296, 1295, 1303, 1299, 1298, 1305, 1299, 1307, 1308, 1309, + 1306, 1302, 1299, 1311, 1312, 1304, 1316, 1310, 1309, 1305, + 1313, 1303, 1308, 1304, 1306, 1310, 1317, 1311, 1314, 1318, + + 1322, 1313, 1305, 1317, 0, 1308, 1309, 1314, 1319, 1320, + 1311, 1321, 1323, 1316, 1310, 1326, 1323, 1313, 1322, 0, + 1325, 1327, 1318, 1317, 1328, 1314, 1318, 1322, 1330, 1327, + 1319, 1320, 1325, 1321, 1329, 1319, 1320, 1328, 1321, 1323, + 1334, 1331, 1326, 1330, 1332, 0, 1333, 1325, 1327, 1335, + 1336, 1328, 1332, 1333, 1329, 1330, 1331, 1337, 1338, 1336, + 1340, 1329, 1339, 1343, 1335, 1344, 1342, 1345, 1331, 0, + 1346, 1332, 1334, 1333, 1347, 1349, 1335, 1336, 1337, 0, + 1349, 1343, 1345, 1352, 1337, 1338, 1339, 1340, 1342, 1339, + 1343, 1350, 1344, 1342, 1345, 1346, 1348, 1346, 1347, 1351, + + 1350, 1347, 1349, 1348, 1353, 1352, 1354, 1355, 1351, 1358, + 1352, 1357, 1360, 1356, 1361, 1359, 1358, 1363, 1350, 1355, + 1365, 1354, 1353, 1348, 1357, 1363, 1351, 1359, 1366, 1357, + 1367, 1353, 1368, 1354, 1355, 1356, 1358, 1362, 1357, 1360, + 1356, 1364, 1359, 1362, 1363, 1365, 1361, 1365, 1364, 1369, + 1370, 1357, 1371, 1373, 1366, 1366, 1369, 1367, 1371, 1368, + 1372, 1374, 1375, 1378, 1362, 1376, 1372, 1380, 1364, 1379, + 1381, 1385, 1381, 1383, 1382, 1387, 1369, 1370, 1379, 1371, + 1373, 1384, 1387, 1388, 1374, 1389, 1390, 1372, 1374, 1376, + 1388, 1394, 1376, 1390, 1375, 1378, 1379, 1381, 1382, 1380, + + 1383, 1382, 1387, 1385, 1386, 1386, 1386, 1384, 1384, 1392, + 1388, 1386, 1393, 1390, 1392, 1396, 1394, 1389, 1394, 1386, + 1395, 1397, 1398, 1399, 1401, 1393, 0, 1396, 1400, 1407, + 1399, 1386, 1386, 1386, 1400, 1403, 1395, 1406, 1386, 1393, + 1398, 1392, 1396, 1402, 1402, 1404, 1412, 1395, 1410, 1398, + 1399, 1401, 1404, 1397, 1405, 1400, 1407, 1413, 1414, 1405, + 0, 1403, 1403, 1406, 1406, 1411, 1410, 1417, 1415, 1413, + 1402, 1411, 1404, 1412, 1421, 1410, 1416, 1416, 1414, 1418, + 1418, 1405, 1423, 1422, 1413, 1414, 1415, 1419, 1425, 1423, + 1424, 1426, 1411, 1417, 1417, 1415, 1421, 1427, 1419, 1428, + + 1429, 1421, 0, 1416, 1430, 1431, 1418, 1432, 0, 1423, + 1424, 1430, 1433, 1431, 1419, 1422, 1434, 1424, 1429, 1436, + 1425, 1428, 1432, 1426, 1427, 1434, 1428, 1429, 1435, 1435, + 1437, 1430, 1431, 1438, 1432, 1441, 1433, 1445, 1444, 1433, + 1440, 1446, 1437, 1434, 1443, 1436, 1436, 1441, 1440, 1438, + 1447, 1448, 1443, 1450, 0, 1435, 1438, 1437, 1445, 1446, + 1438, 1444, 1441, 1451, 1445, 1444, 1452, 1440, 1446, 1451, + 1449, 1443, 1455, 1456, 1448, 1449, 1438, 1447, 1448, 1452, + 1450, 1453, 1454, 1457, 1459, 1461, 1449, 1458, 1453, 1454, + 1451, 1460, 1458, 1452, 1462, 1465, 1460, 1449, 1463, 1463, + + 1456, 1464, 1449, 1458, 1455, 1467, 1457, 1468, 1453, 1454, + 1457, 1459, 1471, 1470, 1458, 1470, 1464, 1461, 1469, 1458, + 1467, 1473, 1474, 1460, 1472, 1463, 1462, 1465, 1464, 1472, + 1468, 1477, 1467, 1469, 1468, 1476, 1479, 1474, 1478, 1480, + 1470, 1481, 1482, 1486, 1471, 1469, 1483, 0, 1481, 1474, + 1484, 1472, 1490, 1473, 1485, 1477, 1488, 1476, 1477, 0, + 1495, 1486, 1476, 1479, 1478, 1478, 1480, 1483, 1481, 1491, + 1486, 1493, 1484, 1483, 1482, 1485, 1490, 1484, 1488, 1490, + 1494, 1485, 1495, 1488, 1491, 1496, 1493, 1495, 1497, 1498, + 1500, 1499, 1501, 1507, 1503, 1494, 1491, 1504, 1493, 1501, + + 1505, 1508, 1502, 1503, 1506, 1504, 1497, 1494, 1518, 1525, + 0, 1498, 1496, 1499, 1508, 1497, 1498, 1500, 1499, 1501, + 1502, 1503, 1510, 1505, 1504, 1507, 1506, 1505, 1508, 1502, + 1511, 1506, 1512, 1510, 1513, 1518, 1514, 1526, 0, 1511, + 1515, 1525, 1520, 1524, 1521, 1529, 1523, 1526, 1510, 1510, + 1512, 1514, 1513, 1520, 1515, 1521, 1524, 1511, 1523, 1512, + 1510, 1513, 1527, 1514, 1526, 1528, 1530, 1515, 1533, 1520, + 1524, 1521, 1529, 1523, 1532, 1533, 1534, 1536, 1535, 0, + 1540, 1540, 1537, 1536, 1538, 1530, 1541, 1542, 1527, 1527, + 1528, 1539, 1528, 1530, 1532, 1533, 1535, 1537, 1541, 1538, + + 1542, 1532, 1534, 1534, 1536, 1535, 1539, 1540, 1542, 1537, + 1544, 1538, 1546, 1541, 1542, 1545, 1547, 1544, 1539, 1548, + 1549, 1551, 1555, 1550, 0, 1547, 1548, 1542, 1551, 1553, + 1545, 1555, 1554, 1556, 1557, 1559, 0, 1544, 1560, 1546, + 1563, 0, 1545, 1547, 1549, 1550, 1548, 1549, 1551, 1555, + 1550, 1553, 1565, 1559, 1557, 1556, 1553, 1554, 1562, 1554, + 1556, 1557, 1559, 1560, 1566, 1560, 1567, 1563, 1564, 1564, + 1568, 1562, 1569, 1570, 1565, 1571, 1572, 1577, 1576, 1565, + 1570, 1569, 1573, 1574, 1578, 1562, 1576, 1579, 1567, 1566, + 1577, 1566, 1568, 1567, 1580, 1564, 1573, 1568, 1572, 1569, + + 1570, 1581, 1574, 1572, 1577, 1576, 1580, 1571, 1581, 1573, + 1574, 1578, 1582, 1579, 1579, 1583, 1584, 0, 1585, 0, + 1586, 1580, 1587, 0, 0, 1590, 1589, 1591, 1581, 0, + 0, 1590, 1588, 1585, 0, 1588, 1596, 1583, 1592, 1597, + 1593, 1584, 1583, 1584, 1582, 1585, 1586, 1586, 1587, 1587, + 1588, 1589, 1590, 1589, 1591, 1593, 1592, 1595, 1596, 1588, + 1599, 1597, 1588, 1596, 1600, 1592, 1597, 1593, 1601, 1602, + 1603, 1600, 1595, 1605, 1599, 1615, 1606, 1601, 1602, 1607, + 0, 1603, 1613, 1611, 1595, 1612, 1609, 1599, 1605, 1612, + 1614, 1600, 1614, 1615, 1613, 1601, 1602, 1603, 1606, 1609, + + 1605, 1607, 1615, 1606, 1611, 1616, 1607, 1609, 1618, 1613, + 1611, 1617, 1612, 1609, 1619, 1621, 1620, 1614, 1623, 1622, + 1624, 1625, 1619, 1623, 1626, 1629, 1609, 0, 1632, 1617, + 1633, 1626, 1616, 1622, 1634, 1618, 1631, 1621, 1617, 1620, + 1625, 1619, 1621, 1620, 1624, 1630, 1622, 1624, 1625, 1634, + 1623, 1626, 1629, 1635, 1631, 1632, 1633, 1633, 1636, 1630, + 1637, 1634, 1635, 1631, 1638, 0, 1639, 1640, 1643, 1642, + 1630, 1630, 1630, 0, 1646, 1643, 1646, 1644, 1652, 1648, + 1635, 1647, 1637, 1648, 0, 1650, 1630, 1637, 1639, 1652, + 1636, 1638, 1642, 1639, 1653, 1643, 1642, 1630, 1649, 1640, + + 1644, 1646, 1651, 1647, 1644, 1652, 1648, 1650, 1647, 1654, + 1649, 1651, 1650, 1656, 1655, 1657, 1657, 1659, 1660, 1658, + 1662, 1653, 1663, 1668, 0, 1649, 1655, 1658, 1662, 1651, + 1663, 1665, 1654, 1664, 1665, 1656, 1654, 1664, 1668, 1659, + 1656, 1655, 1657, 1666, 1659, 1660, 1658, 1662, 1667, 1663, + 1668, 1666, 1671, 1669, 1667, 1672, 1675, 1673, 1665, 1669, + 1664, 1677, 1674, 1676, 1671, 1678, 1679, 0, 1682, 1675, + 1666, 0, 1681, 1680, 0, 1667, 1674, 1676, 1684, 1671, + 1669, 1673, 1672, 1675, 1673, 1680, 1681, 1677, 1677, 1674, + 1676, 1685, 1678, 1679, 1682, 1682, 1688, 1687, 1683, 1681, + + 1680, 1683, 1689, 1688, 1691, 1684, 1690, 1692, 1694, 1689, + 1696, 1697, 1693, 1685, 1698, 1702, 1683, 1695, 1685, 1687, + 1693, 1690, 1699, 1688, 1687, 1683, 1695, 1698, 1683, 1689, + 1699, 1691, 1701, 1690, 1692, 1694, 1704, 1696, 1697, 1693, + 1703, 1698, 1702, 1705, 1695, 1706, 1709, 1707, 1703, 1699, + 1708, 0, 1705, 1710, 1701, 1713, 1711, 1715, 1716, 1701, + 1719, 1710, 1716, 1704, 1715, 1708, 1706, 1703, 1711, 1717, + 1705, 1707, 1706, 1709, 1707, 1718, 1708, 1708, 1712, 1721, + 1710, 1717, 1713, 1711, 1715, 1716, 1712, 1719, 1722, 1720, + 1723, 1726, 1708, 1724, 1724, 1722, 1717, 1720, 1718, 1725, + + 1730, 0, 1718, 1727, 1729, 1712, 1721, 1731, 0, 1726, + 1723, 1732, 0, 1732, 1735, 1722, 1720, 1723, 1726, 1729, + 1724, 1733, 1730, 1736, 1737, 1725, 1725, 1730, 1727, 1731, + 1727, 1729, 1738, 1734, 1731, 1733, 1735, 1742, 1732, 1734, + 1739, 1735, 1741, 1743, 1738, 1736, 1737, 1740, 1733, 1740, + 1736, 1737, 1746, 1744, 1745, 1742, 1741, 1747, 1752, 1738, + 1734, 1743, 1739, 1748, 1742, 1746, 1750, 1739, 1753, 1741, + 1743, 1744, 1745, 1750, 1740, 1754, 1752, 1758, 0, 1746, + 1744, 1745, 0, 1755, 1760, 1752, 1748, 1759, 1764, 1747, + 1748, 1755, 0, 1750, 1753, 1753, 1756, 1762, 1756, 1759, + + 1764, 1771, 1760, 1756, 1758, 1763, 1765, 1754, 1768, 1755, + 1755, 1760, 1762, 1767, 1759, 1764, 1763, 1773, 1755, 1769, + 1776, 1765, 1778, 1756, 1762, 1756, 1769, 1770, 1771, 1774, + 1768, 0, 1763, 1765, 1777, 1768, 1775, 1767, 1779, 0, + 1767, 1780, 1770, 1784, 1773, 1781, 1769, 1783, 1782, 1778, + 1786, 1779, 1776, 1774, 1770, 1783, 1774, 1787, 1775, 1788, + 1781, 1782, 1791, 1775, 1799, 1779, 1777, 1780, 1780, 1784, + 1784, 1789, 1781, 1786, 1783, 1782, 1790, 1786, 1795, 1796, + 1793, 1787, 1798, 1790, 1787, 1791, 1788, 1793, 1794, 1791, + 1797, 1795, 1800, 1789, 1804, 1794, 1799, 1797, 1789, 1801, + + 1803, 1805, 1796, 1790, 1798, 1795, 1796, 1793, 1801, 1798, + 1806, 1803, 1817, 1800, 1807, 1794, 1804, 1797, 1810, 1800, + 1811, 1804, 1813, 1813, 1812, 1818, 1801, 1803, 1814, 1806, + 1816, 1810, 1819, 1805, 1823, 1830, 1832, 1806, 1820, 1807, + 1818, 1807, 1828, 1834, 1817, 1810, 1811, 1811, 1812, 1813, + 1829, 1812, 1818, 1816, 1814, 1814, 1820, 1816, 1825, 1819, + 1835, 1823, 1830, 1832, 1828, 1820, 1837, 1825, 1836, 1828, + 1838, 1837, 1829, 1840, 1841, 1834, 1842, 1829, 1844, 1836, + 1845, 1840, 1846, 1849, 1852, 1825, 1835, 1835, 1851, 1841, + 1847, 1846, 1838, 1837, 1853, 1836, 1844, 1838, 1854, 0, + + 1840, 1841, 1847, 1842, 1857, 1844, 1855, 1856, 1858, 1846, + 1849, 1852, 1845, 1859, 1851, 1851, 1853, 1847, 1860, 1855, + 1856, 1853, 1861, 1854, 1862, 1854, 1857, 1863, 0, 1864, + 1867, 1857, 1865, 1855, 1856, 1858, 1863, 1866, 1868, 1862, + 1859, 1869, 1871, 1873, 1874, 1860, 1870, 1876, 1872, 1861, + 1873, 1862, 1866, 1875, 1863, 1864, 1864, 1867, 1865, 1865, + 1875, 1870, 1871, 1872, 1866, 1868, 1874, 1877, 1869, 1871, + 1873, 1874, 1879, 1870, 1876, 1872, 1878, 1878, 1880, 1879, + 1875, 1881, 1882, 1884, 1881, 1877, 1883, 1886, 1887, 1891, + 1893, 1890, 1880, 1887, 1877, 1882, 1886, 1889, 1888, 1879, + + 1892, 1884, 1888, 1878, 1890, 1880, 1894, 0, 1881, 1882, + 1884, 1891, 1883, 1883, 1886, 1887, 1891, 1893, 1890, 1895, + 1899, 1889, 1892, 1898, 1889, 1888, 1900, 1892, 1901, 1899, + 1903, 1904, 1912, 1894, 1905, 1914, 1901, 1903, 1907, 1905, + 1904, 1906, 1900, 1909, 1908, 1895, 1895, 1899, 1906, 1898, + 1898, 1908, 1909, 1900, 1910, 1901, 1907, 1903, 1904, 1912, + 1913, 1905, 1914, 1915, 1916, 1907, 1917, 1918, 1906, 1923, + 1909, 1908, 1915, 1916, 1919, 1920, 1924, 1921, 1913, 1918, + 1910, 1910, 1925, 1919, 1920, 0, 1917, 1913, 1921, 1922, + 1915, 1916, 1928, 1917, 1918, 1929, 1923, 1922, 1926, 1927, + + 1928, 1919, 1920, 1924, 1921, 1930, 1931, 1926, 1932, 1933, + 1934, 1927, 1930, 1931, 1925, 1935, 1922, 1929, 1936, 1928, + 1938, 1940, 1929, 0, 1941, 1926, 1927, 1947, 1938, 1946, + 1932, 1941, 1930, 1931, 1933, 1932, 1933, 1934, 1942, 1940, + 1935, 1950, 1935, 1945, 1951, 1936, 1942, 1938, 1940, 1948, + 1945, 1941, 1954, 1946, 1947, 1949, 1946, 1953, 1955, 1956, + 1958, 1948, 1960, 1962, 1949, 1942, 1961, 1951, 1950, 1953, + 1945, 1951, 1963, 1956, 1961, 1954, 1948, 1964, 1970, 1954, + 1969, 1971, 1949, 1970, 1953, 1955, 1956, 1958, 1972, 1960, + 1962, 1973, 1977, 1961, 1963, 1971, 0, 1978, 1979, 1963, + + 0, 0, 1972, 1980, 1964, 1970, 1969, 1969, 1971, 1973, + 1978, 1984, 1982, 1981, 1977, 1972, 1987, 1988, 1973, 1977, + 1979, 1981, 1980, 1984, 1978, 1979, 1985, 1986, 1987, 1989, + 1980, 1982, 1990, 1991, 1992, 1993, 0, 1994, 1984, 1982, + 1981, 1997, 1998, 1987, 1988, 1996, 1995, 2001, 1985, 1986, + 2006, 2002, 1990, 1985, 1986, 1991, 1989, 1993, 1995, 1990, + 1991, 2001, 1993, 1994, 1994, 2003, 1992, 1996, 1997, 1998, + 2003, 2004, 1996, 1995, 2001, 2002, 0, 2005, 2002, 2007, + 2010, 2008, 2006, 2009, 0, 2013, 2011, 2012, 0, 2017, + 0, 2015, 2010, 2004, 0, 2018, 0, 2003, 2004, 2005, + + 2013, 2009, 2007, 2008, 2005, 2011, 2007, 2010, 2008, 2012, + 2009, 2017, 2013, 2011, 2012, 2015, 2017, 2018, 2015, 2019, + 2020, 2021, 2018, 2022, 0, 2023, 2024, 2027, 2019, 2028, + 2029, 2030, 2031, 2033, 2020, 2027, 2028, 2032, 2029, 2021, + 2031, 2022, 2034, 2041, 2024, 2033, 2019, 2020, 2021, 2037, + 2022, 2023, 2023, 2024, 2027, 2032, 2028, 2029, 2030, 2031, + 2033, 2037, 2035, 2040, 2032, 2039, 2042, 2046, 2043, 2034, + 2035, 2050, 2039, 0, 2044, 2041, 2037, 2047, 2056, 2049, + 0, 2053, 0, 0, 2050, 2046, 2040, 2043, 2051, 2035, + 2040, 2047, 2039, 2042, 2046, 2043, 2044, 2061, 2050, 2062, + + 2051, 2044, 2049, 2058, 2047, 2056, 2049, 2053, 2053, 2060, + 2058, 2063, 2065, 2064, 2067, 2051, 2060, 2066, 2069, 2068, + 2070, 2071, 2072, 2061, 2061, 2073, 2062, 2077, 2074, 2070, + 2058, 2068, 2077, 2080, 2071, 2079, 2060, 2064, 2063, 2065, + 2064, 2067, 2083, 2066, 2066, 2069, 2068, 2070, 2071, 2078, + 2082, 2074, 2073, 2078, 2072, 2074, 2079, 2086, 2081, 2077, + 2081, 2087, 2079, 2088, 2090, 2080, 2090, 2093, 2091, 2083, + 2097, 2092, 2092, 2082, 2094, 2095, 2078, 2082, 2098, 2086, + 2087, 2092, 2095, 2094, 2086, 2081, 2098, 2088, 2087, 2093, + 2088, 2090, 2091, 2096, 2093, 2091, 2099, 2097, 2092, 2092, + + 2100, 2094, 2095, 2101, 2106, 2098, 2096, 2102, 2100, 2103, + 0, 2104, 2107, 2105, 2109, 2099, 2108, 2108, 2110, 2107, + 2096, 2111, 2113, 2099, 2105, 2110, 2106, 2100, 2111, 2101, + 2101, 2106, 2109, 2102, 2102, 2103, 2103, 2104, 2104, 2107, + 2105, 2109, 2114, 2108, 2115, 2110, 2117, 2118, 2111, 2113, + 2119, 2123, 2121, 2115, 2120, 2124, 2128, 2125, 2129, 0, + 2123, 2128, 2132, 2127, 0, 2126, 2114, 2118, 2130, 2114, + 2121, 2115, 2129, 2117, 2118, 2127, 2120, 2119, 2123, 2121, + 2125, 2120, 2124, 2126, 2125, 2129, 2130, 2133, 2128, 2132, + 2127, 2134, 2126, 2139, 2137, 2130, 2137, 2141, 0, 2144, + + 2143, 2145, 0, 2141, 2150, 2133, 2134, 2147, 2139, 2148, + 2152, 2156, 2148, 0, 2133, 2151, 2164, 2152, 2134, 2145, + 2139, 2137, 2143, 2154, 2141, 2144, 2144, 2143, 2145, 2147, + 2153, 2150, 2157, 2151, 2147, 2148, 2148, 2152, 2153, 2148, + 2158, 2159, 2151, 2156, 2160, 2154, 2161, 2162, 2164, 2163, + 2154, 2166, 2161, 2160, 2157, 2170, 2168, 2153, 2163, 2157, + 2169, 2165, 2158, 2165, 2168, 2171, 2172, 2158, 2159, 2162, + 2175, 2160, 2169, 2161, 2162, 2173, 2163, 2174, 2166, 2171, + 2172, 2175, 2170, 2168, 2177, 2178, 2176, 2169, 2165, 2179, + 2179, 2180, 2171, 2172, 2176, 2174, 2183, 2175, 2173, 2184, + + 2181, 2188, 2173, 2177, 2174, 0, 2189, 2178, 2181, 2186, + 2190, 2177, 2178, 2176, 2192, 2186, 2179, 2189, 2180, 2197, + 2194, 2198, 2193, 2183, 2194, 2201, 2184, 2181, 2188, 2193, + 2195, 2202, 2190, 2189, 2198, 2200, 2186, 2190, 2195, 2206, + 2200, 2192, 2203, 2204, 2208, 2197, 2197, 2194, 2198, 2193, + 2204, 2205, 2201, 2209, 2206, 2210, 2207, 2195, 2202, 2205, + 2203, 2212, 2200, 2207, 2214, 2213, 2206, 2215, 2220, 2203, + 2204, 2208, 2213, 2216, 2217, 2218, 2212, 2209, 2205, 2223, + 2209, 2210, 2210, 2207, 2218, 2221, 0, 2225, 2212, 2227, + 2220, 2222, 2213, 2228, 2215, 2220, 2214, 2216, 2230, 2222, + + 2216, 2228, 2218, 2224, 2224, 2231, 2217, 2221, 2233, 2235, + 0, 2223, 2221, 2224, 2225, 2232, 2227, 2234, 2222, 2236, + 2228, 2233, 2237, 2238, 2240, 2230, 2243, 2248, 2245, 2257, + 2224, 2224, 2231, 2245, 2243, 2233, 2235, 2232, 2246, 2234, + 2250, 2251, 2232, 2249, 2234, 2238, 2236, 2250, 2252, 2237, + 2238, 2240, 2253, 2243, 2248, 2245, 2249, 2258, 2256, 2251, + 2259, 2257, 2262, 2265, 2246, 2246, 2260, 2250, 2251, 2262, + 2249, 2256, 2264, 2263, 2253, 2252, 2258, 2266, 2265, 2253, + 2263, 2273, 2268, 2269, 2258, 2256, 0, 2259, 2260, 2262, + 2265, 2269, 2273, 2260, 2264, 2270, 2271, 2272, 2266, 2264, + + 2263, 2268, 2270, 2271, 2266, 2276, 2272, 2275, 2273, 2268, + 2269, 2274, 2274, 2275, 2282, 2283, 2288, 2284, 2279, 2290, + 2294, 2274, 2270, 2271, 2272, 2279, 2292, 2276, 2291, 2291, + 0, 2298, 2276, 0, 2275, 2296, 2299, 2300, 2274, 2274, + 2284, 2282, 2283, 2288, 2284, 2279, 2290, 2294, 2296, 2292, + 2295, 2304, 2303, 2292, 2301, 2306, 2299, 2291, 2298, 2295, + 2300, 2303, 2296, 2299, 2300, 2305, 2301, 2307, 2308, 2304, + 2310, 2309, 2312, 2310, 2313, 2314, 2313, 2295, 2304, 2303, + 2308, 2301, 2306, 2316, 2311, 2317, 2319, 2314, 2310, 2311, + 2315, 2305, 2305, 2309, 2307, 2308, 2315, 2310, 2309, 2322, + + 2310, 2313, 2314, 2318, 2312, 2316, 2325, 2317, 2326, 2327, + 2316, 2318, 2317, 2319, 2329, 2330, 2311, 2315, 2332, 2333, + 0, 2335, 2334, 2337, 0, 2340, 2322, 2336, 0, 2341, + 2318, 2333, 2329, 2325, 2340, 2326, 2327, 2334, 2343, 2336, + 2347, 2329, 2330, 2342, 2342, 2332, 2333, 2335, 2335, 2334, + 2337, 2344, 2340, 2341, 2336, 2346, 2341, 2351, 2348, 2349, + 2344, 2350, 2352, 2358, 2343, 2343, 2351, 2363, 2362, 2350, + 2342, 2348, 2347, 2352, 2363, 2369, 2361, 2368, 2344, 2346, + 2361, 2349, 2346, 2364, 2351, 2348, 2349, 2358, 2350, 2352, + 2358, 2362, 2367, 2366, 2363, 2362, 2364, 2366, 2371, 2368, + + 2369, 2370, 2369, 2361, 2368, 2375, 2373, 2372, 2367, 2374, + 2364, 2377, 0, 2370, 2373, 2376, 2375, 2376, 2374, 2367, + 2366, 2372, 2378, 2377, 2371, 2371, 2379, 2380, 2370, 2378, + 2381, 2382, 2375, 2373, 2372, 2383, 2374, 2384, 2377, 2379, + 2385, 2388, 2376, 2386, 2389, 2387, 2393, 2390, 2381, 2378, + 2394, 2386, 2387, 2379, 2380, 2395, 2403, 2381, 2382, 2404, + 0, 2383, 2383, 2394, 2384, 2388, 2389, 2385, 2388, 2390, + 2386, 2389, 2387, 2391, 2390, 2391, 2392, 2394, 2393, 2396, + 2398, 2400, 2395, 2403, 2410, 2404, 2404, 2396, 2392, 2406, + 2400, 2405, 2398, 2407, 2408, 2413, 2409, 2406, 2410, 0, + + 2391, 2414, 2413, 2392, 2411, 2418, 2396, 2398, 2400, 2409, + 2405, 2410, 2411, 2415, 2414, 2423, 2406, 2417, 2405, 2420, + 2421, 2419, 2413, 2409, 2417, 2407, 2408, 2418, 2414, 2419, + 2422, 2411, 2418, 2420, 2421, 2426, 2415, 2423, 2422, 2424, + 2415, 2425, 2423, 2426, 2417, 2427, 2420, 2421, 2419, 2428, + 2425, 2429, 2430, 2431, 0, 2432, 2435, 2422, 0, 2433, + 2437, 2424, 2426, 2436, 0, 2434, 2424, 0, 2425, 2441, + 2439, 2428, 2427, 2434, 2444, 2431, 2428, 2432, 2430, 2430, + 2431, 2433, 2432, 2429, 2446, 2436, 2433, 2437, 2435, 2441, + 2436, 2440, 2434, 2439, 2442, 2443, 2441, 2439, 2446, 2440, + + 2445, 2449, 2442, 2443, 2447, 2454, 2444, 2450, 2445, 2452, + 2450, 2446, 2453, 2451, 0, 2455, 2456, 2452, 2440, 2454, + 2453, 2442, 2443, 2459, 2459, 2450, 2460, 2445, 2449, 2462, + 2447, 2447, 2454, 2457, 2450, 2451, 2452, 2450, 2456, 2453, + 2451, 2455, 2455, 2456, 2463, 2464, 2461, 2457, 2465, 2466, + 2459, 2467, 2460, 2460, 2461, 2462, 2462, 2466, 2468, 2469, + 2457, 2470, 2471, 2472, 2477, 2474, 2473, 2464, 2465, 2475, + 2463, 2463, 2464, 2461, 2473, 2465, 2466, 2475, 2467, 2480, + 2468, 2481, 2471, 2472, 2469, 2468, 2469, 2474, 2470, 2471, + 2472, 2477, 2474, 2473, 2478, 2486, 2475, 2482, 2490, 2483, + + 2491, 2480, 2478, 2481, 2484, 2482, 2480, 2483, 2481, 2487, + 2488, 0, 2489, 2493, 2494, 2495, 2503, 2487, 2488, 0, + 2491, 2478, 2486, 2497, 2482, 2490, 2483, 2491, 2504, 2500, + 2484, 2484, 0, 0, 0, 2495, 2487, 2488, 2489, 2489, + 2493, 2494, 2495, 2503, 2501, 2497, 2502, 0, 0, 0, + 2497, 2500, 2501, 0, 2502, 2504, 2500, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 2501, 0, 2502, 2508, 2508, 2508, 2508, 2508, 2508, + 2508, 2509, 2509, 2509, 2509, 2509, 2509, 2509, 2510, 2510, + 2510, 2510, 2510, 2510, 2510, 2511, 2511, 2511, 2511, 2511, + + 2511, 2511, 2512, 2512, 2512, 2512, 2512, 2512, 2512, 2514, + 2514, 0, 2514, 2514, 2514, 2514, 2515, 2515, 0, 0, + 0, 2515, 2515, 2516, 2516, 0, 0, 2516, 0, 2516, + 2517, 0, 0, 0, 0, 0, 2517, 2518, 2518, 0, + 0, 0, 2518, 2518, 2519, 0, 0, 0, 0, 0, + 2519, 2520, 2520, 0, 2520, 2520, 2520, 2520, 2521, 2521, + 0, 2521, 2521, 2521, 2521, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, 2507, + 2507, 2507 } ; static yy_state_type yy_last_accepting_state; @@ -2739,7 +2892,6 @@ char *yytext; #endif #include <ctype.h> -#include <string.h> #include <strings.h> #ifdef HAVE_GLOB_H # include <glob.h> @@ -2906,7 +3058,7 @@ static void config_end_include(void) #endif #define YY_NO_INPUT 1 -#line 187 "util/configlexer.lex" +#line 186 "util/configlexer.lex" #ifndef YY_NO_UNPUT #define YY_NO_UNPUT 1 #endif @@ -2914,7 +3066,7 @@ static void config_end_include(void) #define YY_NO_INPUT 1 #endif -#line 2916 "<stdout>" +#line 3068 "<stdout>" #define INITIAL 0 #define quotedstring 1 @@ -3135,9 +3287,9 @@ YY_DECL } { -#line 207 "util/configlexer.lex" +#line 206 "util/configlexer.lex" -#line 3139 "<stdout>" +#line 3291 "<stdout>" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -3170,13 +3322,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2341 ) + if ( yy_current_state >= 2508 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (flex_int16_t) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 6728 ); + while ( yy_base[yy_current_state] != 7166 ); yy_find_action: yy_act = yy_accept[yy_current_state]; @@ -3202,1131 +3354,1216 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 208 "util/configlexer.lex" +#line 207 "util/configlexer.lex" { LEXOUT(("SP ")); /* ignore */ } YY_BREAK case 2: YY_RULE_SETUP -#line 210 "util/configlexer.lex" +#line 209 "util/configlexer.lex" { /* note that flex makes the longest match and '.' is any but not nl */ LEXOUT(("comment(%s) ", yytext)); /* ignore */ } YY_BREAK case 3: YY_RULE_SETUP -#line 213 "util/configlexer.lex" +#line 212 "util/configlexer.lex" { YDVAR(0, VAR_SERVER) } YY_BREAK case 4: YY_RULE_SETUP -#line 214 "util/configlexer.lex" +#line 213 "util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION) } YY_BREAK case 5: YY_RULE_SETUP -#line 215 "util/configlexer.lex" +#line 214 "util/configlexer.lex" { YDVAR(1, VAR_QNAME_MINIMISATION_STRICT) } YY_BREAK case 6: YY_RULE_SETUP -#line 216 "util/configlexer.lex" +#line 215 "util/configlexer.lex" { YDVAR(1, VAR_NUM_THREADS) } YY_BREAK case 7: YY_RULE_SETUP -#line 217 "util/configlexer.lex" +#line 216 "util/configlexer.lex" { YDVAR(1, VAR_VERBOSITY) } YY_BREAK case 8: YY_RULE_SETUP -#line 218 "util/configlexer.lex" +#line 217 "util/configlexer.lex" { YDVAR(1, VAR_PORT) } YY_BREAK case 9: YY_RULE_SETUP -#line 219 "util/configlexer.lex" +#line 218 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_RANGE) } YY_BREAK case 10: YY_RULE_SETUP -#line 220 "util/configlexer.lex" +#line 219 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_PERMIT) } YY_BREAK case 11: YY_RULE_SETUP -#line 221 "util/configlexer.lex" +#line 220 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_PORT_AVOID) } YY_BREAK case 12: YY_RULE_SETUP -#line 222 "util/configlexer.lex" +#line 221 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_NUM_TCP) } YY_BREAK case 13: YY_RULE_SETUP -#line 223 "util/configlexer.lex" +#line 222 "util/configlexer.lex" { YDVAR(1, VAR_INCOMING_NUM_TCP) } YY_BREAK case 14: YY_RULE_SETUP -#line 224 "util/configlexer.lex" +#line 223 "util/configlexer.lex" { YDVAR(1, VAR_DO_IP4) } YY_BREAK case 15: YY_RULE_SETUP -#line 225 "util/configlexer.lex" +#line 224 "util/configlexer.lex" { YDVAR(1, VAR_DO_IP6) } YY_BREAK case 16: YY_RULE_SETUP -#line 226 "util/configlexer.lex" +#line 225 "util/configlexer.lex" { YDVAR(1, VAR_PREFER_IP6) } YY_BREAK case 17: YY_RULE_SETUP -#line 227 "util/configlexer.lex" +#line 226 "util/configlexer.lex" { YDVAR(1, VAR_DO_UDP) } YY_BREAK case 18: YY_RULE_SETUP -#line 228 "util/configlexer.lex" +#line 227 "util/configlexer.lex" { YDVAR(1, VAR_DO_TCP) } YY_BREAK case 19: YY_RULE_SETUP -#line 229 "util/configlexer.lex" +#line 228 "util/configlexer.lex" { YDVAR(1, VAR_TCP_UPSTREAM) } YY_BREAK case 20: YY_RULE_SETUP -#line 230 "util/configlexer.lex" +#line 229 "util/configlexer.lex" { YDVAR(1, VAR_TCP_MSS) } YY_BREAK case 21: YY_RULE_SETUP -#line 231 "util/configlexer.lex" +#line 230 "util/configlexer.lex" { YDVAR(1, VAR_OUTGOING_TCP_MSS) } YY_BREAK case 22: YY_RULE_SETUP -#line 232 "util/configlexer.lex" +#line 231 "util/configlexer.lex" { YDVAR(1, VAR_SSL_UPSTREAM) } YY_BREAK case 23: YY_RULE_SETUP +#line 232 "util/configlexer.lex" +{ YDVAR(1, VAR_SSL_UPSTREAM) } + YY_BREAK +case 24: +YY_RULE_SETUP #line 233 "util/configlexer.lex" { YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK -case 24: +case 25: YY_RULE_SETUP #line 234 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_SERVICE_PEM) } +{ YDVAR(1, VAR_SSL_SERVICE_KEY) } YY_BREAK -case 25: +case 26: YY_RULE_SETUP #line 235 "util/configlexer.lex" -{ YDVAR(1, VAR_SSL_PORT) } +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK -case 26: +case 27: YY_RULE_SETUP #line 236 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_SYSTEMD) } +{ YDVAR(1, VAR_SSL_SERVICE_PEM) } YY_BREAK -case 27: +case 28: YY_RULE_SETUP #line 237 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_DAEMONIZE) } +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK -case 28: +case 29: YY_RULE_SETUP #line 238 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_SSL_PORT) } YY_BREAK -case 29: +case 30: YY_RULE_SETUP #line 239 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE) } +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK -case 30: +case 31: YY_RULE_SETUP #line 240 "util/configlexer.lex" -{ YDVAR(1, VAR_OUTGOING_INTERFACE) } +{ YDVAR(1, VAR_TLS_CERT_BUNDLE) } YY_BREAK -case 31: +case 32: YY_RULE_SETUP #line 241 "util/configlexer.lex" -{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } +{ YDVAR(1, VAR_USE_SYSTEMD) } YY_BREAK -case 32: +case 33: YY_RULE_SETUP #line 242 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_RCVBUF) } +{ YDVAR(1, VAR_DO_DAEMONIZE) } YY_BREAK -case 33: +case 34: YY_RULE_SETUP #line 243 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_SNDBUF) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK -case 34: +case 35: YY_RULE_SETUP #line 244 "util/configlexer.lex" -{ YDVAR(1, VAR_SO_REUSEPORT) } +{ YDVAR(1, VAR_INTERFACE) } YY_BREAK -case 35: +case 36: YY_RULE_SETUP #line 245 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_TRANSPARENT) } +{ YDVAR(1, VAR_OUTGOING_INTERFACE) } YY_BREAK -case 36: +case 37: YY_RULE_SETUP #line 246 "util/configlexer.lex" -{ YDVAR(1, VAR_IP_FREEBIND) } +{ YDVAR(1, VAR_INTERFACE_AUTOMATIC) } YY_BREAK -case 37: +case 38: YY_RULE_SETUP #line 247 "util/configlexer.lex" -{ YDVAR(1, VAR_CHROOT) } +{ YDVAR(1, VAR_SO_RCVBUF) } YY_BREAK -case 38: +case 39: YY_RULE_SETUP #line 248 "util/configlexer.lex" -{ YDVAR(1, VAR_USERNAME) } +{ YDVAR(1, VAR_SO_SNDBUF) } YY_BREAK -case 39: +case 40: YY_RULE_SETUP #line 249 "util/configlexer.lex" -{ YDVAR(1, VAR_DIRECTORY) } +{ YDVAR(1, VAR_SO_REUSEPORT) } YY_BREAK -case 40: +case 41: YY_RULE_SETUP #line 250 "util/configlexer.lex" -{ YDVAR(1, VAR_LOGFILE) } +{ YDVAR(1, VAR_IP_TRANSPARENT) } YY_BREAK -case 41: +case 42: YY_RULE_SETUP #line 251 "util/configlexer.lex" -{ YDVAR(1, VAR_PIDFILE) } +{ YDVAR(1, VAR_IP_FREEBIND) } YY_BREAK -case 42: +case 43: YY_RULE_SETUP #line 252 "util/configlexer.lex" -{ YDVAR(1, VAR_ROOT_HINTS) } +{ YDVAR(1, VAR_CHROOT) } YY_BREAK -case 43: +case 44: YY_RULE_SETUP #line 253 "util/configlexer.lex" -{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } +{ YDVAR(1, VAR_USERNAME) } YY_BREAK -case 44: +case 45: YY_RULE_SETUP #line 254 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } +{ YDVAR(1, VAR_DIRECTORY) } YY_BREAK -case 45: +case 46: YY_RULE_SETUP #line 255 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SIZE) } +{ YDVAR(1, VAR_LOGFILE) } YY_BREAK -case 46: +case 47: YY_RULE_SETUP #line 256 "util/configlexer.lex" -{ YDVAR(1, VAR_MSG_CACHE_SLABS) } +{ YDVAR(1, VAR_PIDFILE) } YY_BREAK -case 47: +case 48: YY_RULE_SETUP #line 257 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } +{ YDVAR(1, VAR_ROOT_HINTS) } YY_BREAK -case 48: +case 49: YY_RULE_SETUP #line 258 "util/configlexer.lex" -{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } +{ YDVAR(1, VAR_EDNS_BUFFER_SIZE) } YY_BREAK -case 49: +case 50: YY_RULE_SETUP #line 259 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_TTL) } +{ YDVAR(1, VAR_MSG_BUFFER_SIZE) } YY_BREAK -case 50: +case 51: YY_RULE_SETUP #line 260 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } +{ YDVAR(1, VAR_MSG_CACHE_SIZE) } YY_BREAK -case 51: +case 52: YY_RULE_SETUP #line 261 "util/configlexer.lex" -{ YDVAR(1, VAR_CACHE_MIN_TTL) } +{ YDVAR(1, VAR_MSG_CACHE_SLABS) } YY_BREAK -case 52: +case 53: YY_RULE_SETUP #line 262 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_HOST_TTL) } +{ YDVAR(1, VAR_RRSET_CACHE_SIZE) } YY_BREAK -case 53: +case 54: YY_RULE_SETUP #line 263 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_LAME_TTL) } +{ YDVAR(1, VAR_RRSET_CACHE_SLABS) } YY_BREAK -case 54: +case 55: YY_RULE_SETUP #line 264 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } +{ YDVAR(1, VAR_CACHE_MAX_TTL) } YY_BREAK -case 55: +case 56: YY_RULE_SETUP #line 265 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } +{ YDVAR(1, VAR_CACHE_MAX_NEGATIVE_TTL) } YY_BREAK -case 56: +case 57: YY_RULE_SETUP #line 266 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } +{ YDVAR(1, VAR_CACHE_MIN_TTL) } YY_BREAK -case 57: +case 58: YY_RULE_SETUP #line 267 "util/configlexer.lex" -{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } +{ YDVAR(1, VAR_INFRA_HOST_TTL) } YY_BREAK -case 58: +case 59: YY_RULE_SETUP #line 268 "util/configlexer.lex" -{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } +{ YDVAR(1, VAR_INFRA_LAME_TTL) } YY_BREAK -case 59: +case 60: YY_RULE_SETUP #line 269 "util/configlexer.lex" -{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } +{ YDVAR(1, VAR_INFRA_CACHE_SLABS) } YY_BREAK -case 60: +case 61: YY_RULE_SETUP #line 270 "util/configlexer.lex" -{ YDVAR(1, VAR_DELAY_CLOSE) } +{ YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) } YY_BREAK -case 61: +case 62: YY_RULE_SETUP #line 271 "util/configlexer.lex" -{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } +{ YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) } YY_BREAK -case 62: +case 63: YY_RULE_SETUP #line 272 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } +{ YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) } YY_BREAK -case 63: +case 64: YY_RULE_SETUP #line 273 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } +{ YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) } YY_BREAK -case 64: +case 65: YY_RULE_SETUP #line 274 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_GLUE) } +{ YDVAR(1, VAR_JOSTLE_TIMEOUT) } YY_BREAK -case 65: +case 66: YY_RULE_SETUP #line 275 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } +{ YDVAR(1, VAR_DELAY_CLOSE) } YY_BREAK -case 66: +case 67: YY_RULE_SETUP #line 276 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } +{ YDVAR(1, VAR_TARGET_FETCH_POLICY) } YY_BREAK -case 67: +case 68: YY_RULE_SETUP #line 277 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } +{ YDVAR(1, VAR_HARDEN_SHORT_BUFSIZE) } YY_BREAK -case 68: +case 69: YY_RULE_SETUP #line 278 "util/configlexer.lex" -{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } +{ YDVAR(1, VAR_HARDEN_LARGE_QUERIES) } YY_BREAK -case 69: +case 70: YY_RULE_SETUP #line 279 "util/configlexer.lex" -{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } +{ YDVAR(1, VAR_HARDEN_GLUE) } YY_BREAK -case 70: +case 71: YY_RULE_SETUP #line 280 "util/configlexer.lex" -{ YDVAR(1, VAR_CAPS_WHITELIST) } +{ YDVAR(1, VAR_HARDEN_DNSSEC_STRIPPED) } YY_BREAK -case 71: +case 72: YY_RULE_SETUP #line 281 "util/configlexer.lex" -{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } +{ YDVAR(1, VAR_HARDEN_BELOW_NXDOMAIN) } YY_BREAK -case 72: +case 73: YY_RULE_SETUP #line 282 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_ADDRESS) } +{ YDVAR(1, VAR_HARDEN_REFERRAL_PATH) } YY_BREAK -case 73: +case 74: YY_RULE_SETUP #line 283 "util/configlexer.lex" -{ YDVAR(1, VAR_PRIVATE_DOMAIN) } +{ YDVAR(1, VAR_HARDEN_ALGO_DOWNGRADE) } YY_BREAK -case 74: +case 75: YY_RULE_SETUP #line 284 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH_KEY) } +{ YDVAR(1, VAR_USE_CAPS_FOR_ID) } YY_BREAK -case 75: +case 76: YY_RULE_SETUP #line 285 "util/configlexer.lex" -{ YDVAR(1, VAR_PREFETCH) } +{ YDVAR(1, VAR_CAPS_WHITELIST) } YY_BREAK -case 76: +case 77: YY_RULE_SETUP #line 286 "util/configlexer.lex" -{ YDVAR(0, VAR_STUB_ZONE) } +{ YDVAR(1, VAR_UNWANTED_REPLY_THRESHOLD) } YY_BREAK -case 77: +case 78: YY_RULE_SETUP #line 287 "util/configlexer.lex" -{ YDVAR(1, VAR_NAME) } +{ YDVAR(1, VAR_PRIVATE_ADDRESS) } YY_BREAK -case 78: +case 79: YY_RULE_SETUP #line 288 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_ADDR) } +{ YDVAR(1, VAR_PRIVATE_DOMAIN) } YY_BREAK -case 79: +case 80: YY_RULE_SETUP #line 289 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_HOST) } +{ YDVAR(1, VAR_PREFETCH_KEY) } YY_BREAK -case 80: +case 81: YY_RULE_SETUP #line 290 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_PRIME) } +{ YDVAR(1, VAR_PREFETCH) } YY_BREAK -case 81: +case 82: YY_RULE_SETUP #line 291 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_FIRST) } +{ YDVAR(0, VAR_STUB_ZONE) } YY_BREAK -case 82: +case 83: YY_RULE_SETUP #line 292 "util/configlexer.lex" -{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +{ YDVAR(1, VAR_NAME) } YY_BREAK -case 83: +case 84: YY_RULE_SETUP #line 293 "util/configlexer.lex" -{ YDVAR(0, VAR_FORWARD_ZONE) } +{ YDVAR(1, VAR_STUB_ADDR) } YY_BREAK -case 84: +case 85: YY_RULE_SETUP #line 294 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_ADDR) } +{ YDVAR(1, VAR_STUB_HOST) } YY_BREAK -case 85: +case 86: YY_RULE_SETUP #line 295 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_HOST) } +{ YDVAR(1, VAR_STUB_PRIME) } YY_BREAK -case 86: +case 87: YY_RULE_SETUP #line 296 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_FIRST) } +{ YDVAR(1, VAR_STUB_FIRST) } YY_BREAK -case 87: +case 88: YY_RULE_SETUP #line 297 "util/configlexer.lex" -{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK -case 88: +case 89: YY_RULE_SETUP #line 298 "util/configlexer.lex" -{ YDVAR(0, VAR_VIEW) } +{ YDVAR(1, VAR_STUB_SSL_UPSTREAM) } YY_BREAK -case 89: +case 90: YY_RULE_SETUP #line 299 "util/configlexer.lex" -{ YDVAR(1, VAR_VIEW_FIRST) } +{ YDVAR(0, VAR_FORWARD_ZONE) } YY_BREAK -case 90: +case 91: YY_RULE_SETUP #line 300 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } +{ YDVAR(1, VAR_FORWARD_ADDR) } YY_BREAK -case 91: +case 92: YY_RULE_SETUP #line 301 "util/configlexer.lex" -{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } +{ YDVAR(1, VAR_FORWARD_HOST) } YY_BREAK -case 92: +case 93: YY_RULE_SETUP #line 302 "util/configlexer.lex" -{ YDVAR(2, VAR_ACCESS_CONTROL) } +{ YDVAR(1, VAR_FORWARD_FIRST) } YY_BREAK -case 93: +case 94: YY_RULE_SETUP #line 303 "util/configlexer.lex" -{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK -case 94: +case 95: YY_RULE_SETUP #line 304 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } +{ YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } YY_BREAK -case 95: +case 96: YY_RULE_SETUP #line 305 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } +{ YDVAR(0, VAR_AUTH_ZONE) } YY_BREAK -case 96: +case 97: YY_RULE_SETUP #line 306 "util/configlexer.lex" -{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } +{ YDVAR(1, VAR_ZONEFILE) } YY_BREAK -case 97: +case 98: YY_RULE_SETUP #line 307 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } +{ YDVAR(1, VAR_MASTER) } YY_BREAK -case 98: +case 99: YY_RULE_SETUP #line 308 "util/configlexer.lex" -{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } +{ YDVAR(1, VAR_URL) } YY_BREAK -case 99: +case 100: YY_RULE_SETUP #line 309 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_IDENTITY) } +{ YDVAR(1, VAR_FOR_DOWNSTREAM) } YY_BREAK -case 100: +case 101: YY_RULE_SETUP #line 310 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_VERSION) } +{ YDVAR(1, VAR_FOR_UPSTREAM) } YY_BREAK -case 101: +case 102: YY_RULE_SETUP #line 311 "util/configlexer.lex" -{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } +{ YDVAR(1, VAR_FALLBACK_ENABLED) } YY_BREAK -case 102: +case 103: YY_RULE_SETUP #line 312 "util/configlexer.lex" -{ YDVAR(1, VAR_IDENTITY) } +{ YDVAR(0, VAR_VIEW) } YY_BREAK -case 103: +case 104: YY_RULE_SETUP #line 313 "util/configlexer.lex" -{ YDVAR(1, VAR_VERSION) } +{ YDVAR(1, VAR_VIEW_FIRST) } YY_BREAK -case 104: +case 105: YY_RULE_SETUP #line 314 "util/configlexer.lex" -{ YDVAR(1, VAR_MODULE_CONF) } +{ YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } YY_BREAK -case 105: +case 106: YY_RULE_SETUP #line 315 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR) } +{ YDVAR(1, VAR_DO_NOT_QUERY_LOCALHOST) } YY_BREAK -case 106: +case 107: YY_RULE_SETUP #line 316 "util/configlexer.lex" -{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } +{ YDVAR(2, VAR_ACCESS_CONTROL) } YY_BREAK -case 107: +case 108: YY_RULE_SETUP #line 317 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_SEND_CLIENT_SUBNET) } YY_BREAK -case 108: +case 109: YY_RULE_SETUP #line 318 "util/configlexer.lex" -{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ZONE) } YY_BREAK -case 109: +case 110: YY_RULE_SETUP #line 319 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } +{ YDVAR(1, VAR_CLIENT_SUBNET_ALWAYS_FORWARD) } YY_BREAK -case 110: +case 111: YY_RULE_SETUP #line 320 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR) } +{ YDVAR(1, VAR_CLIENT_SUBNET_OPCODE) } YY_BREAK -case 111: +case 112: YY_RULE_SETUP #line 321 "util/configlexer.lex" -{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV4) } YY_BREAK -case 112: +case 113: YY_RULE_SETUP #line 322 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } +{ YDVAR(1, VAR_MAX_CLIENT_SUBNET_IPV6) } YY_BREAK -case 113: +case 114: YY_RULE_SETUP #line 323 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } +{ YDVAR(1, VAR_HIDE_IDENTITY) } YY_BREAK -case 114: +case 115: YY_RULE_SETUP #line 324 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } +{ YDVAR(1, VAR_HIDE_VERSION) } YY_BREAK -case 115: +case 116: YY_RULE_SETUP #line 325 "util/configlexer.lex" -{ YDVAR(1, VAR_BOGUS_TTL) } +{ YDVAR(1, VAR_HIDE_TRUSTANCHOR) } YY_BREAK -case 116: +case 117: YY_RULE_SETUP #line 326 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } +{ YDVAR(1, VAR_IDENTITY) } YY_BREAK -case 117: +case 118: YY_RULE_SETUP #line 327 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +{ YDVAR(1, VAR_VERSION) } YY_BREAK -case 118: +case 119: YY_RULE_SETUP #line 328 "util/configlexer.lex" -{ YDVAR(1, VAR_IGNORE_CD_FLAG) } +{ YDVAR(1, VAR_MODULE_CONF) } YY_BREAK -case 119: +case 120: YY_RULE_SETUP #line 329 "util/configlexer.lex" -{ YDVAR(1, VAR_SERVE_EXPIRED) } +{ YDVAR(1, VAR_DLV_ANCHOR) } YY_BREAK -case 120: +case 121: YY_RULE_SETUP #line 330 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_DSA) } +{ YDVAR(1, VAR_DLV_ANCHOR_FILE) } YY_BREAK -case 121: +case 122: YY_RULE_SETUP #line 331 "util/configlexer.lex" -{ YDVAR(1, VAR_FAKE_SHA1) } +{ YDVAR(1, VAR_TRUST_ANCHOR_FILE) } YY_BREAK -case 122: +case 123: YY_RULE_SETUP #line 332 "util/configlexer.lex" -{ YDVAR(1, VAR_VAL_LOG_LEVEL) } +{ YDVAR(1, VAR_AUTO_TRUST_ANCHOR_FILE) } YY_BREAK -case 123: +case 124: YY_RULE_SETUP #line 333 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SIZE) } +{ YDVAR(1, VAR_TRUSTED_KEYS_FILE) } YY_BREAK -case 124: +case 125: YY_RULE_SETUP #line 334 "util/configlexer.lex" -{ YDVAR(1, VAR_KEY_CACHE_SLABS) } +{ YDVAR(1, VAR_TRUST_ANCHOR) } YY_BREAK -case 125: +case 126: YY_RULE_SETUP #line 335 "util/configlexer.lex" -{ YDVAR(1, VAR_NEG_CACHE_SIZE) } +{ YDVAR(1, VAR_TRUST_ANCHOR_SIGNALING) } YY_BREAK -case 126: +case 127: YY_RULE_SETUP #line 336 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_OVERRIDE_DATE) } + YY_BREAK +case 128: +YY_RULE_SETUP +#line 337 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MIN) } + YY_BREAK +case 129: +YY_RULE_SETUP +#line 338 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } + YY_BREAK +case 130: +YY_RULE_SETUP +#line 339 "util/configlexer.lex" +{ YDVAR(1, VAR_BOGUS_TTL) } + YY_BREAK +case 131: +YY_RULE_SETUP +#line 340 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } + YY_BREAK +case 132: +YY_RULE_SETUP +#line 341 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } + YY_BREAK +case 133: +YY_RULE_SETUP +#line 342 "util/configlexer.lex" +{ YDVAR(1, VAR_AGGRESSIVE_NSEC) } + YY_BREAK +case 134: +YY_RULE_SETUP +#line 343 "util/configlexer.lex" +{ YDVAR(1, VAR_IGNORE_CD_FLAG) } + YY_BREAK +case 135: +YY_RULE_SETUP +#line 344 "util/configlexer.lex" +{ YDVAR(1, VAR_SERVE_EXPIRED) } + YY_BREAK +case 136: +YY_RULE_SETUP +#line 345 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_DSA) } + YY_BREAK +case 137: +YY_RULE_SETUP +#line 346 "util/configlexer.lex" +{ YDVAR(1, VAR_FAKE_SHA1) } + YY_BREAK +case 138: +YY_RULE_SETUP +#line 347 "util/configlexer.lex" +{ YDVAR(1, VAR_VAL_LOG_LEVEL) } + YY_BREAK +case 139: +YY_RULE_SETUP +#line 348 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SIZE) } + YY_BREAK +case 140: +YY_RULE_SETUP +#line 349 "util/configlexer.lex" +{ YDVAR(1, VAR_KEY_CACHE_SLABS) } + YY_BREAK +case 141: +YY_RULE_SETUP +#line 350 "util/configlexer.lex" +{ YDVAR(1, VAR_NEG_CACHE_SIZE) } + YY_BREAK +case 142: +YY_RULE_SETUP +#line 351 "util/configlexer.lex" { YDVAR(1, VAR_VAL_NSEC3_KEYSIZE_ITERATIONS) } YY_BREAK -case 127: +case 143: YY_RULE_SETUP -#line 338 "util/configlexer.lex" +#line 353 "util/configlexer.lex" { YDVAR(1, VAR_ADD_HOLDDOWN) } YY_BREAK -case 128: +case 144: YY_RULE_SETUP -#line 339 "util/configlexer.lex" +#line 354 "util/configlexer.lex" { YDVAR(1, VAR_DEL_HOLDDOWN) } YY_BREAK -case 129: +case 145: YY_RULE_SETUP -#line 340 "util/configlexer.lex" +#line 355 "util/configlexer.lex" { YDVAR(1, VAR_KEEP_MISSING) } YY_BREAK -case 130: +case 146: YY_RULE_SETUP -#line 341 "util/configlexer.lex" +#line 356 "util/configlexer.lex" { YDVAR(1, VAR_PERMIT_SMALL_HOLDDOWN) } YY_BREAK -case 131: +case 147: YY_RULE_SETUP -#line 342 "util/configlexer.lex" +#line 357 "util/configlexer.lex" { YDVAR(1, VAR_USE_SYSLOG) } YY_BREAK -case 132: +case 148: YY_RULE_SETUP -#line 343 "util/configlexer.lex" +#line 358 "util/configlexer.lex" { YDVAR(1, VAR_LOG_IDENTITY) } YY_BREAK -case 133: +case 149: YY_RULE_SETUP -#line 344 "util/configlexer.lex" +#line 359 "util/configlexer.lex" { YDVAR(1, VAR_LOG_TIME_ASCII) } YY_BREAK -case 134: +case 150: YY_RULE_SETUP -#line 345 "util/configlexer.lex" +#line 360 "util/configlexer.lex" { YDVAR(1, VAR_LOG_QUERIES) } YY_BREAK -case 135: +case 151: YY_RULE_SETUP -#line 346 "util/configlexer.lex" +#line 361 "util/configlexer.lex" { YDVAR(1, VAR_LOG_REPLIES) } YY_BREAK -case 136: +case 152: YY_RULE_SETUP -#line 347 "util/configlexer.lex" +#line 362 "util/configlexer.lex" { YDVAR(2, VAR_LOCAL_ZONE) } YY_BREAK -case 137: +case 153: YY_RULE_SETUP -#line 348 "util/configlexer.lex" +#line 363 "util/configlexer.lex" { YDVAR(1, VAR_LOCAL_DATA) } YY_BREAK -case 138: +case 154: YY_RULE_SETUP -#line 349 "util/configlexer.lex" +#line 364 "util/configlexer.lex" { YDVAR(1, VAR_LOCAL_DATA_PTR) } YY_BREAK -case 139: +case 155: YY_RULE_SETUP -#line 350 "util/configlexer.lex" +#line 365 "util/configlexer.lex" { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) } YY_BREAK -case 140: +case 156: YY_RULE_SETUP -#line 351 "util/configlexer.lex" +#line 366 "util/configlexer.lex" { YDVAR(1, VAR_INSECURE_LAN_ZONES) } YY_BREAK -case 141: +case 157: YY_RULE_SETUP -#line 352 "util/configlexer.lex" +#line 367 "util/configlexer.lex" { YDVAR(1, VAR_STATISTICS_INTERVAL) } YY_BREAK -case 142: +case 158: YY_RULE_SETUP -#line 353 "util/configlexer.lex" +#line 368 "util/configlexer.lex" { YDVAR(1, VAR_STATISTICS_CUMULATIVE) } YY_BREAK -case 143: +case 159: YY_RULE_SETUP -#line 354 "util/configlexer.lex" +#line 369 "util/configlexer.lex" { YDVAR(1, VAR_EXTENDED_STATISTICS) } YY_BREAK -case 144: +case 160: YY_RULE_SETUP -#line 355 "util/configlexer.lex" +#line 370 "util/configlexer.lex" { YDVAR(1, VAR_SHM_ENABLE) } YY_BREAK -case 145: +case 161: YY_RULE_SETUP -#line 356 "util/configlexer.lex" +#line 371 "util/configlexer.lex" { YDVAR(1, VAR_SHM_KEY) } YY_BREAK -case 146: +case 162: YY_RULE_SETUP -#line 357 "util/configlexer.lex" +#line 372 "util/configlexer.lex" { YDVAR(0, VAR_REMOTE_CONTROL) } YY_BREAK -case 147: +case 163: YY_RULE_SETUP -#line 358 "util/configlexer.lex" +#line 373 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_ENABLE) } YY_BREAK -case 148: +case 164: YY_RULE_SETUP -#line 359 "util/configlexer.lex" +#line 374 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_INTERFACE) } YY_BREAK -case 149: +case 165: YY_RULE_SETUP -#line 360 "util/configlexer.lex" +#line 375 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_PORT) } YY_BREAK -case 150: +case 166: YY_RULE_SETUP -#line 361 "util/configlexer.lex" +#line 376 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_USE_CERT) } YY_BREAK -case 151: +case 167: YY_RULE_SETUP -#line 362 "util/configlexer.lex" +#line 377 "util/configlexer.lex" { YDVAR(1, VAR_SERVER_KEY_FILE) } YY_BREAK -case 152: +case 168: YY_RULE_SETUP -#line 363 "util/configlexer.lex" +#line 378 "util/configlexer.lex" { YDVAR(1, VAR_SERVER_CERT_FILE) } YY_BREAK -case 153: +case 169: YY_RULE_SETUP -#line 364 "util/configlexer.lex" +#line 379 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_KEY_FILE) } YY_BREAK -case 154: +case 170: YY_RULE_SETUP -#line 365 "util/configlexer.lex" +#line 380 "util/configlexer.lex" { YDVAR(1, VAR_CONTROL_CERT_FILE) } YY_BREAK -case 155: +case 171: YY_RULE_SETUP -#line 366 "util/configlexer.lex" +#line 381 "util/configlexer.lex" { YDVAR(1, VAR_PYTHON_SCRIPT) } YY_BREAK -case 156: +case 172: YY_RULE_SETUP -#line 367 "util/configlexer.lex" +#line 382 "util/configlexer.lex" { YDVAR(0, VAR_PYTHON) } YY_BREAK -case 157: +case 173: YY_RULE_SETUP -#line 368 "util/configlexer.lex" +#line 383 "util/configlexer.lex" { YDVAR(1, VAR_DOMAIN_INSECURE) } YY_BREAK -case 158: +case 174: YY_RULE_SETUP -#line 369 "util/configlexer.lex" +#line 384 "util/configlexer.lex" { YDVAR(1, VAR_MINIMAL_RESPONSES) } YY_BREAK -case 159: +case 175: YY_RULE_SETUP -#line 370 "util/configlexer.lex" +#line 385 "util/configlexer.lex" { YDVAR(1, VAR_RRSET_ROUNDROBIN) } YY_BREAK -case 160: +case 176: YY_RULE_SETUP -#line 371 "util/configlexer.lex" +#line 386 "util/configlexer.lex" { YDVAR(1, VAR_MAX_UDP_SIZE) } YY_BREAK -case 161: +case 177: YY_RULE_SETUP -#line 372 "util/configlexer.lex" +#line 387 "util/configlexer.lex" { YDVAR(1, VAR_DNS64_PREFIX) } YY_BREAK -case 162: +case 178: YY_RULE_SETUP -#line 373 "util/configlexer.lex" +#line 388 "util/configlexer.lex" { YDVAR(1, VAR_DNS64_SYNTHALL) } YY_BREAK -case 163: +case 179: YY_RULE_SETUP -#line 374 "util/configlexer.lex" +#line 389 "util/configlexer.lex" { YDVAR(1, VAR_DEFINE_TAG) } YY_BREAK -case 164: +case 180: YY_RULE_SETUP -#line 375 "util/configlexer.lex" +#line 390 "util/configlexer.lex" { YDVAR(2, VAR_LOCAL_ZONE_TAG) } YY_BREAK -case 165: +case 181: YY_RULE_SETUP -#line 376 "util/configlexer.lex" +#line 391 "util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL_TAG) } YY_BREAK -case 166: +case 182: YY_RULE_SETUP -#line 377 "util/configlexer.lex" +#line 392 "util/configlexer.lex" { YDVAR(3, VAR_ACCESS_CONTROL_TAG_ACTION) } YY_BREAK -case 167: +case 183: YY_RULE_SETUP -#line 378 "util/configlexer.lex" +#line 393 "util/configlexer.lex" { YDVAR(3, VAR_ACCESS_CONTROL_TAG_DATA) } YY_BREAK -case 168: +case 184: YY_RULE_SETUP -#line 379 "util/configlexer.lex" +#line 394 "util/configlexer.lex" { YDVAR(2, VAR_ACCESS_CONTROL_VIEW) } YY_BREAK -case 169: +case 185: YY_RULE_SETUP -#line 380 "util/configlexer.lex" +#line 395 "util/configlexer.lex" { YDVAR(3, VAR_LOCAL_ZONE_OVERRIDE) } YY_BREAK -case 170: +case 186: YY_RULE_SETUP -#line 381 "util/configlexer.lex" +#line 396 "util/configlexer.lex" { YDVAR(0, VAR_DNSTAP) } YY_BREAK -case 171: +case 187: YY_RULE_SETUP -#line 382 "util/configlexer.lex" +#line 397 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_ENABLE) } YY_BREAK -case 172: +case 188: YY_RULE_SETUP -#line 383 "util/configlexer.lex" +#line 398 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SOCKET_PATH) } YY_BREAK -case 173: +case 189: YY_RULE_SETUP -#line 384 "util/configlexer.lex" +#line 399 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SEND_IDENTITY) } YY_BREAK -case 174: +case 190: YY_RULE_SETUP -#line 385 "util/configlexer.lex" +#line 400 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_SEND_VERSION) } YY_BREAK -case 175: +case 191: YY_RULE_SETUP -#line 386 "util/configlexer.lex" +#line 401 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_IDENTITY) } YY_BREAK -case 176: +case 192: YY_RULE_SETUP -#line 387 "util/configlexer.lex" +#line 402 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_VERSION) } YY_BREAK -case 177: +case 193: YY_RULE_SETUP -#line 388 "util/configlexer.lex" +#line 403 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES) } YY_BREAK -case 178: +case 194: YY_RULE_SETUP -#line 390 "util/configlexer.lex" +#line 405 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES) } YY_BREAK -case 179: +case 195: YY_RULE_SETUP -#line 392 "util/configlexer.lex" +#line 407 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES) } YY_BREAK -case 180: +case 196: YY_RULE_SETUP -#line 394 "util/configlexer.lex" +#line 409 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES) } YY_BREAK -case 181: +case 197: YY_RULE_SETUP -#line 396 "util/configlexer.lex" +#line 411 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES) } YY_BREAK -case 182: +case 198: YY_RULE_SETUP -#line 398 "util/configlexer.lex" +#line 413 "util/configlexer.lex" { YDVAR(1, VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES) } YY_BREAK -case 183: +case 199: YY_RULE_SETUP -#line 400 "util/configlexer.lex" +#line 415 "util/configlexer.lex" { YDVAR(1, VAR_DISABLE_DNSSEC_LAME_CHECK) } YY_BREAK -case 184: +case 200: YY_RULE_SETUP -#line 401 "util/configlexer.lex" +#line 416 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT) } YY_BREAK -case 185: +case 201: YY_RULE_SETUP -#line 402 "util/configlexer.lex" +#line 417 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT) } YY_BREAK -case 186: +case 202: YY_RULE_SETUP -#line 403 "util/configlexer.lex" +#line 418 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SLABS) } YY_BREAK -case 187: +case 203: YY_RULE_SETUP -#line 404 "util/configlexer.lex" +#line 419 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SLABS) } YY_BREAK -case 188: +case 204: YY_RULE_SETUP -#line 405 "util/configlexer.lex" +#line 420 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_SIZE) } YY_BREAK -case 189: +case 205: YY_RULE_SETUP -#line 406 "util/configlexer.lex" +#line 421 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_SIZE) } YY_BREAK -case 190: +case 206: YY_RULE_SETUP -#line 407 "util/configlexer.lex" +#line 422 "util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_FOR_DOMAIN) } YY_BREAK -case 191: +case 207: YY_RULE_SETUP -#line 408 "util/configlexer.lex" +#line 423 "util/configlexer.lex" { YDVAR(2, VAR_RATELIMIT_BELOW_DOMAIN) } YY_BREAK -case 192: +case 208: YY_RULE_SETUP -#line 409 "util/configlexer.lex" +#line 424 "util/configlexer.lex" { YDVAR(1, VAR_IP_RATELIMIT_FACTOR) } YY_BREAK -case 193: +case 209: YY_RULE_SETUP -#line 410 "util/configlexer.lex" +#line 425 "util/configlexer.lex" { YDVAR(1, VAR_RATELIMIT_FACTOR) } YY_BREAK -case 194: +case 210: YY_RULE_SETUP -#line 411 "util/configlexer.lex" +#line 426 "util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP_TAG) } YY_BREAK -case 195: +case 211: YY_RULE_SETUP -#line 412 "util/configlexer.lex" +#line 427 "util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP) } YY_BREAK -case 196: +case 212: YY_RULE_SETUP -#line 413 "util/configlexer.lex" +#line 428 "util/configlexer.lex" { YDVAR(2, VAR_RESPONSE_IP_DATA) } YY_BREAK -case 197: +case 213: YY_RULE_SETUP -#line 414 "util/configlexer.lex" +#line 429 "util/configlexer.lex" { YDVAR(0, VAR_DNSCRYPT) } YY_BREAK -case 198: +case 214: YY_RULE_SETUP -#line 415 "util/configlexer.lex" +#line 430 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_ENABLE) } YY_BREAK -case 199: +case 215: YY_RULE_SETUP -#line 416 "util/configlexer.lex" +#line 431 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PORT) } YY_BREAK -case 200: +case 216: YY_RULE_SETUP -#line 417 "util/configlexer.lex" +#line 432 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } YY_BREAK -case 201: +case 217: YY_RULE_SETUP -#line 418 "util/configlexer.lex" +#line 433 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } YY_BREAK -case 202: +case 218: YY_RULE_SETUP -#line 419 "util/configlexer.lex" +#line 434 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } YY_BREAK -case 203: +case 219: YY_RULE_SETUP -#line 420 "util/configlexer.lex" +#line 435 "util/configlexer.lex" +{ YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } + YY_BREAK +case 220: +YY_RULE_SETUP +#line 436 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } YY_BREAK -case 204: +case 221: YY_RULE_SETUP -#line 422 "util/configlexer.lex" +#line 438 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS) } YY_BREAK -case 205: +case 222: YY_RULE_SETUP -#line 424 "util/configlexer.lex" +#line 440 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SIZE) } YY_BREAK -case 206: +case 223: YY_RULE_SETUP -#line 425 "util/configlexer.lex" +#line 441 "util/configlexer.lex" { YDVAR(1, VAR_DNSCRYPT_NONCE_CACHE_SLABS) } YY_BREAK -case 207: +case 224: YY_RULE_SETUP -#line 426 "util/configlexer.lex" +#line 442 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_ENABLED) } YY_BREAK -case 208: +case 225: YY_RULE_SETUP -#line 427 "util/configlexer.lex" +#line 443 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_IGNORE_BOGUS) } YY_BREAK -case 209: +case 226: YY_RULE_SETUP -#line 428 "util/configlexer.lex" +#line 444 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_HOOK) } YY_BREAK -case 210: +case 227: YY_RULE_SETUP -#line 429 "util/configlexer.lex" +#line 445 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_MAX_TTL) } YY_BREAK -case 211: +case 228: YY_RULE_SETUP -#line 430 "util/configlexer.lex" +#line 446 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_WHITELIST) } YY_BREAK -case 212: +case 229: YY_RULE_SETUP -#line 431 "util/configlexer.lex" +#line 447 "util/configlexer.lex" { YDVAR(1, VAR_IPSECMOD_STRICT) } YY_BREAK -case 213: +case 230: YY_RULE_SETUP -#line 432 "util/configlexer.lex" +#line 448 "util/configlexer.lex" { YDVAR(0, VAR_CACHEDB) } YY_BREAK -case 214: +case 231: YY_RULE_SETUP -#line 433 "util/configlexer.lex" +#line 449 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_BACKEND) } YY_BREAK -case 215: +case 232: YY_RULE_SETUP -#line 434 "util/configlexer.lex" +#line 450 "util/configlexer.lex" { YDVAR(1, VAR_CACHEDB_SECRETSEED) } YY_BREAK -case 216: +case 233: YY_RULE_SETUP -#line 435 "util/configlexer.lex" +#line 451 "util/configlexer.lex" { YDVAR(1, VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM) } YY_BREAK -case 217: -/* rule 217 can match eol */ +case 234: +/* rule 234 can match eol */ YY_RULE_SETUP -#line 436 "util/configlexer.lex" +#line 452 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++; } YY_BREAK /* Quoted strings. Strip leading and ending quotes */ -case 218: +case 235: YY_RULE_SETUP -#line 439 "util/configlexer.lex" +#line 455 "util/configlexer.lex" { BEGIN(quotedstring); LEXOUT(("QS ")); } YY_BREAK case YY_STATE_EOF(quotedstring): -#line 440 "util/configlexer.lex" +#line 456 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 219: +case 236: YY_RULE_SETUP -#line 445 "util/configlexer.lex" +#line 461 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 220: -/* rule 220 can match eol */ +case 237: +/* rule 237 can match eol */ YY_RULE_SETUP -#line 446 "util/configlexer.lex" +#line 462 "util/configlexer.lex" { yyerror("newline inside quoted string, no end \""); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 221: +case 238: YY_RULE_SETUP -#line 448 "util/configlexer.lex" +#line 464 "util/configlexer.lex" { LEXOUT(("QE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4339,34 +4576,34 @@ YY_RULE_SETUP } YY_BREAK /* Single Quoted strings. Strip leading and ending quotes */ -case 222: +case 239: YY_RULE_SETUP -#line 460 "util/configlexer.lex" +#line 476 "util/configlexer.lex" { BEGIN(singlequotedstr); LEXOUT(("SQS ")); } YY_BREAK case YY_STATE_EOF(singlequotedstr): -#line 461 "util/configlexer.lex" +#line 477 "util/configlexer.lex" { yyerror("EOF inside quoted string"); if(--num_args == 0) { BEGIN(INITIAL); } else { BEGIN(val); } } YY_BREAK -case 223: +case 240: YY_RULE_SETUP -#line 466 "util/configlexer.lex" +#line 482 "util/configlexer.lex" { LEXOUT(("STR(%s) ", yytext)); yymore(); } YY_BREAK -case 224: -/* rule 224 can match eol */ +case 241: +/* rule 241 can match eol */ YY_RULE_SETUP -#line 467 "util/configlexer.lex" +#line 483 "util/configlexer.lex" { yyerror("newline inside quoted string, no end '"); cfg_parser->line++; BEGIN(INITIAL); } YY_BREAK -case 225: +case 242: YY_RULE_SETUP -#line 469 "util/configlexer.lex" +#line 485 "util/configlexer.lex" { LEXOUT(("SQE ")); if(--num_args == 0) { BEGIN(INITIAL); } @@ -4379,38 +4616,38 @@ YY_RULE_SETUP } YY_BREAK /* include: directive */ -case 226: +case 243: YY_RULE_SETUP -#line 481 "util/configlexer.lex" +#line 497 "util/configlexer.lex" { LEXOUT(("v(%s) ", yytext)); inc_prev = YYSTATE; BEGIN(include); } YY_BREAK case YY_STATE_EOF(include): -#line 483 "util/configlexer.lex" +#line 499 "util/configlexer.lex" { yyerror("EOF inside include directive"); BEGIN(inc_prev); } YY_BREAK -case 227: +case 244: YY_RULE_SETUP -#line 487 "util/configlexer.lex" +#line 503 "util/configlexer.lex" { LEXOUT(("ISP ")); /* ignore */ } YY_BREAK -case 228: -/* rule 228 can match eol */ +case 245: +/* rule 245 can match eol */ YY_RULE_SETUP -#line 488 "util/configlexer.lex" +#line 504 "util/configlexer.lex" { LEXOUT(("NL\n")); cfg_parser->line++;} YY_BREAK -case 229: +case 246: YY_RULE_SETUP -#line 489 "util/configlexer.lex" +#line 505 "util/configlexer.lex" { LEXOUT(("IQS ")); BEGIN(include_quoted); } YY_BREAK -case 230: +case 247: YY_RULE_SETUP -#line 490 "util/configlexer.lex" +#line 506 "util/configlexer.lex" { LEXOUT(("Iunquotedstr(%s) ", yytext)); config_start_include_glob(yytext); @@ -4418,27 +4655,27 @@ YY_RULE_SETUP } YY_BREAK case YY_STATE_EOF(include_quoted): -#line 495 "util/configlexer.lex" +#line 511 "util/configlexer.lex" { yyerror("EOF inside quoted string"); BEGIN(inc_prev); } YY_BREAK -case 231: +case 248: YY_RULE_SETUP -#line 499 "util/configlexer.lex" +#line 515 "util/configlexer.lex" { LEXOUT(("ISTR(%s) ", yytext)); yymore(); } YY_BREAK -case 232: -/* rule 232 can match eol */ +case 249: +/* rule 249 can match eol */ YY_RULE_SETUP -#line 500 "util/configlexer.lex" +#line 516 "util/configlexer.lex" { yyerror("newline before \" in include name"); cfg_parser->line++; BEGIN(inc_prev); } YY_BREAK -case 233: +case 250: YY_RULE_SETUP -#line 502 "util/configlexer.lex" +#line 518 "util/configlexer.lex" { LEXOUT(("IQE ")); yytext[yyleng - 1] = '\0'; @@ -4448,7 +4685,7 @@ YY_RULE_SETUP YY_BREAK case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(val): -#line 508 "util/configlexer.lex" +#line 524 "util/configlexer.lex" { LEXOUT(("LEXEOF ")); yy_set_bol(1); /* Set beginning of line, so "^" rules match. */ @@ -4460,33 +4697,33 @@ case YY_STATE_EOF(val): } } YY_BREAK -case 234: +case 251: YY_RULE_SETUP -#line 519 "util/configlexer.lex" +#line 535 "util/configlexer.lex" { LEXOUT(("unquotedstr(%s) ", yytext)); if(--num_args == 0) { BEGIN(INITIAL); } yylval.str = strdup(yytext); return STRING_ARG; } YY_BREAK -case 235: +case 252: YY_RULE_SETUP -#line 523 "util/configlexer.lex" +#line 539 "util/configlexer.lex" { ub_c_error_msg("unknown keyword '%s'", yytext); } YY_BREAK -case 236: +case 253: YY_RULE_SETUP -#line 527 "util/configlexer.lex" +#line 543 "util/configlexer.lex" { ub_c_error_msg("stray '%s'", yytext); } YY_BREAK -case 237: +case 254: YY_RULE_SETUP -#line 531 "util/configlexer.lex" +#line 547 "util/configlexer.lex" ECHO; YY_BREAK -#line 4488 "<stdout>" +#line 4725 "<stdout>" case YY_END_OF_BUFFER: { @@ -4777,7 +5014,7 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2341 ) + if ( yy_current_state >= 2508 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (flex_int16_t) yy_c]; @@ -4805,11 +5042,11 @@ static int yy_get_next_buffer (void) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 2341 ) + if ( yy_current_state >= 2508 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (flex_int16_t) yy_c]; - yy_is_jam = (yy_current_state == 2340); + yy_is_jam = (yy_current_state == 2507); return yy_is_jam ? 0 : yy_current_state; } @@ -5448,7 +5685,7 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 531 "util/configlexer.lex" +#line 547 "util/configlexer.lex" diff --git a/util/configlexer.lex b/util/configlexer.lex index b7b1ae5e89bb..0e158d1610a0 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -14,7 +14,6 @@ #endif #include <ctype.h> -#include <string.h> #include <strings.h> #ifdef HAVE_GLOB_H # include <glob.h> @@ -230,9 +229,15 @@ tcp-upstream{COLON} { YDVAR(1, VAR_TCP_UPSTREAM) } tcp-mss{COLON} { YDVAR(1, VAR_TCP_MSS) } outgoing-tcp-mss{COLON} { YDVAR(1, VAR_OUTGOING_TCP_MSS) } ssl-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } +tls-upstream{COLON} { YDVAR(1, VAR_SSL_UPSTREAM) } ssl-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } +tls-service-key{COLON} { YDVAR(1, VAR_SSL_SERVICE_KEY) } ssl-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } +tls-service-pem{COLON} { YDVAR(1, VAR_SSL_SERVICE_PEM) } ssl-port{COLON} { YDVAR(1, VAR_SSL_PORT) } +tls-port{COLON} { YDVAR(1, VAR_SSL_PORT) } +ssl-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } +tls-cert-bundle{COLON} { YDVAR(1, VAR_TLS_CERT_BUNDLE) } use-systemd{COLON} { YDVAR(1, VAR_USE_SYSTEMD) } do-daemonize{COLON} { YDVAR(1, VAR_DO_DAEMONIZE) } interface{COLON} { YDVAR(1, VAR_INTERFACE) } @@ -290,11 +295,20 @@ stub-host{COLON} { YDVAR(1, VAR_STUB_HOST) } stub-prime{COLON} { YDVAR(1, VAR_STUB_PRIME) } stub-first{COLON} { YDVAR(1, VAR_STUB_FIRST) } stub-ssl-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } +stub-tls-upstream{COLON} { YDVAR(1, VAR_STUB_SSL_UPSTREAM) } forward-zone{COLON} { YDVAR(0, VAR_FORWARD_ZONE) } forward-addr{COLON} { YDVAR(1, VAR_FORWARD_ADDR) } forward-host{COLON} { YDVAR(1, VAR_FORWARD_HOST) } forward-first{COLON} { YDVAR(1, VAR_FORWARD_FIRST) } forward-ssl-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +forward-tls-upstream{COLON} { YDVAR(1, VAR_FORWARD_SSL_UPSTREAM) } +auth-zone{COLON} { YDVAR(0, VAR_AUTH_ZONE) } +zonefile{COLON} { YDVAR(1, VAR_ZONEFILE) } +master{COLON} { YDVAR(1, VAR_MASTER) } +url{COLON} { YDVAR(1, VAR_URL) } +for-downstream{COLON} { YDVAR(1, VAR_FOR_DOWNSTREAM) } +for-upstream{COLON} { YDVAR(1, VAR_FOR_UPSTREAM) } +fallback-enabled{COLON} { YDVAR(1, VAR_FALLBACK_ENABLED) } view{COLON} { YDVAR(0, VAR_VIEW) } view-first{COLON} { YDVAR(1, VAR_VIEW_FIRST) } do-not-query-address{COLON} { YDVAR(1, VAR_DO_NOT_QUERY_ADDRESS) } @@ -325,6 +339,7 @@ val-sig-skew-max{COLON} { YDVAR(1, VAR_VAL_SIG_SKEW_MAX) } val-bogus-ttl{COLON} { YDVAR(1, VAR_BOGUS_TTL) } val-clean-additional{COLON} { YDVAR(1, VAR_VAL_CLEAN_ADDITIONAL) } val-permissive-mode{COLON} { YDVAR(1, VAR_VAL_PERMISSIVE_MODE) } +aggressive-nsec{COLON} { YDVAR(1, VAR_AGGRESSIVE_NSEC) } ignore-cd-flag{COLON} { YDVAR(1, VAR_IGNORE_CD_FLAG) } serve-expired{COLON} { YDVAR(1, VAR_SERVE_EXPIRED) } fake-dsa{COLON} { YDVAR(1, VAR_FAKE_DSA) } @@ -417,6 +432,7 @@ dnscrypt-port{COLON} { YDVAR(1, VAR_DNSCRYPT_PORT) } dnscrypt-provider{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER) } dnscrypt-secret-key{COLON} { YDVAR(1, VAR_DNSCRYPT_SECRET_KEY) } dnscrypt-provider-cert{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT) } +dnscrypt-provider-cert-rotated{COLON} { YDVAR(1, VAR_DNSCRYPT_PROVIDER_CERT_ROTATED) } dnscrypt-shared-secret-cache-size{COLON} { YDVAR(1, VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE) } dnscrypt-shared-secret-cache-slabs{COLON} { diff --git a/util/configparser.c b/util/configparser.c index 268949e4a143..421339fe9754 100644 --- a/util/configparser.c +++ b/util/configparser.c @@ -258,95 +258,105 @@ extern int yydebug; VAR_FORWARD_FIRST = 387, VAR_STUB_SSL_UPSTREAM = 388, VAR_FORWARD_SSL_UPSTREAM = 389, - VAR_STUB_FIRST = 390, - VAR_MINIMAL_RESPONSES = 391, - VAR_RRSET_ROUNDROBIN = 392, - VAR_MAX_UDP_SIZE = 393, - VAR_DELAY_CLOSE = 394, - VAR_UNBLOCK_LAN_ZONES = 395, - VAR_INSECURE_LAN_ZONES = 396, - VAR_INFRA_CACHE_MIN_RTT = 397, - VAR_DNS64_PREFIX = 398, - VAR_DNS64_SYNTHALL = 399, - VAR_DNSTAP = 400, - VAR_DNSTAP_ENABLE = 401, - VAR_DNSTAP_SOCKET_PATH = 402, - VAR_DNSTAP_SEND_IDENTITY = 403, - VAR_DNSTAP_SEND_VERSION = 404, - VAR_DNSTAP_IDENTITY = 405, - VAR_DNSTAP_VERSION = 406, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, - VAR_RESPONSE_IP_TAG = 413, - VAR_RESPONSE_IP = 414, - VAR_RESPONSE_IP_DATA = 415, - VAR_HARDEN_ALGO_DOWNGRADE = 416, - VAR_IP_TRANSPARENT = 417, - VAR_DISABLE_DNSSEC_LAME_CHECK = 418, - VAR_IP_RATELIMIT = 419, - VAR_IP_RATELIMIT_SLABS = 420, - VAR_IP_RATELIMIT_SIZE = 421, - VAR_RATELIMIT = 422, - VAR_RATELIMIT_SLABS = 423, - VAR_RATELIMIT_SIZE = 424, - VAR_RATELIMIT_FOR_DOMAIN = 425, - VAR_RATELIMIT_BELOW_DOMAIN = 426, - VAR_IP_RATELIMIT_FACTOR = 427, - VAR_RATELIMIT_FACTOR = 428, - VAR_SEND_CLIENT_SUBNET = 429, - VAR_CLIENT_SUBNET_ZONE = 430, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 431, - VAR_CLIENT_SUBNET_OPCODE = 432, - VAR_MAX_CLIENT_SUBNET_IPV4 = 433, - VAR_MAX_CLIENT_SUBNET_IPV6 = 434, - VAR_CAPS_WHITELIST = 435, - VAR_CACHE_MAX_NEGATIVE_TTL = 436, - VAR_PERMIT_SMALL_HOLDDOWN = 437, - VAR_QNAME_MINIMISATION = 438, - VAR_QNAME_MINIMISATION_STRICT = 439, - VAR_IP_FREEBIND = 440, - VAR_DEFINE_TAG = 441, - VAR_LOCAL_ZONE_TAG = 442, - VAR_ACCESS_CONTROL_TAG = 443, - VAR_LOCAL_ZONE_OVERRIDE = 444, - VAR_ACCESS_CONTROL_TAG_ACTION = 445, - VAR_ACCESS_CONTROL_TAG_DATA = 446, - VAR_VIEW = 447, - VAR_ACCESS_CONTROL_VIEW = 448, - VAR_VIEW_FIRST = 449, - VAR_SERVE_EXPIRED = 450, - VAR_FAKE_DSA = 451, - VAR_FAKE_SHA1 = 452, - VAR_LOG_IDENTITY = 453, - VAR_HIDE_TRUSTANCHOR = 454, - VAR_TRUST_ANCHOR_SIGNALING = 455, - VAR_USE_SYSTEMD = 456, - VAR_SHM_ENABLE = 457, - VAR_SHM_KEY = 458, - VAR_DNSCRYPT = 459, - VAR_DNSCRYPT_ENABLE = 460, - VAR_DNSCRYPT_PORT = 461, - VAR_DNSCRYPT_PROVIDER = 462, - VAR_DNSCRYPT_SECRET_KEY = 463, - VAR_DNSCRYPT_PROVIDER_CERT = 464, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 465, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 466, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 467, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 468, - VAR_IPSECMOD_ENABLED = 469, - VAR_IPSECMOD_HOOK = 470, - VAR_IPSECMOD_IGNORE_BOGUS = 471, - VAR_IPSECMOD_MAX_TTL = 472, - VAR_IPSECMOD_WHITELIST = 473, - VAR_IPSECMOD_STRICT = 474, - VAR_CACHEDB = 475, - VAR_CACHEDB_BACKEND = 476, - VAR_CACHEDB_SECRETSEED = 477, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 478 + VAR_TLS_CERT_BUNDLE = 390, + VAR_STUB_FIRST = 391, + VAR_MINIMAL_RESPONSES = 392, + VAR_RRSET_ROUNDROBIN = 393, + VAR_MAX_UDP_SIZE = 394, + VAR_DELAY_CLOSE = 395, + VAR_UNBLOCK_LAN_ZONES = 396, + VAR_INSECURE_LAN_ZONES = 397, + VAR_INFRA_CACHE_MIN_RTT = 398, + VAR_DNS64_PREFIX = 399, + VAR_DNS64_SYNTHALL = 400, + VAR_DNSTAP = 401, + VAR_DNSTAP_ENABLE = 402, + VAR_DNSTAP_SOCKET_PATH = 403, + VAR_DNSTAP_SEND_IDENTITY = 404, + VAR_DNSTAP_SEND_VERSION = 405, + VAR_DNSTAP_IDENTITY = 406, + VAR_DNSTAP_VERSION = 407, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 408, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 409, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 410, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 411, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 412, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 413, + VAR_RESPONSE_IP_TAG = 414, + VAR_RESPONSE_IP = 415, + VAR_RESPONSE_IP_DATA = 416, + VAR_HARDEN_ALGO_DOWNGRADE = 417, + VAR_IP_TRANSPARENT = 418, + VAR_DISABLE_DNSSEC_LAME_CHECK = 419, + VAR_IP_RATELIMIT = 420, + VAR_IP_RATELIMIT_SLABS = 421, + VAR_IP_RATELIMIT_SIZE = 422, + VAR_RATELIMIT = 423, + VAR_RATELIMIT_SLABS = 424, + VAR_RATELIMIT_SIZE = 425, + VAR_RATELIMIT_FOR_DOMAIN = 426, + VAR_RATELIMIT_BELOW_DOMAIN = 427, + VAR_IP_RATELIMIT_FACTOR = 428, + VAR_RATELIMIT_FACTOR = 429, + VAR_SEND_CLIENT_SUBNET = 430, + VAR_CLIENT_SUBNET_ZONE = 431, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 432, + VAR_CLIENT_SUBNET_OPCODE = 433, + VAR_MAX_CLIENT_SUBNET_IPV4 = 434, + VAR_MAX_CLIENT_SUBNET_IPV6 = 435, + VAR_CAPS_WHITELIST = 436, + VAR_CACHE_MAX_NEGATIVE_TTL = 437, + VAR_PERMIT_SMALL_HOLDDOWN = 438, + VAR_QNAME_MINIMISATION = 439, + VAR_QNAME_MINIMISATION_STRICT = 440, + VAR_IP_FREEBIND = 441, + VAR_DEFINE_TAG = 442, + VAR_LOCAL_ZONE_TAG = 443, + VAR_ACCESS_CONTROL_TAG = 444, + VAR_LOCAL_ZONE_OVERRIDE = 445, + VAR_ACCESS_CONTROL_TAG_ACTION = 446, + VAR_ACCESS_CONTROL_TAG_DATA = 447, + VAR_VIEW = 448, + VAR_ACCESS_CONTROL_VIEW = 449, + VAR_VIEW_FIRST = 450, + VAR_SERVE_EXPIRED = 451, + VAR_FAKE_DSA = 452, + VAR_FAKE_SHA1 = 453, + VAR_LOG_IDENTITY = 454, + VAR_HIDE_TRUSTANCHOR = 455, + VAR_TRUST_ANCHOR_SIGNALING = 456, + VAR_AGGRESSIVE_NSEC = 457, + VAR_USE_SYSTEMD = 458, + VAR_SHM_ENABLE = 459, + VAR_SHM_KEY = 460, + VAR_DNSCRYPT = 461, + VAR_DNSCRYPT_ENABLE = 462, + VAR_DNSCRYPT_PORT = 463, + VAR_DNSCRYPT_PROVIDER = 464, + VAR_DNSCRYPT_SECRET_KEY = 465, + VAR_DNSCRYPT_PROVIDER_CERT = 466, + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 467, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 468, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 469, + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 470, + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 471, + VAR_IPSECMOD_ENABLED = 472, + VAR_IPSECMOD_HOOK = 473, + VAR_IPSECMOD_IGNORE_BOGUS = 474, + VAR_IPSECMOD_MAX_TTL = 475, + VAR_IPSECMOD_WHITELIST = 476, + VAR_IPSECMOD_STRICT = 477, + VAR_CACHEDB = 478, + VAR_CACHEDB_BACKEND = 479, + VAR_CACHEDB_SECRETSEED = 480, + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 481, + VAR_FOR_UPSTREAM = 482, + VAR_AUTH_ZONE = 483, + VAR_ZONEFILE = 484, + VAR_MASTER = 485, + VAR_URL = 486, + VAR_FOR_DOWNSTREAM = 487, + VAR_FALLBACK_ENABLED = 488 }; #endif /* Tokens. */ @@ -482,95 +492,105 @@ extern int yydebug; #define VAR_FORWARD_FIRST 387 #define VAR_STUB_SSL_UPSTREAM 388 #define VAR_FORWARD_SSL_UPSTREAM 389 -#define VAR_STUB_FIRST 390 -#define VAR_MINIMAL_RESPONSES 391 -#define VAR_RRSET_ROUNDROBIN 392 -#define VAR_MAX_UDP_SIZE 393 -#define VAR_DELAY_CLOSE 394 -#define VAR_UNBLOCK_LAN_ZONES 395 -#define VAR_INSECURE_LAN_ZONES 396 -#define VAR_INFRA_CACHE_MIN_RTT 397 -#define VAR_DNS64_PREFIX 398 -#define VAR_DNS64_SYNTHALL 399 -#define VAR_DNSTAP 400 -#define VAR_DNSTAP_ENABLE 401 -#define VAR_DNSTAP_SOCKET_PATH 402 -#define VAR_DNSTAP_SEND_IDENTITY 403 -#define VAR_DNSTAP_SEND_VERSION 404 -#define VAR_DNSTAP_IDENTITY 405 -#define VAR_DNSTAP_VERSION 406 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 -#define VAR_RESPONSE_IP_TAG 413 -#define VAR_RESPONSE_IP 414 -#define VAR_RESPONSE_IP_DATA 415 -#define VAR_HARDEN_ALGO_DOWNGRADE 416 -#define VAR_IP_TRANSPARENT 417 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 418 -#define VAR_IP_RATELIMIT 419 -#define VAR_IP_RATELIMIT_SLABS 420 -#define VAR_IP_RATELIMIT_SIZE 421 -#define VAR_RATELIMIT 422 -#define VAR_RATELIMIT_SLABS 423 -#define VAR_RATELIMIT_SIZE 424 -#define VAR_RATELIMIT_FOR_DOMAIN 425 -#define VAR_RATELIMIT_BELOW_DOMAIN 426 -#define VAR_IP_RATELIMIT_FACTOR 427 -#define VAR_RATELIMIT_FACTOR 428 -#define VAR_SEND_CLIENT_SUBNET 429 -#define VAR_CLIENT_SUBNET_ZONE 430 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 431 -#define VAR_CLIENT_SUBNET_OPCODE 432 -#define VAR_MAX_CLIENT_SUBNET_IPV4 433 -#define VAR_MAX_CLIENT_SUBNET_IPV6 434 -#define VAR_CAPS_WHITELIST 435 -#define VAR_CACHE_MAX_NEGATIVE_TTL 436 -#define VAR_PERMIT_SMALL_HOLDDOWN 437 -#define VAR_QNAME_MINIMISATION 438 -#define VAR_QNAME_MINIMISATION_STRICT 439 -#define VAR_IP_FREEBIND 440 -#define VAR_DEFINE_TAG 441 -#define VAR_LOCAL_ZONE_TAG 442 -#define VAR_ACCESS_CONTROL_TAG 443 -#define VAR_LOCAL_ZONE_OVERRIDE 444 -#define VAR_ACCESS_CONTROL_TAG_ACTION 445 -#define VAR_ACCESS_CONTROL_TAG_DATA 446 -#define VAR_VIEW 447 -#define VAR_ACCESS_CONTROL_VIEW 448 -#define VAR_VIEW_FIRST 449 -#define VAR_SERVE_EXPIRED 450 -#define VAR_FAKE_DSA 451 -#define VAR_FAKE_SHA1 452 -#define VAR_LOG_IDENTITY 453 -#define VAR_HIDE_TRUSTANCHOR 454 -#define VAR_TRUST_ANCHOR_SIGNALING 455 -#define VAR_USE_SYSTEMD 456 -#define VAR_SHM_ENABLE 457 -#define VAR_SHM_KEY 458 -#define VAR_DNSCRYPT 459 -#define VAR_DNSCRYPT_ENABLE 460 -#define VAR_DNSCRYPT_PORT 461 -#define VAR_DNSCRYPT_PROVIDER 462 -#define VAR_DNSCRYPT_SECRET_KEY 463 -#define VAR_DNSCRYPT_PROVIDER_CERT 464 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 465 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 466 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 467 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 468 -#define VAR_IPSECMOD_ENABLED 469 -#define VAR_IPSECMOD_HOOK 470 -#define VAR_IPSECMOD_IGNORE_BOGUS 471 -#define VAR_IPSECMOD_MAX_TTL 472 -#define VAR_IPSECMOD_WHITELIST 473 -#define VAR_IPSECMOD_STRICT 474 -#define VAR_CACHEDB 475 -#define VAR_CACHEDB_BACKEND 476 -#define VAR_CACHEDB_SECRETSEED 477 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 478 +#define VAR_TLS_CERT_BUNDLE 390 +#define VAR_STUB_FIRST 391 +#define VAR_MINIMAL_RESPONSES 392 +#define VAR_RRSET_ROUNDROBIN 393 +#define VAR_MAX_UDP_SIZE 394 +#define VAR_DELAY_CLOSE 395 +#define VAR_UNBLOCK_LAN_ZONES 396 +#define VAR_INSECURE_LAN_ZONES 397 +#define VAR_INFRA_CACHE_MIN_RTT 398 +#define VAR_DNS64_PREFIX 399 +#define VAR_DNS64_SYNTHALL 400 +#define VAR_DNSTAP 401 +#define VAR_DNSTAP_ENABLE 402 +#define VAR_DNSTAP_SOCKET_PATH 403 +#define VAR_DNSTAP_SEND_IDENTITY 404 +#define VAR_DNSTAP_SEND_VERSION 405 +#define VAR_DNSTAP_IDENTITY 406 +#define VAR_DNSTAP_VERSION 407 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 408 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 409 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 410 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 411 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 412 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 413 +#define VAR_RESPONSE_IP_TAG 414 +#define VAR_RESPONSE_IP 415 +#define VAR_RESPONSE_IP_DATA 416 +#define VAR_HARDEN_ALGO_DOWNGRADE 417 +#define VAR_IP_TRANSPARENT 418 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 419 +#define VAR_IP_RATELIMIT 420 +#define VAR_IP_RATELIMIT_SLABS 421 +#define VAR_IP_RATELIMIT_SIZE 422 +#define VAR_RATELIMIT 423 +#define VAR_RATELIMIT_SLABS 424 +#define VAR_RATELIMIT_SIZE 425 +#define VAR_RATELIMIT_FOR_DOMAIN 426 +#define VAR_RATELIMIT_BELOW_DOMAIN 427 +#define VAR_IP_RATELIMIT_FACTOR 428 +#define VAR_RATELIMIT_FACTOR 429 +#define VAR_SEND_CLIENT_SUBNET 430 +#define VAR_CLIENT_SUBNET_ZONE 431 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 432 +#define VAR_CLIENT_SUBNET_OPCODE 433 +#define VAR_MAX_CLIENT_SUBNET_IPV4 434 +#define VAR_MAX_CLIENT_SUBNET_IPV6 435 +#define VAR_CAPS_WHITELIST 436 +#define VAR_CACHE_MAX_NEGATIVE_TTL 437 +#define VAR_PERMIT_SMALL_HOLDDOWN 438 +#define VAR_QNAME_MINIMISATION 439 +#define VAR_QNAME_MINIMISATION_STRICT 440 +#define VAR_IP_FREEBIND 441 +#define VAR_DEFINE_TAG 442 +#define VAR_LOCAL_ZONE_TAG 443 +#define VAR_ACCESS_CONTROL_TAG 444 +#define VAR_LOCAL_ZONE_OVERRIDE 445 +#define VAR_ACCESS_CONTROL_TAG_ACTION 446 +#define VAR_ACCESS_CONTROL_TAG_DATA 447 +#define VAR_VIEW 448 +#define VAR_ACCESS_CONTROL_VIEW 449 +#define VAR_VIEW_FIRST 450 +#define VAR_SERVE_EXPIRED 451 +#define VAR_FAKE_DSA 452 +#define VAR_FAKE_SHA1 453 +#define VAR_LOG_IDENTITY 454 +#define VAR_HIDE_TRUSTANCHOR 455 +#define VAR_TRUST_ANCHOR_SIGNALING 456 +#define VAR_AGGRESSIVE_NSEC 457 +#define VAR_USE_SYSTEMD 458 +#define VAR_SHM_ENABLE 459 +#define VAR_SHM_KEY 460 +#define VAR_DNSCRYPT 461 +#define VAR_DNSCRYPT_ENABLE 462 +#define VAR_DNSCRYPT_PORT 463 +#define VAR_DNSCRYPT_PROVIDER 464 +#define VAR_DNSCRYPT_SECRET_KEY 465 +#define VAR_DNSCRYPT_PROVIDER_CERT 466 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 467 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 468 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 469 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 470 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 471 +#define VAR_IPSECMOD_ENABLED 472 +#define VAR_IPSECMOD_HOOK 473 +#define VAR_IPSECMOD_IGNORE_BOGUS 474 +#define VAR_IPSECMOD_MAX_TTL 475 +#define VAR_IPSECMOD_WHITELIST 476 +#define VAR_IPSECMOD_STRICT 477 +#define VAR_CACHEDB 478 +#define VAR_CACHEDB_BACKEND 479 +#define VAR_CACHEDB_SECRETSEED 480 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 481 +#define VAR_FOR_UPSTREAM 482 +#define VAR_AUTH_ZONE 483 +#define VAR_ZONEFILE 484 +#define VAR_MASTER 485 +#define VAR_URL 486 +#define VAR_FOR_DOWNSTREAM 487 +#define VAR_FALLBACK_ENABLED 488 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -581,7 +601,7 @@ union YYSTYPE char* str; -#line 585 "util/configparser.c" /* yacc.c:355 */ +#line 605 "util/configparser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -598,7 +618,7 @@ int yyparse (void); /* Copy the second part of user declarations. */ -#line 602 "util/configparser.c" /* yacc.c:358 */ +#line 622 "util/configparser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -840,21 +860,21 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 452 +#define YYLAST 473 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 224 +#define YYNTOKENS 234 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 241 +#define YYNNTS 254 /* YYNRULES -- Number of rules. */ -#define YYNRULES 461 +#define YYNRULES 485 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 692 +#define YYNSTATES 726 /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 478 +#define YYMAXUTOK 488 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -910,60 +930,63 @@ static const yytype_uint8 yytranslate[] = 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, - 215, 216, 217, 218, 219, 220, 221, 222, 223 + 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint16 yyrline[] = { - 0, 157, 157, 157, 158, 158, 159, 159, 160, 160, - 160, 162, 163, 167, 172, 173, 174, 174, 174, 175, - 175, 176, 176, 177, 177, 178, 178, 179, 179, 179, - 180, 180, 180, 181, 181, 182, 182, 183, 183, 184, - 184, 185, 185, 186, 186, 187, 187, 188, 188, 189, - 189, 189, 190, 190, 190, 191, 191, 191, 192, 192, - 193, 193, 194, 194, 195, 195, 196, 196, 196, 197, - 197, 198, 198, 199, 199, 199, 200, 200, 201, 201, - 202, 202, 203, 203, 203, 204, 204, 205, 205, 206, - 206, 207, 207, 208, 208, 209, 209, 209, 210, 210, - 211, 211, 211, 212, 212, 212, 213, 213, 213, 214, - 214, 214, 214, 215, 215, 215, 216, 216, 216, 217, - 217, 218, 218, 219, 219, 220, 220, 221, 221, 221, - 222, 222, 223, 223, 224, 225, 225, 226, 226, 227, - 227, 228, 229, 229, 230, 230, 231, 231, 232, 232, - 232, 233, 233, 234, 234, 235, 235, 236, 236, 237, - 237, 237, 238, 238, 238, 239, 239, 239, 240, 240, - 241, 241, 242, 242, 243, 243, 244, 246, 258, 259, - 260, 260, 260, 260, 260, 261, 263, 275, 276, 277, - 277, 277, 277, 278, 280, 294, 295, 296, 296, 296, - 296, 297, 297, 297, 299, 308, 317, 328, 337, 346, - 355, 366, 375, 386, 399, 414, 425, 442, 459, 472, - 487, 496, 505, 514, 523, 532, 541, 550, 559, 568, - 577, 586, 595, 604, 613, 622, 631, 638, 645, 654, - 663, 672, 686, 695, 704, 713, 720, 727, 753, 761, - 768, 775, 782, 789, 797, 805, 813, 820, 831, 838, - 847, 856, 865, 872, 879, 887, 895, 905, 915, 925, - 938, 949, 957, 970, 979, 988, 997, 1007, 1017, 1025, - 1038, 1047, 1055, 1064, 1072, 1085, 1094, 1101, 1111, 1121, - 1131, 1141, 1151, 1161, 1171, 1181, 1188, 1195, 1202, 1211, - 1220, 1229, 1236, 1246, 1263, 1270, 1288, 1301, 1314, 1323, - 1332, 1341, 1350, 1360, 1370, 1379, 1388, 1401, 1414, 1423, - 1430, 1439, 1448, 1457, 1466, 1474, 1487, 1495, 1523, 1530, - 1545, 1555, 1565, 1572, 1579, 1588, 1602, 1621, 1640, 1652, - 1664, 1676, 1687, 1706, 1716, 1725, 1733, 1741, 1754, 1767, - 1780, 1793, 1802, 1811, 1821, 1831, 1844, 1857, 1868, 1881, - 1892, 1905, 1915, 1922, 1929, 1938, 1948, 1958, 1968, 1975, - 1982, 1991, 2001, 2011, 2040, 2050, 2058, 2067, 2082, 2091, - 2096, 2097, 2098, 2098, 2098, 2099, 2099, 2099, 2100, 2100, - 2102, 2112, 2121, 2128, 2138, 2145, 2152, 2159, 2166, 2171, - 2172, 2173, 2173, 2174, 2174, 2175, 2175, 2176, 2177, 2178, - 2179, 2180, 2181, 2183, 2191, 2198, 2206, 2214, 2221, 2228, - 2237, 2246, 2255, 2264, 2273, 2282, 2287, 2288, 2289, 2291, - 2297, 2307, 2314, 2323, 2331, 2337, 2338, 2340, 2340, 2340, - 2341, 2341, 2342, 2343, 2344, 2345, 2347, 2357, 2367, 2374, - 2381, 2388, 2396, 2409, 2417, 2430, 2435, 2436, 2437, 2437, - 2439, 2453 + 0, 160, 160, 160, 161, 161, 162, 162, 163, 163, + 163, 164, 164, 165, 169, 174, 175, 176, 176, 176, + 177, 177, 178, 178, 179, 179, 180, 180, 181, 181, + 181, 182, 182, 182, 183, 183, 184, 184, 185, 185, + 186, 186, 187, 187, 188, 188, 189, 189, 190, 190, + 191, 191, 191, 192, 192, 192, 193, 193, 193, 194, + 194, 195, 195, 196, 196, 197, 197, 198, 198, 198, + 199, 199, 200, 200, 201, 201, 201, 202, 202, 203, + 203, 204, 204, 205, 205, 205, 206, 206, 207, 207, + 208, 208, 209, 209, 210, 210, 211, 211, 211, 212, + 212, 213, 213, 213, 214, 214, 214, 215, 215, 215, + 216, 216, 216, 216, 217, 217, 217, 218, 218, 218, + 219, 219, 220, 220, 221, 221, 222, 222, 223, 223, + 223, 224, 224, 225, 225, 226, 227, 227, 228, 228, + 229, 229, 230, 231, 231, 232, 232, 233, 233, 234, + 234, 234, 235, 235, 236, 236, 237, 237, 238, 238, + 239, 239, 239, 240, 240, 240, 241, 241, 241, 242, + 242, 243, 243, 244, 244, 245, 245, 246, 246, 247, + 249, 261, 262, 263, 263, 263, 263, 263, 264, 266, + 278, 279, 280, 280, 280, 280, 281, 283, 297, 298, + 299, 299, 299, 299, 300, 300, 300, 302, 318, 319, + 320, 320, 320, 320, 321, 321, 321, 323, 332, 341, + 352, 361, 370, 379, 390, 399, 410, 423, 438, 449, + 466, 483, 496, 511, 520, 529, 538, 547, 556, 565, + 574, 583, 592, 601, 610, 619, 628, 637, 646, 655, + 662, 669, 678, 685, 694, 703, 717, 726, 735, 744, + 751, 758, 784, 792, 799, 806, 813, 820, 828, 836, + 844, 851, 862, 869, 878, 887, 896, 903, 910, 918, + 926, 936, 946, 956, 969, 980, 988, 1001, 1010, 1019, + 1028, 1038, 1048, 1056, 1069, 1078, 1086, 1095, 1103, 1116, + 1125, 1132, 1142, 1152, 1162, 1172, 1182, 1192, 1202, 1212, + 1219, 1226, 1233, 1242, 1251, 1260, 1267, 1277, 1294, 1301, + 1319, 1332, 1345, 1354, 1363, 1372, 1381, 1391, 1401, 1412, + 1421, 1430, 1443, 1456, 1465, 1472, 1481, 1490, 1499, 1508, + 1516, 1529, 1537, 1566, 1573, 1588, 1598, 1608, 1615, 1622, + 1631, 1645, 1664, 1683, 1695, 1707, 1719, 1730, 1749, 1759, + 1768, 1776, 1784, 1797, 1810, 1823, 1836, 1845, 1854, 1864, + 1874, 1887, 1900, 1911, 1924, 1935, 1948, 1958, 1965, 1972, + 1981, 1991, 2001, 2011, 2018, 2025, 2034, 2044, 2054, 2061, + 2068, 2075, 2085, 2095, 2105, 2115, 2145, 2155, 2163, 2172, + 2187, 2196, 2201, 2202, 2203, 2203, 2203, 2204, 2204, 2204, + 2205, 2205, 2207, 2217, 2226, 2233, 2243, 2250, 2257, 2264, + 2271, 2276, 2277, 2278, 2278, 2279, 2279, 2280, 2280, 2281, + 2282, 2283, 2284, 2285, 2286, 2288, 2296, 2303, 2311, 2319, + 2326, 2333, 2342, 2351, 2360, 2369, 2378, 2387, 2392, 2393, + 2394, 2396, 2402, 2412, 2419, 2428, 2436, 2442, 2443, 2445, + 2445, 2445, 2446, 2446, 2447, 2448, 2449, 2450, 2451, 2453, + 2463, 2473, 2480, 2489, 2496, 2505, 2513, 2526, 2534, 2547, + 2552, 2553, 2554, 2554, 2556, 2570 }; #endif @@ -1014,12 +1037,13 @@ static const char *const yytname[] = "VAR_LOG_REPLIES", "VAR_TCP_UPSTREAM", "VAR_SSL_UPSTREAM", "VAR_SSL_SERVICE_KEY", "VAR_SSL_SERVICE_PEM", "VAR_SSL_PORT", "VAR_FORWARD_FIRST", "VAR_STUB_SSL_UPSTREAM", "VAR_FORWARD_SSL_UPSTREAM", - "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", "VAR_RRSET_ROUNDROBIN", - "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", "VAR_UNBLOCK_LAN_ZONES", - "VAR_INSECURE_LAN_ZONES", "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", - "VAR_DNS64_SYNTHALL", "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", - "VAR_DNSTAP_SOCKET_PATH", "VAR_DNSTAP_SEND_IDENTITY", - "VAR_DNSTAP_SEND_VERSION", "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", + "VAR_TLS_CERT_BUNDLE", "VAR_STUB_FIRST", "VAR_MINIMAL_RESPONSES", + "VAR_RRSET_ROUNDROBIN", "VAR_MAX_UDP_SIZE", "VAR_DELAY_CLOSE", + "VAR_UNBLOCK_LAN_ZONES", "VAR_INSECURE_LAN_ZONES", + "VAR_INFRA_CACHE_MIN_RTT", "VAR_DNS64_PREFIX", "VAR_DNS64_SYNTHALL", + "VAR_DNSTAP", "VAR_DNSTAP_ENABLE", "VAR_DNSTAP_SOCKET_PATH", + "VAR_DNSTAP_SEND_IDENTITY", "VAR_DNSTAP_SEND_VERSION", + "VAR_DNSTAP_IDENTITY", "VAR_DNSTAP_VERSION", "VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES", "VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES", "VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES", @@ -1043,23 +1067,27 @@ static const char *const yytname[] = "VAR_ACCESS_CONTROL_TAG_DATA", "VAR_VIEW", "VAR_ACCESS_CONTROL_VIEW", "VAR_VIEW_FIRST", "VAR_SERVE_EXPIRED", "VAR_FAKE_DSA", "VAR_FAKE_SHA1", "VAR_LOG_IDENTITY", "VAR_HIDE_TRUSTANCHOR", "VAR_TRUST_ANCHOR_SIGNALING", - "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", "VAR_SHM_KEY", "VAR_DNSCRYPT", - "VAR_DNSCRYPT_ENABLE", "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", - "VAR_DNSCRYPT_SECRET_KEY", "VAR_DNSCRYPT_PROVIDER_CERT", + "VAR_AGGRESSIVE_NSEC", "VAR_USE_SYSTEMD", "VAR_SHM_ENABLE", + "VAR_SHM_KEY", "VAR_DNSCRYPT", "VAR_DNSCRYPT_ENABLE", + "VAR_DNSCRYPT_PORT", "VAR_DNSCRYPT_PROVIDER", "VAR_DNSCRYPT_SECRET_KEY", + "VAR_DNSCRYPT_PROVIDER_CERT", "VAR_DNSCRYPT_PROVIDER_CERT_ROTATED", "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE", "VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS", "VAR_DNSCRYPT_NONCE_CACHE_SIZE", "VAR_DNSCRYPT_NONCE_CACHE_SLABS", "VAR_IPSECMOD_ENABLED", "VAR_IPSECMOD_HOOK", "VAR_IPSECMOD_IGNORE_BOGUS", "VAR_IPSECMOD_MAX_TTL", "VAR_IPSECMOD_WHITELIST", "VAR_IPSECMOD_STRICT", "VAR_CACHEDB", "VAR_CACHEDB_BACKEND", "VAR_CACHEDB_SECRETSEED", - "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", "$accept", "toplevelvars", + "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM", "VAR_FOR_UPSTREAM", + "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER", "VAR_URL", + "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED", "$accept", "toplevelvars", "toplevelvar", "serverstart", "contents_server", "content_server", "stubstart", "contents_stub", "content_stub", "forwardstart", "contents_forward", "content_forward", "viewstart", "contents_view", - "content_view", "server_num_threads", "server_verbosity", - "server_statistics_interval", "server_statistics_cumulative", - "server_extended_statistics", "server_shm_enable", "server_shm_key", - "server_port", "server_send_client_subnet", "server_client_subnet_zone", + "content_view", "authstart", "contents_auth", "content_auth", + "server_num_threads", "server_verbosity", "server_statistics_interval", + "server_statistics_cumulative", "server_extended_statistics", + "server_shm_enable", "server_shm_key", "server_port", + "server_send_client_subnet", "server_client_subnet_zone", "server_client_subnet_always_forward", "server_client_subnet_opcode", "server_max_client_subnet_ipv4", "server_max_client_subnet_ipv6", "server_interface", "server_outgoing_interface", "server_outgoing_range", @@ -1070,17 +1098,18 @@ static const char *const yytname[] = "server_outgoing_tcp_mss", "server_tcp_upstream", "server_udp_upstream_without_downstream", "server_ssl_upstream", "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port", - "server_use_systemd", "server_do_daemonize", "server_use_syslog", - "server_log_time_ascii", "server_log_queries", "server_log_replies", - "server_chroot", "server_username", "server_directory", "server_logfile", - "server_pidfile", "server_root_hints", "server_dlv_anchor_file", - "server_dlv_anchor", "server_auto_trust_anchor_file", - "server_trust_anchor_file", "server_trusted_keys_file", - "server_trust_anchor", "server_trust_anchor_signaling", - "server_domain_insecure", "server_hide_identity", "server_hide_version", - "server_hide_trustanchor", "server_identity", "server_version", - "server_so_rcvbuf", "server_so_sndbuf", "server_so_reuseport", - "server_ip_transparent", "server_ip_freebind", "server_edns_buffer_size", + "server_tls_cert_bundle", "server_use_systemd", "server_do_daemonize", + "server_use_syslog", "server_log_time_ascii", "server_log_queries", + "server_log_replies", "server_chroot", "server_username", + "server_directory", "server_logfile", "server_pidfile", + "server_root_hints", "server_dlv_anchor_file", "server_dlv_anchor", + "server_auto_trust_anchor_file", "server_trust_anchor_file", + "server_trusted_keys_file", "server_trust_anchor", + "server_trust_anchor_signaling", "server_domain_insecure", + "server_hide_identity", "server_hide_version", "server_hide_trustanchor", + "server_identity", "server_version", "server_so_rcvbuf", + "server_so_sndbuf", "server_so_reuseport", "server_ip_transparent", + "server_ip_freebind", "server_edns_buffer_size", "server_msg_buffer_size", "server_msg_cache_size", "server_msg_cache_slabs", "server_num_queries_per_thread", "server_jostle_timeout", "server_delay_close", @@ -1102,10 +1131,11 @@ static const char *const yytname[] = "server_val_sig_skew_max", "server_cache_max_ttl", "server_cache_max_negative_ttl", "server_cache_min_ttl", "server_bogus_ttl", "server_val_clean_additional", - "server_val_permissive_mode", "server_ignore_cd_flag", - "server_serve_expired", "server_fake_dsa", "server_fake_sha1", - "server_val_log_level", "server_val_nsec3_keysize_iterations", - "server_add_holddown", "server_del_holddown", "server_keep_missing", + "server_val_permissive_mode", "server_aggressive_nsec", + "server_ignore_cd_flag", "server_serve_expired", "server_fake_dsa", + "server_fake_sha1", "server_val_log_level", + "server_val_nsec3_keysize_iterations", "server_add_holddown", + "server_del_holddown", "server_keep_missing", "server_permit_small_holddown", "server_key_cache_size", "server_key_cache_slabs", "server_neg_cache_size", "server_local_zone", "server_local_data", "server_local_data_ptr", "server_minimal_responses", @@ -1125,6 +1155,8 @@ static const char *const yytname[] = "server_ipsecmod_strict", "stub_name", "stub_host", "stub_addr", "stub_first", "stub_ssl_upstream", "stub_prime", "forward_name", "forward_host", "forward_addr", "forward_first", "forward_ssl_upstream", + "auth_name", "auth_zonefile", "auth_master", "auth_url", + "auth_for_downstream", "auth_for_upstream", "auth_fallback_enabled", "view_name", "view_local_zone", "view_response_ip", "view_response_ip_data", "view_local_data", "view_local_data_ptr", "view_first", "rcstart", "contents_rc", "content_rc", @@ -1145,8 +1177,8 @@ static const char *const yytname[] = "server_response_ip", "server_response_ip_data", "dnscstart", "contents_dnsc", "content_dnsc", "dnsc_dnscrypt_enable", "dnsc_dnscrypt_port", "dnsc_dnscrypt_provider", - "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_secret_key", - "dnsc_dnscrypt_shared_secret_cache_size", + "dnsc_dnscrypt_provider_cert", "dnsc_dnscrypt_provider_cert_rotated", + "dnsc_dnscrypt_secret_key", "dnsc_dnscrypt_shared_secret_cache_size", "dnsc_dnscrypt_shared_secret_cache_slabs", "dnsc_dnscrypt_nonce_cache_size", "dnsc_dnscrypt_nonce_cache_slabs", "cachedbstart", "contents_cachedb", "content_cachedb", @@ -1181,14 +1213,15 @@ static const yytype_uint16 yytoknum[] = 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, 478 + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488 }; # endif -#define YYPACT_NINF -215 +#define YYPACT_NINF -223 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-215))) + (!!((Yystate) == (-223))) #define YYTABLE_NINF -1 @@ -1199,76 +1232,79 @@ static const yytype_uint16 yytoknum[] = STATE-NUM. */ static const yytype_int16 yypact[] = { - -215, 0, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, 209, -38, -34, -39, -44, -130, -105, -177, - -214, -1, 2, 3, 29, 30, 32, 33, 34, 35, - 36, 46, 47, 48, 49, 50, 51, 53, 54, 56, - 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, - 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 82, 83, 84, 86, 89, 91, - 92, 93, 94, 95, 96, 98, 99, 100, 101, 102, - 103, 104, 105, 106, 107, 108, 109, 112, 113, 114, - 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, - 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, - 136, 137, 138, 139, 140, 141, 142, 143, 144, 146, - 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, - 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, - 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, - 177, 178, 179, 180, 181, 183, 184, 185, 186, 187, - 188, 189, 190, 191, 192, 193, 195, 196, 197, 198, - 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, - 239, 240, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, 241, 242, 246, 247, 248, 290, - -215, -215, -215, -215, -215, -215, -215, 291, 292, 293, - 294, 295, -215, -215, -215, -215, -215, -215, 296, 297, - 298, 302, 306, 307, 331, -215, -215, -215, -215, -215, - -215, -215, -215, 332, 333, 334, 344, 345, 346, 347, - 348, -215, -215, -215, -215, -215, -215, -215, -215, -215, - 349, 350, 351, 352, 353, 354, 355, 356, 391, 393, - 403, 404, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, 405, -215, -215, 406, 407, - 408, 409, 410, 411, 412, 419, 420, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, 421, 423, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, 424, 425, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, 426, 427, 428, -215, -215, -215, -215, -215, - -215, -215, -215, -215, 429, 430, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, 431, 432, 433, 434, 435, 436, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, 437, -215, -215, 438, 439, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, 440, 441, 442, -215, -215, -215, -215, -215, - -215, -215 + -223, 0, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, 217, -36, -31, -39, -35, -24, + -128, -100, -159, -222, 2, 3, 4, 5, 6, 21, + 22, 23, 24, 25, 26, 29, 30, 32, 33, 34, + 35, 36, 48, 49, 50, 51, 53, 54, 55, 56, + 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, + 76, 77, 78, 79, 80, 82, 83, 84, 85, 86, + 88, 89, 92, 94, 95, 96, 98, 99, 100, 101, + 102, 103, 104, 105, 106, 107, 108, 109, 110, 113, + 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, + 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, + 134, 135, 137, 138, 139, 140, 141, 142, 143, 144, + 145, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, + 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 181, 189, 190, 191, 192, + 193, 194, 195, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 214, + 215, 216, 247, 248, 249, 250, 254, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, 255, 256, 298, 299, 300, 301, -223, -223, -223, + -223, -223, -223, -223, 302, 303, 304, 305, 306, -223, + -223, -223, -223, -223, -223, 310, 314, 315, 339, 340, + 341, 343, -223, -223, -223, -223, -223, -223, -223, -223, + 353, 354, 355, 356, 357, 358, 359, -223, -223, -223, + -223, -223, -223, -223, -223, 360, 361, 362, 363, 364, + 365, 400, 402, -223, -223, -223, -223, -223, -223, -223, + -223, -223, 413, 414, 415, 416, 417, 418, 419, 420, + 421, 422, 423, 430, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, 431, -223, -223, + 432, 434, 435, 436, 437, 438, 439, 440, 441, 442, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, 443, 444, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, 445, 446, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, 447, 448, 449, + -223, -223, -223, -223, -223, -223, -223, -223, -223, 450, + 451, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, 452, 453, 454, 455, + 456, 457, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, 458, -223, -223, 459, 460, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, 461, 462, 463, -223, + -223, -223, -223, -223, -223, -223 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -1276,10 +1312,10 @@ static const yytype_int16 yypact[] = means the default is an error. */ static const yytype_uint16 yydefact[] = { - 2, 0, 1, 13, 177, 186, 379, 425, 398, 194, - 434, 455, 3, 15, 179, 188, 196, 381, 400, 427, - 436, 457, 4, 5, 6, 10, 8, 9, 7, 11, - 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2, 0, 1, 14, 180, 189, 401, 447, 420, 197, + 456, 479, 207, 3, 16, 182, 191, 199, 209, 403, + 422, 449, 458, 481, 4, 5, 6, 10, 13, 8, + 9, 7, 11, 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1295,117 +1331,122 @@ static const yytype_uint16 yydefact[] = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 14, 16, 17, 76, 79, 88, 165, 166, - 18, 138, 139, 140, 141, 142, 143, 27, 67, 19, - 80, 81, 38, 60, 75, 20, 21, 23, 24, 22, - 25, 26, 111, 176, 112, 113, 114, 115, 161, 77, - 66, 92, 109, 110, 28, 29, 30, 31, 32, 68, - 82, 83, 98, 54, 64, 55, 169, 93, 48, 49, - 168, 50, 51, 102, 106, 119, 127, 148, 103, 61, - 33, 34, 35, 90, 120, 121, 122, 36, 37, 39, - 40, 42, 43, 41, 125, 44, 45, 46, 52, 71, - 107, 85, 126, 78, 144, 86, 87, 104, 105, 91, - 47, 69, 72, 53, 56, 94, 95, 70, 145, 96, - 57, 58, 59, 108, 158, 159, 167, 97, 65, 99, - 100, 101, 146, 62, 63, 84, 73, 74, 89, 116, - 117, 118, 123, 124, 149, 150, 152, 154, 155, 153, - 156, 162, 128, 129, 132, 133, 130, 131, 134, 135, - 137, 136, 147, 157, 170, 172, 171, 173, 174, 175, - 151, 160, 163, 164, 0, 0, 0, 0, 0, 0, - 178, 180, 181, 182, 184, 185, 183, 0, 0, 0, - 0, 0, 187, 189, 190, 191, 192, 193, 0, 0, - 0, 0, 0, 0, 0, 195, 197, 198, 201, 202, - 199, 203, 200, 0, 0, 0, 0, 0, 0, 0, - 0, 380, 382, 384, 383, 389, 385, 386, 387, 388, + 0, 0, 0, 0, 0, 0, 0, 15, 17, 18, + 77, 80, 89, 166, 167, 19, 139, 140, 141, 142, + 143, 144, 28, 68, 20, 81, 82, 39, 61, 76, + 21, 22, 24, 25, 23, 26, 27, 112, 177, 113, + 114, 115, 116, 179, 162, 78, 67, 93, 110, 111, + 29, 30, 31, 32, 33, 69, 83, 84, 99, 55, + 65, 56, 170, 94, 49, 50, 169, 51, 52, 103, + 107, 120, 128, 149, 104, 62, 34, 35, 36, 91, + 121, 122, 123, 37, 38, 40, 41, 43, 44, 42, + 126, 45, 46, 47, 53, 72, 108, 86, 127, 79, + 145, 87, 88, 105, 106, 92, 48, 70, 73, 54, + 57, 95, 96, 71, 146, 97, 58, 59, 60, 178, + 109, 159, 160, 168, 98, 66, 100, 101, 102, 147, + 63, 64, 85, 74, 75, 90, 117, 118, 119, 124, + 125, 150, 151, 153, 155, 156, 154, 157, 163, 129, + 130, 133, 134, 131, 132, 135, 136, 138, 137, 148, + 158, 171, 173, 172, 174, 175, 176, 152, 161, 164, + 165, 0, 0, 0, 0, 0, 0, 181, 183, 184, + 185, 187, 188, 186, 0, 0, 0, 0, 0, 190, + 192, 193, 194, 195, 196, 0, 0, 0, 0, 0, + 0, 0, 198, 200, 201, 204, 205, 202, 206, 203, + 0, 0, 0, 0, 0, 0, 0, 208, 210, 211, + 212, 213, 214, 215, 216, 0, 0, 0, 0, 0, + 0, 0, 0, 402, 404, 406, 405, 411, 407, 408, + 409, 410, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 421, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 0, 448, 450, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 399, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 0, 426, 428, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 435, 437, 438, - 439, 441, 440, 442, 443, 444, 445, 0, 0, 456, - 458, 459, 205, 204, 211, 220, 218, 226, 227, 230, - 228, 229, 231, 232, 245, 246, 247, 248, 249, 271, - 272, 273, 278, 279, 223, 280, 281, 284, 282, 283, - 286, 287, 288, 301, 259, 260, 262, 263, 289, 304, - 254, 256, 305, 311, 312, 313, 224, 270, 324, 325, - 255, 319, 241, 219, 250, 302, 308, 290, 0, 0, - 328, 225, 206, 240, 294, 207, 221, 222, 251, 252, - 326, 292, 296, 297, 208, 329, 274, 300, 242, 258, - 306, 307, 310, 318, 253, 322, 320, 321, 264, 269, - 298, 299, 265, 266, 291, 314, 243, 244, 233, 235, - 236, 237, 238, 330, 331, 332, 275, 276, 277, 285, - 333, 334, 0, 0, 0, 293, 267, 430, 343, 347, - 345, 344, 348, 346, 0, 0, 351, 352, 212, 213, - 214, 215, 216, 217, 295, 309, 323, 353, 354, 268, - 335, 0, 0, 0, 0, 0, 0, 315, 316, 317, - 431, 261, 257, 239, 209, 210, 355, 357, 356, 358, - 359, 360, 234, 361, 362, 363, 366, 365, 364, 367, - 368, 369, 370, 371, 372, 0, 376, 377, 0, 0, - 378, 390, 392, 391, 394, 395, 396, 397, 393, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 429, 446, 447, 448, 450, 449, 451, 452, 453, - 454, 460, 461, 303, 327, 342, 432, 433, 349, 350, - 336, 337, 0, 0, 0, 341, 373, 374, 375, 340, - 338, 339 + 457, 459, 460, 461, 463, 464, 462, 465, 466, 467, + 468, 0, 0, 480, 482, 483, 218, 217, 224, 233, + 231, 239, 240, 243, 241, 242, 244, 245, 259, 260, + 261, 262, 263, 285, 286, 287, 292, 293, 236, 294, + 295, 298, 296, 297, 300, 301, 302, 315, 273, 274, + 276, 277, 303, 318, 268, 270, 319, 325, 326, 327, + 237, 284, 339, 340, 269, 334, 255, 232, 264, 316, + 322, 304, 0, 0, 343, 238, 219, 254, 308, 220, + 234, 235, 265, 266, 341, 306, 310, 311, 221, 344, + 288, 314, 256, 272, 320, 321, 324, 333, 267, 337, + 335, 336, 278, 283, 312, 313, 279, 280, 305, 329, + 257, 258, 246, 248, 249, 250, 251, 252, 345, 346, + 347, 289, 290, 291, 299, 348, 349, 0, 0, 0, + 307, 281, 452, 358, 362, 360, 359, 363, 361, 0, + 0, 366, 367, 225, 226, 227, 228, 229, 230, 309, + 323, 338, 368, 369, 282, 350, 0, 0, 0, 0, + 0, 0, 330, 331, 332, 453, 275, 271, 328, 253, + 222, 223, 370, 372, 371, 373, 374, 375, 247, 376, + 377, 378, 381, 380, 379, 382, 383, 384, 385, 386, + 394, 0, 398, 399, 0, 0, 400, 387, 392, 388, + 389, 390, 391, 393, 412, 414, 413, 416, 417, 418, + 419, 415, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, 451, 469, 470, 471, 474, 472, + 473, 475, 476, 477, 478, 484, 485, 317, 342, 357, + 454, 455, 364, 365, 351, 352, 0, 0, 0, 356, + 395, 396, 397, 355, 353, 354 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215, -215, -215, -215, -215, -215, -215, -215, -215, -215, - -215 + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223, -223, -223, -223, -223, -223, -223, + -223, -223, -223, -223 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - -1, 1, 12, 13, 22, 192, 14, 23, 360, 15, - 24, 372, 16, 25, 385, 193, 194, 195, 196, 197, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, - 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, - 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, - 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 361, 362, 363, 364, 365, 366, 373, 374, - 375, 376, 377, 386, 387, 388, 389, 390, 391, 392, - 17, 26, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 18, 27, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 19, 28, 436, 437, - 350, 351, 352, 353, 20, 29, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 21, 30, 459, 460, - 461 + -1, 1, 13, 14, 24, 197, 15, 25, 367, 16, + 26, 379, 17, 27, 392, 18, 28, 407, 198, 199, + 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, + 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, + 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, + 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, + 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, + 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, + 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, + 350, 351, 352, 353, 354, 355, 356, 368, 369, 370, + 371, 372, 373, 380, 381, 382, 383, 384, 408, 409, + 410, 411, 412, 413, 414, 393, 394, 395, 396, 397, + 398, 399, 19, 29, 423, 424, 425, 426, 427, 428, + 429, 430, 431, 20, 30, 444, 445, 446, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 21, 31, + 458, 459, 357, 358, 359, 360, 22, 32, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 23, + 33, 483, 484, 485 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -1413,155 +1454,162 @@ static const yytype_int16 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint16 yytable[] = { - 2, 378, 354, 435, 355, 356, 367, 457, 458, 462, - 0, 3, 463, 464, 368, 369, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 438, 439, - 440, 441, 442, 443, 444, 445, 446, 379, 380, 465, - 466, 4, 467, 468, 469, 470, 471, 5, 393, 394, - 395, 396, 397, 398, 399, 400, 472, 473, 474, 475, - 476, 477, 381, 478, 479, 357, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 6, 505, 506, 507, 358, 508, 359, 370, 509, - 371, 510, 511, 512, 513, 514, 515, 7, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 382, 383, 528, 529, 530, 531, 532, 533, 534, 535, - 536, 537, 538, 539, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 8, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 384, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, - 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, - 594, 595, 9, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 10, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 0, - 11, 31, 32, 33, 34, 35, 36, 37, 38, 39, - 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, - 50, 51, 52, 53, 54, 55, 56, 57, 58, 621, - 622, 623, 624, 59, 60, 61, 625, 626, 627, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, - 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, - 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 103, - 104, 105, 637, 106, 107, 108, 638, 639, 109, 110, - 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, - 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, - 131, 640, 641, 642, 643, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 141, 142, 143, - 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, - 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, - 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, - 174, 657, 175, 658, 176, 177, 178, 179, 180, 181, - 182, 183, 184, 659, 660, 661, 662, 663, 664, 665, - 666, 667, 668, 185, 186, 187, 188, 189, 190, 669, - 670, 671, 191, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, 684, 685, 686, 687, 688, - 689, 690, 691 + 2, 385, 481, 482, 361, 400, 362, 363, 457, 374, + 0, 3, 486, 487, 488, 489, 490, 375, 376, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 491, 492, 493, 494, 495, 496, 386, 387, 497, + 498, 4, 499, 500, 501, 502, 503, 5, 460, 461, + 462, 463, 464, 465, 466, 467, 468, 469, 504, 505, + 506, 507, 388, 508, 509, 510, 511, 364, 415, 416, + 417, 418, 419, 420, 421, 422, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 6, 527, 528, 529, 530, 531, 365, 532, 533, + 366, 377, 534, 378, 535, 536, 537, 7, 538, 539, + 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, + 550, 389, 390, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 8, 574, 575, 576, + 577, 578, 579, 580, 581, 582, 391, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 401, 9, 402, 403, 404, 405, 406, 618, + 619, 620, 621, 622, 623, 624, 10, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 11, 641, 642, 643, 0, 12, 34, + 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 644, 645, 646, + 647, 62, 63, 64, 648, 649, 650, 65, 66, 67, + 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, + 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, + 98, 99, 100, 101, 102, 103, 104, 105, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 106, 107, 108, + 660, 109, 110, 111, 661, 662, 112, 113, 114, 115, + 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 128, 129, 130, 131, 132, 133, 134, 663, + 664, 665, 135, 666, 136, 137, 138, 139, 140, 141, + 142, 143, 144, 667, 668, 669, 670, 671, 672, 673, + 674, 675, 676, 677, 678, 679, 145, 146, 147, 148, + 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 680, 179, 681, 180, 181, 182, 183, 184, 185, 186, + 187, 188, 189, 682, 683, 684, 685, 686, 687, 688, + 689, 690, 691, 692, 190, 191, 192, 193, 194, 195, + 693, 694, 695, 196, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725 }; static const yytype_int16 yycheck[] = { - 0, 40, 40, 108, 42, 43, 40, 221, 222, 10, - -1, 11, 10, 10, 48, 49, 146, 147, 148, 149, - 150, 151, 152, 153, 154, 155, 156, 157, 205, 206, - 207, 208, 209, 210, 211, 212, 213, 76, 77, 10, - 10, 41, 10, 10, 10, 10, 10, 47, 92, 93, + 0, 40, 224, 225, 40, 40, 42, 43, 108, 40, + -1, 11, 10, 10, 10, 10, 10, 48, 49, 147, + 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, + 158, 10, 10, 10, 10, 10, 10, 76, 77, 10, + 10, 41, 10, 10, 10, 10, 10, 47, 207, 208, + 209, 210, 211, 212, 213, 214, 215, 216, 10, 10, + 10, 10, 101, 10, 10, 10, 10, 103, 92, 93, 94, 95, 96, 97, 98, 99, 10, 10, 10, 10, - 10, 10, 101, 10, 10, 103, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 91, 10, 10, 10, 10, 10, 133, 10, 10, + 136, 132, 10, 134, 10, 10, 10, 107, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 91, 10, 10, 10, 133, 10, 135, 132, 10, - 134, 10, 10, 10, 10, 10, 10, 107, 10, 10, + 10, 160, 161, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 159, 160, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 146, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 195, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 145, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 194, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 227, 193, 229, 230, 231, 232, 233, 10, + 10, 10, 10, 10, 10, 10, 206, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 192, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 204, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 10, 10, -1, - 220, 12, 13, 14, 15, 16, 17, 18, 19, 20, - 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, - 31, 32, 33, 34, 35, 36, 37, 38, 39, 10, - 10, 10, 10, 44, 45, 46, 10, 10, 10, 50, - 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, - 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, - 10, 10, 10, 10, 10, 10, 10, 10, 10, 100, - 101, 102, 10, 104, 105, 106, 10, 10, 109, 110, - 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, - 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, - 131, 10, 10, 10, 10, 136, 137, 138, 139, 140, - 141, 142, 143, 144, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 10, 10, 10, 10, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, - 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, - 191, 10, 193, 10, 195, 196, 197, 198, 199, 200, - 201, 202, 203, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10, 214, 215, 216, 217, 218, 219, 10, - 10, 10, 223, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 223, 10, 10, 10, -1, 228, 12, + 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + 33, 34, 35, 36, 37, 38, 39, 10, 10, 10, + 10, 44, 45, 46, 10, 10, 10, 50, 51, 52, + 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, + 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, + 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, + 83, 84, 85, 86, 87, 88, 89, 90, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 100, 101, 102, + 10, 104, 105, 106, 10, 10, 109, 110, 111, 112, + 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, + 123, 124, 125, 126, 127, 128, 129, 130, 131, 10, + 10, 10, 135, 10, 137, 138, 139, 140, 141, 142, + 143, 144, 145, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 159, 160, 161, 162, + 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, + 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, + 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, + 10, 194, 10, 196, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10, 217, 218, 219, 220, 221, 222, + 10, 10, 10, 226, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10, 10 + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, + 10, 10, 10, 10 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint16 yystos[] = { - 0, 225, 0, 11, 41, 47, 91, 107, 145, 192, - 204, 220, 226, 227, 230, 233, 236, 414, 425, 440, - 448, 460, 228, 231, 234, 237, 415, 426, 441, 449, - 461, 12, 13, 14, 15, 16, 17, 18, 19, 20, - 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, - 31, 32, 33, 34, 35, 36, 37, 38, 39, 44, - 45, 46, 50, 51, 52, 53, 54, 55, 56, 57, - 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, - 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, - 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, - 88, 89, 90, 100, 101, 102, 104, 105, 106, 109, - 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, - 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, - 130, 131, 136, 137, 138, 139, 140, 141, 142, 143, - 144, 158, 159, 160, 161, 162, 163, 164, 165, 166, - 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, - 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, - 187, 188, 189, 190, 191, 193, 195, 196, 197, 198, - 199, 200, 201, 202, 203, 214, 215, 216, 217, 218, - 219, 223, 229, 239, 240, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, - 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, - 444, 445, 446, 447, 40, 42, 43, 103, 133, 135, - 232, 396, 397, 398, 399, 400, 401, 40, 48, 49, - 132, 134, 235, 402, 403, 404, 405, 406, 40, 76, - 77, 101, 159, 160, 194, 238, 407, 408, 409, 410, - 411, 412, 413, 92, 93, 94, 95, 96, 97, 98, - 99, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, - 156, 157, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 108, 442, 443, 205, 206, - 207, 208, 209, 210, 211, 212, 213, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 221, 222, 462, - 463, 464, 10, 10, 10, 10, 10, 10, 10, 10, + 0, 235, 0, 11, 41, 47, 91, 107, 146, 193, + 206, 223, 228, 236, 237, 240, 243, 246, 249, 436, + 447, 462, 470, 483, 238, 241, 244, 247, 250, 437, + 448, 463, 471, 484, 12, 13, 14, 15, 16, 17, + 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, + 38, 39, 44, 45, 46, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, 86, 87, 88, 89, 90, 100, 101, 102, 104, + 105, 106, 109, 110, 111, 112, 113, 114, 115, 116, + 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 128, 129, 130, 131, 135, 137, 138, 139, 140, + 141, 142, 143, 144, 145, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, + 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, + 184, 185, 186, 187, 188, 189, 190, 191, 192, 194, + 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, + 217, 218, 219, 220, 221, 222, 226, 239, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, + 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, + 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, + 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 317, 318, 319, 320, 321, 322, 323, + 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, + 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, + 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, + 404, 405, 406, 407, 408, 409, 410, 466, 467, 468, + 469, 40, 42, 43, 103, 133, 136, 242, 411, 412, + 413, 414, 415, 416, 40, 48, 49, 132, 134, 245, + 417, 418, 419, 420, 421, 40, 76, 77, 101, 160, + 161, 195, 248, 429, 430, 431, 432, 433, 434, 435, + 40, 227, 229, 230, 231, 232, 233, 251, 422, 423, + 424, 425, 426, 427, 428, 92, 93, 94, 95, 96, + 97, 98, 99, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 147, 148, 149, 150, 151, 152, 153, 154, + 155, 156, 157, 158, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 108, 464, 465, + 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 224, 225, 485, 486, 487, 10, 10, 10, 10, + 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, @@ -1584,34 +1632,34 @@ static const yytype_uint16 yystos[] = 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, - 10, 10 + 10, 10, 10, 10, 10, 10 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint16 yyr1[] = { - 0, 224, 225, 225, 226, 226, 226, 226, 226, 226, - 226, 226, 226, 227, 228, 228, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 229, 229, 229, - 229, 229, 229, 229, 229, 229, 229, 230, 231, 231, - 232, 232, 232, 232, 232, 232, 233, 234, 234, 235, - 235, 235, 235, 235, 236, 237, 237, 238, 238, 238, - 238, 238, 238, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, + 0, 234, 235, 235, 236, 236, 236, 236, 236, 236, + 236, 236, 236, 236, 237, 238, 238, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 239, 239, 239, 239, 239, 239, 239, 239, 239, 239, + 240, 241, 241, 242, 242, 242, 242, 242, 242, 243, + 244, 244, 245, 245, 245, 245, 245, 246, 247, 247, + 248, 248, 248, 248, 248, 248, 248, 249, 250, 250, + 251, 251, 251, 251, 251, 251, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, @@ -1628,22 +1676,25 @@ static const yytype_uint16 yyr1[] = 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 415, 416, 416, 416, 416, 416, 416, 416, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 426, 427, 427, 427, 427, 427, 427, 427, 427, 427, - 427, 427, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 449, 450, 450, 450, - 450, 450, 450, 450, 450, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 461, 462, 462, - 463, 464 + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 437, 438, 438, 438, 438, 438, 438, + 438, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 448, 449, 449, 449, 449, 449, 449, 449, + 449, 449, 449, 449, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 463, + 464, 465, 466, 467, 468, 469, 470, 471, 471, 472, + 472, 472, 472, 472, 472, 472, 472, 472, 472, 473, + 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, + 484, 484, 485, 485, 486, 487 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 1, 2, 0, 1, 1, 1, 1, + 2, 2, 2, 2, 1, 2, 0, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -1659,10 +1710,10 @@ static const yytype_uint8 yyr2[] = 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, + 2, 0, 1, 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 0, - 1, 1, 1, 1, 1, 1, 1, 2, 0, 1, - 1, 1, 1, 1, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, + 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1672,23 +1723,24 @@ static const yytype_uint8 yyr2[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 3, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 3, 2, 2, - 2, 2, 2, 2, 2, 2, 3, 3, 4, 4, - 4, 3, 3, 2, 2, 2, 2, 2, 2, 3, - 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 3, 3, 3, 2, 2, 2, 1, - 2, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, - 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 2, 0, 1, 2, - 2, 2, 3, 3, 1, 2, 0, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 2, 0, 1, 1, - 2, 2 + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 3, 2, 2, 2, 2, 2, 2, 2, + 2, 3, 3, 4, 4, 4, 3, 3, 2, 2, + 2, 2, 2, 2, 3, 3, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 3, 3, 3, 2, 2, + 2, 1, 2, 0, 1, 1, 1, 1, 1, 1, + 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, + 1, 2, 0, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 1, 2, 0, + 1, 2, 2, 2, 3, 3, 1, 2, 0, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, + 2, 0, 1, 1, 2, 2 }; @@ -2364,16 +2416,16 @@ yyreduce: YY_REDUCE_PRINT (yyn); switch (yyn) { - case 13: -#line 168 "util/configparser.y" /* yacc.c:1646 */ + case 14: +#line 170 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(server:)\n")); } -#line 2373 "util/configparser.c" /* yacc.c:1646 */ +#line 2425 "util/configparser.c" /* yacc.c:1646 */ break; - case 177: -#line 247 "util/configparser.y" /* yacc.c:1646 */ + case 180: +#line 250 "util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(stub_zone:)\n")); @@ -2384,11 +2436,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2388 "util/configparser.c" /* yacc.c:1646 */ +#line 2440 "util/configparser.c" /* yacc.c:1646 */ break; - case 186: -#line 264 "util/configparser.y" /* yacc.c:1646 */ + case 189: +#line 267 "util/configparser.y" /* yacc.c:1646 */ { struct config_stub* s; OUTYY(("\nP(forward_zone:)\n")); @@ -2399,11 +2451,11 @@ yyreduce: } else yyerror("out of memory"); } -#line 2403 "util/configparser.c" /* yacc.c:1646 */ +#line 2455 "util/configparser.c" /* yacc.c:1646 */ break; - case 194: -#line 281 "util/configparser.y" /* yacc.c:1646 */ + case 197: +#line 284 "util/configparser.y" /* yacc.c:1646 */ { struct config_view* s; OUTYY(("\nP(view:)\n")); @@ -2416,11 +2468,30 @@ yyreduce: } else yyerror("out of memory"); } -#line 2420 "util/configparser.c" /* yacc.c:1646 */ +#line 2472 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 207: +#line 303 "util/configparser.y" /* yacc.c:1646 */ + { + struct config_auth* s; + OUTYY(("\nP(auth_zone:)\n")); + s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); + if(s) { + s->next = cfg_parser->cfg->auths; + cfg_parser->cfg->auths = s; + /* defaults for auth zone */ + s->for_downstream = 1; + s->for_upstream = 1; + s->fallback_enabled = 0; + } else + yyerror("out of memory"); + } +#line 2491 "util/configparser.c" /* yacc.c:1646 */ break; - case 204: -#line 300 "util/configparser.y" /* yacc.c:1646 */ + case 217: +#line 324 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_threads:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2428,11 +2499,11 @@ yyreduce: else cfg_parser->cfg->num_threads = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2432 "util/configparser.c" /* yacc.c:1646 */ +#line 2503 "util/configparser.c" /* yacc.c:1646 */ break; - case 205: -#line 309 "util/configparser.y" /* yacc.c:1646 */ + case 218: +#line 333 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_verbosity:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2440,11 +2511,11 @@ yyreduce: else cfg_parser->cfg->verbosity = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2444 "util/configparser.c" /* yacc.c:1646 */ +#line 2515 "util/configparser.c" /* yacc.c:1646 */ break; - case 206: -#line 318 "util/configparser.y" /* yacc.c:1646 */ + case 219: +#line 342 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_interval:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2454,11 +2525,11 @@ yyreduce: else cfg_parser->cfg->stat_interval = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2458 "util/configparser.c" /* yacc.c:1646 */ +#line 2529 "util/configparser.c" /* yacc.c:1646 */ break; - case 207: -#line 329 "util/configparser.y" /* yacc.c:1646 */ + case 220: +#line 353 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_statistics_cumulative:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2466,11 +2537,11 @@ yyreduce: else cfg_parser->cfg->stat_cumulative = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2470 "util/configparser.c" /* yacc.c:1646 */ +#line 2541 "util/configparser.c" /* yacc.c:1646 */ break; - case 208: -#line 338 "util/configparser.y" /* yacc.c:1646 */ + case 221: +#line 362 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_extended_statistics:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2478,11 +2549,11 @@ yyreduce: else cfg_parser->cfg->stat_extended = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2482 "util/configparser.c" /* yacc.c:1646 */ +#line 2553 "util/configparser.c" /* yacc.c:1646 */ break; - case 209: -#line 347 "util/configparser.y" /* yacc.c:1646 */ + case 222: +#line 371 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_shm_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2490,11 +2561,11 @@ yyreduce: else cfg_parser->cfg->shm_enable = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2494 "util/configparser.c" /* yacc.c:1646 */ +#line 2565 "util/configparser.c" /* yacc.c:1646 */ break; - case 210: -#line 356 "util/configparser.y" /* yacc.c:1646 */ + case 223: +#line 380 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_shm_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "") == 0 || strcmp((yyvsp[0].str), "0") == 0) @@ -2504,11 +2575,11 @@ yyreduce: else cfg_parser->cfg->shm_key = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2508 "util/configparser.c" /* yacc.c:1646 */ +#line 2579 "util/configparser.c" /* yacc.c:1646 */ break; - case 211: -#line 367 "util/configparser.y" /* yacc.c:1646 */ + case 224: +#line 391 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2516,11 +2587,11 @@ yyreduce: else cfg_parser->cfg->port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2520 "util/configparser.c" /* yacc.c:1646 */ +#line 2591 "util/configparser.c" /* yacc.c:1646 */ break; - case 212: -#line 376 "util/configparser.y" /* yacc.c:1646 */ + case 225: +#line 400 "util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_send_client_subnet:%s)\n", (yyvsp[0].str))); @@ -2530,11 +2601,11 @@ yyreduce: OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); #endif } -#line 2534 "util/configparser.c" /* yacc.c:1646 */ +#line 2605 "util/configparser.c" /* yacc.c:1646 */ break; - case 213: -#line 387 "util/configparser.y" /* yacc.c:1646 */ + case 226: +#line 411 "util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_zone:%s)\n", (yyvsp[0].str))); @@ -2545,11 +2616,11 @@ yyreduce: OUTYY(("P(Compiled without edns subnet option, ignoring)\n")); #endif } -#line 2549 "util/configparser.c" /* yacc.c:1646 */ +#line 2620 "util/configparser.c" /* yacc.c:1646 */ break; - case 214: -#line 400 "util/configparser.y" /* yacc.c:1646 */ + case 227: +#line 424 "util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(server_client_subnet_always_forward:%s)\n", (yyvsp[0].str))); @@ -2563,11 +2634,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2567 "util/configparser.c" /* yacc.c:1646 */ +#line 2638 "util/configparser.c" /* yacc.c:1646 */ break; - case 215: -#line 415 "util/configparser.y" /* yacc.c:1646 */ + case 228: +#line 439 "util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(client_subnet_opcode:%s)\n", (yyvsp[0].str))); @@ -2577,11 +2648,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2581 "util/configparser.c" /* yacc.c:1646 */ +#line 2652 "util/configparser.c" /* yacc.c:1646 */ break; - case 216: -#line 426 "util/configparser.y" /* yacc.c:1646 */ + case 229: +#line 450 "util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv4:%s)\n", (yyvsp[0].str))); @@ -2597,11 +2668,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2601 "util/configparser.c" /* yacc.c:1646 */ +#line 2672 "util/configparser.c" /* yacc.c:1646 */ break; - case 217: -#line 443 "util/configparser.y" /* yacc.c:1646 */ + case 230: +#line 467 "util/configparser.y" /* yacc.c:1646 */ { #ifdef CLIENT_SUBNET OUTYY(("P(max_client_subnet_ipv6:%s)\n", (yyvsp[0].str))); @@ -2617,11 +2688,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2621 "util/configparser.c" /* yacc.c:1646 */ +#line 2692 "util/configparser.c" /* yacc.c:1646 */ break; - case 218: -#line 460 "util/configparser.y" /* yacc.c:1646 */ + case 231: +#line 484 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_ifs == 0) @@ -2633,11 +2704,11 @@ yyreduce: else cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = (yyvsp[0].str); } -#line 2637 "util/configparser.c" /* yacc.c:1646 */ +#line 2708 "util/configparser.c" /* yacc.c:1646 */ break; - case 219: -#line 473 "util/configparser.y" /* yacc.c:1646 */ + case 232: +#line 497 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_interface:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->num_out_ifs == 0) @@ -2651,11 +2722,11 @@ yyreduce: cfg_parser->cfg->out_ifs[ cfg_parser->cfg->num_out_ifs++] = (yyvsp[0].str); } -#line 2655 "util/configparser.c" /* yacc.c:1646 */ +#line 2726 "util/configparser.c" /* yacc.c:1646 */ break; - case 220: -#line 488 "util/configparser.y" /* yacc.c:1646 */ + case 233: +#line 512 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_range:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2663,11 +2734,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_ports = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2667 "util/configparser.c" /* yacc.c:1646 */ +#line 2738 "util/configparser.c" /* yacc.c:1646 */ break; - case 221: -#line 497 "util/configparser.y" /* yacc.c:1646 */ + case 234: +#line 521 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_permit:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 1, @@ -2675,11 +2746,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 2679 "util/configparser.c" /* yacc.c:1646 */ +#line 2750 "util/configparser.c" /* yacc.c:1646 */ break; - case 222: -#line 506 "util/configparser.y" /* yacc.c:1646 */ + case 235: +#line 530 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_port_avoid:%s)\n", (yyvsp[0].str))); if(!cfg_mark_ports((yyvsp[0].str), 0, @@ -2687,11 +2758,11 @@ yyreduce: yyerror("port number or range (\"low-high\") expected"); free((yyvsp[0].str)); } -#line 2691 "util/configparser.c" /* yacc.c:1646 */ +#line 2762 "util/configparser.c" /* yacc.c:1646 */ break; - case 223: -#line 515 "util/configparser.y" /* yacc.c:1646 */ + case 236: +#line 539 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2699,11 +2770,11 @@ yyreduce: else cfg_parser->cfg->outgoing_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2703 "util/configparser.c" /* yacc.c:1646 */ +#line 2774 "util/configparser.c" /* yacc.c:1646 */ break; - case 224: -#line 524 "util/configparser.y" /* yacc.c:1646 */ + case 237: +#line 548 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_incoming_num_tcp:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2711,11 +2782,11 @@ yyreduce: else cfg_parser->cfg->incoming_num_tcp = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2715 "util/configparser.c" /* yacc.c:1646 */ +#line 2786 "util/configparser.c" /* yacc.c:1646 */ break; - case 225: -#line 533 "util/configparser.y" /* yacc.c:1646 */ + case 238: +#line 557 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_interface_automatic:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2723,11 +2794,11 @@ yyreduce: else cfg_parser->cfg->if_automatic = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2727 "util/configparser.c" /* yacc.c:1646 */ +#line 2798 "util/configparser.c" /* yacc.c:1646 */ break; - case 226: -#line 542 "util/configparser.y" /* yacc.c:1646 */ + case 239: +#line 566 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip4:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2735,11 +2806,11 @@ yyreduce: else cfg_parser->cfg->do_ip4 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2739 "util/configparser.c" /* yacc.c:1646 */ +#line 2810 "util/configparser.c" /* yacc.c:1646 */ break; - case 227: -#line 551 "util/configparser.y" /* yacc.c:1646 */ + case 240: +#line 575 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2747,11 +2818,11 @@ yyreduce: else cfg_parser->cfg->do_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2751 "util/configparser.c" /* yacc.c:1646 */ +#line 2822 "util/configparser.c" /* yacc.c:1646 */ break; - case 228: -#line 560 "util/configparser.y" /* yacc.c:1646 */ + case 241: +#line 584 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_udp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2759,11 +2830,11 @@ yyreduce: else cfg_parser->cfg->do_udp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2763 "util/configparser.c" /* yacc.c:1646 */ +#line 2834 "util/configparser.c" /* yacc.c:1646 */ break; - case 229: -#line 569 "util/configparser.y" /* yacc.c:1646 */ + case 242: +#line 593 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_tcp:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2771,11 +2842,11 @@ yyreduce: else cfg_parser->cfg->do_tcp = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2775 "util/configparser.c" /* yacc.c:1646 */ +#line 2846 "util/configparser.c" /* yacc.c:1646 */ break; - case 230: -#line 578 "util/configparser.y" /* yacc.c:1646 */ + case 243: +#line 602 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefer_ip6:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2783,11 +2854,11 @@ yyreduce: else cfg_parser->cfg->prefer_ip6 = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2787 "util/configparser.c" /* yacc.c:1646 */ +#line 2858 "util/configparser.c" /* yacc.c:1646 */ break; - case 231: -#line 587 "util/configparser.y" /* yacc.c:1646 */ + case 244: +#line 611 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2795,11 +2866,11 @@ yyreduce: else cfg_parser->cfg->tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2799 "util/configparser.c" /* yacc.c:1646 */ +#line 2870 "util/configparser.c" /* yacc.c:1646 */ break; - case 232: -#line 596 "util/configparser.y" /* yacc.c:1646 */ + case 245: +#line 620 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_outgoing_tcp_mss:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -2807,11 +2878,11 @@ yyreduce: else cfg_parser->cfg->outgoing_tcp_mss = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2811 "util/configparser.c" /* yacc.c:1646 */ +#line 2882 "util/configparser.c" /* yacc.c:1646 */ break; - case 233: -#line 605 "util/configparser.y" /* yacc.c:1646 */ + case 246: +#line 629 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_tcp_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2819,11 +2890,11 @@ yyreduce: else cfg_parser->cfg->tcp_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2823 "util/configparser.c" /* yacc.c:1646 */ +#line 2894 "util/configparser.c" /* yacc.c:1646 */ break; - case 234: -#line 614 "util/configparser.y" /* yacc.c:1646 */ + case 247: +#line 638 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_udp_upstream_without_downstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2831,11 +2902,11 @@ yyreduce: else cfg_parser->cfg->udp_upstream_without_downstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2835 "util/configparser.c" /* yacc.c:1646 */ +#line 2906 "util/configparser.c" /* yacc.c:1646 */ break; - case 235: -#line 623 "util/configparser.y" /* yacc.c:1646 */ + case 248: +#line 647 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2843,31 +2914,31 @@ yyreduce: else cfg_parser->cfg->ssl_upstream = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2847 "util/configparser.c" /* yacc.c:1646 */ +#line 2918 "util/configparser.c" /* yacc.c:1646 */ break; - case 236: -#line 632 "util/configparser.y" /* yacc.c:1646 */ + case 249: +#line 656 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_key:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_key); cfg_parser->cfg->ssl_service_key = (yyvsp[0].str); } -#line 2857 "util/configparser.c" /* yacc.c:1646 */ +#line 2928 "util/configparser.c" /* yacc.c:1646 */ break; - case 237: -#line 639 "util/configparser.y" /* yacc.c:1646 */ + case 250: +#line 663 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_service_pem:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->ssl_service_pem); cfg_parser->cfg->ssl_service_pem = (yyvsp[0].str); } -#line 2867 "util/configparser.c" /* yacc.c:1646 */ +#line 2938 "util/configparser.c" /* yacc.c:1646 */ break; - case 238: -#line 646 "util/configparser.y" /* yacc.c:1646 */ + case 251: +#line 670 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ssl_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -2875,11 +2946,21 @@ yyreduce: else cfg_parser->cfg->ssl_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 2879 "util/configparser.c" /* yacc.c:1646 */ +#line 2950 "util/configparser.c" /* yacc.c:1646 */ break; - case 239: -#line 655 "util/configparser.y" /* yacc.c:1646 */ + case 252: +#line 679 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_tls_cert_bundle:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->tls_cert_bundle); + cfg_parser->cfg->tls_cert_bundle = (yyvsp[0].str); + } +#line 2960 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 253: +#line 686 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_systemd:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2887,11 +2968,11 @@ yyreduce: else cfg_parser->cfg->use_systemd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2891 "util/configparser.c" /* yacc.c:1646 */ +#line 2972 "util/configparser.c" /* yacc.c:1646 */ break; - case 240: -#line 664 "util/configparser.y" /* yacc.c:1646 */ + case 254: +#line 695 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_daemonize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2899,11 +2980,11 @@ yyreduce: else cfg_parser->cfg->do_daemonize = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2903 "util/configparser.c" /* yacc.c:1646 */ +#line 2984 "util/configparser.c" /* yacc.c:1646 */ break; - case 241: -#line 673 "util/configparser.y" /* yacc.c:1646 */ + case 255: +#line 704 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_syslog:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2916,11 +2997,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 2920 "util/configparser.c" /* yacc.c:1646 */ +#line 3001 "util/configparser.c" /* yacc.c:1646 */ break; - case 242: -#line 687 "util/configparser.y" /* yacc.c:1646 */ + case 256: +#line 718 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_time_ascii:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2928,11 +3009,11 @@ yyreduce: else cfg_parser->cfg->log_time_ascii = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2932 "util/configparser.c" /* yacc.c:1646 */ +#line 3013 "util/configparser.c" /* yacc.c:1646 */ break; - case 243: -#line 696 "util/configparser.y" /* yacc.c:1646 */ + case 257: +#line 727 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2940,11 +3021,11 @@ yyreduce: else cfg_parser->cfg->log_queries = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2944 "util/configparser.c" /* yacc.c:1646 */ +#line 3025 "util/configparser.c" /* yacc.c:1646 */ break; - case 244: -#line 705 "util/configparser.y" /* yacc.c:1646 */ + case 258: +#line 736 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_replies:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -2952,31 +3033,31 @@ yyreduce: else cfg_parser->cfg->log_replies = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 2956 "util/configparser.c" /* yacc.c:1646 */ +#line 3037 "util/configparser.c" /* yacc.c:1646 */ break; - case 245: -#line 714 "util/configparser.y" /* yacc.c:1646 */ + case 259: +#line 745 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_chroot:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->chrootdir); cfg_parser->cfg->chrootdir = (yyvsp[0].str); } -#line 2966 "util/configparser.c" /* yacc.c:1646 */ +#line 3047 "util/configparser.c" /* yacc.c:1646 */ break; - case 246: -#line 721 "util/configparser.y" /* yacc.c:1646 */ + case 260: +#line 752 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_username:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->username); cfg_parser->cfg->username = (yyvsp[0].str); } -#line 2976 "util/configparser.c" /* yacc.c:1646 */ +#line 3057 "util/configparser.c" /* yacc.c:1646 */ break; - case 247: -#line 728 "util/configparser.y" /* yacc.c:1646 */ + case 261: +#line 759 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_directory:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->directory); @@ -3001,105 +3082,105 @@ yyreduce: } } } -#line 3005 "util/configparser.c" /* yacc.c:1646 */ +#line 3086 "util/configparser.c" /* yacc.c:1646 */ break; - case 248: -#line 754 "util/configparser.y" /* yacc.c:1646 */ + case 262: +#line 785 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_logfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->logfile); cfg_parser->cfg->logfile = (yyvsp[0].str); cfg_parser->cfg->use_syslog = 0; } -#line 3016 "util/configparser.c" /* yacc.c:1646 */ +#line 3097 "util/configparser.c" /* yacc.c:1646 */ break; - case 249: -#line 762 "util/configparser.y" /* yacc.c:1646 */ + case 263: +#line 793 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_pidfile:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->pidfile); cfg_parser->cfg->pidfile = (yyvsp[0].str); } -#line 3026 "util/configparser.c" /* yacc.c:1646 */ +#line 3107 "util/configparser.c" /* yacc.c:1646 */ break; - case 250: -#line 769 "util/configparser.y" /* yacc.c:1646 */ + case 264: +#line 800 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_root_hints:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->root_hints, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3036 "util/configparser.c" /* yacc.c:1646 */ +#line 3117 "util/configparser.c" /* yacc.c:1646 */ break; - case 251: -#line 776 "util/configparser.y" /* yacc.c:1646 */ + case 265: +#line 807 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dlv_anchor_file); cfg_parser->cfg->dlv_anchor_file = (yyvsp[0].str); } -#line 3046 "util/configparser.c" /* yacc.c:1646 */ +#line 3127 "util/configparser.c" /* yacc.c:1646 */ break; - case 252: -#line 783 "util/configparser.y" /* yacc.c:1646 */ + case 266: +#line 814 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dlv_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3056 "util/configparser.c" /* yacc.c:1646 */ +#line 3137 "util/configparser.c" /* yacc.c:1646 */ break; - case 253: -#line 790 "util/configparser.y" /* yacc.c:1646 */ + case 267: +#line 821 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_auto_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> auto_trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3067 "util/configparser.c" /* yacc.c:1646 */ +#line 3148 "util/configparser.c" /* yacc.c:1646 */ break; - case 254: -#line 798 "util/configparser.y" /* yacc.c:1646 */ + case 268: +#line 829 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trust_anchor_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3078 "util/configparser.c" /* yacc.c:1646 */ +#line 3159 "util/configparser.c" /* yacc.c:1646 */ break; - case 255: -#line 806 "util/configparser.y" /* yacc.c:1646 */ + case 269: +#line 837 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trusted_keys_file:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg-> trusted_keys_file_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3089 "util/configparser.c" /* yacc.c:1646 */ +#line 3170 "util/configparser.c" /* yacc.c:1646 */ break; - case 256: -#line 814 "util/configparser.y" /* yacc.c:1646 */ + case 270: +#line 845 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->trust_anchor_list, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3099 "util/configparser.c" /* yacc.c:1646 */ +#line 3180 "util/configparser.c" /* yacc.c:1646 */ break; - case 257: -#line 821 "util/configparser.y" /* yacc.c:1646 */ + case 271: +#line 852 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_trust_anchor_signaling:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3109,21 +3190,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3113 "util/configparser.c" /* yacc.c:1646 */ +#line 3194 "util/configparser.c" /* yacc.c:1646 */ break; - case 258: -#line 832 "util/configparser.y" /* yacc.c:1646 */ + case 272: +#line 863 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_domain_insecure:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->domain_insecure, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3123 "util/configparser.c" /* yacc.c:1646 */ +#line 3204 "util/configparser.c" /* yacc.c:1646 */ break; - case 259: -#line 839 "util/configparser.y" /* yacc.c:1646 */ + case 273: +#line 870 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3131,11 +3212,11 @@ yyreduce: else cfg_parser->cfg->hide_identity = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3135 "util/configparser.c" /* yacc.c:1646 */ +#line 3216 "util/configparser.c" /* yacc.c:1646 */ break; - case 260: -#line 848 "util/configparser.y" /* yacc.c:1646 */ + case 274: +#line 879 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3143,11 +3224,11 @@ yyreduce: else cfg_parser->cfg->hide_version = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3147 "util/configparser.c" /* yacc.c:1646 */ +#line 3228 "util/configparser.c" /* yacc.c:1646 */ break; - case 261: -#line 857 "util/configparser.y" /* yacc.c:1646 */ + case 275: +#line 888 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_hide_trustanchor:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3155,53 +3236,53 @@ yyreduce: else cfg_parser->cfg->hide_trustanchor = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3159 "util/configparser.c" /* yacc.c:1646 */ +#line 3240 "util/configparser.c" /* yacc.c:1646 */ break; - case 262: -#line 866 "util/configparser.y" /* yacc.c:1646 */ + case 276: +#line 897 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->identity); cfg_parser->cfg->identity = (yyvsp[0].str); } -#line 3169 "util/configparser.c" /* yacc.c:1646 */ +#line 3250 "util/configparser.c" /* yacc.c:1646 */ break; - case 263: -#line 873 "util/configparser.y" /* yacc.c:1646 */ + case 277: +#line 904 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->version); cfg_parser->cfg->version = (yyvsp[0].str); } -#line 3179 "util/configparser.c" /* yacc.c:1646 */ +#line 3260 "util/configparser.c" /* yacc.c:1646 */ break; - case 264: -#line 880 "util/configparser.y" /* yacc.c:1646 */ + case 278: +#line 911 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_rcvbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_rcvbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3190 "util/configparser.c" /* yacc.c:1646 */ +#line 3271 "util/configparser.c" /* yacc.c:1646 */ break; - case 265: -#line 888 "util/configparser.y" /* yacc.c:1646 */ + case 279: +#line 919 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_sndbuf:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->so_sndbuf)) yyerror("buffer size expected"); free((yyvsp[0].str)); } -#line 3201 "util/configparser.c" /* yacc.c:1646 */ +#line 3282 "util/configparser.c" /* yacc.c:1646 */ break; - case 266: -#line 896 "util/configparser.y" /* yacc.c:1646 */ + case 280: +#line 927 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_so_reuseport:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3210,11 +3291,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3214 "util/configparser.c" /* yacc.c:1646 */ +#line 3295 "util/configparser.c" /* yacc.c:1646 */ break; - case 267: -#line 906 "util/configparser.y" /* yacc.c:1646 */ + case 281: +#line 937 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_transparent:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3223,11 +3304,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3227 "util/configparser.c" /* yacc.c:1646 */ +#line 3308 "util/configparser.c" /* yacc.c:1646 */ break; - case 268: -#line 916 "util/configparser.y" /* yacc.c:1646 */ + case 282: +#line 947 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_freebind:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3236,11 +3317,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3240 "util/configparser.c" /* yacc.c:1646 */ +#line 3321 "util/configparser.c" /* yacc.c:1646 */ break; - case 269: -#line 926 "util/configparser.y" /* yacc.c:1646 */ + case 283: +#line 957 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_edns_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3252,11 +3333,11 @@ yyreduce: else cfg_parser->cfg->edns_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3256 "util/configparser.c" /* yacc.c:1646 */ +#line 3337 "util/configparser.c" /* yacc.c:1646 */ break; - case 270: -#line 939 "util/configparser.y" /* yacc.c:1646 */ + case 284: +#line 970 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_buffer_size:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3266,22 +3347,22 @@ yyreduce: else cfg_parser->cfg->msg_buffer_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3270 "util/configparser.c" /* yacc.c:1646 */ +#line 3351 "util/configparser.c" /* yacc.c:1646 */ break; - case 271: -#line 950 "util/configparser.y" /* yacc.c:1646 */ + case 285: +#line 981 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->msg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3281 "util/configparser.c" /* yacc.c:1646 */ +#line 3362 "util/configparser.c" /* yacc.c:1646 */ break; - case 272: -#line 958 "util/configparser.y" /* yacc.c:1646 */ + case 286: +#line 989 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_msg_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3293,11 +3374,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3297 "util/configparser.c" /* yacc.c:1646 */ +#line 3378 "util/configparser.c" /* yacc.c:1646 */ break; - case 273: -#line 971 "util/configparser.y" /* yacc.c:1646 */ + case 287: +#line 1002 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_num_queries_per_thread:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3305,11 +3386,11 @@ yyreduce: else cfg_parser->cfg->num_queries_per_thread = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3309 "util/configparser.c" /* yacc.c:1646 */ +#line 3390 "util/configparser.c" /* yacc.c:1646 */ break; - case 274: -#line 980 "util/configparser.y" /* yacc.c:1646 */ + case 288: +#line 1011 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_jostle_timeout:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3317,11 +3398,11 @@ yyreduce: else cfg_parser->cfg->jostle_time = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3321 "util/configparser.c" /* yacc.c:1646 */ +#line 3402 "util/configparser.c" /* yacc.c:1646 */ break; - case 275: -#line 989 "util/configparser.y" /* yacc.c:1646 */ + case 289: +#line 1020 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_delay_close:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3329,11 +3410,11 @@ yyreduce: else cfg_parser->cfg->delay_close = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3333 "util/configparser.c" /* yacc.c:1646 */ +#line 3414 "util/configparser.c" /* yacc.c:1646 */ break; - case 276: -#line 998 "util/configparser.y" /* yacc.c:1646 */ + case 290: +#line 1029 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unblock_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3342,11 +3423,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3346 "util/configparser.c" /* yacc.c:1646 */ +#line 3427 "util/configparser.c" /* yacc.c:1646 */ break; - case 277: -#line 1008 "util/configparser.y" /* yacc.c:1646 */ + case 291: +#line 1039 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_insecure_lan_zones:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3355,22 +3436,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3359 "util/configparser.c" /* yacc.c:1646 */ +#line 3440 "util/configparser.c" /* yacc.c:1646 */ break; - case 278: -#line 1018 "util/configparser.y" /* yacc.c:1646 */ + case 292: +#line 1049 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->rrset_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3370 "util/configparser.c" /* yacc.c:1646 */ +#line 3451 "util/configparser.c" /* yacc.c:1646 */ break; - case 279: -#line 1026 "util/configparser.y" /* yacc.c:1646 */ + case 293: +#line 1057 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3382,11 +3463,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3386 "util/configparser.c" /* yacc.c:1646 */ +#line 3467 "util/configparser.c" /* yacc.c:1646 */ break; - case 280: -#line 1039 "util/configparser.y" /* yacc.c:1646 */ + case 294: +#line 1070 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_host_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3394,22 +3475,22 @@ yyreduce: else cfg_parser->cfg->host_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3398 "util/configparser.c" /* yacc.c:1646 */ +#line 3479 "util/configparser.c" /* yacc.c:1646 */ break; - case 281: -#line 1048 "util/configparser.y" /* yacc.c:1646 */ + case 295: +#line 1079 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_lame_ttl:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-lame-ttl: %s (option " "removed, use infra-host-ttl)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3409 "util/configparser.c" /* yacc.c:1646 */ +#line 3490 "util/configparser.c" /* yacc.c:1646 */ break; - case 282: -#line 1056 "util/configparser.y" /* yacc.c:1646 */ + case 296: +#line 1087 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_numhosts:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3417,22 +3498,22 @@ yyreduce: else cfg_parser->cfg->infra_cache_numhosts = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3421 "util/configparser.c" /* yacc.c:1646 */ +#line 3502 "util/configparser.c" /* yacc.c:1646 */ break; - case 283: -#line 1065 "util/configparser.y" /* yacc.c:1646 */ + case 297: +#line 1096 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_lame_size:%s)\n", (yyvsp[0].str))); verbose(VERB_DETAIL, "ignored infra-cache-lame-size: %s " "(option removed, use infra-cache-numhosts)", (yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3432 "util/configparser.c" /* yacc.c:1646 */ +#line 3513 "util/configparser.c" /* yacc.c:1646 */ break; - case 284: -#line 1073 "util/configparser.y" /* yacc.c:1646 */ + case 298: +#line 1104 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3444,11 +3525,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3448 "util/configparser.c" /* yacc.c:1646 */ +#line 3529 "util/configparser.c" /* yacc.c:1646 */ break; - case 285: -#line 1086 "util/configparser.y" /* yacc.c:1646 */ + case 299: +#line 1117 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_infra_cache_min_rtt:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3456,21 +3537,21 @@ yyreduce: else cfg_parser->cfg->infra_cache_min_rtt = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3460 "util/configparser.c" /* yacc.c:1646 */ +#line 3541 "util/configparser.c" /* yacc.c:1646 */ break; - case 286: -#line 1095 "util/configparser.y" /* yacc.c:1646 */ + case 300: +#line 1126 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_target_fetch_policy:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->target_fetch_policy); cfg_parser->cfg->target_fetch_policy = (yyvsp[0].str); } -#line 3470 "util/configparser.c" /* yacc.c:1646 */ +#line 3551 "util/configparser.c" /* yacc.c:1646 */ break; - case 287: -#line 1102 "util/configparser.y" /* yacc.c:1646 */ + case 301: +#line 1133 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_short_bufsize:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3479,11 +3560,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3483 "util/configparser.c" /* yacc.c:1646 */ +#line 3564 "util/configparser.c" /* yacc.c:1646 */ break; - case 288: -#line 1112 "util/configparser.y" /* yacc.c:1646 */ + case 302: +#line 1143 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_large_queries:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3492,11 +3573,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3496 "util/configparser.c" /* yacc.c:1646 */ +#line 3577 "util/configparser.c" /* yacc.c:1646 */ break; - case 289: -#line 1122 "util/configparser.y" /* yacc.c:1646 */ + case 303: +#line 1153 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_glue:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3505,11 +3586,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3509 "util/configparser.c" /* yacc.c:1646 */ +#line 3590 "util/configparser.c" /* yacc.c:1646 */ break; - case 290: -#line 1132 "util/configparser.y" /* yacc.c:1646 */ + case 304: +#line 1163 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_dnssec_stripped:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3518,11 +3599,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3522 "util/configparser.c" /* yacc.c:1646 */ +#line 3603 "util/configparser.c" /* yacc.c:1646 */ break; - case 291: -#line 1142 "util/configparser.y" /* yacc.c:1646 */ + case 305: +#line 1173 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_below_nxdomain:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3531,11 +3612,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3535 "util/configparser.c" /* yacc.c:1646 */ +#line 3616 "util/configparser.c" /* yacc.c:1646 */ break; - case 292: -#line 1152 "util/configparser.y" /* yacc.c:1646 */ + case 306: +#line 1183 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_referral_path:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3544,11 +3625,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3548 "util/configparser.c" /* yacc.c:1646 */ +#line 3629 "util/configparser.c" /* yacc.c:1646 */ break; - case 293: -#line 1162 "util/configparser.y" /* yacc.c:1646 */ + case 307: +#line 1193 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_harden_algo_downgrade:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3557,11 +3638,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3561 "util/configparser.c" /* yacc.c:1646 */ +#line 3642 "util/configparser.c" /* yacc.c:1646 */ break; - case 294: -#line 1172 "util/configparser.y" /* yacc.c:1646 */ + case 308: +#line 1203 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_use_caps_for_id:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3570,41 +3651,41 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3574 "util/configparser.c" /* yacc.c:1646 */ +#line 3655 "util/configparser.c" /* yacc.c:1646 */ break; - case 295: -#line 1182 "util/configparser.y" /* yacc.c:1646 */ + case 309: +#line 1213 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_caps_whitelist:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->caps_whitelist, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3584 "util/configparser.c" /* yacc.c:1646 */ +#line 3665 "util/configparser.c" /* yacc.c:1646 */ break; - case 296: -#line 1189 "util/configparser.y" /* yacc.c:1646 */ + case 310: +#line 1220 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_address, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3594 "util/configparser.c" /* yacc.c:1646 */ +#line 3675 "util/configparser.c" /* yacc.c:1646 */ break; - case 297: -#line 1196 "util/configparser.y" /* yacc.c:1646 */ + case 311: +#line 1227 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_private_domain:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->private_domain, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3604 "util/configparser.c" /* yacc.c:1646 */ +#line 3685 "util/configparser.c" /* yacc.c:1646 */ break; - case 298: -#line 1203 "util/configparser.y" /* yacc.c:1646 */ + case 312: +#line 1234 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3612,11 +3693,11 @@ yyreduce: else cfg_parser->cfg->prefetch = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3616 "util/configparser.c" /* yacc.c:1646 */ +#line 3697 "util/configparser.c" /* yacc.c:1646 */ break; - case 299: -#line 1212 "util/configparser.y" /* yacc.c:1646 */ + case 313: +#line 1243 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_prefetch_key:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3624,11 +3705,11 @@ yyreduce: else cfg_parser->cfg->prefetch_key = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3628 "util/configparser.c" /* yacc.c:1646 */ +#line 3709 "util/configparser.c" /* yacc.c:1646 */ break; - case 300: -#line 1221 "util/configparser.y" /* yacc.c:1646 */ + case 314: +#line 1252 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3636,21 +3717,21 @@ yyreduce: else cfg_parser->cfg->unwanted_threshold = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3640 "util/configparser.c" /* yacc.c:1646 */ +#line 3721 "util/configparser.c" /* yacc.c:1646 */ break; - case 301: -#line 1230 "util/configparser.y" /* yacc.c:1646 */ + case 315: +#line 1261 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_address:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->donotqueryaddrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 3650 "util/configparser.c" /* yacc.c:1646 */ +#line 3731 "util/configparser.c" /* yacc.c:1646 */ break; - case 302: -#line 1237 "util/configparser.y" /* yacc.c:1646 */ + case 316: +#line 1268 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_do_not_query_localhost:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3659,11 +3740,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3663 "util/configparser.c" /* yacc.c:1646 */ +#line 3744 "util/configparser.c" /* yacc.c:1646 */ break; - case 303: -#line 1247 "util/configparser.y" /* yacc.c:1646 */ + case 317: +#line 1278 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "deny")!=0 && strcmp((yyvsp[0].str), "refuse")!=0 && @@ -3679,21 +3760,21 @@ yyreduce: fatal_exit("out of memory adding acl"); } } -#line 3683 "util/configparser.c" /* yacc.c:1646 */ +#line 3764 "util/configparser.c" /* yacc.c:1646 */ break; - case 304: -#line 1264 "util/configparser.y" /* yacc.c:1646 */ + case 318: +#line 1295 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_module_conf:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->module_conf); cfg_parser->cfg->module_conf = (yyvsp[0].str); } -#line 3693 "util/configparser.c" /* yacc.c:1646 */ +#line 3774 "util/configparser.c" /* yacc.c:1646 */ break; - case 305: -#line 1271 "util/configparser.y" /* yacc.c:1646 */ + case 319: +#line 1302 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_override_date:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3710,11 +3791,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3714 "util/configparser.c" /* yacc.c:1646 */ +#line 3795 "util/configparser.c" /* yacc.c:1646 */ break; - case 306: -#line 1289 "util/configparser.y" /* yacc.c:1646 */ + case 320: +#line 1320 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_min:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3726,11 +3807,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3730 "util/configparser.c" /* yacc.c:1646 */ +#line 3811 "util/configparser.c" /* yacc.c:1646 */ break; - case 307: -#line 1302 "util/configparser.y" /* yacc.c:1646 */ + case 321: +#line 1333 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_sig_skew_max:%s)\n", (yyvsp[0].str))); if(*(yyvsp[0].str) == '\0' || strcmp((yyvsp[0].str), "0") == 0) { @@ -3742,11 +3823,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3746 "util/configparser.c" /* yacc.c:1646 */ +#line 3827 "util/configparser.c" /* yacc.c:1646 */ break; - case 308: -#line 1315 "util/configparser.y" /* yacc.c:1646 */ + case 322: +#line 1346 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3754,11 +3835,11 @@ yyreduce: else cfg_parser->cfg->max_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3758 "util/configparser.c" /* yacc.c:1646 */ +#line 3839 "util/configparser.c" /* yacc.c:1646 */ break; - case 309: -#line 1324 "util/configparser.y" /* yacc.c:1646 */ + case 323: +#line 1355 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_max_negative_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3766,11 +3847,11 @@ yyreduce: else cfg_parser->cfg->max_negative_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3770 "util/configparser.c" /* yacc.c:1646 */ +#line 3851 "util/configparser.c" /* yacc.c:1646 */ break; - case 310: -#line 1333 "util/configparser.y" /* yacc.c:1646 */ + case 324: +#line 1364 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_cache_min_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3778,11 +3859,11 @@ yyreduce: else cfg_parser->cfg->min_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3782 "util/configparser.c" /* yacc.c:1646 */ +#line 3863 "util/configparser.c" /* yacc.c:1646 */ break; - case 311: -#line 1342 "util/configparser.y" /* yacc.c:1646 */ + case 325: +#line 1373 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_bogus_ttl:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3790,11 +3871,11 @@ yyreduce: else cfg_parser->cfg->bogus_ttl = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3794 "util/configparser.c" /* yacc.c:1646 */ +#line 3875 "util/configparser.c" /* yacc.c:1646 */ break; - case 312: -#line 1351 "util/configparser.y" /* yacc.c:1646 */ + case 326: +#line 1382 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_clean_additional:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3803,11 +3884,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3807 "util/configparser.c" /* yacc.c:1646 */ +#line 3888 "util/configparser.c" /* yacc.c:1646 */ break; - case 313: -#line 1361 "util/configparser.y" /* yacc.c:1646 */ + case 327: +#line 1392 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_permissive_mode:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3816,11 +3897,25 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3820 "util/configparser.c" /* yacc.c:1646 */ +#line 3901 "util/configparser.c" /* yacc.c:1646 */ break; - case 314: -#line 1371 "util/configparser.y" /* yacc.c:1646 */ + case 328: +#line 1402 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(server_aggressive_nsec:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->aggressive_nsec = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 3915 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 329: +#line 1413 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ignore_cd_flag:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3828,11 +3923,11 @@ yyreduce: else cfg_parser->cfg->ignore_cd = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3832 "util/configparser.c" /* yacc.c:1646 */ +#line 3927 "util/configparser.c" /* yacc.c:1646 */ break; - case 315: -#line 1380 "util/configparser.y" /* yacc.c:1646 */ + case 330: +#line 1422 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_serve_expired:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3840,11 +3935,11 @@ yyreduce: else cfg_parser->cfg->serve_expired = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3844 "util/configparser.c" /* yacc.c:1646 */ +#line 3939 "util/configparser.c" /* yacc.c:1646 */ break; - case 316: -#line 1389 "util/configparser.y" /* yacc.c:1646 */ + case 331: +#line 1431 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3856,11 +3951,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3860 "util/configparser.c" /* yacc.c:1646 */ +#line 3955 "util/configparser.c" /* yacc.c:1646 */ break; - case 317: -#line 1402 "util/configparser.y" /* yacc.c:1646 */ + case 332: +#line 1444 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3872,11 +3967,11 @@ yyreduce: #endif free((yyvsp[0].str)); } -#line 3876 "util/configparser.c" /* yacc.c:1646 */ +#line 3971 "util/configparser.c" /* yacc.c:1646 */ break; - case 318: -#line 1415 "util/configparser.y" /* yacc.c:1646 */ + case 333: +#line 1457 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_log_level:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3884,21 +3979,21 @@ yyreduce: else cfg_parser->cfg->val_log_level = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3888 "util/configparser.c" /* yacc.c:1646 */ +#line 3983 "util/configparser.c" /* yacc.c:1646 */ break; - case 319: -#line 1424 "util/configparser.y" /* yacc.c:1646 */ + case 334: +#line 1466 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_val_nsec3_keysize_iterations:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->val_nsec3_key_iterations); cfg_parser->cfg->val_nsec3_key_iterations = (yyvsp[0].str); } -#line 3898 "util/configparser.c" /* yacc.c:1646 */ +#line 3993 "util/configparser.c" /* yacc.c:1646 */ break; - case 320: -#line 1431 "util/configparser.y" /* yacc.c:1646 */ + case 335: +#line 1473 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_add_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3906,11 +4001,11 @@ yyreduce: else cfg_parser->cfg->add_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3910 "util/configparser.c" /* yacc.c:1646 */ +#line 4005 "util/configparser.c" /* yacc.c:1646 */ break; - case 321: -#line 1440 "util/configparser.y" /* yacc.c:1646 */ + case 336: +#line 1482 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_del_holddown:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3918,11 +4013,11 @@ yyreduce: else cfg_parser->cfg->del_holddown = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3922 "util/configparser.c" /* yacc.c:1646 */ +#line 4017 "util/configparser.c" /* yacc.c:1646 */ break; - case 322: -#line 1449 "util/configparser.y" /* yacc.c:1646 */ + case 337: +#line 1491 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_keep_missing:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -3930,11 +4025,11 @@ yyreduce: else cfg_parser->cfg->keep_missing = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 3934 "util/configparser.c" /* yacc.c:1646 */ +#line 4029 "util/configparser.c" /* yacc.c:1646 */ break; - case 323: -#line 1458 "util/configparser.y" /* yacc.c:1646 */ + case 338: +#line 1500 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_permit_small_holddown:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -3943,22 +4038,22 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 3947 "util/configparser.c" /* yacc.c:1646 */ +#line 4042 "util/configparser.c" /* yacc.c:1646 */ break; - case 324: -#line 1467 "util/configparser.y" /* yacc.c:1646 */ + case 339: +#line 1509 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->key_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3958 "util/configparser.c" /* yacc.c:1646 */ +#line 4053 "util/configparser.c" /* yacc.c:1646 */ break; - case 325: -#line 1475 "util/configparser.y" /* yacc.c:1646 */ + case 340: +#line 1517 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_key_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -3970,22 +4065,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 3974 "util/configparser.c" /* yacc.c:1646 */ +#line 4069 "util/configparser.c" /* yacc.c:1646 */ break; - case 326: -#line 1488 "util/configparser.y" /* yacc.c:1646 */ + case 341: +#line 1530 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_neg_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->neg_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 3985 "util/configparser.c" /* yacc.c:1646 */ +#line 4080 "util/configparser.c" /* yacc.c:1646 */ break; - case 327: -#line 1496 "util/configparser.y" /* yacc.c:1646 */ + case 342: +#line 1538 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -3995,12 +4090,13 @@ yyreduce: && strcmp((yyvsp[0].str), "always_transparent")!=0 && strcmp((yyvsp[0].str), "always_refuse")!=0 && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "noview")!=0 && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); + "always_nxdomain, noview or nodefault"); else if(strcmp((yyvsp[0].str), "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, (yyvsp[-1].str))) @@ -4012,21 +4108,21 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4016 "util/configparser.c" /* yacc.c:1646 */ +#line 4112 "util/configparser.c" /* yacc.c:1646 */ break; - case 328: -#line 1524 "util/configparser.y" /* yacc.c:1646 */ + case 343: +#line 1567 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->local_data, (yyvsp[0].str))) fatal_exit("out of memory adding local-data"); } -#line 4026 "util/configparser.c" /* yacc.c:1646 */ +#line 4122 "util/configparser.c" /* yacc.c:1646 */ break; - case 329: -#line 1531 "util/configparser.y" /* yacc.c:1646 */ + case 344: +#line 1574 "util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(server_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4040,11 +4136,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4044 "util/configparser.c" /* yacc.c:1646 */ +#line 4140 "util/configparser.c" /* yacc.c:1646 */ break; - case 330: -#line 1546 "util/configparser.y" /* yacc.c:1646 */ + case 345: +#line 1589 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_minimal_responses:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4053,11 +4149,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4057 "util/configparser.c" /* yacc.c:1646 */ +#line 4153 "util/configparser.c" /* yacc.c:1646 */ break; - case 331: -#line 1556 "util/configparser.y" /* yacc.c:1646 */ + case 346: +#line 1599 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_rrset_roundrobin:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4066,31 +4162,31 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4070 "util/configparser.c" /* yacc.c:1646 */ +#line 4166 "util/configparser.c" /* yacc.c:1646 */ break; - case 332: -#line 1566 "util/configparser.y" /* yacc.c:1646 */ + case 347: +#line 1609 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_max_udp_size:%s)\n", (yyvsp[0].str))); cfg_parser->cfg->max_udp_size = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4080 "util/configparser.c" /* yacc.c:1646 */ +#line 4176 "util/configparser.c" /* yacc.c:1646 */ break; - case 333: -#line 1573 "util/configparser.y" /* yacc.c:1646 */ + case 348: +#line 1616 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dns64_prefix:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dns64_prefix); cfg_parser->cfg->dns64_prefix = (yyvsp[0].str); } -#line 4090 "util/configparser.c" /* yacc.c:1646 */ +#line 4186 "util/configparser.c" /* yacc.c:1646 */ break; - case 334: -#line 1580 "util/configparser.y" /* yacc.c:1646 */ + case 349: +#line 1623 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_dns64_synthall:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4098,11 +4194,11 @@ yyreduce: else cfg_parser->cfg->dns64_synthall = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4102 "util/configparser.c" /* yacc.c:1646 */ +#line 4198 "util/configparser.c" /* yacc.c:1646 */ break; - case 335: -#line 1589 "util/configparser.y" /* yacc.c:1646 */ + case 350: +#line 1632 "util/configparser.y" /* yacc.c:1646 */ { char* p, *s = (yyvsp[0].str); OUTYY(("P(server_define_tag:%s)\n", (yyvsp[0].str))); @@ -4115,11 +4211,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4119 "util/configparser.c" /* yacc.c:1646 */ +#line 4215 "util/configparser.c" /* yacc.c:1646 */ break; - case 336: -#line 1603 "util/configparser.y" /* yacc.c:1646 */ + case 351: +#line 1646 "util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4137,11 +4233,11 @@ yyreduce: } } } -#line 4141 "util/configparser.c" /* yacc.c:1646 */ +#line 4237 "util/configparser.c" /* yacc.c:1646 */ break; - case 337: -#line 1622 "util/configparser.y" /* yacc.c:1646 */ + case 352: +#line 1665 "util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4159,11 +4255,11 @@ yyreduce: } } } -#line 4163 "util/configparser.c" /* yacc.c:1646 */ +#line 4259 "util/configparser.c" /* yacc.c:1646 */ break; - case 338: -#line 1641 "util/configparser.y" /* yacc.c:1646 */ + case 353: +#line 1684 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_action:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_actions, @@ -4174,11 +4270,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4178 "util/configparser.c" /* yacc.c:1646 */ +#line 4274 "util/configparser.c" /* yacc.c:1646 */ break; - case 339: -#line 1653 "util/configparser.y" /* yacc.c:1646 */ + case 354: +#line 1696 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_tag_data:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->acl_tag_datas, @@ -4189,11 +4285,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4193 "util/configparser.c" /* yacc.c:1646 */ +#line 4289 "util/configparser.c" /* yacc.c:1646 */ break; - case 340: -#line 1665 "util/configparser.y" /* yacc.c:1646 */ + case 355: +#line 1708 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_local_zone_override:%s %s %s)\n", (yyvsp[-2].str), (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str3list_insert(&cfg_parser->cfg->local_zone_overrides, @@ -4204,11 +4300,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4208 "util/configparser.c" /* yacc.c:1646 */ +#line 4304 "util/configparser.c" /* yacc.c:1646 */ break; - case 341: -#line 1677 "util/configparser.y" /* yacc.c:1646 */ + case 356: +#line 1720 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_access_control_view:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->acl_view, @@ -4218,11 +4314,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4222 "util/configparser.c" /* yacc.c:1646 */ +#line 4318 "util/configparser.c" /* yacc.c:1646 */ break; - case 342: -#line 1688 "util/configparser.y" /* yacc.c:1646 */ + case 357: +#line 1731 "util/configparser.y" /* yacc.c:1646 */ { size_t len = 0; uint8_t* bitlist = config_parse_taglist(cfg_parser->cfg, (yyvsp[0].str), @@ -4240,11 +4336,11 @@ yyreduce: } } } -#line 4244 "util/configparser.c" /* yacc.c:1646 */ +#line 4340 "util/configparser.c" /* yacc.c:1646 */ break; - case 343: -#line 1707 "util/configparser.y" /* yacc.c:1646 */ + case 358: +#line 1750 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4252,11 +4348,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4256 "util/configparser.c" /* yacc.c:1646 */ +#line 4352 "util/configparser.c" /* yacc.c:1646 */ break; - case 344: -#line 1717 "util/configparser.y" /* yacc.c:1646 */ + case 359: +#line 1760 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4264,33 +4360,33 @@ yyreduce: else cfg_parser->cfg->ratelimit = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4268 "util/configparser.c" /* yacc.c:1646 */ +#line 4364 "util/configparser.c" /* yacc.c:1646 */ break; - case 345: -#line 1726 "util/configparser.y" /* yacc.c:1646 */ + case 360: +#line 1769 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ip_ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4279 "util/configparser.c" /* yacc.c:1646 */ +#line 4375 "util/configparser.c" /* yacc.c:1646 */ break; - case 346: -#line 1734 "util/configparser.y" /* yacc.c:1646 */ + case 361: +#line 1777 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->ratelimit_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 4290 "util/configparser.c" /* yacc.c:1646 */ +#line 4386 "util/configparser.c" /* yacc.c:1646 */ break; - case 347: -#line 1742 "util/configparser.y" /* yacc.c:1646 */ + case 362: +#line 1785 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4302,11 +4398,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4306 "util/configparser.c" /* yacc.c:1646 */ +#line 4402 "util/configparser.c" /* yacc.c:1646 */ break; - case 348: -#line 1755 "util/configparser.y" /* yacc.c:1646 */ + case 363: +#line 1798 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4318,11 +4414,11 @@ yyreduce: } free((yyvsp[0].str)); } -#line 4322 "util/configparser.c" /* yacc.c:1646 */ +#line 4418 "util/configparser.c" /* yacc.c:1646 */ break; - case 349: -#line 1768 "util/configparser.y" /* yacc.c:1646 */ + case 364: +#line 1811 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_for_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4334,11 +4430,11 @@ yyreduce: "ratelimit-for-domain"); } } -#line 4338 "util/configparser.c" /* yacc.c:1646 */ +#line 4434 "util/configparser.c" /* yacc.c:1646 */ break; - case 350: -#line 1781 "util/configparser.y" /* yacc.c:1646 */ + case 365: +#line 1824 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_below_domain:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) { @@ -4350,11 +4446,11 @@ yyreduce: "ratelimit-below-domain"); } } -#line 4354 "util/configparser.c" /* yacc.c:1646 */ +#line 4450 "util/configparser.c" /* yacc.c:1646 */ break; - case 351: -#line 1794 "util/configparser.y" /* yacc.c:1646 */ + case 366: +#line 1837 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ip_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4362,11 +4458,11 @@ yyreduce: else cfg_parser->cfg->ip_ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4366 "util/configparser.c" /* yacc.c:1646 */ +#line 4462 "util/configparser.c" /* yacc.c:1646 */ break; - case 352: -#line 1803 "util/configparser.y" /* yacc.c:1646 */ + case 367: +#line 1846 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_ratelimit_factor:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0 && strcmp((yyvsp[0].str), "0") != 0) @@ -4374,11 +4470,11 @@ yyreduce: else cfg_parser->cfg->ratelimit_factor = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4378 "util/configparser.c" /* yacc.c:1646 */ +#line 4474 "util/configparser.c" /* yacc.c:1646 */ break; - case 353: -#line 1812 "util/configparser.y" /* yacc.c:1646 */ + case 368: +#line 1855 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4387,11 +4483,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4391 "util/configparser.c" /* yacc.c:1646 */ +#line 4487 "util/configparser.c" /* yacc.c:1646 */ break; - case 354: -#line 1822 "util/configparser.y" /* yacc.c:1646 */ + case 369: +#line 1865 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_qname_minimisation_strict:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4400,11 +4496,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4404 "util/configparser.c" /* yacc.c:1646 */ +#line 4500 "util/configparser.c" /* yacc.c:1646 */ break; - case 355: -#line 1832 "util/configparser.y" /* yacc.c:1646 */ + case 370: +#line 1875 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_enabled:%s)\n", (yyvsp[0].str))); @@ -4416,11 +4512,11 @@ yyreduce: OUTYY(("P(Compiled without IPsec module, ignoring)\n")); #endif } -#line 4420 "util/configparser.c" /* yacc.c:1646 */ +#line 4516 "util/configparser.c" /* yacc.c:1646 */ break; - case 356: -#line 1845 "util/configparser.y" /* yacc.c:1646 */ + case 371: +#line 1888 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_ignore_bogus:%s)\n", (yyvsp[0].str))); @@ -4432,11 +4528,11 @@ yyreduce: OUTYY(("P(Compiled without IPsec module, ignoring)\n")); #endif } -#line 4436 "util/configparser.c" /* yacc.c:1646 */ +#line 4532 "util/configparser.c" /* yacc.c:1646 */ break; - case 357: -#line 1858 "util/configparser.y" /* yacc.c:1646 */ + case 372: +#line 1901 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_hook:%s)\n", (yyvsp[0].str))); @@ -4446,11 +4542,11 @@ yyreduce: OUTYY(("P(Compiled without IPsec module, ignoring)\n")); #endif } -#line 4450 "util/configparser.c" /* yacc.c:1646 */ +#line 4546 "util/configparser.c" /* yacc.c:1646 */ break; - case 358: -#line 1869 "util/configparser.y" /* yacc.c:1646 */ + case 373: +#line 1912 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_max_ttl:%s)\n", (yyvsp[0].str))); @@ -4462,11 +4558,11 @@ yyreduce: OUTYY(("P(Compiled without IPsec module, ignoring)\n")); #endif } -#line 4466 "util/configparser.c" /* yacc.c:1646 */ +#line 4562 "util/configparser.c" /* yacc.c:1646 */ break; - case 359: -#line 1882 "util/configparser.y" /* yacc.c:1646 */ + case 374: +#line 1925 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_whitelist:%s)\n", (yyvsp[0].str))); @@ -4476,11 +4572,11 @@ yyreduce: OUTYY(("P(Compiled without IPsec module, ignoring)\n")); #endif } -#line 4480 "util/configparser.c" /* yacc.c:1646 */ +#line 4576 "util/configparser.c" /* yacc.c:1646 */ break; - case 360: -#line 1893 "util/configparser.y" /* yacc.c:1646 */ + case 375: +#line 1936 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_IPSECMOD OUTYY(("P(server_ipsecmod_strict:%s)\n", (yyvsp[0].str))); @@ -4492,11 +4588,11 @@ yyreduce: OUTYY(("P(Compiled without IPsec module, ignoring)\n")); #endif } -#line 4496 "util/configparser.c" /* yacc.c:1646 */ +#line 4592 "util/configparser.c" /* yacc.c:1646 */ break; - case 361: -#line 1906 "util/configparser.y" /* yacc.c:1646 */ + case 376: +#line 1949 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->stubs->name) @@ -4505,31 +4601,31 @@ yyreduce: free(cfg_parser->cfg->stubs->name); cfg_parser->cfg->stubs->name = (yyvsp[0].str); } -#line 4509 "util/configparser.c" /* yacc.c:1646 */ +#line 4605 "util/configparser.c" /* yacc.c:1646 */ break; - case 362: -#line 1916 "util/configparser.y" /* yacc.c:1646 */ + case 377: +#line 1959 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4519 "util/configparser.c" /* yacc.c:1646 */ +#line 4615 "util/configparser.c" /* yacc.c:1646 */ break; - case 363: -#line 1923 "util/configparser.y" /* yacc.c:1646 */ + case 378: +#line 1966 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->stubs->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4529 "util/configparser.c" /* yacc.c:1646 */ +#line 4625 "util/configparser.c" /* yacc.c:1646 */ break; - case 364: -#line 1930 "util/configparser.y" /* yacc.c:1646 */ + case 379: +#line 1973 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4537,11 +4633,11 @@ yyreduce: else cfg_parser->cfg->stubs->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4541 "util/configparser.c" /* yacc.c:1646 */ +#line 4637 "util/configparser.c" /* yacc.c:1646 */ break; - case 365: -#line 1939 "util/configparser.y" /* yacc.c:1646 */ + case 380: +#line 1982 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4550,11 +4646,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4554 "util/configparser.c" /* yacc.c:1646 */ +#line 4650 "util/configparser.c" /* yacc.c:1646 */ break; - case 366: -#line 1949 "util/configparser.y" /* yacc.c:1646 */ + case 381: +#line 1992 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(stub-prime:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4563,11 +4659,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4567 "util/configparser.c" /* yacc.c:1646 */ +#line 4663 "util/configparser.c" /* yacc.c:1646 */ break; - case 367: -#line 1959 "util/configparser.y" /* yacc.c:1646 */ + case 382: +#line 2002 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->forwards->name) @@ -4576,31 +4672,31 @@ yyreduce: free(cfg_parser->cfg->forwards->name); cfg_parser->cfg->forwards->name = (yyvsp[0].str); } -#line 4580 "util/configparser.c" /* yacc.c:1646 */ +#line 4676 "util/configparser.c" /* yacc.c:1646 */ break; - case 368: -#line 1969 "util/configparser.y" /* yacc.c:1646 */ + case 383: +#line 2012 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-host:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->hosts, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4590 "util/configparser.c" /* yacc.c:1646 */ +#line 4686 "util/configparser.c" /* yacc.c:1646 */ break; - case 369: -#line 1976 "util/configparser.y" /* yacc.c:1646 */ + case 384: +#line 2019 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-addr:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->forwards->addrs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4600 "util/configparser.c" /* yacc.c:1646 */ +#line 4696 "util/configparser.c" /* yacc.c:1646 */ break; - case 370: -#line 1983 "util/configparser.y" /* yacc.c:1646 */ + case 385: +#line 2026 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4608,11 +4704,11 @@ yyreduce: else cfg_parser->cfg->forwards->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4612 "util/configparser.c" /* yacc.c:1646 */ +#line 4708 "util/configparser.c" /* yacc.c:1646 */ break; - case 371: -#line 1992 "util/configparser.y" /* yacc.c:1646 */ + case 386: +#line 2035 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(forward-ssl-upstream:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4621,11 +4717,93 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4625 "util/configparser.c" /* yacc.c:1646 */ +#line 4721 "util/configparser.c" /* yacc.c:1646 */ break; - case 372: -#line 2002 "util/configparser.y" /* yacc.c:1646 */ + case 387: +#line 2045 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(name:%s)\n", (yyvsp[0].str))); + if(cfg_parser->cfg->auths->name) + yyerror("auth name override, there must be one name " + "for one auth-zone"); + free(cfg_parser->cfg->auths->name); + cfg_parser->cfg->auths->name = (yyvsp[0].str); + } +#line 4734 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 388: +#line 2055 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(zonefile:%s)\n", (yyvsp[0].str))); + free(cfg_parser->cfg->auths->zonefile); + cfg_parser->cfg->auths->zonefile = (yyvsp[0].str); + } +#line 4744 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 389: +#line 2062 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(master:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 4754 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 390: +#line 2069 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(url:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, (yyvsp[0].str))) + yyerror("out of memory"); + } +#line 4764 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 391: +#line 2076 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(for-downstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->for_downstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4777 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 392: +#line 2086 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(for-upstream:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->for_upstream = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4790 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 393: +#line 2096 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(fallback-enabled:%s)\n", (yyvsp[0].str))); + if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->fallback_enabled = + (strcmp((yyvsp[0].str), "yes")==0); + free((yyvsp[0].str)); + } +#line 4803 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 394: +#line 2106 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(name:%s)\n", (yyvsp[0].str))); if(cfg_parser->cfg->views->name) @@ -4634,11 +4812,11 @@ yyreduce: free(cfg_parser->cfg->views->name); cfg_parser->cfg->views->name = (yyvsp[0].str); } -#line 4638 "util/configparser.c" /* yacc.c:1646 */ +#line 4816 "util/configparser.c" /* yacc.c:1646 */ break; - case 373: -#line 2012 "util/configparser.y" /* yacc.c:1646 */ + case 395: +#line 2116 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_zone:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "static")!=0 && strcmp((yyvsp[0].str), "deny")!=0 && @@ -4648,12 +4826,13 @@ yyreduce: && strcmp((yyvsp[0].str), "always_transparent")!=0 && strcmp((yyvsp[0].str), "always_refuse")!=0 && strcmp((yyvsp[0].str), "always_nxdomain")!=0 + && strcmp((yyvsp[0].str), "noview")!=0 && strcmp((yyvsp[0].str), "inform")!=0 && strcmp((yyvsp[0].str), "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); + "always_nxdomain, noview or nodefault"); else if(strcmp((yyvsp[0].str), "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg->views-> local_zones_nodefault, (yyvsp[-1].str))) @@ -4666,11 +4845,11 @@ yyreduce: fatal_exit("out of memory adding local-zone"); } } -#line 4670 "util/configparser.c" /* yacc.c:1646 */ +#line 4849 "util/configparser.c" /* yacc.c:1646 */ break; - case 374: -#line 2041 "util/configparser.y" /* yacc.c:1646 */ + case 396: +#line 2146 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -4679,22 +4858,22 @@ yyreduce: fatal_exit("out of memory adding per-view " "response-ip action"); } -#line 4683 "util/configparser.c" /* yacc.c:1646 */ +#line 4862 "util/configparser.c" /* yacc.c:1646 */ break; - case 375: -#line 2051 "util/configparser.y" /* yacc.c:1646 */ + case 397: +#line 2156 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert( &cfg_parser->cfg->views->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 4694 "util/configparser.c" /* yacc.c:1646 */ +#line 4873 "util/configparser.c" /* yacc.c:1646 */ break; - case 376: -#line 2059 "util/configparser.y" /* yacc.c:1646 */ + case 398: +#line 2164 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view_local_data:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->views->local_data, (yyvsp[0].str))) { @@ -4702,11 +4881,11 @@ yyreduce: free((yyvsp[0].str)); } } -#line 4706 "util/configparser.c" /* yacc.c:1646 */ +#line 4885 "util/configparser.c" /* yacc.c:1646 */ break; - case 377: -#line 2068 "util/configparser.y" /* yacc.c:1646 */ + case 399: +#line 2173 "util/configparser.y" /* yacc.c:1646 */ { char* ptr; OUTYY(("P(view_local_data_ptr:%s)\n", (yyvsp[0].str))); @@ -4720,11 +4899,11 @@ yyreduce: yyerror("local-data-ptr could not be reversed"); } } -#line 4724 "util/configparser.c" /* yacc.c:1646 */ +#line 4903 "util/configparser.c" /* yacc.c:1646 */ break; - case 378: -#line 2083 "util/configparser.y" /* yacc.c:1646 */ + case 400: +#line 2188 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(view-first:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4732,19 +4911,19 @@ yyreduce: else cfg_parser->cfg->views->isfirst=(strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4736 "util/configparser.c" /* yacc.c:1646 */ +#line 4915 "util/configparser.c" /* yacc.c:1646 */ break; - case 379: -#line 2092 "util/configparser.y" /* yacc.c:1646 */ + case 401: +#line 2197 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(remote-control:)\n")); } -#line 4744 "util/configparser.c" /* yacc.c:1646 */ +#line 4923 "util/configparser.c" /* yacc.c:1646 */ break; - case 390: -#line 2103 "util/configparser.y" /* yacc.c:1646 */ + case 412: +#line 2208 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4753,11 +4932,11 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4757 "util/configparser.c" /* yacc.c:1646 */ +#line 4936 "util/configparser.c" /* yacc.c:1646 */ break; - case 391: -#line 2113 "util/configparser.y" /* yacc.c:1646 */ + case 413: +#line 2218 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_port:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -4765,21 +4944,21 @@ yyreduce: else cfg_parser->cfg->control_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 4769 "util/configparser.c" /* yacc.c:1646 */ +#line 4948 "util/configparser.c" /* yacc.c:1646 */ break; - case 392: -#line 2122 "util/configparser.y" /* yacc.c:1646 */ + case 414: +#line 2227 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str))); if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str))) yyerror("out of memory"); } -#line 4779 "util/configparser.c" /* yacc.c:1646 */ +#line 4958 "util/configparser.c" /* yacc.c:1646 */ break; - case 393: -#line 2129 "util/configparser.y" /* yacc.c:1646 */ + case 415: +#line 2234 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4788,122 +4967,122 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 4792 "util/configparser.c" /* yacc.c:1646 */ +#line 4971 "util/configparser.c" /* yacc.c:1646 */ break; - case 394: -#line 2139 "util/configparser.y" /* yacc.c:1646 */ + case 416: +#line 2244 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_key_file); cfg_parser->cfg->server_key_file = (yyvsp[0].str); } -#line 4802 "util/configparser.c" /* yacc.c:1646 */ +#line 4981 "util/configparser.c" /* yacc.c:1646 */ break; - case 395: -#line 2146 "util/configparser.y" /* yacc.c:1646 */ + case 417: +#line 2251 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->server_cert_file); cfg_parser->cfg->server_cert_file = (yyvsp[0].str); } -#line 4812 "util/configparser.c" /* yacc.c:1646 */ +#line 4991 "util/configparser.c" /* yacc.c:1646 */ break; - case 396: -#line 2153 "util/configparser.y" /* yacc.c:1646 */ + case 418: +#line 2258 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_key_file); cfg_parser->cfg->control_key_file = (yyvsp[0].str); } -#line 4822 "util/configparser.c" /* yacc.c:1646 */ +#line 5001 "util/configparser.c" /* yacc.c:1646 */ break; - case 397: -#line 2160 "util/configparser.y" /* yacc.c:1646 */ + case 419: +#line 2265 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->control_cert_file); cfg_parser->cfg->control_cert_file = (yyvsp[0].str); } -#line 4832 "util/configparser.c" /* yacc.c:1646 */ +#line 5011 "util/configparser.c" /* yacc.c:1646 */ break; - case 398: -#line 2167 "util/configparser.y" /* yacc.c:1646 */ + case 420: +#line 2272 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnstap:)\n")); } -#line 4840 "util/configparser.c" /* yacc.c:1646 */ +#line 5019 "util/configparser.c" /* yacc.c:1646 */ break; - case 413: -#line 2184 "util/configparser.y" /* yacc.c:1646 */ + case 435: +#line 2289 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4851 "util/configparser.c" /* yacc.c:1646 */ +#line 5030 "util/configparser.c" /* yacc.c:1646 */ break; - case 414: -#line 2192 "util/configparser.y" /* yacc.c:1646 */ + case 436: +#line 2297 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_socket_path); cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str); } -#line 4861 "util/configparser.c" /* yacc.c:1646 */ +#line 5040 "util/configparser.c" /* yacc.c:1646 */ break; - case 415: -#line 2199 "util/configparser.y" /* yacc.c:1646 */ + case 437: +#line 2304 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4872 "util/configparser.c" /* yacc.c:1646 */ +#line 5051 "util/configparser.c" /* yacc.c:1646 */ break; - case 416: -#line 2207 "util/configparser.y" /* yacc.c:1646 */ + case 438: +#line 2312 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) yyerror("expected yes or no."); else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4883 "util/configparser.c" /* yacc.c:1646 */ +#line 5062 "util/configparser.c" /* yacc.c:1646 */ break; - case 417: -#line 2215 "util/configparser.y" /* yacc.c:1646 */ + case 439: +#line 2320 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_identity); cfg_parser->cfg->dnstap_identity = (yyvsp[0].str); } -#line 4893 "util/configparser.c" /* yacc.c:1646 */ +#line 5072 "util/configparser.c" /* yacc.c:1646 */ break; - case 418: -#line 2222 "util/configparser.y" /* yacc.c:1646 */ + case 440: +#line 2327 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnstap_version); cfg_parser->cfg->dnstap_version = (yyvsp[0].str); } -#line 4903 "util/configparser.c" /* yacc.c:1646 */ +#line 5082 "util/configparser.c" /* yacc.c:1646 */ break; - case 419: -#line 2229 "util/configparser.y" /* yacc.c:1646 */ + case 441: +#line 2334 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4911,11 +5090,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_resolver_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4915 "util/configparser.c" /* yacc.c:1646 */ +#line 5094 "util/configparser.c" /* yacc.c:1646 */ break; - case 420: -#line 2238 "util/configparser.y" /* yacc.c:1646 */ + case 442: +#line 2343 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4923,11 +5102,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_resolver_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4927 "util/configparser.c" /* yacc.c:1646 */ +#line 5106 "util/configparser.c" /* yacc.c:1646 */ break; - case 421: -#line 2247 "util/configparser.y" /* yacc.c:1646 */ + case 443: +#line 2352 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4935,11 +5114,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_client_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4939 "util/configparser.c" /* yacc.c:1646 */ +#line 5118 "util/configparser.c" /* yacc.c:1646 */ break; - case 422: -#line 2256 "util/configparser.y" /* yacc.c:1646 */ + case 444: +#line 2361 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4947,11 +5126,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_client_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4951 "util/configparser.c" /* yacc.c:1646 */ +#line 5130 "util/configparser.c" /* yacc.c:1646 */ break; - case 423: -#line 2265 "util/configparser.y" /* yacc.c:1646 */ + case 445: +#line 2370 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4959,11 +5138,11 @@ yyreduce: else cfg_parser->cfg->dnstap_log_forwarder_query_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4963 "util/configparser.c" /* yacc.c:1646 */ +#line 5142 "util/configparser.c" /* yacc.c:1646 */ break; - case 424: -#line 2274 "util/configparser.y" /* yacc.c:1646 */ + case 446: +#line 2379 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -4971,29 +5150,29 @@ yyreduce: else cfg_parser->cfg->dnstap_log_forwarder_response_messages = (strcmp((yyvsp[0].str), "yes")==0); } -#line 4975 "util/configparser.c" /* yacc.c:1646 */ +#line 5154 "util/configparser.c" /* yacc.c:1646 */ break; - case 425: -#line 2283 "util/configparser.y" /* yacc.c:1646 */ + case 447: +#line 2388 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(python:)\n")); } -#line 4983 "util/configparser.c" /* yacc.c:1646 */ +#line 5162 "util/configparser.c" /* yacc.c:1646 */ break; - case 429: -#line 2292 "util/configparser.y" /* yacc.c:1646 */ + case 451: +#line 2397 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(python-script:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->python_script); cfg_parser->cfg->python_script = (yyvsp[0].str); } -#line 4993 "util/configparser.c" /* yacc.c:1646 */ +#line 5172 "util/configparser.c" /* yacc.c:1646 */ break; - case 430: -#line 2298 "util/configparser.y" /* yacc.c:1646 */ + case 452: +#line 2403 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str))); if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5002,21 +5181,21 @@ yyreduce: (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5006 "util/configparser.c" /* yacc.c:1646 */ +#line 5185 "util/configparser.c" /* yacc.c:1646 */ break; - case 431: -#line 2308 "util/configparser.y" /* yacc.c:1646 */ + case 453: +#line 2413 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->log_identity); cfg_parser->cfg->log_identity = (yyvsp[0].str); } -#line 5016 "util/configparser.c" /* yacc.c:1646 */ +#line 5195 "util/configparser.c" /* yacc.c:1646 */ break; - case 432: -#line 2315 "util/configparser.y" /* yacc.c:1646 */ + case 454: +#line 2420 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str))); validate_respip_action((yyvsp[0].str)); @@ -5024,31 +5203,31 @@ yyreduce: (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip"); } -#line 5028 "util/configparser.c" /* yacc.c:1646 */ +#line 5207 "util/configparser.c" /* yacc.c:1646 */ break; - case 433: -#line 2324 "util/configparser.y" /* yacc.c:1646 */ + case 455: +#line 2429 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str))); if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data, (yyvsp[-1].str), (yyvsp[0].str))) fatal_exit("out of memory adding response-ip-data"); } -#line 5039 "util/configparser.c" /* yacc.c:1646 */ +#line 5218 "util/configparser.c" /* yacc.c:1646 */ break; - case 434: -#line 2332 "util/configparser.y" /* yacc.c:1646 */ + case 456: +#line 2437 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(dnscrypt:)\n")); OUTYY(("\nP(dnscrypt:)\n")); } -#line 5048 "util/configparser.c" /* yacc.c:1646 */ +#line 5227 "util/configparser.c" /* yacc.c:1646 */ break; - case 446: -#line 2348 "util/configparser.y" /* yacc.c:1646 */ + case 469: +#line 2454 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str))); if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0) @@ -5056,11 +5235,11 @@ yyreduce: else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0); free((yyvsp[0].str)); } -#line 5060 "util/configparser.c" /* yacc.c:1646 */ +#line 5239 "util/configparser.c" /* yacc.c:1646 */ break; - case 447: -#line 2358 "util/configparser.y" /* yacc.c:1646 */ + case 470: +#line 2464 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str))); @@ -5069,52 +5248,66 @@ yyreduce: else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str)); free((yyvsp[0].str)); } -#line 5073 "util/configparser.c" /* yacc.c:1646 */ +#line 5252 "util/configparser.c" /* yacc.c:1646 */ break; - case 448: -#line 2368 "util/configparser.y" /* yacc.c:1646 */ + case 471: +#line 2474 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str))); free(cfg_parser->cfg->dnscrypt_provider); cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str); } -#line 5083 "util/configparser.c" /* yacc.c:1646 */ +#line 5262 "util/configparser.c" /* yacc.c:1646 */ break; - case 449: -#line 2375 "util/configparser.y" /* yacc.c:1646 */ + case 472: +#line 2481 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str))); + if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) + log_warn("dnscrypt-provider-cert %s is a duplicate", (yyvsp[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-provider-cert"); } -#line 5093 "util/configparser.c" /* yacc.c:1646 */ +#line 5274 "util/configparser.c" /* yacc.c:1646 */ + break; + + case 473: +#line 2490 "util/configparser.y" /* yacc.c:1646 */ + { + OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str))); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str))) + fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); + } +#line 5284 "util/configparser.c" /* yacc.c:1646 */ break; - case 450: -#line 2382 "util/configparser.y" /* yacc.c:1646 */ + case 474: +#line 2497 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str))); + if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) + log_warn("dnscrypt-secret-key: %s is a duplicate", (yyvsp[0].str)); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str))) fatal_exit("out of memory adding dnscrypt-secret-key"); } -#line 5103 "util/configparser.c" /* yacc.c:1646 */ +#line 5296 "util/configparser.c" /* yacc.c:1646 */ break; - case 451: -#line 2389 "util/configparser.y" /* yacc.c:1646 */ + case 475: +#line 2506 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5114 "util/configparser.c" /* yacc.c:1646 */ +#line 5307 "util/configparser.c" /* yacc.c:1646 */ break; - case 452: -#line 2397 "util/configparser.y" /* yacc.c:1646 */ + case 476: +#line 2514 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5126,22 +5319,22 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5130 "util/configparser.c" /* yacc.c:1646 */ +#line 5323 "util/configparser.c" /* yacc.c:1646 */ break; - case 453: -#line 2410 "util/configparser.y" /* yacc.c:1646 */ + case 477: +#line 2527 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str))); if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size)) yyerror("memory size expected"); free((yyvsp[0].str)); } -#line 5141 "util/configparser.c" /* yacc.c:1646 */ +#line 5334 "util/configparser.c" /* yacc.c:1646 */ break; - case 454: -#line 2418 "util/configparser.y" /* yacc.c:1646 */ + case 478: +#line 2535 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str))); if(atoi((yyvsp[0].str)) == 0) @@ -5153,19 +5346,19 @@ yyreduce: } free((yyvsp[0].str)); } -#line 5157 "util/configparser.c" /* yacc.c:1646 */ +#line 5350 "util/configparser.c" /* yacc.c:1646 */ break; - case 455: -#line 2431 "util/configparser.y" /* yacc.c:1646 */ + case 479: +#line 2548 "util/configparser.y" /* yacc.c:1646 */ { OUTYY(("\nP(cachedb:)\n")); } -#line 5165 "util/configparser.c" /* yacc.c:1646 */ +#line 5358 "util/configparser.c" /* yacc.c:1646 */ break; - case 460: -#line 2440 "util/configparser.y" /* yacc.c:1646 */ + case 484: +#line 2557 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_CACHEDB OUTYY(("P(backend:%s)\n", (yyvsp[0].str))); @@ -5178,11 +5371,11 @@ yyreduce: OUTYY(("P(Compiled without cachedb, ignoring)\n")); #endif } -#line 5182 "util/configparser.c" /* yacc.c:1646 */ +#line 5375 "util/configparser.c" /* yacc.c:1646 */ break; - case 461: -#line 2454 "util/configparser.y" /* yacc.c:1646 */ + case 485: +#line 2571 "util/configparser.y" /* yacc.c:1646 */ { #ifdef USE_CACHEDB OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str))); @@ -5196,11 +5389,11 @@ yyreduce: free((yyvsp[0].str)); #endif } -#line 5200 "util/configparser.c" /* yacc.c:1646 */ +#line 5393 "util/configparser.c" /* yacc.c:1646 */ break; -#line 5204 "util/configparser.c" /* yacc.c:1646 */ +#line 5397 "util/configparser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -5428,7 +5621,7 @@ yyreturn: #endif return yyresult; } -#line 2468 "util/configparser.y" /* yacc.c:1906 */ +#line 2585 "util/configparser.y" /* yacc.c:1906 */ /* parse helper routines could be here */ diff --git a/util/configparser.h b/util/configparser.h index b2cf94c3865c..21e14670541f 100644 --- a/util/configparser.h +++ b/util/configparser.h @@ -177,95 +177,105 @@ extern int yydebug; VAR_FORWARD_FIRST = 387, VAR_STUB_SSL_UPSTREAM = 388, VAR_FORWARD_SSL_UPSTREAM = 389, - VAR_STUB_FIRST = 390, - VAR_MINIMAL_RESPONSES = 391, - VAR_RRSET_ROUNDROBIN = 392, - VAR_MAX_UDP_SIZE = 393, - VAR_DELAY_CLOSE = 394, - VAR_UNBLOCK_LAN_ZONES = 395, - VAR_INSECURE_LAN_ZONES = 396, - VAR_INFRA_CACHE_MIN_RTT = 397, - VAR_DNS64_PREFIX = 398, - VAR_DNS64_SYNTHALL = 399, - VAR_DNSTAP = 400, - VAR_DNSTAP_ENABLE = 401, - VAR_DNSTAP_SOCKET_PATH = 402, - VAR_DNSTAP_SEND_IDENTITY = 403, - VAR_DNSTAP_SEND_VERSION = 404, - VAR_DNSTAP_IDENTITY = 405, - VAR_DNSTAP_VERSION = 406, - VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 407, - VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 408, - VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 409, - VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 410, - VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 411, - VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 412, - VAR_RESPONSE_IP_TAG = 413, - VAR_RESPONSE_IP = 414, - VAR_RESPONSE_IP_DATA = 415, - VAR_HARDEN_ALGO_DOWNGRADE = 416, - VAR_IP_TRANSPARENT = 417, - VAR_DISABLE_DNSSEC_LAME_CHECK = 418, - VAR_IP_RATELIMIT = 419, - VAR_IP_RATELIMIT_SLABS = 420, - VAR_IP_RATELIMIT_SIZE = 421, - VAR_RATELIMIT = 422, - VAR_RATELIMIT_SLABS = 423, - VAR_RATELIMIT_SIZE = 424, - VAR_RATELIMIT_FOR_DOMAIN = 425, - VAR_RATELIMIT_BELOW_DOMAIN = 426, - VAR_IP_RATELIMIT_FACTOR = 427, - VAR_RATELIMIT_FACTOR = 428, - VAR_SEND_CLIENT_SUBNET = 429, - VAR_CLIENT_SUBNET_ZONE = 430, - VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 431, - VAR_CLIENT_SUBNET_OPCODE = 432, - VAR_MAX_CLIENT_SUBNET_IPV4 = 433, - VAR_MAX_CLIENT_SUBNET_IPV6 = 434, - VAR_CAPS_WHITELIST = 435, - VAR_CACHE_MAX_NEGATIVE_TTL = 436, - VAR_PERMIT_SMALL_HOLDDOWN = 437, - VAR_QNAME_MINIMISATION = 438, - VAR_QNAME_MINIMISATION_STRICT = 439, - VAR_IP_FREEBIND = 440, - VAR_DEFINE_TAG = 441, - VAR_LOCAL_ZONE_TAG = 442, - VAR_ACCESS_CONTROL_TAG = 443, - VAR_LOCAL_ZONE_OVERRIDE = 444, - VAR_ACCESS_CONTROL_TAG_ACTION = 445, - VAR_ACCESS_CONTROL_TAG_DATA = 446, - VAR_VIEW = 447, - VAR_ACCESS_CONTROL_VIEW = 448, - VAR_VIEW_FIRST = 449, - VAR_SERVE_EXPIRED = 450, - VAR_FAKE_DSA = 451, - VAR_FAKE_SHA1 = 452, - VAR_LOG_IDENTITY = 453, - VAR_HIDE_TRUSTANCHOR = 454, - VAR_TRUST_ANCHOR_SIGNALING = 455, - VAR_USE_SYSTEMD = 456, - VAR_SHM_ENABLE = 457, - VAR_SHM_KEY = 458, - VAR_DNSCRYPT = 459, - VAR_DNSCRYPT_ENABLE = 460, - VAR_DNSCRYPT_PORT = 461, - VAR_DNSCRYPT_PROVIDER = 462, - VAR_DNSCRYPT_SECRET_KEY = 463, - VAR_DNSCRYPT_PROVIDER_CERT = 464, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 465, - VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 466, - VAR_DNSCRYPT_NONCE_CACHE_SIZE = 467, - VAR_DNSCRYPT_NONCE_CACHE_SLABS = 468, - VAR_IPSECMOD_ENABLED = 469, - VAR_IPSECMOD_HOOK = 470, - VAR_IPSECMOD_IGNORE_BOGUS = 471, - VAR_IPSECMOD_MAX_TTL = 472, - VAR_IPSECMOD_WHITELIST = 473, - VAR_IPSECMOD_STRICT = 474, - VAR_CACHEDB = 475, - VAR_CACHEDB_BACKEND = 476, - VAR_CACHEDB_SECRETSEED = 477, - VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 478 + VAR_TLS_CERT_BUNDLE = 390, + VAR_STUB_FIRST = 391, + VAR_MINIMAL_RESPONSES = 392, + VAR_RRSET_ROUNDROBIN = 393, + VAR_MAX_UDP_SIZE = 394, + VAR_DELAY_CLOSE = 395, + VAR_UNBLOCK_LAN_ZONES = 396, + VAR_INSECURE_LAN_ZONES = 397, + VAR_INFRA_CACHE_MIN_RTT = 398, + VAR_DNS64_PREFIX = 399, + VAR_DNS64_SYNTHALL = 400, + VAR_DNSTAP = 401, + VAR_DNSTAP_ENABLE = 402, + VAR_DNSTAP_SOCKET_PATH = 403, + VAR_DNSTAP_SEND_IDENTITY = 404, + VAR_DNSTAP_SEND_VERSION = 405, + VAR_DNSTAP_IDENTITY = 406, + VAR_DNSTAP_VERSION = 407, + VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES = 408, + VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES = 409, + VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES = 410, + VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES = 411, + VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES = 412, + VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES = 413, + VAR_RESPONSE_IP_TAG = 414, + VAR_RESPONSE_IP = 415, + VAR_RESPONSE_IP_DATA = 416, + VAR_HARDEN_ALGO_DOWNGRADE = 417, + VAR_IP_TRANSPARENT = 418, + VAR_DISABLE_DNSSEC_LAME_CHECK = 419, + VAR_IP_RATELIMIT = 420, + VAR_IP_RATELIMIT_SLABS = 421, + VAR_IP_RATELIMIT_SIZE = 422, + VAR_RATELIMIT = 423, + VAR_RATELIMIT_SLABS = 424, + VAR_RATELIMIT_SIZE = 425, + VAR_RATELIMIT_FOR_DOMAIN = 426, + VAR_RATELIMIT_BELOW_DOMAIN = 427, + VAR_IP_RATELIMIT_FACTOR = 428, + VAR_RATELIMIT_FACTOR = 429, + VAR_SEND_CLIENT_SUBNET = 430, + VAR_CLIENT_SUBNET_ZONE = 431, + VAR_CLIENT_SUBNET_ALWAYS_FORWARD = 432, + VAR_CLIENT_SUBNET_OPCODE = 433, + VAR_MAX_CLIENT_SUBNET_IPV4 = 434, + VAR_MAX_CLIENT_SUBNET_IPV6 = 435, + VAR_CAPS_WHITELIST = 436, + VAR_CACHE_MAX_NEGATIVE_TTL = 437, + VAR_PERMIT_SMALL_HOLDDOWN = 438, + VAR_QNAME_MINIMISATION = 439, + VAR_QNAME_MINIMISATION_STRICT = 440, + VAR_IP_FREEBIND = 441, + VAR_DEFINE_TAG = 442, + VAR_LOCAL_ZONE_TAG = 443, + VAR_ACCESS_CONTROL_TAG = 444, + VAR_LOCAL_ZONE_OVERRIDE = 445, + VAR_ACCESS_CONTROL_TAG_ACTION = 446, + VAR_ACCESS_CONTROL_TAG_DATA = 447, + VAR_VIEW = 448, + VAR_ACCESS_CONTROL_VIEW = 449, + VAR_VIEW_FIRST = 450, + VAR_SERVE_EXPIRED = 451, + VAR_FAKE_DSA = 452, + VAR_FAKE_SHA1 = 453, + VAR_LOG_IDENTITY = 454, + VAR_HIDE_TRUSTANCHOR = 455, + VAR_TRUST_ANCHOR_SIGNALING = 456, + VAR_AGGRESSIVE_NSEC = 457, + VAR_USE_SYSTEMD = 458, + VAR_SHM_ENABLE = 459, + VAR_SHM_KEY = 460, + VAR_DNSCRYPT = 461, + VAR_DNSCRYPT_ENABLE = 462, + VAR_DNSCRYPT_PORT = 463, + VAR_DNSCRYPT_PROVIDER = 464, + VAR_DNSCRYPT_SECRET_KEY = 465, + VAR_DNSCRYPT_PROVIDER_CERT = 466, + VAR_DNSCRYPT_PROVIDER_CERT_ROTATED = 467, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE = 468, + VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS = 469, + VAR_DNSCRYPT_NONCE_CACHE_SIZE = 470, + VAR_DNSCRYPT_NONCE_CACHE_SLABS = 471, + VAR_IPSECMOD_ENABLED = 472, + VAR_IPSECMOD_HOOK = 473, + VAR_IPSECMOD_IGNORE_BOGUS = 474, + VAR_IPSECMOD_MAX_TTL = 475, + VAR_IPSECMOD_WHITELIST = 476, + VAR_IPSECMOD_STRICT = 477, + VAR_CACHEDB = 478, + VAR_CACHEDB_BACKEND = 479, + VAR_CACHEDB_SECRETSEED = 480, + VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM = 481, + VAR_FOR_UPSTREAM = 482, + VAR_AUTH_ZONE = 483, + VAR_ZONEFILE = 484, + VAR_MASTER = 485, + VAR_URL = 486, + VAR_FOR_DOWNSTREAM = 487, + VAR_FALLBACK_ENABLED = 488 }; #endif /* Tokens. */ @@ -401,95 +411,105 @@ extern int yydebug; #define VAR_FORWARD_FIRST 387 #define VAR_STUB_SSL_UPSTREAM 388 #define VAR_FORWARD_SSL_UPSTREAM 389 -#define VAR_STUB_FIRST 390 -#define VAR_MINIMAL_RESPONSES 391 -#define VAR_RRSET_ROUNDROBIN 392 -#define VAR_MAX_UDP_SIZE 393 -#define VAR_DELAY_CLOSE 394 -#define VAR_UNBLOCK_LAN_ZONES 395 -#define VAR_INSECURE_LAN_ZONES 396 -#define VAR_INFRA_CACHE_MIN_RTT 397 -#define VAR_DNS64_PREFIX 398 -#define VAR_DNS64_SYNTHALL 399 -#define VAR_DNSTAP 400 -#define VAR_DNSTAP_ENABLE 401 -#define VAR_DNSTAP_SOCKET_PATH 402 -#define VAR_DNSTAP_SEND_IDENTITY 403 -#define VAR_DNSTAP_SEND_VERSION 404 -#define VAR_DNSTAP_IDENTITY 405 -#define VAR_DNSTAP_VERSION 406 -#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 407 -#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 408 -#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 409 -#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 410 -#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 411 -#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 412 -#define VAR_RESPONSE_IP_TAG 413 -#define VAR_RESPONSE_IP 414 -#define VAR_RESPONSE_IP_DATA 415 -#define VAR_HARDEN_ALGO_DOWNGRADE 416 -#define VAR_IP_TRANSPARENT 417 -#define VAR_DISABLE_DNSSEC_LAME_CHECK 418 -#define VAR_IP_RATELIMIT 419 -#define VAR_IP_RATELIMIT_SLABS 420 -#define VAR_IP_RATELIMIT_SIZE 421 -#define VAR_RATELIMIT 422 -#define VAR_RATELIMIT_SLABS 423 -#define VAR_RATELIMIT_SIZE 424 -#define VAR_RATELIMIT_FOR_DOMAIN 425 -#define VAR_RATELIMIT_BELOW_DOMAIN 426 -#define VAR_IP_RATELIMIT_FACTOR 427 -#define VAR_RATELIMIT_FACTOR 428 -#define VAR_SEND_CLIENT_SUBNET 429 -#define VAR_CLIENT_SUBNET_ZONE 430 -#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 431 -#define VAR_CLIENT_SUBNET_OPCODE 432 -#define VAR_MAX_CLIENT_SUBNET_IPV4 433 -#define VAR_MAX_CLIENT_SUBNET_IPV6 434 -#define VAR_CAPS_WHITELIST 435 -#define VAR_CACHE_MAX_NEGATIVE_TTL 436 -#define VAR_PERMIT_SMALL_HOLDDOWN 437 -#define VAR_QNAME_MINIMISATION 438 -#define VAR_QNAME_MINIMISATION_STRICT 439 -#define VAR_IP_FREEBIND 440 -#define VAR_DEFINE_TAG 441 -#define VAR_LOCAL_ZONE_TAG 442 -#define VAR_ACCESS_CONTROL_TAG 443 -#define VAR_LOCAL_ZONE_OVERRIDE 444 -#define VAR_ACCESS_CONTROL_TAG_ACTION 445 -#define VAR_ACCESS_CONTROL_TAG_DATA 446 -#define VAR_VIEW 447 -#define VAR_ACCESS_CONTROL_VIEW 448 -#define VAR_VIEW_FIRST 449 -#define VAR_SERVE_EXPIRED 450 -#define VAR_FAKE_DSA 451 -#define VAR_FAKE_SHA1 452 -#define VAR_LOG_IDENTITY 453 -#define VAR_HIDE_TRUSTANCHOR 454 -#define VAR_TRUST_ANCHOR_SIGNALING 455 -#define VAR_USE_SYSTEMD 456 -#define VAR_SHM_ENABLE 457 -#define VAR_SHM_KEY 458 -#define VAR_DNSCRYPT 459 -#define VAR_DNSCRYPT_ENABLE 460 -#define VAR_DNSCRYPT_PORT 461 -#define VAR_DNSCRYPT_PROVIDER 462 -#define VAR_DNSCRYPT_SECRET_KEY 463 -#define VAR_DNSCRYPT_PROVIDER_CERT 464 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 465 -#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 466 -#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 467 -#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 468 -#define VAR_IPSECMOD_ENABLED 469 -#define VAR_IPSECMOD_HOOK 470 -#define VAR_IPSECMOD_IGNORE_BOGUS 471 -#define VAR_IPSECMOD_MAX_TTL 472 -#define VAR_IPSECMOD_WHITELIST 473 -#define VAR_IPSECMOD_STRICT 474 -#define VAR_CACHEDB 475 -#define VAR_CACHEDB_BACKEND 476 -#define VAR_CACHEDB_SECRETSEED 477 -#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 478 +#define VAR_TLS_CERT_BUNDLE 390 +#define VAR_STUB_FIRST 391 +#define VAR_MINIMAL_RESPONSES 392 +#define VAR_RRSET_ROUNDROBIN 393 +#define VAR_MAX_UDP_SIZE 394 +#define VAR_DELAY_CLOSE 395 +#define VAR_UNBLOCK_LAN_ZONES 396 +#define VAR_INSECURE_LAN_ZONES 397 +#define VAR_INFRA_CACHE_MIN_RTT 398 +#define VAR_DNS64_PREFIX 399 +#define VAR_DNS64_SYNTHALL 400 +#define VAR_DNSTAP 401 +#define VAR_DNSTAP_ENABLE 402 +#define VAR_DNSTAP_SOCKET_PATH 403 +#define VAR_DNSTAP_SEND_IDENTITY 404 +#define VAR_DNSTAP_SEND_VERSION 405 +#define VAR_DNSTAP_IDENTITY 406 +#define VAR_DNSTAP_VERSION 407 +#define VAR_DNSTAP_LOG_RESOLVER_QUERY_MESSAGES 408 +#define VAR_DNSTAP_LOG_RESOLVER_RESPONSE_MESSAGES 409 +#define VAR_DNSTAP_LOG_CLIENT_QUERY_MESSAGES 410 +#define VAR_DNSTAP_LOG_CLIENT_RESPONSE_MESSAGES 411 +#define VAR_DNSTAP_LOG_FORWARDER_QUERY_MESSAGES 412 +#define VAR_DNSTAP_LOG_FORWARDER_RESPONSE_MESSAGES 413 +#define VAR_RESPONSE_IP_TAG 414 +#define VAR_RESPONSE_IP 415 +#define VAR_RESPONSE_IP_DATA 416 +#define VAR_HARDEN_ALGO_DOWNGRADE 417 +#define VAR_IP_TRANSPARENT 418 +#define VAR_DISABLE_DNSSEC_LAME_CHECK 419 +#define VAR_IP_RATELIMIT 420 +#define VAR_IP_RATELIMIT_SLABS 421 +#define VAR_IP_RATELIMIT_SIZE 422 +#define VAR_RATELIMIT 423 +#define VAR_RATELIMIT_SLABS 424 +#define VAR_RATELIMIT_SIZE 425 +#define VAR_RATELIMIT_FOR_DOMAIN 426 +#define VAR_RATELIMIT_BELOW_DOMAIN 427 +#define VAR_IP_RATELIMIT_FACTOR 428 +#define VAR_RATELIMIT_FACTOR 429 +#define VAR_SEND_CLIENT_SUBNET 430 +#define VAR_CLIENT_SUBNET_ZONE 431 +#define VAR_CLIENT_SUBNET_ALWAYS_FORWARD 432 +#define VAR_CLIENT_SUBNET_OPCODE 433 +#define VAR_MAX_CLIENT_SUBNET_IPV4 434 +#define VAR_MAX_CLIENT_SUBNET_IPV6 435 +#define VAR_CAPS_WHITELIST 436 +#define VAR_CACHE_MAX_NEGATIVE_TTL 437 +#define VAR_PERMIT_SMALL_HOLDDOWN 438 +#define VAR_QNAME_MINIMISATION 439 +#define VAR_QNAME_MINIMISATION_STRICT 440 +#define VAR_IP_FREEBIND 441 +#define VAR_DEFINE_TAG 442 +#define VAR_LOCAL_ZONE_TAG 443 +#define VAR_ACCESS_CONTROL_TAG 444 +#define VAR_LOCAL_ZONE_OVERRIDE 445 +#define VAR_ACCESS_CONTROL_TAG_ACTION 446 +#define VAR_ACCESS_CONTROL_TAG_DATA 447 +#define VAR_VIEW 448 +#define VAR_ACCESS_CONTROL_VIEW 449 +#define VAR_VIEW_FIRST 450 +#define VAR_SERVE_EXPIRED 451 +#define VAR_FAKE_DSA 452 +#define VAR_FAKE_SHA1 453 +#define VAR_LOG_IDENTITY 454 +#define VAR_HIDE_TRUSTANCHOR 455 +#define VAR_TRUST_ANCHOR_SIGNALING 456 +#define VAR_AGGRESSIVE_NSEC 457 +#define VAR_USE_SYSTEMD 458 +#define VAR_SHM_ENABLE 459 +#define VAR_SHM_KEY 460 +#define VAR_DNSCRYPT 461 +#define VAR_DNSCRYPT_ENABLE 462 +#define VAR_DNSCRYPT_PORT 463 +#define VAR_DNSCRYPT_PROVIDER 464 +#define VAR_DNSCRYPT_SECRET_KEY 465 +#define VAR_DNSCRYPT_PROVIDER_CERT 466 +#define VAR_DNSCRYPT_PROVIDER_CERT_ROTATED 467 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE 468 +#define VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS 469 +#define VAR_DNSCRYPT_NONCE_CACHE_SIZE 470 +#define VAR_DNSCRYPT_NONCE_CACHE_SLABS 471 +#define VAR_IPSECMOD_ENABLED 472 +#define VAR_IPSECMOD_HOOK 473 +#define VAR_IPSECMOD_IGNORE_BOGUS 474 +#define VAR_IPSECMOD_MAX_TTL 475 +#define VAR_IPSECMOD_WHITELIST 476 +#define VAR_IPSECMOD_STRICT 477 +#define VAR_CACHEDB 478 +#define VAR_CACHEDB_BACKEND 479 +#define VAR_CACHEDB_SECRETSEED 480 +#define VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM 481 +#define VAR_FOR_UPSTREAM 482 +#define VAR_AUTH_ZONE 483 +#define VAR_ZONEFILE 484 +#define VAR_MASTER 485 +#define VAR_URL 486 +#define VAR_FOR_DOWNSTREAM 487 +#define VAR_FALLBACK_ENABLED 488 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED @@ -500,7 +520,7 @@ union YYSTYPE char* str; -#line 504 "util/configparser.h" /* yacc.c:1909 */ +#line 524 "util/configparser.h" /* yacc.c:1909 */ }; typedef union YYSTYPE YYSTYPE; diff --git a/util/configparser.y b/util/configparser.y index 1f72c73b08d8..7e23fca16823 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -109,7 +109,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_LOG_REPLIES %token VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM %token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST -%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM +%token VAR_STUB_SSL_UPSTREAM VAR_FORWARD_SSL_UPSTREAM VAR_TLS_CERT_BUNDLE %token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN %token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE %token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES @@ -141,9 +141,10 @@ extern struct config_parser_state* cfg_parser; %token VAR_ACCESS_CONTROL_TAG_DATA VAR_VIEW VAR_ACCESS_CONTROL_VIEW %token VAR_VIEW_FIRST VAR_SERVE_EXPIRED VAR_FAKE_DSA VAR_FAKE_SHA1 %token VAR_LOG_IDENTITY VAR_HIDE_TRUSTANCHOR VAR_TRUST_ANCHOR_SIGNALING -%token VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY +%token VAR_AGGRESSIVE_NSEC VAR_USE_SYSTEMD VAR_SHM_ENABLE VAR_SHM_KEY %token VAR_DNSCRYPT VAR_DNSCRYPT_ENABLE VAR_DNSCRYPT_PORT VAR_DNSCRYPT_PROVIDER %token VAR_DNSCRYPT_SECRET_KEY VAR_DNSCRYPT_PROVIDER_CERT +%token VAR_DNSCRYPT_PROVIDER_CERT_ROTATED %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SIZE %token VAR_DNSCRYPT_SHARED_SECRET_CACHE_SLABS %token VAR_DNSCRYPT_NONCE_CACHE_SIZE @@ -151,16 +152,17 @@ extern struct config_parser_state* cfg_parser; %token VAR_IPSECMOD_ENABLED VAR_IPSECMOD_HOOK VAR_IPSECMOD_IGNORE_BOGUS %token VAR_IPSECMOD_MAX_TTL VAR_IPSECMOD_WHITELIST VAR_IPSECMOD_STRICT %token VAR_CACHEDB VAR_CACHEDB_BACKEND VAR_CACHEDB_SECRETSEED -%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM +%token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM +%token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM +%token VAR_FALLBACK_ENABLED %% toplevelvars: /* empty */ | toplevelvars toplevelvar ; toplevelvar: serverstart contents_server | stubstart contents_stub | forwardstart contents_forward | pythonstart contents_py | - rcstart contents_rc | dtstart contents_dt | viewstart - contents_view | - dnscstart contents_dnsc | - cachedbstart contents_cachedb + rcstart contents_rc | dtstart contents_dt | viewstart contents_view | + dnscstart contents_dnsc | cachedbstart contents_cachedb | + authstart contents_auth ; /* server: declaration */ @@ -241,7 +243,8 @@ content_server: server_num_threads | server_verbosity | server_port | server_ipsecmod_enabled | server_ipsecmod_hook | server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl | server_ipsecmod_whitelist | server_ipsecmod_strict | - server_udp_upstream_without_downstream + server_udp_upstream_without_downstream | server_aggressive_nsec | + server_tls_cert_bundle ; stubstart: VAR_STUB_ZONE { @@ -296,6 +299,27 @@ contents_view: contents_view content_view content_view: view_name | view_local_zone | view_local_data | view_first | view_response_ip | view_response_ip_data | view_local_data_ptr ; +authstart: VAR_AUTH_ZONE + { + struct config_auth* s; + OUTYY(("\nP(auth_zone:)\n")); + s = (struct config_auth*)calloc(1, sizeof(struct config_auth)); + if(s) { + s->next = cfg_parser->cfg->auths; + cfg_parser->cfg->auths = s; + /* defaults for auth zone */ + s->for_downstream = 1; + s->for_upstream = 1; + s->fallback_enabled = 0; + } else + yyerror("out of memory"); + } + ; +contents_auth: contents_auth content_auth + | ; +content_auth: auth_name | auth_zonefile | auth_master | auth_url | + auth_for_downstream | auth_for_upstream | auth_fallback_enabled + ; server_num_threads: VAR_NUM_THREADS STRING_ARG { OUTYY(("P(server_num_threads:%s)\n", $2)); @@ -651,6 +675,13 @@ server_ssl_port: VAR_SSL_PORT STRING_ARG free($2); } ; +server_tls_cert_bundle: VAR_TLS_CERT_BUNDLE STRING_ARG + { + OUTYY(("P(server_tls_cert_bundle:%s)\n", $2)); + free(cfg_parser->cfg->tls_cert_bundle); + cfg_parser->cfg->tls_cert_bundle = $2; + } + ; server_use_systemd: VAR_USE_SYSTEMD STRING_ARG { OUTYY(("P(server_use_systemd:%s)\n", $2)); @@ -1367,6 +1398,17 @@ server_val_permissive_mode: VAR_VAL_PERMISSIVE_MODE STRING_ARG free($2); } ; +server_aggressive_nsec: VAR_AGGRESSIVE_NSEC STRING_ARG + { + OUTYY(("P(server_aggressive_nsec:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else + cfg_parser->cfg->aggressive_nsec = + (strcmp($2, "yes")==0); + free($2); + } + ; server_ignore_cd_flag: VAR_IGNORE_CD_FLAG STRING_ARG { OUTYY(("P(server_ignore_cd_flag:%s)\n", $2)); @@ -1502,12 +1544,13 @@ server_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_transparent")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "noview")!=0 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); + "always_nxdomain, noview or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg-> local_zones_nodefault, $2)) @@ -1998,6 +2041,67 @@ forward_ssl_upstream: VAR_FORWARD_SSL_UPSTREAM STRING_ARG free($2); } ; +auth_name: VAR_NAME STRING_ARG + { + OUTYY(("P(name:%s)\n", $2)); + if(cfg_parser->cfg->auths->name) + yyerror("auth name override, there must be one name " + "for one auth-zone"); + free(cfg_parser->cfg->auths->name); + cfg_parser->cfg->auths->name = $2; + } + ; +auth_zonefile: VAR_ZONEFILE STRING_ARG + { + OUTYY(("P(zonefile:%s)\n", $2)); + free(cfg_parser->cfg->auths->zonefile); + cfg_parser->cfg->auths->zonefile = $2; + } + ; +auth_master: VAR_MASTER STRING_ARG + { + OUTYY(("P(master:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->masters, $2)) + yyerror("out of memory"); + } + ; +auth_url: VAR_URL STRING_ARG + { + OUTYY(("P(url:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->auths->urls, $2)) + yyerror("out of memory"); + } + ; +auth_for_downstream: VAR_FOR_DOWNSTREAM STRING_ARG + { + OUTYY(("P(for-downstream:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->for_downstream = + (strcmp($2, "yes")==0); + free($2); + } + ; +auth_for_upstream: VAR_FOR_UPSTREAM STRING_ARG + { + OUTYY(("P(for-upstream:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->for_upstream = + (strcmp($2, "yes")==0); + free($2); + } + ; +auth_fallback_enabled: VAR_FALLBACK_ENABLED STRING_ARG + { + OUTYY(("P(fallback-enabled:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->auths->fallback_enabled = + (strcmp($2, "yes")==0); + free($2); + } + ; view_name: VAR_NAME STRING_ARG { OUTYY(("P(name:%s)\n", $2)); @@ -2018,12 +2122,13 @@ view_local_zone: VAR_LOCAL_ZONE STRING_ARG STRING_ARG && strcmp($3, "always_transparent")!=0 && strcmp($3, "always_refuse")!=0 && strcmp($3, "always_nxdomain")!=0 + && strcmp($3, "noview")!=0 && strcmp($3, "inform")!=0 && strcmp($3, "inform_deny")!=0) yyerror("local-zone type: expected static, deny, " "refuse, redirect, transparent, " "typetransparent, inform, inform_deny, " "always_transparent, always_refuse, " - "always_nxdomain or nodefault"); + "always_nxdomain, noview or nodefault"); else if(strcmp($3, "nodefault")==0) { if(!cfg_strlist_insert(&cfg_parser->cfg->views-> local_zones_nodefault, $2)) @@ -2339,6 +2444,7 @@ contents_dnsc: contents_dnsc content_dnsc content_dnsc: dnsc_dnscrypt_enable | dnsc_dnscrypt_port | dnsc_dnscrypt_provider | dnsc_dnscrypt_secret_key | dnsc_dnscrypt_provider_cert | + dnsc_dnscrypt_provider_cert_rotated | dnsc_dnscrypt_shared_secret_cache_size | dnsc_dnscrypt_shared_secret_cache_slabs | dnsc_dnscrypt_nonce_cache_size | @@ -2374,13 +2480,24 @@ dnsc_dnscrypt_provider: VAR_DNSCRYPT_PROVIDER STRING_ARG dnsc_dnscrypt_provider_cert: VAR_DNSCRYPT_PROVIDER_CERT STRING_ARG { OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", $2)); + if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, $2)) + log_warn("dnscrypt-provider-cert %s is a duplicate", $2); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, $2)) fatal_exit("out of memory adding dnscrypt-provider-cert"); } ; +dnsc_dnscrypt_provider_cert_rotated: VAR_DNSCRYPT_PROVIDER_CERT_ROTATED STRING_ARG + { + OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", $2)); + if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, $2)) + fatal_exit("out of memory adding dnscrypt-provider-cert-rotated"); + } + ; dnsc_dnscrypt_secret_key: VAR_DNSCRYPT_SECRET_KEY STRING_ARG { OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", $2)); + if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, $2)) + log_warn("dnscrypt-secret-key: %s is a duplicate", $2); if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, $2)) fatal_exit("out of memory adding dnscrypt-secret-key"); } diff --git a/util/data/msgreply.c b/util/data/msgreply.c index ae2fe02b6d7c..e25b42cc257a 100644 --- a/util/data/msgreply.c +++ b/util/data/msgreply.c @@ -631,9 +631,14 @@ query_info_entrysetup(struct query_info* q, struct reply_info* r, e->entry.key = e; e->entry.data = r; lock_rw_init(&e->entry.lock); - lock_protect(&e->entry.lock, &e->key, sizeof(e->key)); - lock_protect(&e->entry.lock, &e->entry.hash, sizeof(e->entry.hash) + - sizeof(e->entry.key) + sizeof(e->entry.data)); + lock_protect(&e->entry.lock, &e->key.qname, sizeof(e->key.qname)); + lock_protect(&e->entry.lock, &e->key.qname_len, sizeof(e->key.qname_len)); + lock_protect(&e->entry.lock, &e->key.qtype, sizeof(e->key.qtype)); + lock_protect(&e->entry.lock, &e->key.qclass, sizeof(e->key.qclass)); + lock_protect(&e->entry.lock, &e->key.local_alias, sizeof(e->key.local_alias)); + lock_protect(&e->entry.lock, &e->entry.hash, sizeof(e->entry.hash)); + lock_protect(&e->entry.lock, &e->entry.key, sizeof(e->entry.key)); + lock_protect(&e->entry.lock, &e->entry.data, sizeof(e->entry.data)); lock_protect(&e->entry.lock, e->key.qname, e->key.qname_len); q->qname = NULL; return e; @@ -896,6 +901,25 @@ reply_all_rrsets_secure(struct reply_info* rep) return 1; } +struct reply_info* +parse_reply_in_temp_region(sldns_buffer* pkt, struct regional* region, + struct query_info* qi) +{ + struct reply_info* rep; + struct msg_parse* msg; + if(!(msg = regional_alloc(region, sizeof(*msg)))) { + return NULL; + } + memset(msg, 0, sizeof(*msg)); + sldns_buffer_set_position(pkt, 0); + if(parse_packet(pkt, msg, region) != 0) + return 0; + if(!parse_create_msg(pkt, msg, NULL, qi, &rep, region)) { + return 0; + } + return rep; +} + int edns_opt_append(struct edns_data* edns, struct regional* region, uint16_t code, size_t len, uint8_t* data) { diff --git a/util/data/msgreply.h b/util/data/msgreply.h index b66f344e1521..60e6438a84ab 100644 --- a/util/data/msgreply.h +++ b/util/data/msgreply.h @@ -285,6 +285,10 @@ int parse_create_msg(struct sldns_buffer* pkt, struct msg_parse* msg, struct alloc_cache* alloc, struct query_info* qinf, struct reply_info** rep, struct regional* region); +/** get msg reply struct (in temp region) */ +struct reply_info* parse_reply_in_temp_region(struct sldns_buffer* pkt, + struct regional* region, struct query_info* qi); + /** * Sorts the ref array. * @param rep: reply info. rrsets must be filled in. diff --git a/util/fptr_wlist.c b/util/fptr_wlist.c index d3c1a0c06b24..400a15de2ebb 100644 --- a/util/fptr_wlist.c +++ b/util/fptr_wlist.c @@ -98,6 +98,9 @@ fptr_whitelist_comm_point(comm_point_callback_type *fptr) else if(fptr == &outnet_udp_cb) return 1; else if(fptr == &outnet_tcp_cb) return 1; else if(fptr == &tube_handle_listen) return 1; + else if(fptr == &auth_xfer_probe_udp_callback) return 1; + else if(fptr == &auth_xfer_transfer_tcp_callback) return 1; + else if(fptr == &auth_xfer_transfer_http_callback) return 1; return 0; } @@ -122,6 +125,8 @@ fptr_whitelist_comm_timer(void (*fptr)(void*)) #ifdef UB_ON_WINDOWS else if(fptr == &wsvc_cron_cb) return 1; #endif + else if(fptr == &auth_xfer_timer) return 1; + else if(fptr == &auth_xfer_probe_timer_callback) return 1; return 0; } @@ -157,6 +162,7 @@ fptr_whitelist_event(void (*fptr)(int, short, void *)) else if(fptr == &comm_point_raw_handle_callback) return 1; else if(fptr == &tube_handle_signal) return 1; else if(fptr == &comm_base_handle_slow_accept) return 1; + else if(fptr == &comm_point_http_handle_callback) return 1; #ifdef UB_ON_WINDOWS else if(fptr == &worker_win_stop_cb) return 1; #endif @@ -215,6 +221,7 @@ fptr_whitelist_rbtree_cmp(int (*fptr) (const void *, const void *)) else if(fptr == &view_cmp) return 1; else if(fptr == &auth_zone_cmp) return 1; else if(fptr == &auth_data_cmp) return 1; + else if(fptr == &auth_xfer_cmp) return 1; return 0; } @@ -509,6 +516,8 @@ int fptr_whitelist_mesh_cb(mesh_cb_func_type fptr) else if(fptr == &libworker_bg_done_cb) return 1; else if(fptr == &libworker_event_done_cb) return 1; else if(fptr == &probe_answer_cb) return 1; + else if(fptr == &auth_xfer_probe_lookup_callback) return 1; + else if(fptr == &auth_xfer_transfer_lookup_callback) return 1; return 0; } diff --git a/util/iana_ports.inc b/util/iana_ports.inc index 58c69fd1c1a7..e44a796dc4ad 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -4584,6 +4584,7 @@ 7040, 7070, 7071, +7072, 7080, 7088, 7095, @@ -4634,6 +4635,7 @@ 7402, 7410, 7411, +7420, 7421, 7426, 7427, @@ -4670,6 +4672,7 @@ 7629, 7633, 7648, +7663, 7674, 7675, 7676, @@ -4896,6 +4899,7 @@ 9026, 9060, 9080, +9081, 9084, 9085, 9086, @@ -5390,6 +5394,7 @@ 33331, 33334, 33434, +33435, 33656, 34249, 34378, @@ -5431,6 +5436,7 @@ 43189, 43190, 43210, +43438, 43439, 43440, 43441, diff --git a/util/log.c b/util/log.c index c14b45834add..75a58f9de3db 100644 --- a/util/log.c +++ b/util/log.c @@ -191,6 +191,17 @@ void log_set_time_asc(int use_asc) log_time_asc = use_asc; } +void* log_get_lock(void) +{ + if(!key_created) + return NULL; +#ifndef THREADS_DISABLED + return (void*)&log_lock; +#else + return NULL; +#endif +} + void log_vmsg(int pri, const char* type, const char *format, va_list args) diff --git a/util/log.h b/util/log.h index 8e85ee620b18..7bc3d9e76152 100644 --- a/util/log.h +++ b/util/log.h @@ -127,6 +127,9 @@ void log_set_time(time_t* t); */ void log_set_time_asc(int use_asc); +/** get log lock */ +void* log_get_lock(void); + /** * Log informational message. * Pass printf formatted arguments. No trailing newline is needed. @@ -186,11 +189,17 @@ void log_vmsg(int pri, const char* type, const char* format, va_list args); * an assertion that is thrown to the logfile. */ #ifdef UNBOUND_DEBUG +#ifdef __clang_analyzer__ +/* clang analyzer needs to know that log_assert is an assertion, otherwise + * it could complain about the nullptr the assert is guarding against. */ +#define log_assert(x) assert(x) +#else # define log_assert(x) \ do { if(!(x)) \ fatal_exit("%s:%d: %s: assertion %s failed", \ __FILE__, __LINE__, __func__, #x); \ } while(0); +#endif #else # define log_assert(x) /*nothing*/ #endif diff --git a/util/module.h b/util/module.h index 415865c3d8b6..73db994bd7a3 100644 --- a/util/module.h +++ b/util/module.h @@ -166,6 +166,9 @@ struct query_info; struct edns_data; struct regional; struct worker; +struct comm_base; +struct auth_zones; +struct outside_network; struct module_qstate; struct ub_randstate; struct mesh_area; @@ -445,6 +448,10 @@ struct module_env { struct sldns_buffer* scratch_buffer; /** internal data for daemon - worker thread. */ struct worker* worker; + /** the worker event base */ + struct comm_base* worker_base; + /** the outside network */ + struct outside_network* outnet; /** mesh area with query state dependencies */ struct mesh_area* mesh; /** allocation service */ @@ -468,6 +475,8 @@ struct module_env { struct val_neg_cache* neg_cache; /** the 5011-probe timer (if any) */ struct comm_timer* probe_timer; + /** auth zones */ + struct auth_zones* auth_zones; /** Mapping of forwarding zones to targets. * iterator forwarder information. per-thread, created by worker */ struct iter_forwards* fwds; diff --git a/util/net_help.c b/util/net_help.c index ce136a337cff..fdc8b0558af0 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -271,6 +271,19 @@ int netblockstrtoaddr(const char* str, int port, struct sockaddr_storage* addr, return 1; } +/** store port number into sockaddr structure */ +void +sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, int port) +{ + if(addr_is_ip6(addr, addrlen)) { + struct sockaddr_in6* sa = (struct sockaddr_in6*)addr; + sa->sin6_port = (in_port_t)htons((uint16_t)port); + } else { + struct sockaddr_in* sa = (struct sockaddr_in*)addr; + sa->sin_port = (in_port_t)htons((uint16_t)port); + } +} + void log_nametypeclass(enum verbosity_value v, const char* str, uint8_t* name, uint16_t type, uint16_t dclass) @@ -645,7 +658,7 @@ listen_sslctx_setup(void* ctxt) #endif #if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA) /* if we have sha256, set the cipher list to have no known vulns */ - if(!SSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) + if(!SSL_CTX_set_cipher_list(ctx, "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list"); #endif diff --git a/util/net_help.h b/util/net_help.h index f0236e5335df..2d6fce91db6e 100644 --- a/util/net_help.h +++ b/util/net_help.h @@ -202,6 +202,15 @@ int netblockstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, socklen_t* addrlen, int* net); /** + * Store port number into sockaddr structure + * @param addr: sockaddr structure, ip4 or ip6. + * @param addrlen: length of addr. + * @param port: port number to put into the addr. + */ +void sockaddr_store_port(struct sockaddr_storage* addr, socklen_t addrlen, + int port); + +/** * Print string with neat domain name, type and class. * @param v: at what verbosity level to print this. * @param str: string of message. diff --git a/util/netevent.c b/util/netevent.c index 5965a2d9aba6..fc6f6a9ea8b5 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -299,6 +299,12 @@ udp_send_errno_needs_log(struct sockaddr* addr, socklen_t addrlen) # endif ) && verbosity < VERB_DETAIL) return 0; +# ifdef EADDRINUSE + /* If SO_REUSEADDR is set, we could try to connect to the same server + * from the same source port twice. */ + if(errno == EADDRINUSE && verbosity < VERB_DETAIL) + return 0; +# endif /* squelch errors where people deploy AAAA ::ffff:bla for * authority servers, which we try for intranets. */ if(errno == EINVAL && addr_is_ip4mapped( @@ -648,7 +654,7 @@ comm_point_udp_ancil_callback(int fd, short event, void* arg) (void)comm_point_send_udp_msg_if(rep.c, rep.c->buffer, (struct sockaddr*)&rep.addr, rep.addrlen, &rep); } - if(rep.c->fd == -1) /* commpoint closed */ + if(!rep.c || rep.c->fd == -1) /* commpoint closed */ break; } #else @@ -711,7 +717,7 @@ comm_point_udp_callback(int fd, short event, void* arg) (void)comm_point_send_udp_msg(rep.c, buffer, (struct sockaddr*)&rep.addr, rep.addrlen); } - if(rep.c->fd != fd) /* commpoint closed to -1 or reused for + if(!rep.c || rep.c->fd != fd) /* commpoint closed to -1 or reused for another UDP port. Note rep.c cannot be reused with TCP fd. */ break; } @@ -964,6 +970,32 @@ tcp_callback_reader(struct comm_point* c) } } +#ifdef HAVE_SSL +/** log certificate details */ +static void +log_cert(unsigned level, const char* str, X509* cert) +{ + BIO* bio; + char nul = 0; + char* pp = NULL; + long len; + if(verbosity < level) return; + bio = BIO_new(BIO_s_mem()); + if(!bio) return; + X509_print_ex(bio, cert, 0, (unsigned long)-1 + ^(X509_FLAG_NO_SUBJECT + |X509_FLAG_NO_ISSUER|X509_FLAG_NO_VALIDITY + |X509_FLAG_NO_EXTENSIONS|X509_FLAG_NO_AUX + |X509_FLAG_NO_ATTRIBUTES)); + BIO_write(bio, &nul, (int)sizeof(nul)); + len = BIO_get_mem_data(bio, &pp); + if(len != 0 && pp) { + verbose(level, "%s: \n%s", str, pp); + } + BIO_free(bio); +} +#endif /* HAVE_SSL */ + /** continue ssl handshake */ #ifdef HAVE_SSL static int @@ -1015,8 +1047,51 @@ ssl_handshake(struct comm_point* c) } } /* this is where peer verification could take place */ - log_addr(VERB_ALGO, "SSL DNS connection", &c->repinfo.addr, - c->repinfo.addrlen); + if((SSL_get_verify_mode(c->ssl)&SSL_VERIFY_PEER)) { + /* verification */ + if(SSL_get_verify_result(c->ssl) == X509_V_OK) { + X509* x = SSL_get_peer_certificate(c->ssl); + if(!x) { + log_addr(VERB_ALGO, "SSL connection failed: " + "no certificate", + &c->repinfo.addr, c->repinfo.addrlen); + return 0; + } + log_cert(VERB_ALGO, "peer certificate", x); +#ifdef HAVE_SSL_GET0_PEERNAME + if(SSL_get0_peername(c->ssl)) { + char buf[255]; + snprintf(buf, sizeof(buf), "SSL connection " + "to %s authenticated", + SSL_get0_peername(c->ssl)); + log_addr(VERB_ALGO, buf, &c->repinfo.addr, + c->repinfo.addrlen); + } else { +#endif + log_addr(VERB_ALGO, "SSL connection " + "authenticated", &c->repinfo.addr, + c->repinfo.addrlen); +#ifdef HAVE_SSL_GET0_PEERNAME + } +#endif + X509_free(x); + } else { + X509* x = SSL_get_peer_certificate(c->ssl); + if(x) { + log_cert(VERB_ALGO, "peer certificate", x); + X509_free(x); + } + log_addr(VERB_ALGO, "SSL connection failed: " + "failed to authenticate", + &c->repinfo.addr, c->repinfo.addrlen); + return 0; + } + } else { + /* unauthenticated, the verify peer flag was not set + * in c->ssl when the ssl object was created from ssl_ctx */ + log_addr(VERB_ALGO, "SSL connection", &c->repinfo.addr, + c->repinfo.addrlen); + } /* setup listen rw correctly */ if(c->tcp_is_reading) { @@ -1600,6 +1675,644 @@ comm_point_tcp_handle_callback(int fd, short event, void* arg) log_err("Ignored event %d for tcphdl.", event); } +/** Make http handler free for next assignment */ +static void +reclaim_http_handler(struct comm_point* c) +{ + log_assert(c->type == comm_http); + if(c->ssl) { +#ifdef HAVE_SSL + SSL_shutdown(c->ssl); + SSL_free(c->ssl); + c->ssl = NULL; +#endif + } + comm_point_close(c); + if(c->tcp_parent) { + c->tcp_parent->cur_tcp_count--; + c->tcp_free = c->tcp_parent->tcp_free; + c->tcp_parent->tcp_free = c; + if(!c->tcp_free) { + /* re-enable listening on accept socket */ + comm_point_start_listening(c->tcp_parent, -1, -1); + } + } +} + +/** read more data for http (with ssl) */ +static int +ssl_http_read_more(struct comm_point* c) +{ +#ifdef HAVE_SSL + int r; + log_assert(sldns_buffer_remaining(c->buffer) > 0); + ERR_clear_error(); + r = SSL_read(c->ssl, (void*)sldns_buffer_current(c->buffer), + (int)sldns_buffer_remaining(c->buffer)); + if(r <= 0) { + int want = SSL_get_error(c->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return 0; /* shutdown, closed */ + } else if(want == SSL_ERROR_WANT_READ) { + return 1; /* read more later */ + } else if(want == SSL_ERROR_WANT_WRITE) { + c->ssl_shake_state = comm_ssl_shake_hs_write; + comm_point_listen_for_rw(c, 0, 1); + return 1; + } else if(want == SSL_ERROR_SYSCALL) { + if(errno != 0) + log_err("SSL_read syscall: %s", + strerror(errno)); + return 0; + } + log_crypto_err("could not SSL_read"); + return 0; + } + sldns_buffer_skip(c->buffer, (ssize_t)r); + return 1; +#else + (void)c; + return 0; +#endif /* HAVE_SSL */ +} + +/** read more data for http */ +static int +http_read_more(int fd, struct comm_point* c) +{ + ssize_t r; + log_assert(sldns_buffer_remaining(c->buffer) > 0); + r = recv(fd, (void*)sldns_buffer_current(c->buffer), + sldns_buffer_remaining(c->buffer), 0); + if(r == 0) { + return 0; + } else if(r == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return 1; + log_err_addr("read (in http r)", strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); +#else /* USE_WINSOCK */ + if(WSAGetLastError() == WSAECONNRESET) + return 0; + if(WSAGetLastError() == WSAEINPROGRESS) + return 1; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_READ); + return 1; + } + log_err_addr("read (in http r)", + wsa_strerror(WSAGetLastError()), + &c->repinfo.addr, c->repinfo.addrlen); +#endif + return 0; + } + sldns_buffer_skip(c->buffer, r); + return 1; +} + +/** return true if http header has been read (one line complete) */ +static int +http_header_done(sldns_buffer* buf) +{ + size_t i; + for(i=sldns_buffer_position(buf); i<sldns_buffer_limit(buf); i++) { + /* there was a \r before the \n, but we ignore that */ + if((char)sldns_buffer_read_u8_at(buf, i) == '\n') + return 1; + } + return 0; +} + +/** return character string into buffer for header line, moves buffer + * past that line and puts zero terminator into linefeed-newline */ +static char* +http_header_line(sldns_buffer* buf) +{ + char* result = (char*)sldns_buffer_current(buf); + size_t i; + for(i=sldns_buffer_position(buf); i<sldns_buffer_limit(buf); i++) { + /* terminate the string on the \r */ + if((char)sldns_buffer_read_u8_at(buf, i) == '\r') + sldns_buffer_write_u8_at(buf, i, 0); + /* terminate on the \n and skip past the it and done */ + if((char)sldns_buffer_read_u8_at(buf, i) == '\n') { + sldns_buffer_write_u8_at(buf, i, 0); + sldns_buffer_set_position(buf, i+1); + return result; + } + } + return NULL; +} + +/** move unread buffer to start and clear rest for putting the rest into it */ +static void +http_moveover_buffer(sldns_buffer* buf) +{ + size_t pos = sldns_buffer_position(buf); + size_t len = sldns_buffer_remaining(buf); + sldns_buffer_clear(buf); + memmove(sldns_buffer_begin(buf), sldns_buffer_at(buf, pos), len); + sldns_buffer_set_position(buf, len); +} + +/** a http header is complete, process it */ +static int +http_process_initial_header(struct comm_point* c) +{ + char* line = http_header_line(c->buffer); + if(!line) return 1; + verbose(VERB_ALGO, "http header: %s", line); + if(strncasecmp(line, "HTTP/1.1 ", 9) == 0) { + /* check returncode */ + if(line[9] != '2') { + verbose(VERB_ALGO, "http bad status %s", line+9); + return 0; + } + } else if(strncasecmp(line, "Content-Length: ", 16) == 0) { + if(!c->http_is_chunked) + c->tcp_byte_count = (size_t)atoi(line+16); + } else if(strncasecmp(line, "Transfer-Encoding: chunked", 19+7) == 0) { + c->tcp_byte_count = 0; + c->http_is_chunked = 1; + } else if(line[0] == 0) { + /* end of initial headers */ + c->http_in_headers = 0; + if(c->http_is_chunked) + c->http_in_chunk_headers = 1; + /* remove header text from front of buffer + * the buffer is going to be used to return the data segment + * itself and we don't want the header to get returned + * prepended with it */ + http_moveover_buffer(c->buffer); + sldns_buffer_flip(c->buffer); + return 1; + } + /* ignore other headers */ + return 1; +} + +/** a chunk header is complete, process it, return 0=fail, 1=continue next + * header line, 2=done with chunked transfer*/ +static int +http_process_chunk_header(struct comm_point* c) +{ + char* line = http_header_line(c->buffer); + if(!line) return 1; + if(c->http_in_chunk_headers == 3) { + verbose(VERB_ALGO, "http chunk trailer: %s", line); + /* are we done ? */ + if(line[0] == 0 && c->tcp_byte_count == 0) { + /* callback of http reader when NETEVENT_DONE, + * end of data, with no data in buffer */ + sldns_buffer_set_position(c->buffer, 0); + sldns_buffer_set_limit(c->buffer, 0); + fptr_ok(fptr_whitelist_comm_point(c->callback)); + (void)(*c->callback)(c, c->cb_arg, NETEVENT_DONE, NULL); + /* return that we are done */ + return 2; + } + if(line[0] == 0) { + /* continue with header of the next chunk */ + c->http_in_chunk_headers = 1; + /* remove header text from front of buffer */ + http_moveover_buffer(c->buffer); + sldns_buffer_flip(c->buffer); + return 1; + } + /* ignore further trail headers */ + return 1; + } + verbose(VERB_ALGO, "http chunk header: %s", line); + if(c->http_in_chunk_headers == 1) { + /* read chunked start line */ + char* end = NULL; + c->tcp_byte_count = (size_t)strtol(line, &end, 16); + if(end == line) + return 0; + c->http_in_chunk_headers = 0; + /* remove header text from front of buffer */ + http_moveover_buffer(c->buffer); + sldns_buffer_flip(c->buffer); + if(c->tcp_byte_count == 0) { + /* done with chunks, process chunk_trailer lines */ + c->http_in_chunk_headers = 3; + } + return 1; + } + /* ignore other headers */ + return 1; +} + +/** handle nonchunked data segment */ +static int +http_nonchunk_segment(struct comm_point* c) +{ + /* c->buffer at position..limit has new data we read in. + * the buffer itself is full of nonchunked data. + * we are looking to read tcp_byte_count more data + * and then the transfer is done. */ + size_t remainbufferlen; + size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; + if(c->tcp_byte_count <= got_now) { + /* done, this is the last data fragment */ + c->http_stored = 0; + sldns_buffer_set_position(c->buffer, 0); + fptr_ok(fptr_whitelist_comm_point(c->callback)); + (void)(*c->callback)(c, c->cb_arg, NETEVENT_DONE, NULL); + return 1; + } + c->tcp_byte_count -= got_now; + /* if we have the buffer space, + * read more data collected into the buffer */ + remainbufferlen = sldns_buffer_capacity(c->buffer) - + sldns_buffer_limit(c->buffer); + if(remainbufferlen >= c->tcp_byte_count || + remainbufferlen >= 2048) { + size_t total = sldns_buffer_limit(c->buffer); + sldns_buffer_clear(c->buffer); + sldns_buffer_set_position(c->buffer, total); + c->http_stored = total; + /* return and wait to read more */ + return 1; + } + /* call callback with this data amount, then + * wait for more */ + c->http_stored = 0; + sldns_buffer_set_position(c->buffer, 0); + fptr_ok(fptr_whitelist_comm_point(c->callback)); + (void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, NULL); + /* c->callback has to buffer_clear(c->buffer). */ + /* return and wait to read more */ + return 1; +} + +/** handle nonchunked data segment, return 0=fail, 1=wait, 2=process more */ +static int +http_chunked_segment(struct comm_point* c) +{ + /* the c->buffer has from position..limit new data we read. */ + /* the current chunk has length tcp_byte_count. + * once we read that read more chunk headers. + */ + size_t remainbufferlen; + size_t got_now = sldns_buffer_limit(c->buffer) - c->http_stored; + if(c->tcp_byte_count <= got_now) { + /* the chunk has completed (with perhaps some extra data + * from next chunk header and next chunk) */ + /* save too much info into temp buffer */ + size_t fraglen; + struct comm_reply repinfo; + c->http_stored = 0; + sldns_buffer_skip(c->buffer, (ssize_t)c->tcp_byte_count); + sldns_buffer_clear(c->http_temp); + sldns_buffer_write(c->http_temp, + sldns_buffer_current(c->buffer), + sldns_buffer_remaining(c->buffer)); + sldns_buffer_flip(c->http_temp); + + /* callback with this fragment */ + fraglen = sldns_buffer_position(c->buffer); + sldns_buffer_set_position(c->buffer, 0); + sldns_buffer_set_limit(c->buffer, fraglen); + repinfo = c->repinfo; + fptr_ok(fptr_whitelist_comm_point(c->callback)); + (void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, &repinfo); + /* c->callback has to buffer_clear(). */ + + /* is commpoint deleted? */ + if(!repinfo.c) { + return 1; + } + /* copy waiting info */ + sldns_buffer_clear(c->buffer); + sldns_buffer_write(c->buffer, + sldns_buffer_begin(c->http_temp), + sldns_buffer_remaining(c->http_temp)); + sldns_buffer_flip(c->buffer); + /* process end of chunk trailer header lines, until + * an empty line */ + c->http_in_chunk_headers = 3; + /* process more data in buffer (if any) */ + return 2; + } + c->tcp_byte_count -= got_now; + + /* if we have the buffer space, + * read more data collected into the buffer */ + remainbufferlen = sldns_buffer_capacity(c->buffer) - + sldns_buffer_limit(c->buffer); + if(remainbufferlen >= c->tcp_byte_count || + remainbufferlen >= 2048) { + size_t total = sldns_buffer_limit(c->buffer); + sldns_buffer_clear(c->buffer); + sldns_buffer_set_position(c->buffer, total); + c->http_stored = total; + /* return and wait to read more */ + return 1; + } + + /* callback of http reader for a new part of the data */ + c->http_stored = 0; + sldns_buffer_set_position(c->buffer, 0); + fptr_ok(fptr_whitelist_comm_point(c->callback)); + (void)(*c->callback)(c, c->cb_arg, NETEVENT_NOERROR, NULL); + /* c->callback has to buffer_clear(c->buffer). */ + /* return and wait to read more */ + return 1; +} + +/** + * Handle http reading callback. + * @param fd: file descriptor of socket. + * @param c: comm point to read from into buffer. + * @return: 0 on error + */ +static int +comm_point_http_handle_read(int fd, struct comm_point* c) +{ + log_assert(c->type == comm_http); + log_assert(fd != -1); + + /* if we are in ssl handshake, handle SSL handshake */ +#ifdef HAVE_SSL + if(c->ssl && c->ssl_shake_state != comm_ssl_shake_none) { + if(!ssl_handshake(c)) + return 0; + if(c->ssl_shake_state != comm_ssl_shake_none) + return 1; + } +#endif /* HAVE_SSL */ + + if(!c->tcp_is_reading) + return 1; + /* read more data */ + if(c->ssl) { + if(!ssl_http_read_more(c)) + return 0; + } else { + if(!http_read_more(fd, c)) + return 0; + } + + sldns_buffer_flip(c->buffer); + while(sldns_buffer_remaining(c->buffer) > 0) { + /* if we are reading headers, read more headers */ + if(c->http_in_headers || c->http_in_chunk_headers) { + /* if header is done, process the header */ + if(!http_header_done(c->buffer)) { + /* copy remaining data to front of buffer + * and set rest for writing into it */ + http_moveover_buffer(c->buffer); + /* return and wait to read more */ + return 1; + } + if(!c->http_in_chunk_headers) { + /* process initial headers */ + if(!http_process_initial_header(c)) + return 0; + } else { + /* process chunk headers */ + int r = http_process_chunk_header(c); + if(r == 0) return 0; + if(r == 2) return 1; /* done */ + /* r == 1, continue */ + } + /* see if we have more to process */ + continue; + } + + if(!c->http_is_chunked) { + /* if we are reading nonchunks, process that*/ + return http_nonchunk_segment(c); + } else { + /* if we are reading chunks, read the chunk */ + int r = http_chunked_segment(c); + if(r == 0) return 0; + if(r == 1) return 1; + continue; + } + } + /* broke out of the loop; could not process header instead need + * to read more */ + /* moveover any remaining data and read more data */ + http_moveover_buffer(c->buffer); + /* return and wait to read more */ + return 1; +} + +/** check pending connect for http */ +static int +http_check_connect(int fd, struct comm_point* c) +{ + /* check for pending error from nonblocking connect */ + /* from Stevens, unix network programming, vol1, 3rd ed, p450*/ + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + if(getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0){ +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else /* USE_WINSOCK */ + error = WSAGetLastError(); +#endif + } +#ifndef USE_WINSOCK +#if defined(EINPROGRESS) && defined(EWOULDBLOCK) + if(error == EINPROGRESS || error == EWOULDBLOCK) + return 1; /* try again later */ + else +#endif + if(error != 0 && verbosity < 2) + return 0; /* silence lots of chatter in the logs */ + else if(error != 0) { + log_err_addr("http connect", strerror(error), + &c->repinfo.addr, c->repinfo.addrlen); +#else /* USE_WINSOCK */ + /* examine error */ + if(error == WSAEINPROGRESS) + return 1; + else if(error == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); + return 1; + } else if(error != 0 && verbosity < 2) + return 0; + else if(error != 0) { + log_err_addr("http connect", wsa_strerror(error), + &c->repinfo.addr, c->repinfo.addrlen); +#endif /* USE_WINSOCK */ + return 0; + } + /* keep on processing this socket */ + return 2; +} + +/** write more data for http (with ssl) */ +static int +ssl_http_write_more(struct comm_point* c) +{ +#ifdef HAVE_SSL + int r; + log_assert(sldns_buffer_remaining(c->buffer) > 0); + ERR_clear_error(); + r = SSL_write(c->ssl, (void*)sldns_buffer_current(c->buffer), + (int)sldns_buffer_remaining(c->buffer)); + if(r <= 0) { + int want = SSL_get_error(c->ssl, r); + if(want == SSL_ERROR_ZERO_RETURN) { + return 0; /* closed */ + } else if(want == SSL_ERROR_WANT_READ) { + c->ssl_shake_state = comm_ssl_shake_read; + comm_point_listen_for_rw(c, 1, 0); + return 1; /* wait for read condition */ + } else if(want == SSL_ERROR_WANT_WRITE) { + return 1; /* write more later */ + } else if(want == SSL_ERROR_SYSCALL) { + if(errno != 0) + log_err("SSL_write syscall: %s", + strerror(errno)); + return 0; + } + log_crypto_err("could not SSL_write"); + return 0; + } + sldns_buffer_skip(c->buffer, (ssize_t)r); + return 1; +#else + (void)c; + return 0; +#endif /* HAVE_SSL */ +} + +/** write more data for http */ +static int +http_write_more(int fd, struct comm_point* c) +{ + ssize_t r; + log_assert(sldns_buffer_remaining(c->buffer) > 0); + r = send(fd, (void*)sldns_buffer_current(c->buffer), + sldns_buffer_remaining(c->buffer), 0); + if(r == -1) { +#ifndef USE_WINSOCK + if(errno == EINTR || errno == EAGAIN) + return 1; + log_err_addr("http send r", strerror(errno), + &c->repinfo.addr, c->repinfo.addrlen); +#else + if(WSAGetLastError() == WSAEINPROGRESS) + return 1; + if(WSAGetLastError() == WSAEWOULDBLOCK) { + ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE); + return 1; + } + log_err_addr("http send r", wsa_strerror(WSAGetLastError()), + &c->repinfo.addr, c->repinfo.addrlen); +#endif + return 0; + } + sldns_buffer_skip(c->buffer, r); + return 1; +} + +/** + * Handle http writing callback. + * @param fd: file descriptor of socket. + * @param c: comm point to write buffer out of. + * @return: 0 on error + */ +static int +comm_point_http_handle_write(int fd, struct comm_point* c) +{ + log_assert(c->type == comm_http); + log_assert(fd != -1); + + /* check pending connect errors, if that fails, we wait for more, + * or we can continue to write contents */ + if(c->tcp_check_nb_connect) { + int r = http_check_connect(fd, c); + if(r == 0) return 0; + if(r == 1) return 1; + c->tcp_check_nb_connect = 0; + } + /* if we are in ssl handshake, handle SSL handshake */ +#ifdef HAVE_SSL + if(c->ssl && c->ssl_shake_state != comm_ssl_shake_none) { + if(!ssl_handshake(c)) + return 0; + if(c->ssl_shake_state != comm_ssl_shake_none) + return 1; + } +#endif /* HAVE_SSL */ + if(c->tcp_is_reading) + return 1; + /* if we are writing, write more */ + if(c->ssl) { + if(!ssl_http_write_more(c)) + return 0; + } else { + if(!http_write_more(fd, c)) + return 0; + } + + /* we write a single buffer contents, that can contain + * the http request, and then flip to read the results */ + /* see if write is done */ + if(sldns_buffer_remaining(c->buffer) == 0) { + sldns_buffer_clear(c->buffer); + if(c->tcp_do_toggle_rw) + c->tcp_is_reading = 1; + c->tcp_byte_count = 0; + /* switch from listening(write) to listening(read) */ + comm_point_stop_listening(c); + comm_point_start_listening(c, -1, -1); + } + return 1; +} + +void +comm_point_http_handle_callback(int fd, short event, void* arg) +{ + struct comm_point* c = (struct comm_point*)arg; + log_assert(c->type == comm_http); + ub_comm_base_now(c->ev->base); + + if(event&UB_EV_READ) { + if(!comm_point_http_handle_read(fd, c)) { + reclaim_http_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point( + c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_CLOSED, NULL); + } + } + return; + } + if(event&UB_EV_WRITE) { + if(!comm_point_http_handle_write(fd, c)) { + reclaim_http_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point( + c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_CLOSED, NULL); + } + } + return; + } + if(event&UB_EV_TIMEOUT) { + verbose(VERB_QUERY, "http took too long, dropped"); + reclaim_http_handler(c); + if(!c->tcp_do_close) { + fptr_ok(fptr_whitelist_comm_point(c->callback)); + (void)(*c->callback)(c, c->cb_arg, + NETEVENT_TIMEOUT, NULL); + } + return; + } + log_err("Ignored event %d for httphdl.", event); +} + void comm_point_local_handle_callback(int fd, short event, void* arg) { struct comm_point* c = (struct comm_point*)arg; @@ -1958,6 +2671,75 @@ comm_point_create_tcp_out(struct comm_base *base, size_t bufsize, } struct comm_point* +comm_point_create_http_out(struct comm_base *base, size_t bufsize, + comm_point_callback_type* callback, void* callback_arg, + sldns_buffer* temp) +{ + struct comm_point* c = (struct comm_point*)calloc(1, + sizeof(struct comm_point)); + short evbits; + if(!c) + return NULL; + c->ev = (struct internal_event*)calloc(1, + sizeof(struct internal_event)); + if(!c->ev) { + free(c); + return NULL; + } + c->ev->base = base; + c->fd = -1; + c->buffer = sldns_buffer_new(bufsize); + if(!c->buffer) { + free(c->ev); + free(c); + return NULL; + } + c->timeout = NULL; + c->tcp_is_reading = 0; + c->tcp_byte_count = 0; + c->tcp_parent = NULL; + c->max_tcp_count = 0; + c->cur_tcp_count = 0; + c->tcp_handlers = NULL; + c->tcp_free = NULL; + c->type = comm_http; + c->tcp_do_close = 0; + c->do_not_close = 0; + c->tcp_do_toggle_rw = 1; + c->tcp_check_nb_connect = 1; + c->http_in_headers = 1; + c->http_in_chunk_headers = 0; + c->http_is_chunked = 0; + c->http_temp = temp; +#ifdef USE_MSG_FASTOPEN + c->tcp_do_fastopen = 1; +#endif +#ifdef USE_DNSCRYPT + c->dnscrypt = 0; + c->dnscrypt_buffer = c->buffer; +#endif + c->repinfo.c = c; + c->callback = callback; + c->cb_arg = callback_arg; + evbits = UB_EV_PERSIST | UB_EV_WRITE; + c->ev->ev = ub_event_new(base->eb->base, c->fd, evbits, + comm_point_http_handle_callback, c); + if(c->ev->ev == NULL) + { + log_err("could not baseset tcpout event"); +#ifdef HAVE_SSL + SSL_free(c->ssl); +#endif + sldns_buffer_free(c->buffer); + free(c->ev); + free(c); + return NULL; + } + + return c; +} + +struct comm_point* comm_point_create_local(struct comm_base *base, int fd, size_t bufsize, comm_point_callback_type* callback, void* callback_arg) { @@ -2110,7 +2892,7 @@ comm_point_delete(struct comm_point* c) { if(!c) return; - if(c->type == comm_tcp && c->ssl) { + if((c->type == comm_tcp || c->type == comm_http) && c->ssl) { #ifdef HAVE_SSL SSL_shutdown(c->ssl); SSL_free(c->ssl); @@ -2124,7 +2906,7 @@ comm_point_delete(struct comm_point* c) free(c->tcp_handlers); } free(c->timeout); - if(c->type == comm_tcp || c->type == comm_local) { + if(c->type == comm_tcp || c->type == comm_local || c->type == comm_http) { sldns_buffer_free(c->buffer); #ifdef USE_DNSCRYPT if(c->dnscrypt && c->dnscrypt_buffer != c->buffer) { @@ -2221,7 +3003,7 @@ comm_point_start_listening(struct comm_point* c, int newfd, int msec) c->timeout->tv_usec = (msec%1000)*1000; #endif /* S_SPLINT_S */ } - if(c->type == comm_tcp) { + if(c->type == comm_tcp || c->type == comm_http) { ub_event_del_bits(c->ev->ev, UB_EV_READ|UB_EV_WRITE); if(c->tcp_is_reading) ub_event_add_bits(c->ev->ev, UB_EV_READ); diff --git a/util/netevent.h b/util/netevent.h index 54740266d0a4..6819f57f8d9e 100644 --- a/util/netevent.h +++ b/util/netevent.h @@ -84,6 +84,8 @@ typedef int comm_point_callback_type(struct comm_point*, void*, int, #define NETEVENT_TIMEOUT -2 /** to pass fallback from capsforID to callback function; 0x20 failed */ #define NETEVENT_CAPSFAIL -3 +/** to pass done transfer to callback function; http file is complete */ +#define NETEVENT_DONE -4 /** timeout to slow accept calls when not possible, in msec. */ #define NETEVENT_SLOW_ACCEPT_TIME 2000 @@ -201,6 +203,19 @@ struct comm_point { comm_ssl_shake_hs_write } ssl_shake_state; + /* -------- HTTP ------- */ + /** Currently reading in http headers */ + int http_in_headers; + /** Currently reading in chunk headers, 0=not, 1=firstline, 2=unused + * (more lines), 3=trailer headers after chunk */ + int http_in_chunk_headers; + /** chunked transfer */ + int http_is_chunked; + /** http temp buffer (shared buffer for temporary work) */ + struct sldns_buffer* http_temp; + /** http stored content in buffer */ + size_t http_stored; + /* -------- dnstap ------- */ /** the dnstap environment */ struct dt_env* dtenv; @@ -213,6 +228,8 @@ struct comm_point { comm_tcp_accept, /** TCP handler socket - handle byteperbyte readwrite. */ comm_tcp, + /** HTTP handler socket */ + comm_http, /** AF_UNIX socket - for internal commands. */ comm_local, /** raw - not DNS format - for pipe readers and writers */ @@ -450,6 +467,20 @@ struct comm_point* comm_point_create_tcp_out(struct comm_base* base, size_t bufsize, comm_point_callback_type* callback, void* callback_arg); /** + * Create an outgoing HTTP commpoint. No file descriptor is opened, left at -1. + * @param base: in which base to alloc the commpoint. + * @param bufsize: size of buffer to create for handlers. + * @param callback: callback function pointer for the handler. + * @param callback_arg: will be passed to your callback function. + * @param temp: sldns buffer, shared between other http_out commpoints, for + * temporary data when performing callbacks. + * @return: the commpoint or NULL on error. + */ +struct comm_point* comm_point_create_http_out(struct comm_base* base, + size_t bufsize, comm_point_callback_type* callback, + void* callback_arg, struct sldns_buffer* temp); + +/** * Create commpoint to listen to a local domain file descriptor. * @param base: in which base to alloc the commpoint. * @param fd: file descriptor of open AF_UNIX socket set to listen nonblocking. @@ -667,6 +698,16 @@ void comm_point_tcp_handle_callback(int fd, short event, void* arg); /** * This routine is published for checks and tests, and is only used internally. + * handle libevent callback for tcp data comm point + * @param fd: file descriptor. + * @param event: event bits from libevent: + * EV_READ, EV_WRITE, EV_SIGNAL, EV_TIMEOUT. + * @param arg: the comm_point structure. + */ +void comm_point_http_handle_callback(int fd, short event, void* arg); + +/** + * This routine is published for checks and tests, and is only used internally. * handle libevent callback for timer comm. * @param fd: file descriptor (always -1). * @param event: event bits from libevent: diff --git a/util/ub_event.c b/util/ub_event.c index 3b92be1a3025..fba2f2488296 100644 --- a/util/ub_event.c +++ b/util/ub_event.c @@ -427,7 +427,7 @@ ub_winsock_tcp_wouldblock(struct ub_event* ev, int eventbits) void ub_comm_base_now(struct comm_base* cb) { - #ifdef USE_MINI_EVENT +#ifdef USE_MINI_EVENT /** minievent updates the time when it blocks. */ (void)cb; /* nothing to do */ #else /* !USE_MINI_EVENT */ diff --git a/validator/val_neg.c b/validator/val_neg.c index fe57ac2c442e..541238148307 100644 --- a/validator/val_neg.c +++ b/validator/val_neg.c @@ -847,34 +847,71 @@ void neg_insert_data(struct val_neg_cache* neg, wipeout(neg, zone, el, nsec); } +/** see if the reply has signed NSEC records and return the signer */ +static uint8_t* reply_nsec_signer(struct reply_info* rep, size_t* signer_len, + uint16_t* dclass) +{ + size_t i; + struct packed_rrset_data* d; + uint8_t* s; + for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ + if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC || + ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC3) { + d = (struct packed_rrset_data*)rep->rrsets[i]-> + entry.data; + /* return first signer name of first NSEC */ + if(d->rrsig_count != 0) { + val_find_rrset_signer(rep->rrsets[i], + &s, signer_len); + if(s && *signer_len) { + *dclass = ntohs(rep->rrsets[i]-> + rk.rrset_class); + return s; + } + } + } + } + return 0; +} + void val_neg_addreply(struct val_neg_cache* neg, struct reply_info* rep) { size_t i, need; struct ub_packed_rrset_key* soa; + uint8_t* dname = NULL; + size_t dname_len; + uint16_t rrset_class; struct val_neg_zone* zone; /* see if secure nsecs inside */ if(!reply_has_nsec(rep)) return; /* find the zone name in message */ - soa = reply_find_soa(rep); - if(!soa) - return; + if((soa = reply_find_soa(rep))) { + dname = soa->rk.dname; + dname_len = soa->rk.dname_len; + rrset_class = ntohs(soa->rk.rrset_class); + } + else { + /* No SOA in positive (wildcard) answer. Use signer from the + * validated answer RRsets' signature. */ + if(!(dname = reply_nsec_signer(rep, &dname_len, &rrset_class))) + return; + } log_nametypeclass(VERB_ALGO, "negcache insert for zone", - soa->rk.dname, LDNS_RR_TYPE_SOA, ntohs(soa->rk.rrset_class)); + dname, LDNS_RR_TYPE_SOA, rrset_class); /* ask for enough space to store all of it */ need = calc_data_need(rep) + - calc_zone_need(soa->rk.dname, soa->rk.dname_len); + calc_zone_need(dname, dname_len); lock_basic_lock(&neg->lock); neg_make_space(neg, need); /* find or create the zone entry */ - zone = neg_find_zone(neg, soa->rk.dname, soa->rk.dname_len, - ntohs(soa->rk.rrset_class)); + zone = neg_find_zone(neg, dname, dname_len, rrset_class); if(!zone) { - if(!(zone = neg_create_zone(neg, soa->rk.dname, - soa->rk.dname_len, ntohs(soa->rk.rrset_class)))) { + if(!(zone = neg_create_zone(neg, dname, dname_len, + rrset_class))) { lock_basic_unlock(&neg->lock); log_err("out of memory adding negative zone"); return; @@ -1029,33 +1066,6 @@ int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, return 1; } -/** see if the reply has signed NSEC records and return the signer */ -static uint8_t* reply_nsec_signer(struct reply_info* rep, size_t* signer_len, - uint16_t* dclass) -{ - size_t i; - struct packed_rrset_data* d; - uint8_t* s; - for(i=rep->an_numrrsets; i< rep->an_numrrsets+rep->ns_numrrsets; i++){ - if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC || - ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_NSEC3) { - d = (struct packed_rrset_data*)rep->rrsets[i]-> - entry.data; - /* return first signer name of first NSEC */ - if(d->rrsig_count != 0) { - val_find_rrset_signer(rep->rrsets[i], - &s, signer_len); - if(s && *signer_len) { - *dclass = ntohs(rep->rrsets[i]-> - rk.rrset_class); - return s; - } - } - } - } - return 0; -} - void val_neg_addreferral(struct val_neg_cache* neg, struct reply_info* rep, uint8_t* zone_name) { @@ -1183,6 +1193,73 @@ grab_nsec(struct rrset_cache* rrset_cache, uint8_t* qname, size_t qname_len, return r; } +/** + * Get best NSEC record for qname. Might be matching, covering or totally + * useless. + * @param neg_cache: neg cache + * @param qname: to lookup rrset name + * @param qname_len: length of qname. + * @param qclass: class of rrset to lookup, host order + * @param rrset_cache: rrset cache + * @param now: to check ttl against + * @param region: where to alloc result + * @return rrset or NULL + */ +static struct ub_packed_rrset_key* +neg_find_nsec(struct val_neg_cache* neg_cache, uint8_t* qname, size_t qname_len, + uint16_t qclass, struct rrset_cache* rrset_cache, time_t now, + struct regional* region) +{ + int labs; + uint32_t flags; + struct val_neg_zone* zone; + struct val_neg_data* data; + struct ub_packed_rrset_key* nsec; + + labs = dname_count_labels(qname); + lock_basic_lock(&neg_cache->lock); + zone = neg_closest_zone_parent(neg_cache, qname, qname_len, labs, + qclass); + while(zone && !zone->in_use) + zone = zone->parent; + if(!zone) { + lock_basic_unlock(&neg_cache->lock); + return NULL; + } + + /* NSEC only for now */ + if(zone->nsec3_hash) { + lock_basic_unlock(&neg_cache->lock); + return NULL; + } + + /* ignore return value, don't care if it is an exact or smaller match */ + (void)neg_closest_data(zone, qname, qname_len, labs, &data); + if(!data) { + lock_basic_unlock(&neg_cache->lock); + return NULL; + } + + /* ENT nodes are not in use, try the previous node. If the previous node + * is not in use, we don't have an useful NSEC and give up. */ + if(!data->in_use) { + data = (struct val_neg_data*)rbtree_previous((rbnode_type*)data); + if((rbnode_type*)data == RBTREE_NULL || !data->in_use) { + lock_basic_unlock(&neg_cache->lock); + return NULL; + } + } + + flags = 0; + if(query_dname_compare(data->name, zone->name) == 0) + flags = PACKED_RRSET_NSEC_AT_APEX; + + nsec = grab_nsec(rrset_cache, data->name, data->len, LDNS_RR_TYPE_NSEC, + zone->dclass, flags, region, 0, 0, now); + lock_basic_unlock(&neg_cache->lock); + return nsec; +} + /** find nsec3 closest encloser in neg cache */ static struct val_neg_data* neg_find_nsec3_ce(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, @@ -1400,41 +1477,132 @@ static int add_soa(struct rrset_cache* rrset_cache, time_t now, struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, struct regional* region, struct rrset_cache* rrset_cache, - sldns_buffer* buf, time_t now, int addsoa, uint8_t* topname) + sldns_buffer* buf, time_t now, int addsoa, uint8_t* topname, + struct config_file* cfg) { struct dns_msg* msg; - struct ub_packed_rrset_key* rrset; + struct ub_packed_rrset_key* nsec; /* qname matching/covering nsec */ + struct ub_packed_rrset_key* wcrr; /* wildcard record or nsec */ + uint8_t* nodata_wc = NULL; + uint8_t* ce = NULL; + size_t ce_len; + uint8_t wc_ce[LDNS_MAX_DOMAINLEN+3]; + struct query_info wc_qinfo; + struct ub_packed_rrset_key* cache_wc; + struct packed_rrset_data* wcrr_data; + int rcode = LDNS_RCODE_NOERROR; uint8_t* zname; size_t zname_len; int zname_labs; struct val_neg_zone* zone; - /* only for DS queries */ - if(qinfo->qtype != LDNS_RR_TYPE_DS) + /* only for DS queries when aggressive use of NSEC is disabled */ + if(qinfo->qtype != LDNS_RR_TYPE_DS && !cfg->aggressive_nsec) return NULL; log_assert(!topname || dname_subdomain_c(qinfo->qname, topname)); - /* see if info from neg cache is available - * For NSECs, because there is no optout; a DS next to a delegation - * always has exactly an NSEC for it itself; check its DS bit. - * flags=0 (not the zone apex). - */ - rrset = grab_nsec(rrset_cache, qinfo->qname, qinfo->qname_len, - LDNS_RR_TYPE_NSEC, qinfo->qclass, 0, region, 1, - qinfo->qtype, now); - if(rrset) { - /* return msg with that rrset */ + /* Get best available NSEC for qname */ + nsec = neg_find_nsec(neg, qinfo->qname, qinfo->qname_len, qinfo->qclass, + rrset_cache, now, region); + + /* Matching NSEC, use to generate No Data answer. Not creating answers + * yet for No Data proven using wildcard. */ + if(nsec && nsec_proves_nodata(nsec, qinfo, &nodata_wc) && !nodata_wc) { if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, qinfo->qtype, qinfo->qclass, region, 2))) return NULL; - /* TTL already subtracted in grab_nsec */ - if(!dns_msg_authadd(msg, region, rrset, 0)) + if(!dns_msg_authadd(msg, region, nsec, 0)) return NULL; if(addsoa && !add_soa(rrset_cache, now, region, msg, NULL)) return NULL; return msg; + } else if(nsec && val_nsec_proves_name_error(nsec, qinfo->qname)) { + if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len, + qinfo->qtype, qinfo->qclass, region, 3))) + return NULL; + if(!(ce = nsec_closest_encloser(qinfo->qname, nsec))) + return NULL; + dname_count_size_labels(ce, &ce_len); + + /* No extra extra NSEC required if both nameerror qname and + * nodata *.ce. are proven already. */ + if(!nodata_wc || query_dname_compare(nodata_wc, ce) != 0) { + /* Qname proven non existing, get wildcard record for + * QTYPE or NSEC covering or matching wildcard. */ + + /* Num labels in ce is always smaller than in qname, + * therefore adding the wildcard label cannot overflow + * buffer. */ + wc_ce[0] = 1; + wc_ce[1] = (uint8_t)'*'; + memmove(wc_ce+2, ce, ce_len); + wc_qinfo.qname = wc_ce; + wc_qinfo.qname_len = ce_len + 2; + wc_qinfo.qtype = qinfo->qtype; + + + if((cache_wc = rrset_cache_lookup(rrset_cache, wc_qinfo.qname, + wc_qinfo.qname_len, wc_qinfo.qtype, + qinfo->qclass, 0/*flags*/, now, 0/*read only*/))) { + /* Synthesize wildcard answer */ + wcrr_data = (struct packed_rrset_data*)cache_wc->entry.data; + if(!(wcrr_data->security == sec_status_secure || + (wcrr_data->security == sec_status_unchecked && + wcrr_data->rrsig_count > 0))) { + lock_rw_unlock(&cache_wc->entry.lock); + return NULL; + } + if(!(wcrr = packed_rrset_copy_region(cache_wc, + region, now))) { + lock_rw_unlock(&cache_wc->entry.lock); + return NULL; + }; + lock_rw_unlock(&cache_wc->entry.lock); + wcrr->rk.dname = qinfo->qname; + wcrr->rk.dname_len = qinfo->qname_len; + if(!dns_msg_ansadd(msg, region, wcrr, 0)) + return NULL; + /* No SOA needed for wildcard synthesised + * answer. */ + addsoa = 0; + } else { + /* Get wildcard NSEC for possible non existence + * proof */ + if(!(wcrr = neg_find_nsec(neg, wc_qinfo.qname, + wc_qinfo.qname_len, qinfo->qclass, + rrset_cache, now, region))) + return NULL; + + nodata_wc = NULL; + if(val_nsec_proves_name_error(wcrr, wc_ce)) + rcode = LDNS_RCODE_NXDOMAIN; + else if(!nsec_proves_nodata(wcrr, &wc_qinfo, + &nodata_wc) || nodata_wc) + /* &nodata_wc shoudn't be set, wc_qinfo + * already contains wildcard domain. */ + /* NSEC doesn't prove anything for + * wildcard. */ + return NULL; + if(query_dname_compare(wcrr->rk.dname, + nsec->rk.dname) != 0) + if(!dns_msg_authadd(msg, region, wcrr, 0)) + return NULL; + } + } + + if(!dns_msg_authadd(msg, region, nsec, 0)) + return NULL; + if(addsoa && !add_soa(rrset_cache, now, region, msg, NULL)) + return NULL; + + FLAGS_SET_RCODE(msg->rep->flags, rcode); + return msg; } + /* No aggressive use of NSEC3 for now, only proceed for DS types. */ + if(qinfo->qtype != LDNS_RR_TYPE_DS){ + return NULL; + } /* check NSEC3 neg cache for type DS */ /* need to look one zone higher for DS type */ zname = qinfo->qname; diff --git a/validator/val_neg.h b/validator/val_neg.h index 6ae71306c378..00dad6df1f5c 100644 --- a/validator/val_neg.h +++ b/validator/val_neg.h @@ -250,6 +250,7 @@ int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, * more conservative, especially for opt-out zones, since the receiver * may have a trust-anchor below the optout and thus the optout cannot * be used to create a proof from the negative cache. + * @param cfg: config options. * @return a reply message if something was found. * This reply may still need validation. * NULL if nothing found (or out of memory). @@ -257,7 +258,7 @@ int val_neg_dlvlookup(struct val_neg_cache* neg, uint8_t* qname, size_t len, struct dns_msg* val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo, struct regional* region, struct rrset_cache* rrset_cache, struct sldns_buffer* buf, time_t now, - int addsoa, uint8_t* topname); + int addsoa, uint8_t* topname, struct config_file* cfg); /**** functions exposed for unit test ****/ diff --git a/validator/val_nsec.c b/validator/val_nsec.c index 4604f3d6d423..a795e77339d3 100644 --- a/validator/val_nsec.c +++ b/validator/val_nsec.c @@ -513,7 +513,6 @@ val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, /* Determine if a NSEC record proves the non-existence of a * wildcard that could have produced qname. */ int labs; - int i; uint8_t* ce = nsec_closest_encloser(qname, nsec); uint8_t* strip; size_t striplen; @@ -526,13 +525,13 @@ val_nsec_proves_no_wc(struct ub_packed_rrset_key* nsec, uint8_t* qname, * and next names. */ labs = dname_count_labels(qname) - dname_count_labels(ce); - for(i=labs; i>0; i--) { + if(labs > 0) { /* i is number of labels to strip off qname, prepend * wild */ strip = qname; striplen = qnamelen; - dname_remove_labels(&strip, &striplen, i); + dname_remove_labels(&strip, &striplen, labs); if(striplen > LDNS_MAX_DOMAINLEN-2) - continue; /* too long to prepend wildcard */ + return 0; /* too long to prepend wildcard */ buf[0] = 1; buf[1] = (uint8_t)'*'; memmove(buf+2, strip, striplen); diff --git a/validator/val_sigcrypt.c b/validator/val_sigcrypt.c index 9987b9b3f627..cfa3eadcf6a0 100644 --- a/validator/val_sigcrypt.c +++ b/validator/val_sigcrypt.c @@ -1225,13 +1225,51 @@ sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now) (unsigned)incep, (unsigned)now); } +/** RFC 1918 comparison, uses unsigned integers, and tries to avoid + * compiler optimization (eg. by avoiding a-b<0 comparisons), + * this routine matches compare_serial(), for SOA serial number checks */ +static int +compare_1918(uint32_t a, uint32_t b) +{ + /* for 32 bit values */ + const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); + + if (a == b) { + return 0; + } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) { + return -1; + } else { + return 1; + } +} + +/** if we know that b is larger than a, return the difference between them, + * that is the distance between them. in RFC1918 arith */ +static uint32_t +subtract_1918(uint32_t a, uint32_t b) +{ + /* for 32 bit values */ + const uint32_t cutoff = ((uint32_t) 1 << (32 - 1)); + + if(a == b) + return 0; + if(a < b && b - a < cutoff) { + return b-a; + } + if(a > b && a - b > cutoff) { + return ((uint32_t)0xffffffff) - (a-b-1); + } + /* wrong case, b smaller than a */ + return 0; +} + /** check rrsig dates */ static int check_dates(struct val_env* ve, uint32_t unow, uint8_t* expi_p, uint8_t* incep_p, char** reason) { /* read out the dates */ - int32_t expi, incep, now; + uint32_t expi, incep, now; memmove(&expi, expi_p, sizeof(expi)); memmove(&incep, incep_p, sizeof(incep)); expi = ntohl(expi); @@ -1245,21 +1283,21 @@ check_dates(struct val_env* ve, uint32_t unow, } now = ve->date_override; verbose(VERB_ALGO, "date override option %d", (int)now); - } else now = (int32_t)unow; + } else now = unow; /* check them */ - if(incep - expi > 0) { + if(compare_1918(incep, expi) > 0) { sigdate_error("verify: inception after expiration, " "signature bad", expi, incep, now); *reason = "signature inception after expiration"; return 0; } - if(incep - now > 0) { + if(compare_1918(incep, now) > 0) { /* within skew ? (calc here to avoid calculation normally) */ - int32_t skew = (expi-incep)/10; - if(skew < ve->skew_min) skew = ve->skew_min; - if(skew > ve->skew_max) skew = ve->skew_max; - if(incep - now > skew) { + uint32_t skew = subtract_1918(incep, expi)/10; + if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min; + if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max; + if(subtract_1918(now, incep) > skew) { sigdate_error("verify: signature bad, current time is" " before inception date", expi, incep, now); *reason = "signature before inception date"; @@ -1268,11 +1306,11 @@ check_dates(struct val_env* ve, uint32_t unow, sigdate_error("verify warning suspicious signature inception " " or bad local clock", expi, incep, now); } - if(now - expi > 0) { - int32_t skew = (expi-incep)/10; - if(skew < ve->skew_min) skew = ve->skew_min; - if(skew > ve->skew_max) skew = ve->skew_max; - if(now - expi > skew) { + if(compare_1918(now, expi) > 0) { + uint32_t skew = subtract_1918(incep, expi)/10; + if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min; + if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max; + if(subtract_1918(expi, now) > skew) { sigdate_error("verify: signature expired", expi, incep, now); *reason = "signature expired"; diff --git a/validator/val_utils.c b/validator/val_utils.c index 0eabb7f33ba4..2f36fccfd4fe 100644 --- a/validator/val_utils.c +++ b/validator/val_utils.c @@ -767,7 +767,8 @@ rrsig_get_labcount(struct packed_rrset_data* d, size_t sig) } int -val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc) +val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc, + size_t* wc_len) { struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> entry.data; @@ -800,6 +801,7 @@ val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc) if(labdiff > 0) { *wc = wn; dname_remove_labels(wc, &wl, labdiff); + *wc_len = wl; return 1; } return 1; @@ -1161,6 +1163,6 @@ val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t c, qinfo.local_alias = NULL; /* do not add SOA to reply message, it is going to be used internal */ msg = val_neg_getmsg(env->neg_cache, &qinfo, region, env->rrset_cache, - env->scratch_buffer, *env->now, 0, topname); + env->scratch_buffer, *env->now, 0, topname, env->cfg); return msg; } diff --git a/validator/val_utils.h b/validator/val_utils.h index b582472f8faf..6e9867f6e3c7 100644 --- a/validator/val_utils.h +++ b/validator/val_utils.h @@ -271,6 +271,7 @@ int val_dsset_isusable(struct ub_packed_rrset_key* ds_rrset); * @param wc: the wildcard name, if the rrset was synthesized from a wildcard. * unchanged if not. The wildcard name, without "*." in front, is * returned. This is a pointer into the rrset owner name. + * @param wc_len: the length of the returned wildcard name. * @return false if the signatures are inconsistent in indicating the * wildcard status; possible spoofing of wildcard response for other * responses is being tried. We lost the status which rrsig was verified @@ -279,7 +280,8 @@ int val_dsset_isusable(struct ub_packed_rrset_key* ds_rrset); * of service; but in that you could also have removed the real * signature anyway. */ -int val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc); +int val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc, + size_t* wc_len); /** * Chase the cname to the next query name. diff --git a/validator/validator.c b/validator/validator.c index 456bffd005f3..5ed45e9bdefd 100644 --- a/validator/validator.c +++ b/validator/validator.c @@ -51,6 +51,7 @@ #include "validator/val_sigcrypt.h" #include "validator/autotrust.h" #include "services/cache/dns.h" +#include "services/cache/rrset.h" #include "util/data/dname.h" #include "util/module.h" #include "util/log.h" @@ -461,7 +462,7 @@ generate_keytag_query(struct module_qstate* qstate, int id, return 0; } - log_nametypeclass(VERB_ALGO, "keytag query", keytagdname, + log_nametypeclass(VERB_OPS, "generate keytag query", keytagdname, LDNS_RR_TYPE_NULL, ta->dclass); if(!generate_request(qstate, id, keytagdname, dnamebuf_len, LDNS_RR_TYPE_NULL, ta->dclass, 0, &newq, 1)) { @@ -745,6 +746,8 @@ validate_positive_response(struct module_env* env, struct val_env* ve, struct key_entry_key* kkey) { uint8_t* wc = NULL; + size_t wl; + int wc_cached = 0; int wc_NSEC_ok = 0; int nsec3s_seen = 0; size_t i; @@ -757,13 +760,19 @@ validate_positive_response(struct module_env* env, struct val_env* ve, /* Check to see if the rrset is the result of a wildcard * expansion. If so, an additional check will need to be * made in the authority section. */ - if(!val_rrset_wildcard(s, &wc)) { + if(!val_rrset_wildcard(s, &wc, &wl)) { log_nametypeclass(VERB_QUERY, "Positive response has " "inconsistent wildcard sigs:", s->rk.dname, ntohs(s->rk.type), ntohs(s->rk.rrset_class)); chase_reply->security = sec_status_bogus; return; } + if(wc && !wc_cached && env->cfg->aggressive_nsec) { + rrset_cache_update_wildcard(env->rrset_cache, s, wc, wl, + env->alloc, *env->now); + wc_cached = 1; + } + } /* validate the AUTHORITY section as well - this will generally be @@ -944,6 +953,9 @@ validate_nameerror_response(struct module_env* env, struct val_env* ve, int nsec3s_seen = 0; struct ub_packed_rrset_key* s; size_t i; + uint8_t* ce; + int ce_labs = 0; + int prev_ce_labs = 0; for(i=chase_reply->an_numrrsets; i<chase_reply->an_numrrsets+ chase_reply->ns_numrrsets; i++) { @@ -951,9 +963,19 @@ validate_nameerror_response(struct module_env* env, struct val_env* ve, if(ntohs(s->rk.type) == LDNS_RR_TYPE_NSEC) { if(val_nsec_proves_name_error(s, qchase->qname)) has_valid_nsec = 1; - if(val_nsec_proves_no_wc(s, qchase->qname, - qchase->qname_len)) - has_valid_wnsec = 1; + ce = nsec_closest_encloser(qchase->qname, s); + ce_labs = dname_count_labels(ce); + /* Use longest closest encloser to prove wildcard. */ + if(ce_labs > prev_ce_labs || + (ce_labs == prev_ce_labs && + has_valid_wnsec == 0)) { + if(val_nsec_proves_no_wc(s, qchase->qname, + qchase->qname_len)) + has_valid_wnsec = 1; + else + has_valid_wnsec = 0; + } + prev_ce_labs = ce_labs; if(val_nsec_proves_insecuredelegation(s, qchase)) { verbose(VERB_ALGO, "delegation is insecure"); chase_reply->security = sec_status_insecure; @@ -1068,6 +1090,7 @@ validate_any_response(struct module_env* env, struct val_env* ve, /* but check if a wildcard response is given, then check NSEC/NSEC3 * for qname denial to see if wildcard is applicable */ uint8_t* wc = NULL; + size_t wl; int wc_NSEC_ok = 0; int nsec3s_seen = 0; size_t i; @@ -1086,7 +1109,7 @@ validate_any_response(struct module_env* env, struct val_env* ve, /* Check to see if the rrset is the result of a wildcard * expansion. If so, an additional check will need to be * made in the authority section. */ - if(!val_rrset_wildcard(s, &wc)) { + if(!val_rrset_wildcard(s, &wc, &wl)) { log_nametypeclass(VERB_QUERY, "Positive ANY response" " has inconsistent wildcard sigs:", s->rk.dname, ntohs(s->rk.type), @@ -1175,6 +1198,7 @@ validate_cname_response(struct module_env* env, struct val_env* ve, struct key_entry_key* kkey) { uint8_t* wc = NULL; + size_t wl; int wc_NSEC_ok = 0; int nsec3s_seen = 0; size_t i; @@ -1187,7 +1211,7 @@ validate_cname_response(struct module_env* env, struct val_env* ve, /* Check to see if the rrset is the result of a wildcard * expansion. If so, an additional check will need to be * made in the authority section. */ - if(!val_rrset_wildcard(s, &wc)) { + if(!val_rrset_wildcard(s, &wc, &wl)) { log_nametypeclass(VERB_QUERY, "Cname response has " "inconsistent wildcard sigs:", s->rk.dname, ntohs(s->rk.type), ntohs(s->rk.rrset_class)); @@ -1296,6 +1320,9 @@ validate_cname_noanswer_response(struct module_env* env, struct val_env* ve, int nsec3s_seen = 0; /* nsec3s seen */ struct ub_packed_rrset_key* s; size_t i; + uint8_t* nsec_ce; /* Used to find the NSEC with the longest ce */ + int ce_labs = 0; + int prev_ce_labs = 0; /* the AUTHORITY section */ for(i=chase_reply->an_numrrsets; i<chase_reply->an_numrrsets+ @@ -1314,9 +1341,19 @@ validate_cname_noanswer_response(struct module_env* env, struct val_env* ve, ce = nsec_closest_encloser(qchase->qname, s); nxdomain_valid_nsec = 1; } - if(val_nsec_proves_no_wc(s, qchase->qname, - qchase->qname_len)) - nxdomain_valid_wnsec = 1; + nsec_ce = nsec_closest_encloser(qchase->qname, s); + ce_labs = dname_count_labels(nsec_ce); + /* Use longest closest encloser to prove wildcard. */ + if(ce_labs > prev_ce_labs || + (ce_labs == prev_ce_labs && + nxdomain_valid_wnsec == 0)) { + if(val_nsec_proves_no_wc(s, qchase->qname, + qchase->qname_len)) + nxdomain_valid_wnsec = 1; + else + nxdomain_valid_wnsec = 0; + } + prev_ce_labs = ce_labs; if(val_nsec_proves_insecuredelegation(s, qchase)) { verbose(VERB_ALGO, "delegation is insecure"); chase_reply->security = sec_status_insecure; @@ -2134,6 +2171,10 @@ processFinished(struct module_qstate* qstate, struct val_qstate* vq, if(vq->orig_msg->rep->security == sec_status_secure) { log_query_info(VERB_DETAIL, "validation success", &qstate->qinfo); + if(!qstate->no_cache_store) { + val_neg_addreply(qstate->env->neg_cache, + vq->orig_msg->rep); + } } } |